| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Mar 2007 18:37:49 -0400 From: Mathieu Desnoyers <compudj@...stal.dyndns.org> To: Masami Hiramatsu <hiramatu@....hitachi.co.jp>, linux-kernel@...r.kernel.org, systemtap@...rces.redhat.com, mbligh@...gle.com Subject: Djprobes questions Hi Masami, I recently had to add support for inline code patching on i386 to my marker infrastructure. Clearly, it looks like what is done in djprobes, with the main difference that I only patch the immediate value of a 2 bytes "load immediate" instruction. I think I found a solution to one of the main issues with djprobes : it currently has to wait for each CPU to hit the probe before being sure that it's safe to patch the code with something else than an int3. This is due to PIII errata 49, which says that a CPU much execute a serializing instruction before executing cross-modified code. Here is what I do : While I use a breakpoint to fall in a trap for the CPUs that hit the site currently being modified, I also send an IPI to all CPUs so they execute cpuid. Once it returns, I am sure that every CPU has executed a serializing instruction, which enables me to go on with the complete code modification, therefore removing the initial breakpoint. Here is my code : http://ltt.polymtl.ca/cgi-bin/gitweb.cgi?p=linux-2.6-lttng.git;a=blob;f=arch/i386/kernel/marker.c;h=89b06f02f0966685be260d6364a0dd94c3d14456;hb=v2.6.20-lttng (Comments are welcome) On a second note, looking at the djprobes code triggered some question in my mind about the safety of using a worker thread to "make sure" every interrupt context has returned (so there is no IP pointing into the modified code). The following scenario might be possible : an interrupt handler (or trap handler) reenables interrupts, does irq_exit() or nmi_exit() (which reenables preemption) but does not do iret yet. My understanding is that it could be scheduled and have a return IP pointing to the code that is being modified. Am I right ? Regards, Mathieu -- Mathieu Desnoyers Computer Engineering Ph.D. Student, Ecole Polytechnique de Montreal OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists