-
Notifications
You must be signed in to change notification settings - Fork 748
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added a static Boolean on the SocketOptions class to avoid using the … #1072
base: master
Are you sure you want to change the base?
Conversation
…opcode injection technique for reading the time stamp counter.
Codecov Report
@@ Coverage Diff @@
## master #1072 +/- ##
===========================================
+ Coverage 0 65.82% +65.82%
===========================================
Files 0 146 +146
Lines 0 9074 +9074
Branches 0 1450 +1450
===========================================
+ Hits 0 5973 +5973
- Misses 0 2500 +2500
- Partials 0 601 +601
|
/// <summary> | ||
/// If set, the time stamp counter is not read directly through opcode injection, | ||
/// rather <see cref="System.Diagnostics.Stopwatch.GetTimestamp"/> is used. | ||
/// When false, the time stamp counter is read by allocating a few bytes on the heap with | ||
/// read/write/execute privilege. OpCode is copied to this allocated memory and invoked to read | ||
/// the time stamp counter, (which is a register available on most modern CPUs). While this is | ||
/// an accurate way to read the time stamp counter, because it injects code onto the heap, this | ||
/// can be detected as a malware technique by some anti-virus defenders. | ||
/// </summary> | ||
public static bool DoNotUseRDTSC; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't really seem like a socket option, and we don't have any other static options here as far as I can tell.
Also the timing of setting this value is important, as the result of Open
is cached in Clock.s_rdtscSupported
.
Because of the timing issue, what about using something like an environment variable to control this. For example, if NETQM_SUPPRESS_RDTSC
was present, it would disable any attempt to call Opcode.Open()
and store a false
in s_rdtscSupported
. All that could happen in the static constructor of Clock
.
I agree SocketOptions isn't the right place. I'll change it to look for an
environment variable
…On Tue, Sep 5, 2023, 9:44 PM Drew Noakes ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In src/NetMQ/SocketOptions.cs
<#1072 (comment)>:
> + /// <summary>
+ /// If set, the time stamp counter is not read directly through opcode injection,
+ /// rather <see cref="System.Diagnostics.Stopwatch.GetTimestamp"/> is used.
+ /// When false, the time stamp counter is read by allocating a few bytes on the heap with
+ /// read/write/execute privilege. OpCode is copied to this allocated memory and invoked to read
+ /// the time stamp counter, (which is a register available on most modern CPUs). While this is
+ /// an accurate way to read the time stamp counter, because it injects code onto the heap, this
+ /// can be detected as a malware technique by some anti-virus defenders.
+ /// </summary>
+ public static bool DoNotUseRDTSC;
This doesn't really seem like a socket option, and we don't have any other
static options here as far as I can tell.
Also the timing of setting this value is important, as the result of Open
is cached in Clock.s_rdtscSupported.
Because of the timing issue, what about using something like an
environment variable to control this. For example, if NETQM_SUPPRESS_RDTSC
was present, it would disable any attempt to call Opcode.Open() and store
a false in s_rdtscSupported. All that could happen in the static
constructor of Clock.
—
Reply to this email directly, view it on GitHub
<#1072 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATJKVZLWRNKPIX3DGIOOBZDXY7IP3ANCNFSM6AAAAAA4F76BBU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
…opcode injection technique for reading the time stamp counter.
Fixes #1071