lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9b409d36-f265-e2d8-eafc-264e7dd0992c@oracle.com>
Date:   Tue, 15 Jan 2019 17:45:26 +0100
From:   Alexandre Chartre <alexandre.chartre@...cle.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Nadav Amit <namit@...are.com>, X86 ML <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Jason Baron <jbaron@...mai.com>, Jiri Kosina <jkosina@...e.cz>,
        David Laight <David.Laight@...LAB.COM>,
        Borislav Petkov <bp@...en8.de>,
        Julia Cartwright <julia@...com>, Jessica Yu <jeyu@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Edward Cree <ecree@...arflare.com>,
        Daniel Bristot de Oliveira <bristot@...hat.com>
Subject: Re: [PATCH v3 5/6] x86/alternative: Use a single access in
 text_poke() where possible


On 01/15/2019 05:19 PM, Steven Rostedt wrote:
> On Tue, 15 Jan 2019 12:10:19 +0100
> Alexandre Chartre <alexandre.chartre@...cle.com> wrote:
>
>> Thinking more about it (and I've probably missed something or I am just being
>> totally stupid because this seems way too simple), can't we just replace the
>> "call" with "push+jmp" and patch the jmp instruction?
>>
>> Instead of having:
>>
>>      call target
>>
>> Have:
>>
>>      push $done
>> static_call:
>>      jmp target
>> done:
>
> But how do you implement it? Inline assembly()? Then you need to be
> able to do that for any type of function parameters (there will be
> users that have 13 parameters!)
>
> I believe people have mentioned having a gcc plugin that would do it
> for us, which was one of the suggested solutions.
>

Ah okay, I think I get it now (hopefully; I probably lost track of the
discussion at some point), so Linus' latest proposal avoids the gcc
plugin by keeping the call as is, and deals with it in the int3 handler
+ thunk.

Thanks, and sorry for the noise.

alex.

>>
>> Then we can safely patch the "jmp" instruction to jump to a new target
>> with text_poke_bp(), using the new target as the text_poke_bp() handler:
>>
>>    new_jmp_code = opcode of "jmp new_target"
>>
>>    text_poke_bp(static_call, new_jmp_code, new_jmp_code_size, new_target);
>>
>> Problems come with patching a call instruction, but there's no issue with patching
>> a jmp, no? (that's what jump labels do).
>>
>> No change to the int3 handler, no thunk, this seems really too simple... :-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ