Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault

From: Mathieu Desnoyers
Date: Wed Jul 14 2010 - 14:12:29 EST

Next message: David Miller: "Re: Raise initial congestion window size / speedup slow start?"
Previous message: Borislav Petkov: "Re: [PATCH] enable readback to get HPET working on ATI SB4x00,kernel 2.6.35_rc5"
In reply to: Maciej W. Rozycki: "Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault"
Next in thread: Maciej W. Rozycki: "Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Maciej W. Rozycki (macro@xxxxxxxxxxxxxx) wrote:
> On Wed, 14 Jul 2010, Mathieu Desnoyers wrote:
>
> > This patch makes all faults, traps and exception safe to be called from NMI
> > context *except* single-stepping, which requires iret to restore the TF (trap
> > flag) and jump to the return address in a single instruction. Sorry, no kprobes
>
> Watch out for the RF flag too, that is not set correctly by POPFD -- that
> may be important for faulting instructions that also have a hardware
> breakpoint set at their address.
>
> > support in NMI handlers because of this limitation. This cannot be emulated
> > with popf/lret, because lret would be single-stepped. It does not apply to
> > "immediate values" because they do not use single-stepping. This code detects if
> > the TF flag is set and uses the iret path for single-stepping, even if it
> > reactivates NMIs prematurely.
>
> What about the VM flag for VM86 tasks? It cannot be changed by POPFD
> either.
>
> How about only using the special return path when a nested exception is
> about to return to the NMI handler? You'd avoid all the odd cases then
> that do not happen in the NMI context.

This is exactly what this patch does :-)

It selects the return path with

+ testl $NMI_MASK,TI_preempt_count(%ebp)
+ jz resume_kernel /* Not nested over NMI ? */

In addition, about int3 breakpoints use in the kernel, AFAIK the handler does
not explicitly set the RF flag, and the breakpoint instruction (int3) appears
not to set it. (from my understanding of Intel's
Intel Architecture Software Developerâs Manual Volume 3: System Programming
15.3.1.1. INSTRUCTION-BREAKPOINT EXCEPTION C)

So it should be safe to set a int3 breakpoint in a NMI handler with this patch.
It's just the "single-stepping" feature of kprobes which is problematic.
Luckily, only int3 is needed for code patching bypass.

Thanks,

Mathieu

--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: Raise initial congestion window size / speedup slow start?"
Previous message: Borislav Petkov: "Re: [PATCH] enable readback to get HPET working on ATI SB4x00,kernel 2.6.35_rc5"
In reply to: Maciej W. Rozycki: "Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault"
Next in thread: Maciej W. Rozycki: "Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]