| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140402191440.GA8114@redhat.com> Date: Wed, 2 Apr 2014 21:14:40 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Jim Keniston <jkenisto@...ux.vnet.ibm.com> Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Ingo Molnar <mingo@...e.hu>, Srikar Dronamraju <srikar@...ux.vnet.ibm.com>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, David Long <dave.long@...aro.org>, Denys Vlasenko <dvlasenk@...hat.com>, "Frank Ch. Eigler" <fche@...hat.com>, Jonathan Lebon <jlebon@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/7] uprobes/x86: Conditionalize the usage of handle_riprel_insn() On 04/02, Jim Keniston wrote: > > On Tue, 2014-04-01 at 18:39 +0200, Oleg Nesterov wrote: > > > So let me explain the problem, and how (I think) it should be solved. > > Unfortunately, I do not even know the terminology, so firstly I have > > to explain you the things I recently learned when I investigated the > > bug report ;) > > > [problem description and proposed solution snipped] > > Thanks for your work on this. I think your analysis is correct. Great, thanks! > As you > say, emulating calls is tricky because of the possibility that the call > will incur a page fault when it grows the stack. Your best solution > might be to emulate jumps, Yes, > but rewrite call instructions using a scratch > register, similar to how we handle rip-relative instructions. Yes, this is what I meant when I said that we can avoid ->emulate in this case, mangle insn, and complicate post_xol(). But so far I do not think this would be better. OK. Let me actually finish amd send the fixes, then we can discuss this again and see if another approach makes more sense. Sorry, I was distracted again, so I need more time. Will try to send tomorrow. > > Once again, if this can work we need more changes to handle jmp's/etc. But > > lets discuss this later. I am thinking in horror about conditional jmp ;) > > In fact this should be simple, just I do not know (yet) to parse such an > > insn, and I simply do not know if lib/insn.c can help me to figure out which > > flag in regs->flags ->emulate() should check. > > Emulating jumps (including conditional jumps) shouldn't be all that much > code. In case you haven't already found it, the "AMD64 Architecture > Programmer's Manual, Volume 3" provides the sort of info you need. Thanks. I'll try to read it, but most probably I'll come here with the stupid questions anyway. > One thing about emulating jumps is that if the task has block stepping > enabled, then a trap is expected on every successful branch. Yes, but probably we can do this later. Note that uprobes doesn't play nice with TIF_BLOCKSTEP anyway, see the comment in arch_uprobe_post_xol: /* * arch_uprobe_pre_xol() doesn't save the state of TIF_BLOCKSTEP * so we can get an extra SIGTRAP if we do not clear TF. We need * to examine the opcode to make it right. */ So I think that at least the initial version can safely ignore this problem. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists