Jann thejh
thejh
/ spec_test.c
Last active
March 3, 2024 09:01
testing making misspeculated NULL derefs less page-walky (tested on Tiger Lake)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # perf stat -e task-clock:u -e cycles:u -e instructions:u -e branches:u -e branch-misses:u -e dTLB-loads:u -e dTLB-load-misses:u -e dtlb_load_misses.walk_active:u ./spec_test map | |
| Performance counter stats for './spec_test map': | |
| 1,150.38 msec task-clock:u # 1.000 CPUs utilized | |
| 5,370,185,772 cycles:u # 4.668 GHz | |
| 1,331,717,669 instructions:u # 0.25 insn per cycle | |
| 307,326,910 branches:u # 267.153 M/sec | |
| 102,502,300 branch-misses:u # 33.35% of all branches | |
| 102,427,183 dTLB-loads # 89.038 M/sec |
thejh
/ memtester-badram-offline-hack.diff
Last active
February 5, 2023 20:47
memtester (https://pyropus.ca./software/memtester/) hack for disabling bad RAM until next reboot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- memtester-orig/memtester-4.3.0/tests.c 2012-06-09 23:45:22.000000000 +0200 | |
| +++ memtester-4.3.0/tests.c 2018-06-24 18:08:03.194020598 +0200 | |
| @@ -11,14 +11,17 @@ | |
| * This file contains the functions for the actual tests, called from the | |
| * main routine in memtester.c. See other comments in that file. | |
| * | |
| */ | |
| +#define _GNU_SOURCE | |
| #include <sys/types.h> |
thejh
/ gist:38cbe890f83975640a823b3278ade2f6
Created
February 24, 2020 23:27
poppler pdftoppm syscalls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~/tmp/pdf$ cat localtime_hack.c | |
| #include <time.h> | |
| __attribute__((constructor)) static void localtime_hack(void) { | |
| time_t t = {0}; | |
| localtime(&t); | |
| } | |
| ~/tmp/pdf$ gcc -shared -fPIC -o localtime_hack.so localtime_hack.c | |
| ~/tmp/pdf$ LD_BIND_NOW=1 LD_PRELOAD=./localtime_hack.so strace -f -e trace='!write,pread64,brk' pdftoppm test.pdf test.png 2>&1 | grep -A10000000 'open.*test\.pdf' | |
| openat(AT_FDCWD, "test.pdf", O_RDONLY) = 3 |
thejh
/ 0001-objtool-Handle-multiply-referenced-and-out-of-order-.patch
Created
July 11, 2019 21:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 0bc2bc09d4c23cc5b48cea4bc2fb926a1fa72598 Mon Sep 17 00:00:00 2001 | |
| From: Jann Horn <jannh@google.com> | |
| Date: Fri, 12 Apr 2019 16:13:30 +0200 | |
| Subject: [PATCH] objtool: Handle multiply-referenced and | |
| out-of-order-referenced jump tables | |
| With clang from git master, code can be generated where a function contains | |
| two indirect jump instructions that use the same switch table. To deal with | |
| this case and similar ones properly, convert the switch table parsing to | |
| use two passes: |
thejh
/ gist:c91f9b4e3cc4c58659bb3cd056c4fa40
Created
August 24, 2018 23:45
overzealous kasan stack fixup patch (completely untested)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | |
| index 957dfb693ecc..251ed2ca3f04 100644 | |
| --- a/arch/x86/entry/entry_64.S | |
| +++ b/arch/x86/entry/entry_64.S | |
| @@ -1673,9 +1673,26 @@ ENTRY(rewind_stack_do_exit) | |
| /* Prevent any naive code from trying to unwind to our caller. */ | |
| xorl %ebp, %ebp | |
| + movq %rdi, %r14 | |
| + |
thejh
/ gdb-anaheap.py
Created
July 29, 2018 20:11
GDB script for checking memory usage of completely unused pages in free glibc malloc chunks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import struct | |
| # flags are encoded into chunk size | |
| FLAGS_MASK = 0x7 | |
| PAGEMAP_PRESENT = 1<<63 | |
| PAGEMAP_SWAPPED = 1<<62 | |
| main_arena = gdb.parse_and_eval('&main_arena') | |
| bins_per_arena = int(gdb.parse_and_eval( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // small stack memory usage experiment | |
| // written by Jann Horn | |
| #include <stdint.h> | |
| #include <sys/ptrace.h> | |
| #include <sys/user.h> | |
| #include <fcntl.h> | |
| #include <err.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> |
thejh
/ gist:b8be219d48084630ec0aed41ee71aee2
Created
May 4, 2017 12:45
64-bit Xen PV guest pagetables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x0 Twux 0x7aa7000 | |
| 0x0 Twux 0x8b4bf000 | |
| 0x400000 Twux 0x77c9000 | |
| 0x400000 P-ux 0x11f46000 | |
| 0x600000 Twux 0x72da000 | |
| 0x600000 P-u- 0x11f47000L | |
| 0x601000 Pwu- 0x11ec8000L | |
| 0x1e00000 Twux 0x79fb000 | |
| 0x1f13000 Pwu- 0x11f7a000L | |
| 0x1f14000 Pwu- 0x11f7b000L |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./perf_sample_regs_intr_demo | |
| data_head is at ff0 | |
| rax=0xffffffffffffffff rbp=0x7ffc9ec04170 rsp=0x7ffc9ec040b8 rip=0x4005b0 | |
| rax=0xfffffffffffffff7 rbp=0xffffa5fc43efff48 rsp=0xffffa5fc43efff28 rip=0xffffffff97c55f1d | |
| rax=0xfffffffffffffff7 rbp=0x7ffc9ec04170 rsp=0x7ffc9ec040b8 rip=0xffffffff9862ce18 | |
| rax=0xffff8fc3ba3b79c0 rbp=0xffffa5fc43efff00 rsp=0xffffa5fc43effef0 rip=0xffffffff97c745c9 | |
| rax=0xfffffffffffffff7 rbp=0x7ffc9ec04170 rsp=0x7ffc9ec040b8 rip=0xffffffff9862ce18 | |
| rax=0x0 rbp=0xffffa5fc43efff00 rsp=0xffffa5fc43effef8 rip=0xffffffff97c75049 | |
| rax=0xfffffffffffffff7 rbp=0x7ffc9ec04170 rsp=0x7ffc9ec040b8 rip=0xffffffff9862ce15 | |
| rax=0xffffffffffffffff rbp=0x7ffc9ec04170 rsp=0x7ffc9ec040c0 rip=0x4007d5 |
thejh
/ gist:6a943fbbd89f81ffa28060dd4f60b390
Created
October 29, 2016 13:36
privileged processes on pixel phones
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| init root allcaps | |
| ueventd root allcaps | |
| logd CAP_AUDIT_CONTROL CAP_SYSLOG | |
| qseecomd CAP_NET_RAW CAP_SYS_RAWIO CAP_SYS_ADMIN | |
| qseecomd CAP_NET_RAW CAP_SYS_RAWIO CAP_SYS_ADMIN | |
| debuggerd root allcaps | |
| debuggerd64 root allcaps | |
| vold root allcaps | |
| debuggerd64:sig root allcaps | |
| debuggerd:sig root allcaps |
NewerOlder