| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Apr 2008 16:13:59 -0700
From: Jeremy Fitzhardinge <jeremy@...p.org>
To: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
CC: Linus Torvalds <torvalds@...ux-foundation.org>,
"H. Peter Anvin" <hpa@...or.com>, Andi Kleen <andi@...stfloor.org>,
Ingo Molnar <mingo@...e.hu>, Jiri Slaby <jirislaby@...il.com>,
David Miller <davem@...emloft.net>, zdenek.kabelac@...il.com,
rjw@...k.pl, paulmck@...ux.vnet.ibm.com, akpm@...ux-foundation.org,
linux-ext4@...r.kernel.org, herbert@...dor.apana.org.au,
penberg@...helsinki.fi, clameter@....com,
linux-kernel@...r.kernel.org, pageexec@...email.hu,
"Frank Ch. Eigler" <fche@...hat.com>, systemtap@...rces.redhat.com
Subject: Re: [PATCH 1/1] x86: fix text_poke
Mathieu Desnoyers wrote:
> This idea has been considered a few years ago at OLS in the tracing BOF
> if I remember well. The results were this : First, there is no way to
> guarantee that no code path, nor any return address from any function,
> interrupt, sleeping thread, will return to the "old" version of the
> function. Nor is it possible to determine when a quiescent state is
> reached. Therefore, we couldn't see how we can do the teardown.
>
Does that matter? The new function is semantically identical to the old
one, and the old code will remain in place. If there's still users in
the old function it may take a while for them to get flushed out (and
won't be traced in the meantime), but you have to expect some missed
events if you're shoving any kind of dynamic marker into the code. The
main problem is if there's something still depending on the first 5
bytes of the function (most likely if there's a loop head somewhere near
the top of the function).
Updating the markers would mean you'd leave a trail of old versions
hanging around as modules, but that's not a huge cost...
> The second point is dependency between execution flow and variables. If
> we don't do a complete copy of the variables (which I don't see how we
> can do atomically), we will have to share the variables between the old
> and the new copies of the functions. However, some variables might
> encode information about the execution flow of the program and depend on
> the actual address at which the code is linked (function pointers for
> instance). Stuff like "goto *addr" would also break.
>
Obviously you'd only pick up new callers of the function, which would
mean that they'd pick up the new versions of those function-local
things. Though you'd need to make sure that the new versions of the
function are using the old version's static variables...
>
> Then dealing with multiple code patching infrastructures (kprobes,
> alternatives, paravirt) would become hellish. If a kprobe is planted in
> the original version of the function, we have to insert it in the new
> version... and the teardown of the old function is still a problem.
>
The module machinery already deals with patching paravirt and
alternatives into loaded modules. Your bespoke module would get dealt
with like any other module.
J
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists