lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200604152537.GD3976@hirez.programming.kicks-ass.net>
Date:   Thu, 4 Jun 2020 17:25:37 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Marco Elver <elver@...gle.com>
Cc:     bp@...en8.de, tglx@...utronix.de, mingo@...nel.org,
        clang-built-linux@...glegroups.com, paulmck@...nel.org,
        dvyukov@...gle.com, glider@...gle.com, andreyknvl@...gle.com,
        kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org,
        x86@...nel.org
Subject: Re: [PATCH v2 1/2] kcov, objtool: Make runtime functions
 noinstr-compatible

On Thu, Jun 04, 2020 at 04:56:34PM +0200, Marco Elver wrote:
> While we lack a compiler attribute to add to noinstr that would disable
> KCOV, make the KCOV runtime functions return if the caller is in a
> noinstr section. We then whitelist __sanitizer_cov_*() functions in
> objtool.

> __sanitizer_cov_*() cannot safely become safe noinstr functions
> as-is, as they may fault due to accesses to vmalloc's memory.

I would feel very much better with those actually in noinstr, because
without it, there is nothing stopping us from adding a kprobe/hw-
breakpoint or other funny to the function.

Even if they almost instra-return, having a kprobe on the function entry
or condition check is enough to utterly wreck things.

So something like:

void noinstr __sanitizer_cov_trace_*(...)
{
	if (within_noinstr_section(ip))
		return;

	instrumentation_begin();
	write_comp_data(...);
	instrumentation_end();
}

Would make me feel a whole lot better.

> +static __always_inline bool in_noinstr_section(unsigned long ip)
> +{
> +	return (unsigned long)__noinstr_text_start <= ip &&
> +	       ip < (unsigned long)__noinstr_text_end;
> +}

.entry.text is also considered noinstr, although I suppose that all
being in .S files avoids it having annotations inserted, but perhaps a
comment?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ