| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Aug 2012 23:59:10 +0100 From: "Dr. David Alan Gilbert" <dave@...blig.org> To: Andrea Arcangeli <aarcange@...hat.com> Cc: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Hugh Dickins <hughd@...gle.com>, Peter Zijlstra <peterz@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Rik van Riel <riel@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, Nick Piggin <npiggin@...nel.dk>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org Subject: Re: [RFC] page-table walkers vs memory order * Andrea Arcangeli (aarcange@...hat.com) wrote: > On Sat, Aug 04, 2012 at 03:02:45PM -0700, Paul E. McKenney wrote: > > OK, I'll bite. ;-) > > :)) > > > The most sane way for this to happen is with feedback-driven techniques > > involving profiling, similar to what is done for basic-block reordering > > or branch prediction. The idea is that you compile the kernel in an > > as-yet (and thankfully) mythical pointer-profiling mode, which records > > the values of pointer loads and also measures the pointer-load latency. > > If a situation is found where a given pointer almost always has the > > same value but has high load latency (for example, is almost always a > > high-latency cache miss), this fact is recorded and fed back into a > > subsequent kernel build. This subsequent kernel build might choose to > > speculate the value of the pointer concurrently with the pointer load. > > > > And of course, when interpreting the phrase "most sane way" at the > > beginning of the prior paragraph, it would probably be wise to keep > > in mind who wrote it. And that "most sane way" might have little or > > no resemblance to anything that typical kernel hackers would consider > > anywhere near sanity. ;-) > > I see. The above scenario is sure fair enough assumption. We're > clearly stretching the constraints to see what is theoretically > possible and this is a very clear explanation of how gcc could have an > hardcoded "guessed" address in the .text. > > Next step to clearify now, is how gcc can safely dereference such a > "guessed" address without the kernel knowing about it. > > If gcc would really dereference a guessed address coming from a > profiling run without kernel being aware of it, it would eventually > crash the kernel with an oops. gcc cannot know what another CPU will > do with the kernel pagetables. It'd be perfectly legitimate to > temporarily move the data at the "guessed address" to another page and > to update the pointer through stop_cpu during some weird "cpu > offlining scenario" or anything you can imagine. I mean gcc must > behave in all cases so it's not allowed to deference the guessed > address at any given time. A compiler could decide to dereference it using a non-faulting load, do the calculations or whatever on the returned value of the non-faulting load, and then check whether the load actually faulted, and whether the address matched the prediction before it did a store based on it's guess. Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ gro.gilbert @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists