| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jan 2016 22:36:14 -0800 From: Andy Lutomirski <luto@...capital.net> To: Brian Gerst <brgerst@...il.com> Cc: Dan Williams <dan.j.williams@...el.com>, Borislav Petkov <bp@...en8.de>, X86 ML <x86@...nel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, Robert <elliott@....com>, Andrew Morton <akpm@...ux-foundation.org>, Tony Luck <tony.luck@...el.com>, Ingo Molnar <mingo@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-nvdimm <linux-nvdimm@...1.01.org> Subject: Re: [PATCH v8 1/3] x86: Expand exception table to allow new handling options On Jan 8, 2016 8:31 PM, "Brian Gerst" <brgerst@...il.com> wrote: > > On Fri, Jan 8, 2016 at 10:39 PM, Brian Gerst <brgerst@...il.com> wrote: > > On Fri, Jan 8, 2016 at 8:52 PM, Andy Lutomirski <luto@...capital.net> wrote: > >> On Fri, Jan 8, 2016 at 12:49 PM, Tony Luck <tony.luck@...el.com> wrote: > >>> Huge amounts of help from Andy Lutomirski and Borislav Petkov to > >>> produce this. Andy provided the inspiration to add classes to the > >>> exception table with a clever bit-squeezing trick, Boris pointed > >>> out how much cleaner it would all be if we just had a new field. > >>> > >>> Linus Torvalds blessed the expansion with: > >>> I'd rather not be clever in order to save just a tiny amount of space > >>> in the exception table, which isn't really criticial for anybody. > >>> > >>> The third field is a simple integer indexing into an array of handler > >>> functions (I thought it couldn't be a relative pointer like the other > >>> fields because a module may have its ex_table loaded more than 2GB away > >>> from the handler function - but that may not be actually true. But the > >>> integer is pretty flexible, we are only really using low two bits now). > >>> > >>> We start out with three handlers: > >>> > >>> 0: Legacy - just jumps the to fixup IP > >>> 1: Fault - provide the trap number in %ax to the fixup code > >>> 2: Cleaned up legacy for the uaccess error hack > >> > >> I think I preferred the relative function pointer approach. > >> > >> Also, I think it would be nicer if the machine check code would invoke > >> the handler regardless of which handler (or class) is selected. Then > >> the handlers that don't want to handle #MC can just reject them. > >> > >> Also, can you make the handlers return bool instead of int? > > > > I'm hashing up an idea that could eliminate alot of text in the .fixup > > section, but it needs the integer handler method to work. We have > > alot of fixup code that does "mov $-EFAULT, reg; jmp xxxx". If we > > encode the register in the third word, the handler can be generic and > > no fixup code for each user access would be needed. That would > > recover alot of the memory used by expanding the exception table. > > On second thought, this could still be implemented with a relative > function pointer. We'd just need a separate function for each > register. > If we could get gcc to play along (which, IIRC, it already can for __put_user), we can do much better with jump labels -- the fixup target would be a jump label. Even without that, how about using @cc? Do: clc mov whatever, wherever The fixup sets the carry flag and skips the faulting instruction (either by knowing the length or by decoding it), and the inline asm causes gcc to emit jc to the error logic. --Andy
Powered by blists - more mailing lists