lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jan 2010 15:33:21 +0200 From: Avi Kivity <avi@...hat.com> To: Peter Zijlstra <peterz@...radead.org> CC: ananth@...ibm.com, Jim Keniston <jkenisto@...ibm.com>, Srikar Dronamraju <srikar@...ux.vnet.ibm.com>, Ingo Molnar <mingo@...e.hu>, Arnaldo Carvalho de Melo <acme@...radead.org>, utrace-devel <utrace-devel@...hat.com>, Frederic Weisbecker <fweisbec@...il.com>, Masami Hiramatsu <mhiramat@...hat.com>, Maneesh Soni <maneesh@...ibm.com>, Mark Wielaard <mjw@...hat.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC] [PATCH 1/7] User Space Breakpoint Assistance Layer (UBP) On 01/18/2010 03:15 PM, Peter Zijlstra wrote: > On Mon, 2010-01-18 at 14:37 +0200, Avi Kivity wrote: > >> On 01/18/2010 02:14 PM, Peter Zijlstra wrote: >> >>> >>>> Well, the alternatives are very unappealing. Emulation and >>>> single-stepping are going to be very slow compared to a couple of jumps. >>>> >>>> >>> With CPL2 or RPL on user segments the protection issue seems to be >>> manageable for running the instructions from kernel space. >>> >>> >> CPL2 gives unrestricted access to the kernel address space; and RPL does >> not affect page level protection. Segment limits don't work on x86-64. >> But perhaps I missed something - these things are tricky. >> > So setting RPL to 3 on the user segments allows access to kernel pages > just fine? How useful.. :/ > The further we stay away from segmentation, the better. Thankfully AMD removed hardware task switching from x86-64 so we can't even think about that. >> It should be possible to translate the instruction into an address space >> check, followed by the action, but that's still slower due to privilege >> level switches. >> > Well, if you manage to do the address validation you don't need the priv > level switch anymore, right? > Right. > Are the ins encodings sane enough to recognize mem parameters without > needing to know the actual ins? > No. You need to know whether the instruction accesses memory or not. Look at the tables at the beginning of arch/x86/kvm/emulate.c. Opcodes marked with ModRM, BitOp, MemAbs, String, Stack are all different styles of memory instructions. You need to know the operand size for the edge cases. And there are probably a few special cases in the code. > How about using a hw-breakpoint to close the gap for the inline single > step? You could even re-insert the int3 lazily when you need the > hw-breakpoint again. It would consume one hw-breakpoint register for > each task/cpu that has probes though.. > If you have more than four threads, it breaks, no? And you need an IPI each time you hit the breakpoint. Ultimately I'd like to see the breakpoint avoided as well, use a jump to the XOL area and trace in ~20 cycles instead of ~1000. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists