lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200403143745.GQ20730@hirez.programming.kicks-ass.net>
Date:   Fri, 3 Apr 2020 16:37:45 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Julien Thierry <jthierry@...hat.com>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Alexandre Chartre <alexandre.chartre@...cle.com>,
        x86@...nel.org, linux-kernel@...r.kernel.org, tglx@...utronix.de
Subject: Re: [PATCH 3/7] objtool: Add support for intra-function calls

On Fri, Apr 03, 2020 at 01:49:24PM +0100, Julien Thierry wrote:
> 
> 
> On 4/3/20 1:41 PM, Peter Zijlstra wrote:
> > On Fri, Apr 03, 2020 at 09:01:38AM +0100, Julien Thierry wrote:
> > > 
> > > Last I found is in qcom_link_stack_sanitization() [2], but that's just a
> > > workaround for a very specific hardware. In my local tree I just put the
> > > function as STACK_FRAME_NON_STANDARD. But the code just saves the return
> > > address, has 16 call instructions that just call the instruction after them,
> > > restores the return address and lets the C-function return normally (and it
> > > somehow fixes something for that hardware).
> > > 
> > That sounds very much like the RSB flushing we do.
> > 
> 
> Yes, the piece of code you posted reminded me of this. The difference is
> that the RSB part uses a loop and counter while the qcom thing has a fixed
> amount of call instructions (which can make things easier for static
> analysis, if we'd really want to go down that road).

We have different depth RSBs for the various uarchs which is what
necessitates the counter. That is, we could always do the max size (32
IIRC) but then, it's expensive and people already complain etc.. etc..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ