From: "jistone at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug runtime/17862] Kernel crash on module insertion: kernel tried to execute NX-protected page - exploit attempt
Date: Wed, 21 Jan 2015 18:04:00 -0000 [thread overview]
Message-ID: <bug-17862-6586-C33wbzKUjy@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-17862-6586@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17862
Josh Stone <jistone at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jistone at redhat dot com
--- Comment #5 from Josh Stone <jistone at redhat dot com> ---
My first guess is that this is the XOL page, execute-out-of-line for the
instruction replaced by a breakpoint. If the kernel uprobes didn't set the
permissions on that page properly, it would obviously fail.
Or even if the XOL page is correct, it could be that uprobes wrongly tried to
step through some branching instruction, jmp/call/ret, sending the RIP off into
the weeds.
Can you try to reproduce the same probes with perf? Something like:
perf probe -x /usr/sbin/ntpd receive
perf probe -x /usr/sbin/ntpd receive%return
perf probe -x /usr/sbin/ntpd configure
[etc.]
perf trace -e 'probe_ntpd:*'
--
You are receiving this mail because:
You are the assignee for the bug.
next prev parent reply other threads:[~2015-01-21 18:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-21 10:11 [Bug runtime/17862] New: Kernel crash during " izi at guardicore dot com
2015-01-21 10:12 ` [Bug runtime/17862] " izi at guardicore dot com
2015-01-21 10:12 ` izi at guardicore dot com
2015-01-21 10:13 ` [Bug runtime/17862] Kernel crash " izi at guardicore dot com
2015-01-21 13:38 ` izi at guardicore dot com
2015-01-21 13:38 ` izi at guardicore dot com
2015-01-21 14:47 ` dsmith at redhat dot com
2015-01-21 18:04 ` jistone at redhat dot com [this message]
2015-01-22 8:41 ` izi at guardicore dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-17862-6586-C33wbzKUjy@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=systemtap@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).