| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Nov 2020 15:44:32 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Segher Boessenkool <segher@...nel.crashing.org>
Cc: Florian Weimer <fw@...eb.enyo.de>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
linux-kernel <linux-kernel@...r.kernel.org>,
Matt Mullins <mmullins@...x.us>,
Ingo Molnar <mingo@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Dmitry Vyukov <dvyukov@...gle.com>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>,
netdev <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
linux-toolchains@...r.kernel.org
Subject: Re: violating function pointer signature
On Wed, 18 Nov 2020 13:48:37 -0600
Segher Boessenkool <segher@...nel.crashing.org> wrote:
> > With it_func being the func from the struct tracepoint_func, which is a
> > void pointer, it is typecast to the function that is defined by the
> > tracepoint. args is defined as the arguments that match the proto.
>
> If you have at most four or so args, what you wnat to do will work on
> all systems the kernel currently supports, as far as I can tell. It
> is not valid C, and none of the compilers have an extension for this
> either. But it will likely work.
Well, unfortunately, there's tracepoints with many more than 4 arguments. I
think there's one with up to 13!
>
> > The problem we are solving is on the removal case, if the memory is tight,
> > it is possible that the new array can not be allocated. But we must still
> > remove the called function. The idea in this case is to replace the
> > function saved with a stub. The above loop will call the stub and not the
> > removed function until another update happens.
> >
> > This thread is about how safe is it to call:
> >
> > void tp_stub_func(void) { return ; }
> >
> > instead of the function that was removed?
>
> Exactly as safe as calling a stub defined in asm. The undefined
> behaviour happens if your program has such a call, it doesn't matter
> how the called function is defined, it doesn't have to be C.
>
> > Thus, we are indeed calling that stub function from a call site that is not
> > using the same parameters.
> >
> > The question is, will this break?
>
> It is unlikely to break if you use just a few arguments, all of simple
> scalar types. Just hope you will never encounter a crazy ABI :-)
But in most cases, all the arguments are of scaler types, as anything else
is not recommended, because copying is always slower than just passing a
pointer, especially since it would need to be copied for every instance of
that loop. I could do an audit to see if there's any that exist, and perhaps
even add some static checker to make sure they don't.
-- Steve
Powered by blists - more mailing lists