lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 Apr 2020 16:39:11 +0800
From:   "chengjian (D)" <cj.chengjian@...wei.com>
To:     Peter Zijlstra <peterz@...radead.org>
CC:     <andrew.murray@....com>, <bristot@...hat.com>,
        <jakub.kicinski@...ronome.com>, Kees Cook <keescook@...omium.org>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        "Xiexiuqi (Xie XiuQi)" <xiexiuqi@...wei.com>,
        Li Bin <huawei.libin@...wei.com>, <bobo.shaobowang@...wei.com>,
        "chengjian (D)" <cj.chengjian@...wei.com>
Subject: Re: Why is text_mutex used in jump_label_transform for x86_64


On 2020/3/20 18:27, Peter Zijlstra wrote:
> It depends on the architecture details of how self-modifying code works.
> In particular, x86 is a variable instruction length architecture and
> needs extreme care -- it's implementation requires there only be a
> single text modifier at any one time, hence the use of text_mutex.
>
> ARM64 OTOH is, like most RISC based architectures, a fixed width
> instruction architecture. And in particular it can re-write certain
> (branch) instructions with impunity (see their
> aarch64_insn_patch_text_nosync()). Which is why they don't need
> additional serialization.

Hi, Peter

Thank you very much for your reply.

X86 is a variable-length instruction, only one byte modification of the 
instruction
can be regarded as atomic. so we must be very careful when modifying 
instructions
concurrently.

For other architectures such as ARM64, the modification of some 
instructions can be
considered atomic, (Eg. nop -> jmp/b). The set of instructions that can 
be executed
by one thread of execution as they are being modified by another thread 
of execution
without requiring explicit synchronization.

In ARM64 Architecture Reference Manual, I find that:
     Concurrent modification and execution of instructions can lead to 
the resulting instruction performing any behavior
     that can be achieved by executing any sequence of instructions that 
can be executed from the same Exception level,
     except where each of the instruction before modification and the 
instruction after modification is one of a B, BL, BRK,
     HVC, ISB, NOP, SMC, or SVC instruction.
     For the B, BL, BRK, HVC, ISB, NOP, SMC, and SVC instructions the 
architecture guarantees that, after modification of the
     instruction, behavior is consistent with execution of either:
     • The instruction originally fetched.
     • A fetch of the modified instruction

So we can safely modify jump_label for ARM64(from NOP to b or form b to 
NOP).

Is my understanding correct?



Thank You

     -- Cheng Jian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ