| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120929174228.GA27035@redhat.com> Date: Sat, 29 Sep 2012 19:42:28 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Srikar Dronamraju <srikar@...ux.vnet.ibm.com> Cc: Ananth N Mavinakayanahalli <ananth@...ibm.com>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <peterz@...radead.org>, Anton Arapov <anton@...hat.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, linux-kernel@...r.kernel.org, Jim Keniston <jkenisto@...ux.vnet.ibm.com> Subject: Re: [PATCH 3/5] uprobes: Fix UPROBE_SKIP_SSTEP checks in handle_swbp() On 09/24, Oleg Nesterov wrote: > > Anyway, > > > for example > > 0f 1f 40 00 > > OK, thanks, objdump reports "nopl 0x0(%rax)", looks fine. > > But. I do not see how __skip_sstep() can handle this case correctly. > Not only it should update regs->ip afaics, it should also account 2 > extra bytes _after_ 0f 1f. > > > 0f 1f 44 00 00 > > OK, nopl 0x0(%rax,%rax,1), but in this case we need to skip 3 > extra bytes. > > > I am starting to think this code is broken and we should simply remove > all checks except 0x66 and 0x90. In this case we do not even need to > update regs->ip. > > Otherwise this code needs to know the insn's length. > > Right? OK, I verified that the application is really killed by SIGILL if you probe such an instruction. I'll send the fix which simply removes this code. I do not know how to figure out the actual insn length. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists