| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jul 2007 19:51:57 -0400 From: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: Andi Kleen <andi@...stfloor.org>, jbeulich@...ell.com, "S. P. Prasanna" <prasanna@...ibm.com>, linux-kernel@...r.kernel.org, patches@...-64.org, Zachary Amsden <zach@...are.com>, Chris Wright <chrisw@...s-sol.org>, Rusty Russell <rusty@...tcorp.com.au> Subject: Re: new text patching for review * Jeremy Fitzhardinge (jeremy@...p.org) wrote: > Andi Kleen wrote: > > Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> writes: > > > >> I see that IRQs are disabled in alternative_instructions(), but it does > >> not protect against NMIs, which could come at a very inappropriate > >> moment. MCE and SMIs would potentially cause the same kind of trouble. > >> > >> So unless you can guarantee that any code from NMI handler won't call > >> basic things such as get_cycles() (nor MCE, nor SMIs), you can't insure > >> it won't execute an illegal instruction. Also, the option of temporarily > >> disabling the NMI for the duration of the update simply adds unwanted > >> latency to the NMI handler which could be unacceptable in some setups. > >> > > > > Ok it's a fair point. But how would you address it ? > > > > Even if we IPIed the other CPUs NMIs or MCEs could still happen. > > > > BTW Jeremy, have you ever considered that problem with paravirt ops > > patching? > > > > I remember Zach was thinking about it when he was thinking of making vmi > a kernel module, but I don't think we discussed it with respect to the > current patching mechanism. Though he did discover that at one point > alternative_instructions() was being run with interrupts enabled, which > caused surprisingly few problems... > > But, yeah, it seems like it could be a problem. > > > - smp lock patching only ever changes a single byte (lock prefix) of > > a single instruction > > - kprobes only ever change a single byte > > > > For the immediate value patching it also cannot happen because > > you'll never modify multiple instructions and all immediate values > > can be changed atomically. > > > > Are misaligned/cross-cache-line updates atomic? > I align the "immediate values" within the mov instructions on multiples of the immediate value size so I can update it atomically. > J -- Mathieu Desnoyers Computer Engineering Ph.D. Student, Ecole Polytechnique de Montreal OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists