| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jan 2010 15:53:03 -0500 From: Masami Hiramatsu <mhiramat@...hat.com> To: "H. Peter Anvin" <hpa@...or.com> CC: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>, Arjan van de Ven <arjan@...radead.org>, rostedt@...dmis.org, Jason Baron <jbaron@...hat.com>, linux-kernel@...r.kernel.org, mingo@...e.hu, tglx@...utronix.de, andi@...stfloor.org, roland@...hat.com, rth@...hat.com Subject: Re: [RFC PATCH 2/8] jump label v4 - x86: Introduce generic jump patching without stop_machine H. Peter Anvin wrote: > On 01/18/2010 08:52 AM, Mathieu Desnoyers wrote: >>> >>> This really doesn't make much sense to me. The whole basis for the int3 >>> scheme itself is that single-byte updates are atomic, so if single-byte >>> updates can't work -- and as I stated, we at Intel OTC currently believe >>> it safe -- then int3 can't work either. >> >> The additional characteristic of the int3 instruction (compared to the >> general case of a single-byte instruction) is that, when executed, it >> will trigger a trap, run a trap handler and return to the original code, >> typically with iret. This therefore implies that a serializing >> instruction is executed before returning to the instructions following >> the modification site when the breakpoint is hit. >> >> So I hand out to Intel's expertise the question of whether single-byte >> instruction modification is safe or not in the general case. I'm just >> pointing out that I can very well imagine an aggressive superscalar >> architecture for which pipeline structure would support single-byte int3 >> patching without any problem due to the implied serialization, but would >> not support the general-case single-byte modification due to its lack of >> serialization. >> > > This is utter and complete nonsense. You seem to think that everything > is guaranteed to hit the breakpoint, which is obviously false. > Furthermore, until you have done the serialization, you're not > guaranteed the *breakpoint* is seen, so you have the same condition. In that time frame, I guess that the processor sees non-modified instruction and executes it. Since we'll wait until serializing on each processor, I think it is OK for int3-bypass method. (Of course, this can depend on chip, it is possible that there is a chip which causes a fault when it has a cache-discarding signal on current- instruction decoding slot. That's also why we are asking this method is OK for x86 processors.) Thank you, -- Masami Hiramatsu Software Engineer Hitachi Computer Products (America), Inc. Software Solutions Division e-mail: mhiramat@...hat.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists