Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check

From: u3557
Date: Tue Nov 20 2012 - 18:16:40 EST

Next message: Andy Whitcroft: "Re: [PATCH v2] checkpatch: add double empty line check"
Previous message: Stephen Warren: "[PATCH V4 3/3] ARM: tegra: move timer.c to drivers/clocksource/"
In reply to: Oleg Nesterov: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Next in thread: Oleg Nesterov: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Oleg,

> Or. Perhaps we can define TRAP_VSYSCALL and change emulate_vsyscall() to
> do
>
>
> if (current->ptrace && test_thread_flag(TIF_SYSCALL_TRACE))
> send_sigtrap(TRAP_VSYSCALL, ...);
>
> if it returns true?
>

I wish it were possible, but the vsyscall page is entered in user-mode,
where it is not possible to read either "current" or the per-thread flags.

One nice alternative, however, is to take away the execute permission from
the vsyscall page of the traced process, so it will incur a SIGSEGV (which
the ptracer can easily handle and cancel).

The drawbacks of this nice-to-have alternative are:
1) It may require a bigger patch.
2) It needs to use a separate ptrace option, because current applications
that use PTRACE_SYSCALL (or PTRACE_SYSEMU), including "strace", will not
be aware of this new feature, so they can be broken.

> Yes, the tracee won't report _before_ it calls the function, but perhaps
> this is enough? Amnon?

The vsyscall page was designed in order to avoid user/kernel context
switches, which is possible when a system-call is only reading kernel
global information, not modifying any. In most cases therefore (with
a few exceptions, such as when the hardware clock is broken or
misconfigured), system-calls in the vsyscall page never invoke the kernel
at all - so no trap would be generated either before or after.

Best Regards,
Amnon.

> On 11/20, Oleg Nesterov wrote:
>>
>> On 11/19, Steven Rostedt wrote:
>> >
>> > Is this really what we want?
>>
>> I am not sure, that is why I am asking.
>
> Yes.
>
> And,
>
>> Well yes, with the new implementation __vsyscall_page simply does
>> syscall, so I guess (say) strace will "just work". But, afaics, only
>> if vsyscall_mode == NATIVE.
>>
>> So perhaps bp in vsyscall_page still makes sense...
>
> Or. Perhaps we can define TRAP_VSYSCALL and change emulate_vsyscall() to
> do
>
>
> if (current->ptrace && test_thread_flag(TIF_SYSCALL_TRACE))
> send_sigtrap(TRAP_VSYSCALL, ...);
>
> if it returns true?
>
> This way the debugger doesn't need to play with the debug registers,
> it can use ptrace(PTRACE_SYSCALL). The tracee will report SIGTRAP after
> vsyscall, debugger can detect this case looking at info->si_code.
>
> Yes, the tracee won't report _before_ it calls the function, but perhaps
> this is enough? Amnon?
>
> Oleg.
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andy Whitcroft: "Re: [PATCH v2] checkpatch: add double empty line check"
Previous message: Stephen Warren: "[PATCH V4 3/3] ARM: tegra: move timer.c to drivers/clocksource/"
In reply to: Oleg Nesterov: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Next in thread: Oleg Nesterov: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]