[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX

On Thu, Sep 05, 2019 at 08:54:17AM +0100, Andrew Cooper wrote:

> I don't know if you've spotted, but the prefix is a ud2a instruction
> followed by 'xen' in ascii.
>
> The KVM version was added in c/s 6c86eedc206dd1f9d37a2796faa8e6f2278215d2

While the Xen one disassebles to valid instructions, that KVM one does
not:

        .text
xen:
        ud2; .ascii "xen"
kvm:
        ud2; .ascii "kvm"

disassembles like:

0000000000000000 <xen>:
   0:   0f 0b                   ud2
   2:   78 65                   js     69 <kvm+0x64>
   4:   6e                      outsb  %ds:(%rsi),(%dx)
0000000000000005 <kvm>:
   5:   0f 0b                   ud2
   7:   6b                      .byte 0x6b
   8:   76 6d                   jbe    77 <kvm+0x72>

Which is a bit unfortunate I suppose. At least they don't appear to
consume further bytes.

I know it is water under the bridge at this point; but you could've used
UD1 with a displacement with some 'unlikely' values. That way it
would've decoded to a single instruction.

Something like:

        ud1    0x6e6578(%rax),%rax

which spells out "xen\0" in the displacement:

        48 0f b9 80 78 65 6e 00

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.