lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Sep 2006 11:01:46 -0700
From:	Martin Bligh <mbligh@...gle.com>
To:	Mathieu Desnoyers <compudj@...stal.dyndns.org>
CC:	prasanna@...ibm.com, Andrew Morton <akpm@...l.org>,
	"Frank Ch. Eigler" <fche@...hat.com>, Ingo Molnar <mingo@...e.hu>,
	Paul Mundt <lethal@...ux-sh.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Jes Sorensen <jes@....com>, Tom Zanussi <zanussi@...ibm.com>,
	Richard J Moore <richardj_moore@...ibm.com>,
	Michel Dagenais <michel.dagenais@...ymtl.ca>,
	Christoph Hellwig <hch@...radead.org>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	William Cohen <wcohen@...hat.com>, ltt-dev@...fik.org,
	systemtap@...rces.redhat.com, Alan Cox <alan@...rguk.ukuu.org.uk>
Subject: Re: [PATCH] Linux Kernel Markers

Mathieu Desnoyers wrote:
> * Martin Bligh (mbligh@...gle.com) wrote:
> 
>>How about we combine all three ideas together ...
>>
>>1. Load modified copy of the function in question.
>>2. overwrite the first instruction of the routine with an int3 that
>>does what you say (atomically)
>>3. Then overwrite the second instruction with a jump that's faster
>>4. Now atomically overwrite the int3 with a nop, and let the jump
>>take over.
>>
> 
> 
> Very good idea.. However, overwriting the second instruction with a jump could
> be dangerous on preemptible and SMP kernels, because we never know if a thread
> has an IP in any of its contexts that would return exactly at the middle of the
> jump. I think it would be doable to overwrite a 5+ bytes instruction with a NOP
> non-atomically in all cases, but as the instructions nin the prologue seems to
> be smaller :
> 
> prologue on x86
>    0:   55                      push   %ebp
>    1:   89 e5                   mov    %esp,%ebp
> epilogue on x86
>    3:   5d                      pop    %ebp
>    4:   c3                      ret
> 
> Then is can be a problem. Ideas are welcome.

Ugh, yes that's somewhat problematic. It does seem rather unlikely that
there's a function call in the function prologue when we're busy 
offloading stuff onto the stack, but still ...

For the cases where we're prepared to overwrite the call instruction in
the caller, rather than insert an extra jump in the callee, can we not
do that atomically by overwriting the address we're jumping to (the
call is obviously there already)? Doesn't fix function pointers, etc,
but might work well for the simple case at least.

M.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ