From: Borislav Petkov <bp@alien8.de>
To: X86 ML <x86@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 0/5] x86/dumpstack: Cleanups and user opcode bytes Code: section
Date: Mon, 19 Feb 2018 21:28:21 +0100 [thread overview]
Message-ID: <20180219202826.19797-1-bp@alien8.de> (raw)
From: Borislav Petkov <bp@suse.de>
Hi,
so I've been thinking about doing this for a while now: be able to dump
the opcode bytes around the user rIP just like we do for kernel faults.
Why?
See patch 5's commit message. That's why I've marked it RFC.
The rest is cleanups: we're copying the opcodes byte-by-byte and that's
just wasteful.
Also, we're using probe_kernel_read() underneath and it does
__copy_from_user_inatomic() which makes copying user opcode bytes
trivial.
With that, it looks like this:
[ 696.837457] strsep[1733]: segfault at 40066b ip 00007fad558fccf8 sp 00007ffc5e662520 error 7 in libc-2.26.so[7fad55876000+1ad000]
[ 696.837538] Code: 1b 48 89 fd 48 89 df e8 77 99 f9 ff 48 01 d8 80 38 00 75 17 48 c7 45 00 00 00 00 00 48 83 c4 08 48 89 d8 5b 5d c3 0f 1f 44 00 00 <c6> 00 00 48 83 c0 01 48 89 45 00 48 83 c4 08 48 89 d8 5b 5d c3
and the code matches, as expected:
0000000000086cc0 <__strsep_g@@GLIBC_2.2.5>:
86cc0: 55 push %rbp
86cc1: 53 push %rbx
86cc2: 48 83 ec 08 sub $0x8,%rsp
86cc6: 48 8b 1f mov (%rdi),%rbx
86cc9: 48 85 db test %rbx,%rbx
86ccc: 74 1b je 86ce9 <__strsep_g@@GLIBC_2.2.5+0x29>
86cce: 48 89 fd mov %rdi,%rbp
86cd1: 48 89 df mov %rbx,%rdi
86cd4: e8 77 99 f9 ff callq 20650 <*ABS*+0x854e0@plt>
86cd9: 48 01 d8 add %rbx,%rax
86cdc: 80 38 00 cmpb $0x0,(%rax)
86cdf: 75 17 jne 86cf8 <__strsep_g@@GLIBC_2.2.5+0x38>
86ce1: 48 c7 45 00 00 00 00 movq $0x0,0x0(%rbp)
86ce8: 00
86ce9: 48 83 c4 08 add $0x8,%rsp
86ced: 48 89 d8 mov %rbx,%rax
86cf0: 5b pop %rbx
86cf1: 5d pop %rbp
86cf2: c3 retq
86cf3: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
86cf8: c6 00 00 movb $0x0,(%rax)
86cfb: 48 83 c0 01 add $0x1,%rax
86cff: 48 89 45 00 mov %rax,0x0(%rbp)
86d03: 48 83 c4 08 add $0x8,%rsp
86d07: 48 89 d8 mov %rbx,%rax
86d0a: 5b pop %rbx
86d0b: 5d pop %rbp
86d0c: c3 retq
Comments and suggestions are welcome!
Thx.
Borislav Petkov (5):
x86/dumpstack: Unify show_regs()
x86/dumpstack: Carve out Code: dumping into a function
x86/dumpstack: Improve opcodes dumping in the Code: section
x86/dumpstack: Add loglevel argument to show_opcodes()
x86/fault: Dump user opcode bytes on fatal faults
arch/x86/include/asm/stacktrace.h | 3 +-
arch/x86/kernel/dumpstack.c | 64 +++++++++++++++++++++++++++++++++++++--
arch/x86/kernel/dumpstack_32.c | 42 -------------------------
arch/x86/kernel/dumpstack_64.c | 42 -------------------------
arch/x86/mm/fault.c | 7 +++--
5 files changed, 68 insertions(+), 90 deletions(-)
--
2.13.0
next reply other threads:[~2018-02-19 20:30 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-19 20:28 Borislav Petkov [this message]
2018-02-19 20:28 ` [PATCH 1/5] x86/dumpstack: Unify show_regs() Borislav Petkov
2018-02-19 20:28 ` [PATCH 2/5] x86/dumpstack: Carve out Code: dumping into a function Borislav Petkov
2018-02-19 20:28 ` [PATCH 3/5] x86/dumpstack: Improve opcodes dumping in the Code: section Borislav Petkov
2018-02-19 22:02 ` Josh Poimboeuf
2018-02-19 20:28 ` [PATCH 4/5] x86/dumpstack: Add loglevel argument to show_opcodes() Borislav Petkov
2018-02-19 20:28 ` [RFC PATCH 5/5] x86/fault: Dump user opcode bytes on fatal faults Borislav Petkov
2018-02-20 19:14 ` [PATCH 0/5] x86/dumpstack: Cleanups and user opcode bytes Code: section Andy Lutomirski
2018-02-20 19:29 ` Josh Poimboeuf
2018-02-20 20:44 ` Borislav Petkov
2018-02-21 9:15 ` Ingo Molnar
2018-02-21 17:54 ` Borislav Petkov
2018-02-21 21:39 ` Linus Torvalds
2018-02-22 9:23 ` Peter Zijlstra
2018-02-22 18:42 ` Linus Torvalds
2018-02-23 15:22 ` Josh Poimboeuf
2018-02-23 20:12 ` Eric W. Biederman
2018-02-25 11:35 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180219202826.19797-1-bp@alien8.de \
--to=bp@alien8.de \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).