lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 22 Mar 2015 20:26:38 +0300
From:	Eugene Shatokhin <eugene.shatokhin@...alab.ru>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
CC:	linux-kernel@...r.kernel.org
Subject: Re: Kprobes: pre-handler with interrupts enabled - is it possible?

Hello,

It took a while to properly implement the technique I wrote about 
earlier but I have prepared a working example. Initially, I did not 
reset the Kprobe properly and that caused difficult-to-debug problems. 
Anyway, it works now.

In this example, Kprobes are used to execute my functions before and 
after the insn of interest, in the same context as the insn w.r.t. the 
interrupts and the preemption. There are some drawbacks and tricky 
points, but still.

I tested this code on my simple modules as well as on the network 
drivers (atl1c, e1000e, e1000) in Ubuntu 14.04 and ROSA R5 (x86, both 32 
and 64-bit).

If you are interested, the source code is here: 
https://abf.io/spectre/kernel-examples#?path=kprobe_lite. Most of the 
logic is in module.c, the details are in Readme.txt.

I will try now to reimplement the relevant parts of our RaceHound system 
using the Kprobes and the technique from the example.

By the way, while working on that code, I found that Kprobes consider 
the following insns as not boostable (can_boost() in 
arch/x86/kernel/kprobes/core.c):

* opcodes c0, c1, d0 - d3 with ModRM.reg != 110(b): ROL, ROR, RCL, RCR, 
SHL/SAL, SHR, SAR (Grp 2-1A)
* opcodes f6 and f7 with ModRM.reg != 001(b): TEST, NOT, NEG, MUL, IMUL, 
DIV, IDIV (Grp 3-1A)
* opcodes fe and ff with ModRM.reg being 000(b) or 001(b): INC, DEC (Grp 
4-1A and 5-1A)
* opcode 0f c7 with ModRM.reg == 001(b): CMPXCHG8B, CMPXCHG16B.

Not sure why Kprobes do so.

Regards,
Eugene

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ