| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Sep 2022 10:34:32 +0900
From: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
To: Steven Rostedt <rostedt@...dmis.org>,
Peter Zijlstra <peterz@...radead.org>
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Suleiman Souhlal <suleiman@...gle.com>,
bpf <bpf@...r.kernel.org>, linux-kernel@...r.kernel.org,
Borislav Petkov <bp@...e.de>,
Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org
Subject: [PATCH v2 0/2] x86/kprobes: Fixes for CONFIG_RETHUNK
Hi,
Here is the 2nd version of the patches to fix kprobes and optprobe with
CONFIG_RETHUNK and CONFIG_SLS.
Previous version is here;
https://lore.kernel.org/all/166251211081.632004.1842371136165709807.stgit@devnote2/
In this version, I updated the Fixed tag and the decoding function to
memorize all branch targets and decode those code blocks besed on
Peter's idea. (Thanks!)
With these configs, the kernel functions may includes INT3 for stopping
speculative execution in the function code block (body) in addition to
the gaps between functions.
Since kprobes on x86 has to ensure the probe address is an instruction
bondary, it decodes the instructions in the function until the address.
If it finds an INT3 which is not embedded by kprobe, it stops decoding
because usually the INT3 is used for debugging as a software breakpoint
and such INT3 will replace the first byte of an original instruction.
Without recovering it, kprobes can not continue to decode it. Thus the
kprobes returns -EILSEQ as below.
# echo "p:probe/vfs_truncate_L19 vfs_truncate+98" >> kprobe_events
sh: write error: Invalid or incomplete multibyte or wide character
Actually, those INT3s are just for padding and can be ignored.
To avoid this issue, memorize the branch target address during decoding
and if there is INT3, restart decoding from unchecked target address
so that this decodes all instructions in the kernel (in both kprobes
and optprobe.)
With thses fixes, kprobe and optprobe can probe the kernel again with
CONFIG_RETHUNK=y.
# echo "p:probe/vfs_truncate_L19 vfs_truncate+98" >> kprobe_events
# echo 1 > events/probe/vfs_truncate_L19/enable
# cat /sys/kernel/debug/kprobes/list
ffffffff81307b52 k vfs_truncate+0x62 [OPTIMIZED]
Thank you,
---
Masami Hiramatsu (Google) (2):
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
arch/x86/kernel/kprobes/common.h | 28 +++++
arch/x86/kernel/kprobes/core.c | 227 +++++++++++++++++++++++++++++++++-----
arch/x86/kernel/kprobes/opt.c | 96 ++++------------
3 files changed, 249 insertions(+), 102 deletions(-)
--
Masami Hiramatsu (Google) <mhiramat@...nel.org>
Powered by blists - more mailing lists