lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120924200825.GA25264@redhat.com>
Date:	Mon, 24 Sep 2012 22:08:25 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
Cc:	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <peterz@...radead.org>,
	Anton Arapov <anton@...hat.com>,
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
	linux-kernel@...r.kernel.org,
	Jim Keniston <jkenisto@...ux.vnet.ibm.com>
Subject: Re: [PATCH 3/5] uprobes: Fix UPROBE_SKIP_SSTEP checks in
	handle_swbp()

Srikar, sorry for delay, somehow I missed this email.

And I am still confused...

On 09/20, Srikar Dronamraju wrote:
>
> * Oleg Nesterov <oleg@...hat.com> [2012-09-18 18:07:38]:
>
> > > > I compiled this program
> > > >
> > > > 	int main(void)
> > > > 	{
> > > > 		asm volatile (".word 0x1f0f");
> > > > 		return 0;
> > > > 	}
> > > >
> > > > and objdump reports:
> > > >
> > > > 	000000000040047c <main>:
> > > > 	  40047c:       0f 1f 31                nopl   (%rcx)
> > >
> > > Current uprobes code wouldnt skip the above insn because it has 31
> > > following it.
> >
> > See above.
> >
> > And again, could you explain which insn has 1f0f (at the end or not) ?
> > IOW, what we are trying to skip?
>
> Again its 0f1f and not 1f0f

The first byte is 0x0f, the next is 0x1f, so 0x1f0f looks correct,
but this doesn't matter.

Anyway,

> for example
> 0f 1f 40 00

OK, thanks, objdump reports "nopl 0x0(%rax)", looks fine.

But. I do not see how __skip_sstep() can handle this case correctly.
Not only it should update regs->ip afaics, it should also account 2
extra bytes _after_ 0f 1f.

> 0f 1f 44 00 00

OK, nopl   0x0(%rax,%rax,1), but in this case we need to skip 3
extra bytes.


I am starting to think this code is broken and we should simply remove
all checks except 0x66 and 0x90. In this case we do not even need to
update regs->ip.

Otherwise this code needs to know the insn's length.

Right?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ