lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 25 Mar 2021 08:50:26 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     Colin Ian King <colin.king@...onical.com>,
        Muhammad Usama Anjum <musamaanjum@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        dan.carpenter@...cle.com
Subject: Re: [PATCH] x86/kprobes: Remove dead code

On Thu, 25 Mar 2021 07:56:54 +0900
Masami Hiramatsu <mhiramat@...nel.org> wrote:

> On Wed, 24 Mar 2021 17:50:16 +0000
> Colin Ian King <colin.king@...onical.com> wrote:
> 
> > On 24/03/2021 17:36, Muhammad Usama Anjum wrote:
> > > The condition in switch statement `opcode & 0xf0` cannot evaluate to
> > > 0xff. So this case statement will never execute. Remove it.
> > > 
> > > Fixes: 6256e668b7 ("x86/kprobes: Use int3 instead of debug trap for single-step")
> > > Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
> > > ---
> > >  arch/x86/kernel/kprobes/core.c | 3 ---
> > >  1 file changed, 3 deletions(-)
> > > 
> > > diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
> > > index 89d9f26785c7..3b7bcc077020 100644
> > > --- a/arch/x86/kernel/kprobes/core.c
> > > +++ b/arch/x86/kernel/kprobes/core.c
> > > @@ -177,9 +177,6 @@ int can_boost(struct insn *insn, void *addr)
> > >  	case 0xf0:
> > >  		/* clear and set flags are boostable */
> > >  		return (opcode == 0xf5 || (0xf7 < opcode && opcode < 0xfe));
> > > -	case 0xff:
> > > -		/* indirect jmp is boostable */
> > > -		return X86_MODRM_REG(insn->modrm.bytes[0]) == 4;
> > >  	default:
> > >  		/* CS override prefix and call are not boostable */
> > >  		return (opcode != 0x2e && opcode != 0x9a);
> > > 
> > 
> > The 0xff case was added with some form of intention to be executed so I
> > suspect removing it is not an appropriate fix.
> 
> Right, it must be moved under the case 0xf0. Something like this.
> 
> case 0xf0:
> 	if (opcde == 0xff) {
> 		/* indirect jmp is boostable */
> 		return X86_MODRM_REG(insn->modrm.bytes[0]) == 4;
> 	}

Hmm, wait. I think there is no reason don't use range case.
I think the root cause of this issue is using masked opcode for
switching. Let me clean it up.

Thank you,

-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ