From: Andi Kleen <ak@suse.de>
To: virtualization@lists.osdl.org
Cc: Zachary Amsden <zach@vmware.com>, Andrew Morton <akpm@osdl.org>,
Chris Wright <chrisw@osdl.org>,
Linus Torvalds <torvalds@osdl.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
Martin Bligh <mbligh@mbligh.org>,
Pratap Subrahmanyam <pratap@vmware.com>,
Christopher Li <chrisl@vmware.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH 19/21] i386 Kprobes semaphore fix
Date: Tue, 8 Nov 2005 14:12:04 +0100 [thread overview]
Message-ID: <200511081412.05285.ak@suse.de> (raw)
In-Reply-To: <200511080439.jA84diI6009951@zach-dev.vmware.com>
On Tuesday 08 November 2005 05:39, Zachary Amsden wrote:
> IA-32 linear address translation is loads of fun.
Thanks for doing that audit work. Can you please double check x86-64 code is
ok?
Actually giving all that complexity maybe it would be better to just
stop handling the case and remove all that. I'm not sure what kprobes needs it
for - it doesn't even handle user space yet and even if it ever does it is
unlikely that handling 16bit code makes much sense. And the prefetch
workaround does it, but 16bit DOS code is unlikely to contain prefetches
anyways. And for ptrace - well, who cares? I suppose dosemu has an own
debugger anyways and it could be handled in user space (i suppose
they still have that code from 2.4 anyways)
> While cleaning up the LDT code, I noticed that kprobes code was very bogus
> with respect to segment handling. Many, many bugs are fixed here. I chose
> to combine the three separate functions that try to do linear address
> conversion into one, nice and working functions. All of the versions had
> bugs.
>
> 1) Taking an int3 from v8086 mode could cause the kprobes code to read a
> non-existent LDT.
>
> 2) The CS value was not truncated to 16 bit, which could cause an access
> beyond the bounds of the LDT.
That's a (small) security hole, isn't it?
-Andi
next prev parent reply other threads:[~2005-11-08 13:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-08 4:39 [PATCH 19/21] i386 Kprobes semaphore fix Zachary Amsden
2005-11-08 13:12 ` Andi Kleen [this message]
2005-11-08 13:36 ` Zachary Amsden
2005-11-09 13:38 ` Andi Kleen
2005-11-09 16:46 ` Zachary Amsden
2005-11-09 16:58 ` Ingo Molnar
2005-11-09 17:52 ` Zachary Amsden
2005-11-10 18:09 ` Prasanna S Panchamukhi
2005-11-10 14:58 ` Zachary Amsden
2005-11-10 16:16 ` H. Peter Anvin
2005-11-11 15:27 ` Andi Kleen
2005-11-11 15:25 ` Andi Kleen
2005-11-14 5:54 ` Prasanna S Panchamukhi
[not found] ` <20051109093755.GA10361@in.ibm.com>
2005-11-10 16:33 ` Prasanna S Panchamukhi
[not found] <20051108074430.GG28201@elte.hu>
2005-11-08 13:26 ` Zachary Amsden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200511081412.05285.ak@suse.de \
--to=ak@suse.de \
--cc=akpm@osdl.org \
--cc=chrisl@vmware.com \
--cc=chrisw@osdl.org \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbligh@mbligh.org \
--cc=mingo@elte.hu \
--cc=pratap@vmware.com \
--cc=torvalds@osdl.org \
--cc=virtualization@lists.osdl.org \
--cc=zach@vmware.com \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox