| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120328160610.GH17189@somewhere.redhat.com> Date: Wed, 28 Mar 2012 18:06:13 +0200 From: Frederic Weisbecker <fweisbec@...il.com> To: "Frank Ch. Eigler" <fche@...hat.com> Cc: Jiri Olsa <jolsa@...hat.com>, acme@...hat.com, a.p.zijlstra@...llo.nl, mingo@...e.hu, paulus@...ba.org, cjashfor@...ux.vnet.ibm.com, eranian@...gle.com, gorcunov@...nvz.org, tzanussi@...il.com, mhiramat@...hat.com, rostedt@...dmis.org, robert.richter@....com, linux-kernel@...r.kernel.org, mjw@...hat.com Subject: Re: [PATCH 04/15] perf: Add ability to dump user regs On Wed, Mar 28, 2012 at 11:12:30AM -0400, Frank Ch. Eigler wrote: > Hi, Jiri - > > > [...] > > > [...] Upon a normal syscall entry to the kernel, not > > > all user registers are saved explicitly for such easy retrieval. The > > > others may be spilled to the stack by gcc during the various sys_* > > > functions or elsewhere. [...] > > > > Are you reffering to x86_64 where only portion of registers > > is stored by SAVE_ARGS macro? Seems like 32 bits stores the > > whole pt_regs. > > I believe that's the right area. I'm not sure even the 32-bit variant > is complete enough, for example exempting MMX/SSE registers. These > may also contain spilled registers before long. > > > > Generally you could need all the registers to start the unwind, but > > I was assuming that for most cases the stack pointer and instruction > > pointer should be enough.. but I might be wrong here. > > Yeah; the question is how much is missed besides those "most cases". > > > > > To recover these registers at run time, we found that the kernel > > > stack itself has to be partially unwound [... Without that, it ...] > > > may accidentally pass garbage data to perf userspace. Correcting > > > this could require a kernel-space libunwind. > > > AFAIK not going to happen any time soon ;) > > Understood. Then the code needs to ensure that it does not purport to > pass register values that it does not know. (Back when we were at > this stage in systemtap, we got some reasonable backtraces even > without kernel unwinding, ie. tolerating missing registers.) Right. I think in normal syscall case we save rdi, rsi, rdx, rax and rip. If we take the syscall slow path we save rbx, rbp, r12-15. Unfortunately we don't save rsp, which must be the most important for cfi unwinding. We probably need to check what is saved in irqs (set_irq_regs()) and exceptions as well. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists