lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1373492818.14604.75.camel@joe-AO722>
Date:	Wed, 10 Jul 2013 14:46:58 -0700
From:	Joe Perches <joe@...ches.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Jason Baron <jbaron@...hat.com>,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	Borislav Petkov <bpetkov@...e.de>, linux-kernel@...r.kernel.org
Subject: Re: [RFC] [PATCH 1/2 v2] x86: introduce int3-based instruction
 patching

On Wed, 2013-07-10 at 23:31 +0200, Jiri Kosina wrote:
> Introduce a method for run-time instrucntion patching on a live SMP kernel 
> based on int3 breakpoint, completely avoiding the need for stop_machine().

Yet more trivia:

instruction typo

> The way this is achieved:
> 
>         - add a int3 trap to the address that will be patched
>         - sync cores
>         - update all but the first byte of the patched range
>         - sync cores
>         - replalace the first byte (int3) by the first byte of

replace typo

> diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
[]
> +static int int3_notify(struct notifier_block *self, unsigned long val, void *data)
> +{
> +       struct die_args *args = data;
> +       struct pt_regs *regs = args->regs;
> +
> +       /* bp_patching_in_progress */
> +       smp_rmb();
> +
> +       if (likely(!bp_patching_in_progress))
> +               return NOTIFY_DONE;
> +
> +       /* we are not interested in non-int3 faults and ring > 0 faults */
> +       if (val != DIE_INT3 || !regs || user_mode_vm(regs)
> +                           || (unsigned long) bp_int3_addr != regs->ip)
> +               return NOTIFY_DONE;
> +
> +       /* set up the specified breakpoint handler */
> +       args->regs->ip = (unsigned long) bp_int3_handler;

Probably better to use regs->ip as that's what's used
in the test above.

I'd also change the test to order the regs->ip first

	if (val != DIE_INT3 || !regs || user_mode_vm(regs) ||
	    regs->ip != (unsigned long) bp_int3_addr)
		return NOTIFY_DONE;

	regs->ip = (unsigned long) bp_int3_handler;

> +/*
> + * text_poke_bp() -- update instructions on live kernel on SMP
> + * @addr:      address to patch
> + * @opcode:    opcode of new instruction
> + * @len:       length to copy
> + * @handler:   address to jump to when the temporary breakpoint is hit
> + *

kernel-doc?

> +
> + * Modify multi-byte instruction by using int3 breakpoint on SMP.
> + * In contrary to text_poke_smp(), we completely avoid stop_machine() here,
> + * and achieve the synchronization using int3 breakpoint.
> + *
> + * The way it is done:
> + *     - add a int3 trap to the address that will be patched
> + *     - sync cores
> + *     - update all but the first byte of the patched range
> + *     - sync cores
> + *     - replalace the first byte (int3) by the first byte of

same typo

> +       /*
> +        * corresponding read barrier in int3 notifier for
> +        * making sure the in_progress flags is correctly ordered wrt.
> +        * patching */

Some might care about the comment style.
	/*
	 * foo
	 */



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ