lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120803134758.GB2131@redhat.com>
Date:	Fri, 3 Aug 2012 15:47:58 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
Cc:	Ingo Molnar <mingo@...e.hu>, Anton Arapov <anton@...hat.com>,
	"Frank Ch. Eigler" <fche@...hat.com>,
	Peter Zijlstra <peterz@...radead.org>,
	William Cohen <wcohen@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] uprobes: Ignore unsupported instructions in uprobe_mmap

On 08/03, Srikar Dronamraju wrote:
>
> * Oleg Nesterov <oleg@...hat.com> [2012-08-02 19:53:12]:
>
> > On 08/02, Srikar Dronamraju wrote:
> > >
> > > This is case where the uprobe_mmap() and uprobe_unregister() raced, and
> > > by the time install_breakpoint() was called by uprobe_mmap(), there were
> > > no consumers.
> >
> > Yes, exactly, and this case doesn't look 100% right too,
> >
> > > i.e there are no uprobe->consumers and the underlying
> > > instruction is still not a breakpoint instruction.
> >
> > Yes, but what if it _IS_ "int3" ?
>
> for int3, install_breakpoint returns -ENOTSUPP as install_breakpoint
> does an explicit check if the instruction is breakpoint instruction
> and x86 analyse_insn() also returns -ENOTSUPP.

install_breakpoint() checks ->consumers first and returns EEXIST.

OK. Suppose that the probed insn is int3, and nobody mmaps it.

	1. uprobe_register() succeeds

	2. uprobe_unregister() is called, it does consumer_del(),
	   but before it calls delete_uprobe()...

	3. uprobe_mmap() finds this uprobe and install_breakpoint()
	   returns -EEXIST.

We could fix this particular problem (and other similar), but I think
this is pointless. This all is broken. Please give me some time to try
to make a patch which removes this all.

> > Yet another reason to move arch_uprobe_analyze_insn/etc to _register.
> >
>
> I am for moving the stuff to _register that avoids us from looking at
> these cases.

Yes. Lets try to do this step-by-step, after we fix the pending/discussed
problems.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ