| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170117143043.GA7836@lianli.shorne-pla.net>
Date: Tue, 17 Jan 2017 23:30:43 +0900
From: Stafford Horne <shorne@...il.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Vlastimil Babka <vbabka@...e.cz>, linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Kees Cook <keescook@...omium.org>,
Jessica Yu <jeyu@...hat.com>, Petr Mladek <pmladek@...e.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Yang Shi <yang.shi@...aro.org>, Tejun Heo <tj@...nel.org>,
Prarit Bhargava <prarit@...hat.com>,
Yaowei Bai <baiyaowei@...s.chinamobile.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: Re: [PATCH -next] init/main: Init jump_labels before they are used
to build zonelists
On Tue, Jan 17, 2017 at 02:44:54PM +0100, Peter Zijlstra wrote:
> On Tue, Jan 17, 2017 at 02:07:36PM +0100, Vlastimil Babka wrote:
>
> > Anyway I'm not sure if this patch is safe. Hopefully Peter can judge
> > this better...
> >
> > > Cc: Vlastimil Babka <vbabka@...e.cz>
> > > Signed-off-by: Stafford Horne <shorne@...il.com>
> > > ---
> > > init/main.c | 3 +--
> > > 1 file changed, 1 insertion(+), 2 deletions(-)
> > >
> > > diff --git a/init/main.c b/init/main.c
> > > index 8b1adb6e..d1ca7cb 100644
> > > --- a/init/main.c
> > > +++ b/init/main.c
> > > @@ -513,6 +513,7 @@ asmlinkage __visible void __init start_kernel(void)
> > > boot_cpu_state_init();
> > > smp_prepare_boot_cpu(); /* arch-specific boot-cpu hooks */
> > >
> > > + jump_label_init();
> > > build_all_zonelists(NULL, NULL);
> > > page_alloc_init();
> > >
> > > @@ -526,8 +527,6 @@ asmlinkage __visible void __init start_kernel(void)
> > > parse_args("Setting init args", after_dashes, NULL, 0, -1, -1,
> > > NULL, set_init_arg);
> > >
> > > - jump_label_init();
> > > -
>
> Urgh, that means auditing all archs that implement this. The thing
> you're looking for is if the self-modifying code cruft can be done that
> early.
>
> x86 looks to be fine, because this is after setup_arch() which is
> required for ideal_nops[] to be initialied and we use text_poke_early()
> which doesn't really need anything else.
>
> I've not gone through the other arches...
Vlastimil,
Will you be able to look into that? Openrisc doesnt have jump_label
support, so its no issue at the moment.
Archs that do have it:
arch/arm64/Kconfig: select HAVE_ARCH_JUMP_LABEL
arch/mips/Kconfig: select HAVE_ARCH_JUMP_LABEL
arch/s390/Kconfig: select HAVE_ARCH_JUMP_LABEL
arch/sparc/Kconfig: select HAVE_ARCH_JUMP_LABEL if SPARC64
arch/tile/Kconfig: select HAVE_ARCH_JUMP_LABEL
arch/x86/Kconfig: select HAVE_ARCH_JUMP_LABEL
arch/arm/Kconfig: select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL && !CPU_ENDIAN_BE32 && MMU
arch/powerpc/Kconfig: select HAVE_ARCH_JUMP_LABEL
I looked at a few (arm, tile) and I dont see their arch_jump_label_transform*
implementations depending on global state like ideal_nops from x86. They
should be ok.
If no time, Should you change your patch to not use static keys for
build_all_zonelists at least?
Powered by blists - more mailing lists