This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.


On Thu, 2017-01-12 at 16:45 +0100, Florian Weimer wrote:
> On 01/10/2017 05:34 PM, Torvald Riegel wrote:
> 
> > (2) This introduces a facility to probe memory for being accessible or
> > not, considering that you say it masks segfaults.  It seems that this
> > probing may not be visible to the same extent as possible if a signal
> > handler were installed.  Is this relevant from a security perspective?
> 
> If the fallback implementation has essentially the same behavior, I 
> don't think there is a transaction-specific security problem.

We don't know what the fallback implementation in the user code does.
It can detect whether it is running in a HW transaction and run
different code depending on that.

There are different approaches to what HTMs do when transactions run
into segfaults and the like.  IIRC, Intel masks them all, so
transactions aborts before the segfault "materializes".  AMD's old ASF
proposal did not mask segfaults (or normal faults).

I'm not quite sure whether the amount of probing that you could do with
this patch on s390 would be substantially different than what would be
possible on Intel's RTM (or our lock elision implementation for TSX).


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]