From: u3557@miso.sublimeip.com (Amnon Shiloh)
To: oleg@redhat.com (Oleg Nesterov)
Cc: gorcunov@openvz.org (Cyrill Gorcunov),
xemul@parallels.com (Pavel Emelyanov),
rostedt@goodmis.org (Steven Rostedt),
fweisbec@gmail.com (Frederic Weisbecker),
mingo@redhat.com (Ingo Molnar),
a.p.zijlstra@chello.nl (Peter Zijlstra),
linux-kernel@vger.kernel.org
Subject: Re: arch_check_bp_in_kernelspace: fix the range check
Date: Sun, 25 Nov 2012 00:45:11 +1100 (EST) [thread overview]
Message-ID: <20121124134511.47C5A592076@miso.sublimeip.com> (raw)
In-Reply-To: <20121123163320.GA32716@redhat.com>
Hi Oleg,
> Hello Amnon,
>
> I am a bit confused,
So let's get things in order.
1) I asked for the ability to set hardware breakpoints on the vsyscall
page (x86 debug registers), so that the ptracer can stop the process
whenever it attempts to jump there, then the ptracer can emulate those
system calls instead (gettimeofday, time, getcpu).
That would solve all my problems, because the traced process will
never even enter the vsyscall page (the ptracer will adjust its
program-counter).
2) I was then told (in my own words): "oh, don't worry, the vsyscall page
has now been minimized, all it contains now is *real* system calls,
and it always calls them".
[as a side-issue I was introduced to the new VDSO, had some issues there
and solved them separately, so we are back on the original topic]
3) I was thinking to myself - well, that's fine, if the vsyscall now
always invokes a *real* system-call (and nothing else), then the
ptracer can catch it just like any other system-call using
PTRACE_SYSCALL (or PTRACE_SYSEMU), and emulate it as usual,
vsyscall-or-no-vsyscall.
4) I made some tests and found that I was wrong in my assumption:
PTRACE_SYSCALL does NOT work within the vsyscall page (nor does
PTRACE_SINGLESTEP). Ptracers are not even aware that their tracee
ever issued a system call there (despite using PTRACE_SYSCALL or
PTRACE_SYSEMU), so they are unable to emulate it (or even to report
it, in the case of "strace").
5) Therefore, I still need the original feature - to relax
"arch_check_bp_in_kernelspace()", or whatever else will allow me
to set the x86 debug-registers to trap all attempts to enter the
vsyscall page.
6) I just suggested an alternative: to have the whole vsyscall page
removed on a per-process basis. I accept your reply that this is
not possible.
7) I suggested a third alternative: to have the vsyscall page be
unexecutable on a per-process basis, so attempts to use it will
incur SIGSEGV. I understand that this option is still under
discussion.
8) Any solution that allows a ptracer to prevent its traced process
from entering the vsyscall page and execute there system-calls
unchecked (thus in effect escape its jailer), would do for me.
Best Regards,
Amnon.
>
> On 11/23, Amnon Shiloh wrote:
> >
> > What I discovered now, is that PTRACE_SYSCALL (also PTRACE_SINGLESTEP)
> > does not work within the vsyscall page, so I cannot trap the kernel-calls
> > there (this is very simple to verify using "gdb" or "strace").
>
> Sure, but we alredy discussed this?
>
> Once again, PTRACE_SYSCALL should work in the NATIVE mode. Obviously it
> won't work in EMULATE mode but we can change emulate_vsyscall() to report
> TRAP_VSYSCALL or even introduce PTRACE_EVENT_VSYSCALL.
>
> > The necessary patch was already discussed and is very simple.
>
> Do you mean TRAP_VSYSCALL/PTRACE_EVENT_VSYSCALL above or additional
> in_gate_area_no_mm() check to allow the hw bp?
>
> > Or, there is an alternative: if only I (the ptracer or the traced process)
> > was allowed to munmap the vsyscall page,
>
> It is not possible to unmap it. The kernel (swapper_pg_dir) has this
> mapping, not the process. Unlike vdso. IOW, you can only "unmap" it
> globally and obviously you can't do this from the userspace.
>
> Oleg.
>
>
next prev parent reply other threads:[~2012-11-24 13:45 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-09 18:29 [PATCH] arch_check_bp_in_kernelspace: fix the range check Oleg Nesterov
2012-11-09 18:30 ` Oleg Nesterov
2012-11-19 17:47 ` Oleg Nesterov
2012-11-19 18:25 ` Steven Rostedt
2012-11-20 10:33 ` u3557
2012-11-20 15:48 ` Oleg Nesterov
2012-11-20 15:55 ` Steven Rostedt
2012-11-20 18:32 ` Oleg Nesterov
2012-11-20 23:16 ` u3557
2012-11-21 14:16 ` Oleg Nesterov
2012-11-21 17:30 ` Amnon Shiloh
2012-11-22 16:12 ` vdso && cr (Was: arch_check_bp_in_kernelspace: fix the range check) Oleg Nesterov
2012-11-22 20:57 ` Pavel Emelyanov
2012-11-23 0:20 ` vdso && cr (Was: arch_check_bp_in_kernelspace: fix the range Amnon Shiloh
2012-11-23 17:45 ` Oleg Nesterov
2012-11-24 12:47 ` Amnon Shiloh
2012-11-23 17:42 ` vdso && cr (Was: arch_check_bp_in_kernelspace: fix the range check) Oleg Nesterov
2012-11-23 9:14 ` arch_check_bp_in_kernelspace: fix the range check Amnon Shiloh
2012-11-23 16:33 ` Oleg Nesterov
2012-11-23 17:05 ` Oleg Nesterov
2012-11-24 14:14 ` Amnon Shiloh
2012-11-24 13:45 ` Amnon Shiloh [this message]
2012-11-25 22:55 ` Oleg Nesterov
2012-11-25 23:48 ` Amnon Shiloh
2012-12-02 19:30 ` PTRACE_SYSCALL && vsyscall (Was: arch_check_bp_in_kernelspace: fix the range check) Oleg Nesterov
2012-12-02 23:54 ` u3557
2012-12-04 17:59 ` Oleg Nesterov
2012-12-04 22:44 ` u3557
2013-01-08 17:08 ` Pedro Alves
2013-01-09 17:52 ` Oleg Nesterov
2013-01-10 6:54 ` u3557
2013-01-12 18:12 ` Oleg Nesterov
2013-01-14 2:31 ` u3557
2013-01-14 16:01 ` Oleg Nesterov
2013-02-18 1:39 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-18 5:44 ` prctl(PR_SET_MM) Randy Dunlap
2013-02-18 15:21 ` prctl(PR_SET_MM) Steven Rostedt
2013-02-18 16:33 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-18 19:49 ` prctl(PR_SET_MM) Steven Rostedt
2013-02-19 6:25 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-20 8:39 ` prctl(PR_SET_MM) Cyrill Gorcunov
2013-02-20 9:38 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-20 10:51 ` prctl(PR_SET_MM) Cyrill Gorcunov
2013-02-20 11:16 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-21 7:46 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-21 8:00 ` prctl(PR_SET_MM) Cyrill Gorcunov
2013-02-21 8:03 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-21 8:09 ` prctl(PR_SET_MM) Cyrill Gorcunov
2013-02-21 22:18 ` prctl(PR_SET_MM) Andrew Morton
2013-02-21 22:42 ` prctl(PR_SET_MM) Cyrill Gorcunov
2013-02-22 1:18 ` prctl(PR_SET_MM) Amnon Shiloh
2013-02-22 14:23 ` prctl(PR_SET_MM) Denys Vlasenko
2012-12-05 9:29 ` PTRACE_SYSCALL && vsyscall (Was: arch_check_bp_in_kernelspace: fix the range check) Jan Kratochvil
2012-12-05 13:14 ` u3557
2012-11-26 9:44 ` vdso && cr " Cyrill Gorcunov
2012-11-26 12:27 ` Andrey Wagin
2012-11-26 12:55 ` Amnon Shiloh
2012-11-26 14:18 ` Cyrill Gorcunov
2012-11-26 14:26 ` vdso && cr (Was: arch_check_bp_in_kernelspace: fix the range Amnon Shiloh
2012-11-26 14:41 ` vdso && cr Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121124134511.47C5A592076@miso.sublimeip.com \
--to=u3557@miso.sublimeip.com \
--cc=a.p.zijlstra@chello.nl \
--cc=fweisbec@gmail.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=rostedt@goodmis.org \
--cc=u3557@dialix.com.au \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).