| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170224100451.31ca3855ddb36963b93d0768@kernel.org>
Date: Fri, 24 Feb 2017 10:04:51 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: kprobes vs __ex_table[]
On Thu, 23 Feb 2017 19:30:02 +0100
Peter Zijlstra <peterz@...radead.org> wrote:
> Hi Masami,
>
> I just wondered what would happen if I put a probe on an instruction
> that was listed in __ex_table[] or __bug_table[].
Ah, thanks for reporting, I know __ex_table issue and fixed, but
I didn't care about __bug_table.
> And it looks like it will happily do that. It will then run the
> instruction out-of-line, and when said instruction traps, the
> instruction address will not match the one listed in either __ex_table[]
> or __bug_table[] and badness will happen.
For the __ex_table[], at least on x86, kprobes already handles it in
kprobe_fault_handler, which restore regs->ip to original place when
a pagefault happens on singlestepping.
> If kprobes does indeed not check this, we should probably fix it, if it
> does do check this, could you point me to it?
Yeah, for BUG() case, as far as I can see, there is no check about that.
So, there are 2 ways to fix it up, one is to just reject to put kprobes on
UD2, another is fixup trap address as we did for exceptions_table.
I think latter is better because if there is a divide error happening
on single-step, anyway we should fixup the address...
Thank you,
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists