| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YxYTvgTqRP0GMAjO@hirez.programming.kicks-ass.net>
Date: Mon, 5 Sep 2022 17:20:30 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
Borislav Petkov <bp@...e.de>,
Josh Poimboeuf <jpoimboe@...nel.org>,
linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>
Subject: Re: CONFIG_RETHUNK int3 filling prevents kprobes in function body
On Mon, Sep 05, 2022 at 05:10:27PM +0200, Peter Zijlstra wrote:
> On Mon, Sep 05, 2022 at 10:57:58AM -0400, Steven Rostedt wrote:
> > On Sun, 4 Sep 2022 23:07:13 +0900
> > Masami Hiramatsu (Google) <mhiramat@...nel.org> wrote:
> >
> > > Can we use another instruction for padding instead of INT3? (e.g. NOP or UD2)
> > >
> > > Or, can I expect the instruction length in __return_sites[] are always 5?
> > > If so, I can just skip 5 bytes if the address is in __return_sites[].
> >
> > Perhaps another option is to have a table of where the padding is placed
> > (tagged), and that kprobes could check to see if the int3 is due to this
> > padding or not?
>
> I don't see need for that. If you want to be strict you can simply
> follow the branches found earlier, if you want to be lazy, you can
> decode until you run out of the symbol size.
Another lazy option is to teach the thing that 'ret' is followed by 0,1
or 4 'int3' instructions depending on CONFIG_SLS, CONFIG_RETHUNK, but
that'll get you into trouble with future SLS compiler options, like the
aforementioned JMP-SLS option.
Powered by blists - more mailing lists