| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150724124304.GH19282@twins.programming.kicks-ass.net> Date: Fri, 24 Jul 2015 14:43:04 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Steven Rostedt <rostedt@...dmis.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andy Lutomirski <luto@...capital.net>, X86 ML <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Willy Tarreau <w@....eu>, Borislav Petkov <bp@...en8.de>, Thomas Gleixner <tglx@...utronix.de>, Brian Gerst <brgerst@...il.com> Subject: Re: Dealing with the NMI mess On Fri, Jul 24, 2015 at 07:58:41AM -0400, Steven Rostedt wrote: > On Fri, 24 Jul 2015 10:13:26 +0200 > Peter Zijlstra <peterz@...radead.org> wrote: > > > On Thu, Jul 23, 2015 at 02:59:56PM -0700, Linus Torvalds wrote: > > > Hmmm. I thought watchpoints were "before the instruction" too, but > > > that's just because I haven't used them in ages, and I didn't remember > > > the details. I just looked it up. > > > > > > You're right - the memory watchpoints trigger after the instruction > > > has executed, so RF isn't an issue. So yes, the only issue is > > > instruction breakpoints, and those are the only ones we need to clear. > > > > > > And that makes it really easy. > > > > > > So yes, I agree. We only need to clear all kernel breakpoints. > > > > But but but, we can access userspace with !IF, imagine someone doing: > > > > local_irq_disable(); > > copy_from_user_inatomic(); > > > > and as luck would have it, there's a breakpoint on the user memory we > > just touched. And we go and disable a user breakpoint. > > Where does the kernel do that to user text? I would think that user > data would only have watchpoints, and Andy and Linus said that those > would not be disabled (I'm guessing because they don't have the RF flag > set, and forward progress can proceed). If the kernel does the above to > user code and there's a breakpoint there, would it even trigger? > > I'm not too familiar with how to use hw breakpoints, but I'm guessing > (correct me if I'm wrong) that breakpoints on code that trigger when > executed, but watchpoints on data trigger when accessed. Then > copy_from_user_inatomic() would only trigger on watchpoints (it's not > executing that code, at least I hope it isn't!), and those wont bother > us. These things can be: RW, W, X. Sure, hitting a user X watchpoint is going to be 'interesting', but its fairly easy to hit a RW one. Just watch an on-stack variable and get perf to copy a huge chunk of stack (like it does for the dwarf stuff). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists