Horn: Racing against the clock
source link: https://lwn.net/Articles/889183/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Horn: Racing against the clock
Luckily for us, the race window contains the first few memory accesses to the struct file; therefore, by making sure that the struct file is not present in the fastest CPU caches, we can widen the race window by as much time as the memory accesses take. The standard way to do this is to use an eviction pattern / eviction set; but instead we can also make the cache line dirty on another core.
(Log in to post comments)
Horn: Racing against the clock
Posted Mar 25, 2022 16:22 UTC (Fri) by tamiko (subscriber, #115350) [Link]
Intuitively one would always say that it is next to impossible to exploit thing like (in this case) "a race window of 12 instructions", or (from a while ago) "an out-of-bounds write of a single character NULL"... and one is consistently proven wrong. It seems that every bug can be turned into an exploitable security vulnerability with enough energy and dedication.
Horn: Racing against the clock
Posted Mar 25, 2022 17:47 UTC (Fri) by rgmoore (✭ supporter ✭, #75) [Link]
Intuitively one would always say that it is next to impossible to exploit
I think "next to impossible" is just another way of saying "possible but really hard". At the same time, there's a strong element of reduced expectations working in your favor trying to exploit something this small. If you can't exploit the next to impossible bug, nobody thinks anything of it; it was just a bug that was too tiny. If you can exploit it, people are impressed by your cleverness in exploiting such a tiny thing.
Horn: Racing against the clock
Posted Mar 25, 2022 20:44 UTC (Fri) by epa (subscriber, #39769) [Link]
In production systems, I dare say slowdown() woud be disabled, or restricted to the root user.
Horn: Racing against the clock
Posted Mar 25, 2022 23:36 UTC (Fri) by marcH (subscriber, #57642) [Link]
Concurrency is one of the most difficult things to deal with in C, so it should be easier to test than the rest, not harder.
Horn: Racing against the clock
Posted Mar 26, 2022 0:55 UTC (Sat) by cypherpunks2 (guest, #152408) [Link]
Horn: Racing against the clock
Posted Mar 26, 2022 5:00 UTC (Sat) by milesrout (subscriber, #126894) [Link]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK