lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Jan 2019 11:19:22 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Alexandre Chartre <alexandre.chartre@...cle.com>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Nadav Amit <namit@...are.com>, X86 ML <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Jason Baron <jbaron@...mai.com>, Jiri Kosina <jkosina@...e.cz>,
        David Laight <David.Laight@...LAB.COM>,
        Borislav Petkov <bp@...en8.de>,
        Julia Cartwright <julia@...com>, Jessica Yu <jeyu@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Edward Cree <ecree@...arflare.com>,
        Daniel Bristot de Oliveira <bristot@...hat.com>
Subject: Re: [PATCH v3 5/6] x86/alternative: Use a single access in
 text_poke() where possible

On Tue, 15 Jan 2019 12:10:19 +0100
Alexandre Chartre <alexandre.chartre@...cle.com> wrote:

> Thinking more about it (and I've probably missed something or I am just being
> totally stupid because this seems way too simple), can't we just replace the
> "call" with "push+jmp" and patch the jmp instruction?
> 
> Instead of having:
> 
>      call target
> 
> Have:
> 
>      push $done
> static_call:
>      jmp target
> done:

But how do you implement it? Inline assembly()? Then you need to be
able to do that for any type of function parameters (there will be
users that have 13 parameters!)

I believe people have mentioned having a gcc plugin that would do it
for us, which was one of the suggested solutions.

-- Steve

> 
> Then we can safely patch the "jmp" instruction to jump to a new target
> with text_poke_bp(), using the new target as the text_poke_bp() handler:
> 
>    new_jmp_code = opcode of "jmp new_target"
> 
>    text_poke_bp(static_call, new_jmp_code, new_jmp_code_size, new_target);
> 
> Problems come with patching a call instruction, but there's no issue with patching
> a jmp, no? (that's what jump labels do).
> 
> No change to the int3 handler, no thunk, this seems really too simple... :-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ