| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jun 2017 15:57:08 +0100
From: Mark Rutland <mark.rutland@....com>
To: Florian Fainelli <f.fainelli@...il.com>
Cc: lorenzo.pieralisi@....com, linux-arm-kernel@...ts.infradead.org,
Rob Herring <robh+dt@...nel.org>,
Brian Norris <computersforpeace@...il.com>,
Gregory Fong <gregory.0xf0@...il.com>,
"maintainer:BROADCOM BCM7XXX ARM ARCHITECTURE"
<bcm-kernel-feedback-list@...adcom.com>,
Hauke Mehrtens <hauke@...ke-m.de>,
Rafał Miłecki <zajec5@...il.com>,
Ralf Baechle <ralf@...ux-mips.org>,
Markus Mayer <mmayer@...adcom.com>,
Arnd Bergmann <arnd@...db.de>, Eric Anholt <eric@...olt.net>,
Justin Chen <justinpopo6@...il.com>,
Doug Berger <opendmb@...il.com>,
"open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS"
<devicetree@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
"open list:BROADCOM BCM47XX MIPS ARCHITECTURE"
<linux-mips@...ux-mips.org>, linux-pm@...r.kernerl.org,
"Rafael J. Wysocki" <rjw@...ysocki.net>, will.deacon@....com,
catalin.marinas@....com
Subject: Re: [PATCH 1/4] misc: sram: Allow ARM64 to select SRAM_EXEC
On Tue, Jun 27, 2017 at 11:21:17AM -0700, Florian Fainelli wrote:
> On 06/27/2017 10:38 AM, Mark Rutland wrote:
> > On Mon, Jun 26, 2017 at 03:32:42PM -0700, Florian Fainelli wrote:
> >> Now that ARM64 also has a fncpy() implementation, allow selection
> >> SRAM_EXEC for ARM64 as well.
> >>
> >> Signed-off-by: Florian Fainelli <f.fainelli@...il.com>
> >
> > Sorr,y but I must NAK this patch.
> >
> > As mentioned on prior threads regarding fncpy, I do not think it makes
> > sense to enable this for arm64. The only use-cases that have been
> > described so far for this are power-management stuff that should live in
> > PSCI or other secure FW, and have no place in the kernel on arm64
>
> This is a valid reason, but this is only one use case presented, the
> only thing is that we need to make sure, as patch reviewers and you guys
> as architecture maintainers, that this is not used as a means to bypass
> PSCI for suspend/resume operation, which I now agree with.
>
> Still, the general use case remains: you have a piece of addressable
> memory which can be used to allocate space from and relocate code to be
> it for security, performance, predictability, isolation, or anything,
> and that should be possible given standard kernel facilities offered by
> the SRAM driver.
While I agree that these are *theoretically* possible use cases, they
aren't *real* cases today.
If someone comes by with code that needs this (which doesn't fall into
one of those NAK'd cases above), then I'm happy for this to be enabled
for that feature.
Until such time, I see no reason to enable this. Given it comes with
strong the potential for abuse, I'd rather it remained disabled.
> > > There are no other users of this functionality, and until there are, I
> > see no reason to enable this, and risk a proliferation of unnecessary
> > platform-specific code.
> >
> > It should be possible to #ifdef-ise the relevant callers of this such
> > that they can be built on arm64 without using fncpy or sram_exec
> > functionality. AFAICT, there are no users on arm64 introduced by this
> > series.
>
> I sent this patch accidentally as part of this patch series anyway, so
> if you want to keep the discussion alive, reply here:
>
> https://patchwork.kernel.org/patch/9793745/
That appears to be v2 of the series, and there's a v3 afterwards, so
I've replied on v3.
Thanks,
Mark.
Powered by blists - more mailing lists