lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 24 Feb 2017 10:04:51 +0900
From:   Masami Hiramatsu <>
To:     Peter Zijlstra <>
Cc:     Borislav Petkov <>,,
        Ingo Molnar <>,
        Thomas Gleixner <>
Subject: Re: kprobes vs __ex_table[]

On Thu, 23 Feb 2017 19:30:02 +0100
Peter Zijlstra <> wrote:

> Hi Masami,
> I just wondered what would happen if I put a probe on an instruction
> that was listed in __ex_table[] or __bug_table[].

Ah, thanks for reporting, I know __ex_table issue and fixed, but
I didn't care about __bug_table.

> And it looks like it will happily do that. It will then run the
> instruction out-of-line, and when said instruction traps, the
> instruction address will not match the one listed in either __ex_table[]
> or __bug_table[] and badness will happen.

For the __ex_table[], at least on x86, kprobes already handles it in
kprobe_fault_handler, which restore regs->ip to original place when
a pagefault happens on singlestepping.

> If kprobes does indeed not check this, we should probably fix it, if it
> does do check this, could you point me to it?

Yeah, for BUG() case, as far as I can see, there is no check about that.
So, there are 2 ways to fix it up, one is to just reject to put kprobes on
UD2, another is fixup trap address as we did for exceptions_table.
I think latter is better because if there is a divide error happening
on single-step, anyway we should fixup the address...

Thank you,

Masami Hiramatsu <>

Powered by blists - more mailing lists