lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 6 Feb 2014 16:57:54 +0100
From:	Stephane Eranian <eranian@...gle.com>
To:	"Yan, Zheng" <zheng.z.yan@...el.com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Ingo Molnar <mingo@...nel.org>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	Andi Kleen <andi@...stfloor.org>
Subject: Re: [PATCH 14/14] perf, x86: Discard zero length call entries in LBR
 call stack

On Fri, Jan 3, 2014 at 6:48 AM, Yan, Zheng <zheng.z.yan@...el.com> wrote:
> "Zero length call" uses the attribute of the call instruction to push
> the immediate instruction pointer on to the stack and then pops off
> that address into a register. This is accomplished without any matching
> return instruction. It confuses the hardware and make the recorded call
> stack incorrect. Try fixing the call stack by discarding zero length
> call entries.
>
So on this one you're saying LBR_CALLSTACK will not pop the return in
this case. And therefore the call remains the in LBR register buffer. The
kernel can look for those and remove them because you can detect them
by the call encoding.

Reviewed-by: Stephane Eranian <eranian@...gle.com>
> Signed-off-by: Yan, Zheng <zheng.z.yan@...el.com>
> ---
>  arch/x86/kernel/cpu/perf_event_intel_lbr.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> index 08e3ba1..57bdd34 100644
> --- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> +++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> @@ -94,7 +94,8 @@ enum {
>         X86_BR_ABORT            = 1 << 12,/* transaction abort */
>         X86_BR_IN_TX            = 1 << 13,/* in transaction */
>         X86_BR_NO_TX            = 1 << 14,/* not in transaction */
> -       X86_BR_CALL_STACK       = 1 << 15,/* call stack */
> +       X86_BR_ZERO_CALL        = 1 << 15,/* zero length call */
> +       X86_BR_CALL_STACK       = 1 << 16,/* call stack */
>  };
>
>  #define X86_BR_PLM (X86_BR_USER | X86_BR_KERNEL)
> @@ -111,13 +112,15 @@ enum {
>          X86_BR_JMP      |\
>          X86_BR_IRQ      |\
>          X86_BR_ABORT    |\
> -        X86_BR_IND_CALL)
> +        X86_BR_IND_CALL |\
> +        X86_BR_ZERO_CALL)
>
>  #define X86_BR_ALL (X86_BR_PLM | X86_BR_ANY)
>
>  #define X86_BR_ANY_CALL                 \
>         (X86_BR_CALL            |\
>          X86_BR_IND_CALL        |\
> +        X86_BR_ZERO_CALL       |\
>          X86_BR_SYSCALL         |\
>          X86_BR_IRQ             |\
>          X86_BR_INT)
> @@ -652,6 +655,12 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
>                 ret = X86_BR_INT;
>                 break;
>         case 0xe8: /* call near rel */
> +               insn_get_immediate(&insn);
> +               if (insn.immediate1.value == 0) {
> +                       /* zero length call */
> +                       ret = X86_BR_ZERO_CALL;
> +                       break;
> +               }
>         case 0x9a: /* call far absolute */
>                 ret = X86_BR_CALL;
>                 break;
> --
> 1.8.4.2
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists