From: Ingo Molnar <mingo@elte.hu>
To: prasad@linux.vnet.ibm.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alan Stern <stern@rowland.harvard.edu>,
Roland McGrath <roland@redhat.com>
Subject: Re: [patch 08/11] Modify Ptrace routines to access breakpoint registers
Date: Tue, 10 Mar 2009 15:40:02 +0100 [thread overview]
Message-ID: <20090310144002.GF3850@elte.hu> (raw)
In-Reply-To: <20090305044051.GI17747@in.ibm.com>
* prasad@linux.vnet.ibm.com <prasad@linux.vnet.ibm.com> wrote:
> -static unsigned long debugreg_addr_limit(struct task_struct *task)
> -{
> -#ifdef CONFIG_IA32_EMULATION
> - if (test_tsk_thread_flag(task, TIF_IA32))
> - return IA32_PAGE_OFFSET - 3;
> -#endif
> - return TASK_SIZE_MAX - 7;
> -}
> -
I dont see where this security check has been carried over into
the generic code. The new code has:
+int arch_check_va_in_userspace(unsigned long va, struct task_struct *tsk)
+{
+ return (va < TASK_SIZE);
+}
but i think that misses the detail that it's not just the start
address of an x86 breakpoint that has to be considered, but also
the end addess of it.
For example a hardware breakpoint can be at 0xbfffffff with a
length of 4 bytes - thus overlapping into kernel-space by 3
bytes. It is important to not let that happen.
Ingo
next prev parent reply other threads:[~2009-03-10 14:41 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090305043440.189041194@linux.vnet.ibm.com>
2009-03-05 4:37 ` [patch 01/11] Introducing generic hardware breakpoint handler interfaces prasad
2009-03-10 13:50 ` Ingo Molnar
2009-03-10 14:19 ` Alan Stern
2009-03-10 14:50 ` Ingo Molnar
2009-03-11 12:57 ` K.Prasad
2009-03-11 13:35 ` Ingo Molnar
2009-03-05 4:38 ` [patch 02/11] x86 architecture implementation of Hardware Breakpoint interfaces prasad
2009-03-10 14:09 ` Ingo Molnar
2009-03-10 14:59 ` Alan Stern
2009-03-10 15:18 ` Ingo Molnar
2009-03-10 17:11 ` Alan Stern
2009-03-10 17:26 ` Ingo Molnar
2009-03-10 20:30 ` Alan Stern
2009-03-11 12:12 ` Ingo Molnar
2009-03-11 12:50 ` K.Prasad
2009-03-11 13:10 ` Ingo Molnar
2009-03-14 3:46 ` Benjamin Herrenschmidt
2009-03-11 16:39 ` Alan Stern
2009-03-11 16:32 ` Alan Stern
2009-03-11 17:41 ` K.Prasad
2009-03-14 3:47 ` Benjamin Herrenschmidt
2009-03-14 3:43 ` Benjamin Herrenschmidt
2009-03-14 3:41 ` Benjamin Herrenschmidt
2009-03-14 3:40 ` Benjamin Herrenschmidt
2009-03-12 2:46 ` Roland McGrath
2009-03-13 3:43 ` Ingo Molnar
2009-03-13 14:04 ` Alan Stern
2009-03-13 14:13 ` Ingo Molnar
2009-03-13 19:01 ` K.Prasad
2009-03-13 21:21 ` Alan Stern
2009-03-14 12:24 ` Ingo Molnar
2009-03-14 16:10 ` Alan Stern
2009-03-14 16:39 ` Ingo Molnar
2009-03-14 3:51 ` Benjamin Herrenschmidt
2009-03-05 4:38 ` [patch 03/11] Modifying generic debug exception to use virtual debug registers prasad
2009-03-05 4:38 ` [patch 04/11] Introduce virtual debug register in thread_struct and wrapper-routines around process related functions prasad
2009-03-10 14:35 ` Ingo Molnar
2009-03-10 15:53 ` Alan Stern
2009-03-10 17:06 ` Ingo Molnar
2009-03-12 2:26 ` Roland McGrath
2009-03-05 4:38 ` [patch 05/11] Use wrapper routines around debug registers in processor " prasad
2009-03-05 4:40 ` [patch 06/11] Use virtual debug registers in process/thread handling code prasad
2009-03-10 14:49 ` Ingo Molnar
2009-03-10 16:05 ` Alan Stern
2009-03-10 16:58 ` Ingo Molnar
2009-03-10 17:07 ` Ingo Molnar
2009-03-10 20:10 ` Alan Stern
2009-03-11 11:53 ` Ingo Molnar
2009-03-05 4:40 ` [patch 07/11] Modify signal handling code to refrain from re-enabling HW Breakpoints prasad
2009-03-05 4:40 ` [patch 08/11] Modify Ptrace routines to access breakpoint registers prasad
2009-03-10 14:40 ` Ingo Molnar [this message]
2009-03-10 15:54 ` Alan Stern
2009-03-12 3:14 ` Roland McGrath
2009-03-05 4:41 ` [patch 09/11] Cleanup HW Breakpoint registers before kexec prasad
2009-03-10 14:42 ` Ingo Molnar
2009-03-05 4:41 ` [patch 10/11] Sample HW breakpoint over kernel data address prasad
2009-03-05 4:43 ` prasad
2009-03-05 4:43 ` [patch 11/11] ftrace plugin for kernel symbol tracing using HW Breakpoint interfaces prasad
2009-03-05 6:37 ` Frederic Weisbecker
2009-03-05 9:16 ` Ingo Molnar
2009-03-05 13:15 ` K.Prasad
2009-03-05 13:28 ` Ingo Molnar
2009-03-05 11:33 ` K.Prasad
2009-03-05 12:19 ` K.Prasad
2009-03-05 12:30 ` Frederic Weisbecker
2009-03-05 12:28 ` Frederic Weisbecker
2009-03-05 15:00 ` Steven Rostedt
2009-03-05 14:54 ` Steven Rostedt
[not found] <20090307045120.039324630@linux.vnet.ibm.com>
2009-03-07 5:07 ` [Patch 08/11] Modify Ptrace routines to access breakpoint registers prasad
[not found] <20090319234044.410725944@K.Prasad>
2009-03-19 23:49 ` K.Prasad
[not found] <20090324152028.754123712@K.Prasad>
2009-03-24 15:26 ` K.Prasad
[not found] <20090407063058.301701787@prasadkr_t60p.in.ibm.com>
2009-04-07 6:36 ` K.Prasad
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090310144002.GF3850@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=prasad@linux.vnet.ibm.com \
--cc=roland@redhat.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.