Re: [PATCH 1/2] x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
From: Google
Date: Wed Sep 07 2022 - 11:22:41 EST
On Wed, 7 Sep 2022 16:27:59 +0200
Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> On Wed, Sep 07, 2022 at 11:14:50PM +0900, Masami Hiramatsu wrote:
> > On Wed, 7 Sep 2022 15:05:13 +0200
> > Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > > On Wed, Sep 07, 2022 at 10:02:41AM +0200, Peter Zijlstra wrote:
> > >
> > > > struct queue q;
> > > >
> > > > start = paddr - offset;
> > > > end = start + size;
> > > > push(&q, paddr - offset);
> > > >
> > > > while (start = pop(&q)) {
> > > > for_each_insn(&insn, start, end, buf) {
> > > > if (insn.kaddr == paddr)
> > > > return 1;
> > > >
> > > > target = insn_get_branch_addr(&insn);
> > > > if (target)
> > > > push(&q, target);
> > > >
> > > > if (dead_end_insn(&insn))
> > > > break;
> > > > }
> > > > }
> > >
> > > There is the very rare case of intra-function-calls; but I *think*
> > > they're all in noinstr/nokprobe code anyway.
> > >
> > > For instance we have RSB stuffing code like:
> > >
> > > .rept 16
> > > call 1f;
> > > int3
> > > 1:
> > > .endr
> > > add $(BITS_PER_LONG/8) * 16, %_ASM_SP
> > >
> > > And the proposed will be horribly confused by that. But like said; it
> > > should also never try and untangle it.
> >
> > Yeah, but I guess if we break the decoding (internal) loop when we
> > hit an INT3, it maybe possible to be handled?
>
> If you make insn_get_branch_addr() return the target of CALL
> instructions when this target is between function start and end, it
> should work I think.
Ah Indeed. Anyway, I would like to use INT3 as a stop instruction,
instread of checking dead_end_instruction. Is there any problem?
>
> But like said; this construct is rare and all instances I can remember
> should not be kprobes to begin with. These are all 'fun' things like
> retpoline stubs and the the above RSB stuff loop.
Agree. That should not appear on normal code.
Thank you,
--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>