lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 20 Sep 2012 20:13:11 +0530
From:	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <peterz@...radead.org>,
	Anton Arapov <anton@...hat.com>,
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
	linux-kernel@...r.kernel.org,
	Jim Keniston <jkenisto@...ux.vnet.ibm.com>
Subject: Re: [PATCH 3/5] uprobes: Fix UPROBE_SKIP_SSTEP checks in
 handle_swbp()

* Oleg Nesterov <oleg@...hat.com> [2012-09-18 18:07:38]:

> >
> > > Probably this is fine, at least this is
> > > fine if it finds "nop" eventually. But I can't undestand what
> > > "0x66* { 0x90 | 0x0f 0x1f | 0x0f 0x19 | 0x87 0xc0 }" means.
> > > OK, 0x66 and 0x90 are clear. But, say, 0x0f 0x1f ?
> >
> > we skip is 0x66 ..0x66 0x0f 0x1f
> >
> > So we have a check
> > if (i == (MAX_UINSN_BYTES - 1))
> >
> > so this ensures that we are consider 0x0f 0x1f as nop if and only if
> > they are at the end and preceeded by 0x66.
> 
> Hmm. How so? The code does
> 
> 	if (i == (MAX_UINSN_BYTES - 1))
> 		break;
> 
> 	if ((auprobe->insn[i] == 0x0f) && (auprobe->insn[i+1] == 0x1f))
> 		return true;
> 
> 
> So, afaics, if the intent was to skip 1f0f at the end only, it should do

Its 0f1f and not 1f0f

> 
> 	if (i == (MAX_UINSN_BYTES - 1)) {
> 		if ((auprobe->insn[i] == 0x0f) && (auprobe->insn[i+1] == 0x1f))
> 			return true;
> 		...
> 	}
> 
> "and preceeded by 0x66" above doesn't look true too, perhaps you
> meant "may be preceeded by 0x66".
> 

Yup, as always you are right. We expect 0x0f 0x1f preceeded by 0x66 to
be nop instructions.

> > So are you suggesting extending the list of nops or is it that we are
> > considering non nop instructions as nops?
> 
> No, I am trying to understand which insns arch_skip tries to skip.
> In particular, what "0x0f 0x1f" means.
> 
> > > I compiled this program
> > >
> > > 	int main(void)
> > > 	{
> > > 		asm volatile (".word 0x1f0f");
> > > 		return 0;
> > > 	}
> > >
> > > and objdump reports:
> > >
> > > 	000000000040047c <main>:
> > > 	  40047c:       0f 1f 31                nopl   (%rcx)
> >
> > Current uprobes code wouldnt skip the above insn because it has 31
> > following it.
> 
> See above.
> 
> And again, could you explain which insn has 1f0f (at the end or not) ?
> IOW, what we are trying to skip?

Again its 0f1f and not 1f0f

for example 
0f 1f 40 00
0f 1f 44 00 00
66 0f 1f 44 00 00

I referred arch/x86/include/asm/nops.h, arch/x86/lib/x86-opcode-map.txt
and disassembly of libc.  And ofcourse Jim Keniston helped me in most of
the x86 stuff.

--
thanks and regards
Srikar

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists