lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <abf9c2d3-e26a-e7ac-3e73-19c46c4e81c8@linux.ibm.com>
Date:   Mon, 8 Feb 2021 16:38:08 +0530
From:   Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
To:     "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
Cc:     mpe@...erman.id.au, oleg@...hat.com, rostedt@...dmis.org,
        paulus@...ba.org, jniethe5@...il.com, naveen.n.rao@...ux.ibm.com,
        sandipan@...ux.ibm.com, linuxppc-dev@...ts.ozlabs.org,
        linux-kernel@...r.kernel.org,
        Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
Subject: Re: [PATCH v2] powerpc/uprobes: Validation for prefixed instruction



On 2/4/21 6:45 PM, Naveen N. Rao wrote:
> On 2021/02/04 04:19PM, Ravi Bangoria wrote:
>>
>>
>> On 2/4/21 4:17 PM, Ravi Bangoria wrote:
>>> Don't allow Uprobe on 2nd word of a prefixed instruction. As per
>>> ISA 3.1, prefixed instruction should not cross 64-byte boundary.
>>> So don't allow Uprobe on such prefixed instruction as well.
>>>
>>> There are two ways probed instruction is changed in mapped pages.
>>> First, when Uprobe is activated, it searches for all the relevant
>>> pages and replace instruction in them. In this case, if we notice
>>> that probe is on the 2nd word of prefixed instruction, error out
>>> directly. Second, when Uprobe is already active and user maps a
>>> relevant page via mmap(), instruction is replaced via mmap() code
>>> path. But because Uprobe is invalid, entire mmap() operation can
>>> not be stopped. In this case just print an error and continue.
>>
>> @mpe,
>>
>> arch_uprobe_analyze_insn() can return early if
>> cpu_has_feature(CPU_FTR_ARCH_31) is not set. But that will
>> miss out a rare scenario of user running binary with prefixed
>> instruction on p10 predecessors. Please let me know if I
>> should add cpu_has_feature(CPU_FTR_ARCH_31) or not.
> 
> The check you are adding is very specific to prefixed instructions, so
> it makes sense to add a cpu feature check for v3.1.
> 
> On older processors, those are invalid instructions like any other. The
> instruction emulation infrastructure will refuse to emulate it and the
> instruction will be single stepped.

Sure will add it.

Ravi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ