This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.
- From: Florian Weimer <fweimer at redhat dot com>
- To: Torvald Riegel <triegel at redhat dot com>, Stefan Liebler <stli at linux dot vnet dot ibm dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 12 Jan 2017 16:45:51 +0100
- Subject: Re: [PATCH 2/4] S390: Use own tbegin macro instead of __builtin_tbegin.
- Authentication-results: sourceware.org; auth=none
- References: <1481032315-12420-1-git-send-email-stli@linux.vnet.ibm.com> <1481032315-12420-2-git-send-email-stli@linux.vnet.ibm.com> <1484066072.5606.219.camel@redhat.com>
On 01/10/2017 05:34 PM, Torvald Riegel wrote:
(2) This introduces a facility to probe memory for being accessible or
not, considering that you say it masks segfaults. It seems that this
probing may not be visible to the same extent as possible if a signal
handler were installed. Is this relevant from a security perspective?
If the fallback implementation has essentially the same behavior, I
don't think there is a transaction-specific security problem.
One thing to check is if anything in the transaction memory code writes
unprotected function pointers/code addresses to memory. I'm not
familiar with z Systems machine code, so I don't know if that's the case.
For example, it would be problematic to store the address of the
transaction abort handler in a TLS variable.
+ /* Begin transaction: save all gprs, allow \
+ ar modification and fp operations. Some \
+ program-interruptions (e.g. a null \
+ pointer access) are filtered and the \
+ trancsaction will abort. In this case \
Typo: “transaction”
Thanks,
Florian