| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrUEd318CGdVy6XKNkmj9EUdinEO7d_zBDwFNhzGOpUrkg@mail.gmail.com> Date: Wed, 10 Jun 2015 12:38:32 -0700 From: Andy Lutomirski <luto@...capital.net> To: Josh Poimboeuf <jpoimboe@...hat.com> Cc: Andi Kleen <andi@...stfloor.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Michal Marek <mmarek@...e.cz>, Peter Zijlstra <peterz@...radead.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>, Linus Torvalds <torvalds@...ux-foundation.org>, X86 ML <x86@...nel.org>, live-patching@...r.kernel.org, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v5 00/10] x86/asm: Compile-time asm code validation On Wed, Jun 10, 2015 at 12:36 PM, Josh Poimboeuf <jpoimboe@...hat.com> wrote: > On Wed, Jun 10, 2015 at 11:40:06AM -0700, Andi Kleen wrote: >> Josh Poimboeuf <jpoimboe@...hat.com> writes: >> >> > On Wed, Jun 10, 2015 at 05:04:12PM +0200, Andi Kleen wrote: >> >> > > > - duplicate the destination code inside the function >> >> > > > - convert the jump to a call >> >> > > >> >> > > That all won't work for a lot of cases. >> >> > >> >> > Hm, could you give an example? >> >> >> >> Just a standard *_user exception handler. >> > >> > I'm afraid I don't follow. Exception handlers don't work via jump >> > instructions, but rather via CPU exceptions. >> > >> > Or are you talking about something else? >> >> Let's take an example: >> >> 102: >> .section .fixup,"ax" >> 103: addl %ecx,%edx /* ecx is zerorest also */ >> jmp copy_user_handle_tail >> .previous >> >> _ASM_EXTABLE(100b,103b) >> _ASM_EXTABLE(101b,103b) >> >> The exception handling code is part of the function, but it's out of line. > > The jump instruction is in the .fixup section, not in the callable > function itself. So it doesn't violate the asmvalidate rules. It still won't unwind correctly unless .pushsection somehow magically propagates CFI state. (Does it?) > >> > Are you suggesting that we implement this gcc optimization in kernel asm >> > code? >> >> It was how Linux traditionally implemented locking code for example. >> Have the hot path handle the uncontended fast path, and the slow path >> call. >> >> I don't know if there is much left of it (a lot of it was removed because >> it was hard to describe in dwarf3, needs dwarf4). But it seems bad >> to completely disallow it. >> >> But yes eventually gcc generated code should use it again, because it's >> great for icache usage if you measure it correctly at run time >> (not the broken "size" approach that is unfortunately far too common) > > This patch set has no relationship to gcc generated code whatsoever. So > it doesn't disallow anything there. > > For kernel asm code, AFAIK, such a mechanism for hot/cold path > separation in separate sections doesn't exist today. So it's not > "disallowed" there either. It's just apparently not currently done. > > If somebody were to create such a mechanism, I think we could > standardize it in such a way that it could be compatible with > asmvalidate. Hopefully true. The entry code is full of tail calls, though. --Andy > > -- > Josh -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists