lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Jan 2019 14:31:35 -0600 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Nadav Amit <namit@...are.com>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, the arch/x86 maintainers <x86@...nel.org>, Linux List Kernel Mailing <linux-kernel@...r.kernel.org>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Steven Rostedt <rostedt@...dmis.org>, Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Masami Hiramatsu <mhiramat@...nel.org>, Jason Baron <jbaron@...mai.com>, Jiri Kosina <jkosina@...e.cz>, David Laight <David.Laight@...lab.com>, Borislav Petkov <bp@...en8.de>, Julia Cartwright <julia@...com>, Jessica Yu <jeyu@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Edward Cree <ecree@...arflare.com>, Daniel Bristot de Oliveira <bristot@...hat.com> Subject: Re: [PATCH v3 0/6] Static calls On Fri, Jan 11, 2019 at 12:12:30PM -0800, Linus Torvalds wrote: > On Fri, Jan 11, 2019 at 12:04 PM Josh Poimboeuf <jpoimboe@...hat.com> wrote: > > > > But really, to me, having to create and manage all those custom > > trampolines still feels a lot more complex than just making a gap on the > > stack. > > There are no "all those custom trampolines". > > There is literally *one* custom trampoline that you generate as you do > the rewriting. > > Well, two, since you need the version with the "sti" before the jmp. > > It would be possible to generate the custom trampoline on the fly in > the BP handler itself, and just have a magic flag for that case. But > it's probably simpler to do it in the caller, since you need to > generate that special writable and executable code sequence. You > probably don't want to do that at BP time. > > You probably want to use a FIX_TEXT_POKE2 page for the generated > sequence that just maps some generated code executably for a short > while. Or something like that. I was referring to the fact that a single static call key update will usually result in patching multiple call sites. But you're right, it's only 1-2 trampolines per text_poke_bp() invocation. Though eventually we may want to batch all the writes like what Daniel has proposed for jump labels, to reduce IPIs. Regardless, the trampoline management seems more complex to me. But it's easier to argue about actual code, so maybe I'll code it up to make it easier to compare solutions. -- Josh
Powered by blists - more mailing lists