| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140628170700.GA23634@xo-6d-61-c0.localdomain> Date: Sat, 28 Jun 2014 19:07:00 +0200 From: Pavel Machek <pavel@....cz> To: Andy Lutomirski <luto@...capital.net> Cc: "H. Peter Anvin" <hpa@...or.com>, Andi Kleen <andi@...stfloor.org>, X86 ML <x86@...nel.org>, Linux Kernel <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...en8.de> Subject: Re: [PATCH] x86_64,entry: Fix RCX for traced syscalls On Thu 2014-06-26 13:47:32, Andy Lutomirski wrote: > On Thu, Jun 26, 2014 at 1:12 PM, H. Peter Anvin <hpa@...or.com> wrote: > > The real question is if we care that sysret and iter don't match. On 32 bits the situation is even more complex. > > At least for 64 bits, iret vs sysret is purely a kernel implementation > detail (except where a tracer modifies things that are inaccessible to > sysret), so ISTM it's worth one instruction to make them match. > > I noticed this thing while fiddling with moving some of the syscall > tracing logic to C. This isn't a real problem, but it at least made > me scratch my head. If possible, we'd like to trace programs without programs being noticed they are being traced. See subterfugue utility, for example. It is certainly worth one extra instruction. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists