lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 May 2019 23:24:12 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: linux-kernel@...r.kernel.org Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Ingo Molnar <mingo@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, Andy Lutomirski <luto@...nel.org>, Nicolai Stange <nstange@...e.de>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, the arch/x86 maintainers <x86@...nel.org>, Josh Poimboeuf <jpoimboe@...hat.com>, Jiri Kosina <jikos@...nel.org>, Miroslav Benes <mbenes@...e.cz>, Petr Mladek <pmladek@...e.com>, Joe Lawrence <joe.lawrence@...hat.com>, Shuah Khan <shuah@...nel.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Tim Chen <tim.c.chen@...ux.intel.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Mimi Zohar <zohar@...ux.ibm.com>, Juergen Gross <jgross@...e.com>, Nick Desaulniers <ndesaulniers@...gle.com>, Nayna Jain <nayna@...ux.ibm.com>, Masahiro Yamada <yamada.masahiro@...ionext.com>, Joerg Roedel <jroedel@...e.de>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, stable@...r.kernel.org Subject: Re: [RFC][PATCH 1/2] x86: Allow breakpoints to emulate call functions On Wed, 01 May 2019 16:28:31 -0400 Steven Rostedt <rostedt@...dmis.org> wrote: > diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S > index d309f30cf7af..50bbf4035baf 100644 > --- a/arch/x86/entry/entry_32.S > +++ b/arch/x86/entry/entry_32.S > @@ -1478,6 +1478,17 @@ ENTRY(int3) > ASM_CLAC > pushl $-1 # mark this as an int > > +#ifdef CONFIG_VM86 > + testl $X86_EFLAGS_VM, PT_EFLAGS(%esp) > + jnz .Lfrom_usermode_no_gap > +#endif > + testl $SEGMENT_RPL_MASK, PT_CS(%esp) > + jnz .Lfrom_usermode_no_gap > + .rept 6 > + pushl 5*4(%esp) > + .endr > +.Lfrom_usermode_no_gap: > + > SAVE_ALL switch_stacks=1 > ENCODE_FRAME_POINTER > TRACE_IRQS_OFF This failed to work on 32 bit at all (crashed and burned badly - triple fault!). Looking at it I found one issue. This code is done before the regs are saved, and PT_EFLAGS(%esp) and PT_CS(%esp) expect %esp to contain them. I applied this patch against this but it didn't totally fix the problems. It still constantly crashes (although, with this update I can put in some printks to get some ideas). I haven't spent too much time on it, but it looks like there's an issue with the entry-stack that int3 switches to. I'm not sure its handling the copy well. -- Steve diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index 50bbf4035baf..4f427285e421 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -1479,10 +1479,10 @@ ENTRY(int3) pushl $-1 # mark this as an int #ifdef CONFIG_VM86 - testl $X86_EFLAGS_VM, PT_EFLAGS(%esp) + testl $X86_EFLAGS_VM, PT_EFLAGS-PT_ORIG_EAX(%esp) jnz .Lfrom_usermode_no_gap #endif - testl $SEGMENT_RPL_MASK, PT_CS(%esp) + testl $SEGMENT_RPL_MASK, PT_CS-PT_ORIG_EAX(%esp) jnz .Lfrom_usermode_no_gap .rept 6 pushl 5*4(%esp)
Powered by blists - more mailing lists