| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Oct 2008 19:41:21 +0200 From: Ingo Molnar <mingo@...e.hu> To: Steven Rostedt <rostedt@...dmis.org> Cc: LKML <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Mathieu Desnoyers <compudj@...stal.dyndns.org>, Arjan van de Ven <arjan@...radead.org> Subject: Re: [PATCH 0/3] ring-buffer: less locking and only disable preemption * Ingo Molnar <mingo@...e.hu> wrote: > * Steven Rostedt <rostedt@...dmis.org> wrote: > > > The dynamic function tracer is another issue. The problem with NMIs > > has nothing to do with locking, or corrupting the buffers. It has to > > do with the dynamic code modification. Whenever we modify code, we > > must guarantee that it will not be executed on another CPU. > > > > Kstop_machine serves this purpose rather well. We can modify code > > without worrying it will be executed on another CPU, except for NMIs. > > The problem now comes where an NMI can come in and execute the code > > being modified. That's why I put in all the notrace, lines. But it > > gets difficult because of nmi_notifier can call all over the kernel. > > Perhaps, we can simply disable the nmi-notifier when we are doing the > > kstop_machine call? > > that would definitely be one way to reduce the cross section, but not > enough i'm afraid. For example in the nmi_watchdog=2 case we call into > various lapic functions and paravirt lapic handlers which makes it all > spread to 3-4 paravirtualization flavors ... > > sched_clock()'s notrace aspects were pretty manageable, but this in > its current form is not. there's a relatively simple method that would solve all these impact-size problems. We cannot stop NMIs (and MCEs, etc.), but we can make kernel code modifications atomic, by adding the following thin layer ontop of it: #define MAX_CODE_SIZE 10 int redo_len; u8 *redo_vaddr; u8 redo_buffer[MAX_CODE_SIZE]; atomic_t __read_mostly redo_pending; and use it in do_nmi(): if (unlikely(atomic_read(&redo_pending))) modify_code_redo(); i.e. when we modify code, we first fill in the redo_buffer[], redo_vaddr and redo_len[], then we set redo_pending flag. Then we modify the kernel code, and clear the redo_pending flag. If an NMI (or MCE) handler intervenes, it will notice the pending 'transaction' and will copy redo_buffer[] to the (redo_vaddr,len) location and will continue. So as far as non-maskable contexts are concerned, kernel code patching becomes an atomic operation. do_nmi() has to be marked notrace but that's all and easy to maintain. Hm? Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists