lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jul 2012 20:41:03 +0900 From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, "H. Peter Anvin" <hpa@...or.com>, stable <stable@...r.kernel.org> Subject: Re: [RFC][PATCH] x86_32: Return actual stack when requesting sp from regs (2012/07/14 4:44), Steven Rostedt wrote: > > As x86_32 traps do not save sp when taken in kernel mode, we need to > accommodate the sp when requesting to get the register. > > This affects kprobes. > > Before: > > # echo 'p:ftrace sys_read+4 s=%sp' > /debug/tracing/kprobe_events > # echo 1 > /debug/tracing/events/kprobes/enable > # cat trace > sshd-1345 [000] d... 489.117168: ftrace: (sys_read+0x4/0x70) s=b7e96768 > sshd-1345 [000] d... 489.117191: ftrace: (sys_read+0x4/0x70) s=b7e96768 > cat-1447 [000] d... 489.117392: ftrace: (sys_read+0x4/0x70) s=5a7 > cat-1447 [001] d... 489.118023: ftrace: (sys_read+0x4/0x70) s=b77ad05f > less-1448 [000] d... 489.118079: ftrace: (sys_read+0x4/0x70) s=b7762e06 > less-1448 [000] d... 489.118117: ftrace: (sys_read+0x4/0x70) s=b7764970 > > After: > sshd-1352 [000] d... 362.348016: ftrace: (sys_read+0x4/0x70) s=f3febfa8 > sshd-1352 [000] d... 362.348048: ftrace: (sys_read+0x4/0x70) s=f3febfa8 > bash-1355 [001] d... 362.348081: ftrace: (sys_read+0x4/0x70) s=f5075fa8 > sshd-1352 [000] d... 362.348082: ftrace: (sys_read+0x4/0x70) s=f3febfa8 > sshd-1352 [000] d... 362.690950: ftrace: (sys_read+0x4/0x70) s=f3febfa8 > bash-1355 [001] d... 362.691033: ftrace: (sys_read+0x4/0x70) s=f5075fa8 > > [ I wonder if this should also go to stable? ] > This obviously makes tracing output better on i386. Original %sp gives nothing (or just misleading)... Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> NOTE: if someone needs to get kernel stack address from regs, I recommend him to use kernel_stack_pointer() directly. Thank you, > Signed-off-by: Steven Rostedt <rostedt@...dmis.org> > > Index: linux-trace.git/arch/x86/include/asm/ptrace.h > =================================================================== > --- linux-trace.git.orig/arch/x86/include/asm/ptrace.h > +++ linux-trace.git/arch/x86/include/asm/ptrace.h > @@ -246,6 +246,15 @@ static inline unsigned long regs_get_reg > { > if (unlikely(offset > MAX_REG_OFFSET)) > return 0; > +#ifdef CONFIG_X86_32 > + /* > + * Traps from the kernel do not save sp and ss. > + * Use the helper function to retrieve sp. > + */ > + if (offset == offsetof(struct pt_regs, sp) && > + regs->cs == __KERNEL_CS) > + return kernel_stack_pointer(regs); > +#endif > return *(unsigned long *)((unsigned long)regs + offset); > } -- Masami HIRAMATSU Software Platform Research Dept. Linux Technology Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: masami.hiramatsu.pt@...achi.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists