lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180509113257.hl6frl424trdt2em@lakrids.cambridge.arm.com>
Date:   Wed, 9 May 2018 12:32:57 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Frederic Weisbecker <frederic@...nel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>, Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Yoshinori Sato <ysato@...rs.sourceforge.jp>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Chris Zankel <chris@...kel.net>,
        Paul Mackerras <paulus@...ba.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Will Deacon <will.deacon@....com>,
        Michael Ellerman <mpe@...erman.id.au>,
        Rich Felker <dalias@...c.org>, Ingo Molnar <mingo@...nel.org>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Max Filippov <jcmvbkbc@...il.com>
Subject: Re: [PATCH 4/9] arm: Split breakpoint validation into "check" and
 "commit"

On Tue, May 08, 2018 at 12:13:23PM +0100, Mark Rutland wrote:
> Hi Frederick,
> 
> On Sun, May 06, 2018 at 09:19:50PM +0200, Frederic Weisbecker wrote:
> > The breakpoint code mixes up attribute check and commit into a single
> > code entity. Therefore the validation may return an error due to
> > incorrect atributes while still leaving halfway modified architecture
> > breakpoint struct.
> > 
> > Prepare fox fixing this misdesign and separate both logics.
> 
> Could you elaborate on what the problem is? I would have expected that
> when arch_build_bp_info() returns an error code, we wouldn't
> subsequently use the arch_hw_breakpoint information. Where does that
> happen?

>From digging, I now see that this is a problem when
modify_user_hw_breakpoint() is called on an existing breakpoint. It
would be nice to mention that in the commit message.

> I also see that the check and commit hooks have to duplicate a
> reasonable amount of logic, e.g. the switch on bp->attr.type. Can we
> instead refactor the existing arch_build_bp_info() hooks to use a
> temporary arch_hw_breakpoint, and then struct assign it after all the
> error cases, > e.g.
> 
> static int arch_build_bp_info(struct perf_event *bp)
> {
> 	struct arch_hw_breakpoint hbp;
> 	
> 	if (some_condition(bp))
> 		hbp->field = 0xf00;
> 
> 	switch (bp->attr.type) {
> 	case FOO:
> 		return -EINVAL;
> 	case BAR:
> 		hbp->other_field = 7;
> 		break;
> 	};
> 
> 	if (failure_case(foo))
> 		return err;
> 	
> 	*counter_arch_bp(bp) = hbp;
> }
> 
> ... or is that also problematic?

IIUC, this *would* work, but it is a little opaque.

Perhaps we could explicitly pass the temporary arch_hw_breakpoint in,
and have the core code struct-assign it after checking for errors?

Thanks,
Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ