sivadeilra wrote: > I still don't get the _ref_ thing. [...]
This is simply how Windows Secure Hotpatching works, and has for years. It relies on different codegen for the hotpatched functions, rather than using fixups to modify code. This way, code segments are not modified (so hashes and code integrity still work). Ordinary fixups cannot be used (since they refer to relocations within a single image, not across multiple images (i.e. base image vs. patch image)), so using a different form of fixup would have been required. Microsoft (MSVC + Windows) chose to implement this using the global indirection technique. This is not directly related to synchronization, although if synchronization objects are stored in global variables it would certainly apply to them. It might help to emphasize the scenario that this is meant to support: hot-patching CVEs (vulnerabilities) in system services, the OS kernel, and device drivers. It's not meant for general development. > I would assume the kernel still needs a sync point where it stops ticking the > process, [...] No, the target process is not stopped. In fact, we apply hot-patches to the kernel itself, without halting any processes or CPUs. The order of operations that Windows hot-patching uses guarantees the consistency requirements that we need. One of those requirements is that all code sees the right data (always points into global variables in the original image, not the hot-patched image). > It'd be really nice if someone at Microsoft could write at some point a > supporting documentation to understand how all this is to be used (a tech > blog or a white paper describing it?) We're working in that direction. This PR is one of our first steps in publicizing any part of the toolchain and workflow, which is the nature of the `S_HOTPATCHFUNC` symbol and the need for global variable indirection. These two requirements are what affects the compiler. I can't speak to when or whether the rest of the workflow could be made public. https://github.com/llvm/llvm-project/pull/138972 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
