| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Sep 2006 12:40:36 -0700 From: Martin Bligh <mbligh@...gle.com> To: karim@...rsys.com CC: "Frank Ch. Eigler" <fche@...hat.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, prasanna@...ibm.com, Andrew Morton <akpm@...l.org>, Ingo Molnar <mingo@...e.hu>, Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>, Paul Mundt <lethal@...ux-sh.org>, linux-kernel <linux-kernel@...r.kernel.org>, Jes Sorensen <jes@....com>, Tom Zanussi <zanussi@...ibm.com>, Richard J Moore <richardj_moore@...ibm.com>, Michel Dagenais <michel.dagenais@...ymtl.ca>, Christoph Hellwig <hch@...radead.org>, Greg Kroah-Hartman <gregkh@...e.de>, Thomas Gleixner <tglx@...utronix.de>, William Cohen <wcohen@...hat.com>, ltt-dev@...fik.org, systemtap@...rces.redhat.com, Alan Cox <alan@...rguk.ukuu.org.uk>, Michael Davidson <md@...gle.com> Subject: Re: [PATCH] Linux Kernel Markers Karim Yaghmour wrote: > Martin Bligh wrote: > >>Do we even need the filler padding? I thought we could insert kprobes >>at the beginning of any function without that ... it was only a >>requirement for mid-function (sometimes). If we copy the whole function, >>we don't even need that any more ... >> >>if kprobes can do it, I don't see why djprobes can't ... after all, it >>just seems to use kprobes to insert a jump, AFAICS. > > > I guess I must not be explaining myself properly. > > The padding is for one purpose and one purpose only: having > a know-to-be-good location at the beginning of the > uninstrumented function for later using djprobes on. Once > you've got that, then you can indeed copy the entire > function and do whatever you want *without* using djprobes > or kprobes, but using direct calls. > > If you don't have the padding, then you might yourself in > a case where you're replacing bytes from multiple instructions > where something somewhere may have an IP within the replaced > range. And to get around that you have to pull a few magic > tricks *and* make a few assumptions. But if you replace a > 5 bytes instruction (or the equivalent as in Hiramatsu-san's > proposla) with another 5 bytes instruction, none of that is > needed and djprobes can be used *today* to do that. > > Using this, you've got an arguably non-existent penalty > for the function with the filler and a very fast jump to > the instrumented function. The best of both worlds > actually. > > Let me know if I'm still not being clear. You mean using the jump-over thing that was posted earlier? I thought the CPU erratas prevented doing that atomically properly. From my understanding of the last 24 hours discussion, it seemed like the ONLY thing we could do safely atomically was insert an int3. Which sucks, frankly, but still. Or are we talking about locking everyone in an NMI? Having proposed that, I now think it doesn't work ... we still return from it when it's done, and might be in the middle of the instruction stream we just crapped on. So, maybe I missed a bit of the conversation, or didn't understand it, but I was trying to follow it pretty closely. Even with the padding, I don't see how overwriting it is atomic ... they could be off processing an interrupt / NMI or whatever when you were in the midst of it. One thing Michael (cc'ed) pointed out was the possibility of using "jump to self" as a small marker instruction, where we set the function in busy wait at the start as we overwrite the next few, then overwrite the jump to selfs with a nop to liberate it again. But I'm unconvinced that gets around the CPU errata Alan was pointing to. M. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists