| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220907231450.0a5f085319251349a45465d8@kernel.org>
Date: Wed, 7 Sep 2022 23:14:50 +0900
From: Masami Hiramatsu (Google) <mhiramat@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...nel.org>,
Suleiman Souhlal <suleiman@...gle.com>,
bpf <bpf@...r.kernel.org>, linux-kernel@...r.kernel.org,
Borislav Petkov <bp@...e.de>,
Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org
Subject: Re: [PATCH 1/2] x86/kprobes: Fix kprobes instruction boudary check
with CONFIG_RETHUNK
On Wed, 7 Sep 2022 15:05:13 +0200
Peter Zijlstra <peterz@...radead.org> wrote:
> On Wed, Sep 07, 2022 at 10:02:41AM +0200, Peter Zijlstra wrote:
>
> > struct queue q;
> >
> > start = paddr - offset;
> > end = start + size;
> > push(&q, paddr - offset);
> >
> > while (start = pop(&q)) {
> > for_each_insn(&insn, start, end, buf) {
> > if (insn.kaddr == paddr)
> > return 1;
> >
> > target = insn_get_branch_addr(&insn);
> > if (target)
> > push(&q, target);
> >
> > if (dead_end_insn(&insn))
> > break;
> > }
> > }
>
> There is the very rare case of intra-function-calls; but I *think*
> they're all in noinstr/nokprobe code anyway.
>
> For instance we have RSB stuffing code like:
>
> .rept 16
> call 1f;
> int3
> 1:
> .endr
> add $(BITS_PER_LONG/8) * 16, %_ASM_SP
>
> And the proposed will be horribly confused by that. But like said; it
> should also never try and untangle it.
Yeah, but I guess if we break the decoding (internal) loop when we
hit an INT3, it maybe possible to be handled?
Thank you,
--
Masami Hiramatsu (Google) <mhiramat@...nel.org>
Powered by blists - more mailing lists