| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jan 2010 10:50:36 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> CC: Masami Hiramatsu <mhiramat@...hat.com>, Arjan van de Ven <arjan@...radead.org>, rostedt@...dmis.org, Jason Baron <jbaron@...hat.com>, linux-kernel@...r.kernel.org, mingo@...e.hu, tglx@...utronix.de, andi@...stfloor.org, roland@...hat.com, rth@...hat.com Subject: Re: [RFC PATCH 2/8] jump label v4 - x86: Introduce generic jump patching without stop_machine On 01/18/2010 08:52 AM, Mathieu Desnoyers wrote: >> >> This really doesn't make much sense to me. The whole basis for the int3 >> scheme itself is that single-byte updates are atomic, so if single-byte >> updates can't work -- and as I stated, we at Intel OTC currently believe >> it safe -- then int3 can't work either. > > The additional characteristic of the int3 instruction (compared to the > general case of a single-byte instruction) is that, when executed, it > will trigger a trap, run a trap handler and return to the original code, > typically with iret. This therefore implies that a serializing > instruction is executed before returning to the instructions following > the modification site when the breakpoint is hit. > > So I hand out to Intel's expertise the question of whether single-byte > instruction modification is safe or not in the general case. I'm just > pointing out that I can very well imagine an aggressive superscalar > architecture for which pipeline structure would support single-byte int3 > patching without any problem due to the implied serialization, but would > not support the general-case single-byte modification due to its lack of > serialization. > This is utter and complete nonsense. You seem to think that everything is guaranteed to hit the breakpoint, which is obviously false. Furthermore, until you have done the serialization, you're not guaranteed the *breakpoint* is seen, so you have the same condition. > As we might have to port this algorithm to Itanium in a near future, I > prefer to stay on the safe side. Intel's "by the book" recommendation is > more or less that a serializing instruction must be executed on all CPUs > before new code is executed, without mention of single-vs-multi byte > instructions. The int3-based bypass follows this requirement, but the > single-byte code patching does not. > > Unless there is a visible performance gain to special-case the > single-byte instruction, I would recommend to stick to the safest > solution, which follows Intel "official" guide-lines too. No, it doesn't. The only thing that follows the "official" guidelines is stop_machine. As far as other architectures are concerned, other architectures can have very different and much stricter rules for I/D coherence. Trying to extrapolate from the x86 rules is aggravated insanity. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists