This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.

From: Stefan Liebler <stli at linux dot vnet dot ibm dot com>
To: libc-alpha at sourceware dot org
Date: Tue, 17 Jan 2017 16:28:25 +0100
Subject: Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.
Authentication-results: sourceware.org; auth=none
References: <1481032315-12420-1-git-send-email-stli@linux.vnet.ibm.com> <1481032315-12420-2-git-send-email-stli@linux.vnet.ibm.com> <1484066072.5606.219.camel@redhat.com> <c8041b4f-f7b4-f3a7-18b5-46833eb4e9b3@redhat.com>

On 01/12/2017 04:45 PM, Florian Weimer wrote:

On 01/10/2017 05:34 PM, Torvald Riegel wrote:

(2) This introduces a facility to probe memory for being accessible or
not, considering that you say it masks segfaults.  It seems that this
probing may not be visible to the same extent as possible if a signal
handler were installed.  Is this relevant from a security perspective?


If the fallback implementation has essentially the same behavior, I
don't think there is a transaction-specific security problem.

One thing to check is if anything in the transaction memory code writes
unprotected function pointers/code addresses to memory.  I'm not
familiar with z Systems machine code, so I don't know if that's the case.

For example, it would be problematic to store the address of the
transaction abort handler in a TLS variable.


The first tbegin instruction starts transactional execution mode.
Then the Transaction-Abort PSW is set to the instruction after the

tbegin instruction. If this transaction or multiple nested transactionsare aborted, the instruction in Transaction-Abort PSW (after theoutermost tbegin) is executed and the condition code set to 1-3.

The code behind tbegin has to determine what to do next.
There is no instruction to extract Transaction-Abort PSW.

+               /* Begin transaction: save all gprs, allow    \
+                  ar modification and fp operations.  Some    \
+                  program-interruptions (e.g. a null    \
+                  pointer access) are filtered and the    \
+                  trancsaction will abort.  In this case    \


Typo: “transaction”

okay.


Thanks,
Florian

I've attached the diff here and will later make one patch with changelogfor this and the other two patches.

diff --git a/sysdeps/unix/sysv/linux/s390/htm.h b/sysdeps/unix/sysv/linux/s390/htm.h
index 32d5a88..af7144f 100644
--- a/sysdeps/unix/sysv/linux/s390/htm.h
+++ b/sysdeps/unix/sysv/linux/s390/htm.h
@@ -119,7 +119,7 @@
 			      ar modification and fp operations.  Some	\
 			      program-interruptions (e.g. a null	\
 			      pointer access) are filtered and the	\
-			      trancsaction will abort.  In this case	\
+			      transaction will abort.  In this case	\
 			      the normal lock path will execute it	\
 			      again and result in a core dump wich does	\
 			      now show at tbegin but the real executed	\

References:
- Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.
  - From: Torvald Riegel
- Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]