lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXE+675mbS66kteKHNfcrco84WTaEL6ncVkkV7tQgbMpFw@mail.gmail.com> Date: Thu, 21 Jan 2021 12:48:43 +0100 From: Ard Biesheuvel <ardb@...nel.org> To: Peter Zijlstra <peterz@...radead.org> Cc: Julien Thierry <jthierry@...hat.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux ARM <linux-arm-kernel@...ts.infradead.org>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Masahiro Yamada <masahiroy@...nel.org>, Kees Cook <keescook@...omium.org>, Michal Marek <michal.lkml@...kovi.net>, Josh Poimboeuf <jpoimboe@...hat.com>, Mark Rutland <mark.rutland@....com>, Mark Brown <broonie@...nel.org>, linux-efi <linux-efi@...r.kernel.org>, linux-hardening@...r.kernel.org Subject: Re: [RFC PATCH 00/17] objtool: add base support for arm64 On Thu, 21 Jan 2021 at 12:23, Peter Zijlstra <peterz@...radead.org> wrote: > > On Thu, Jan 21, 2021 at 12:08:23PM +0100, Ard Biesheuvel wrote: > > On Thu, 21 Jan 2021 at 11:26, Julien Thierry <jthierry@...hat.com> wrote: > > > > I'm not familiar with toolcahin code models, but would this approach be > > > able to validate assembly code (either inline or in assembly files?) > > > > > > > No, it would not. But those files are part of the code base, and can > > be reviewed and audited. > > x86 has a long history if failing at exactly that. That's a fair point. But on the flip side, maintaining objtool does not look like it has been a walk in the park either. What i am especially concerned about is things like 3193c0836f20, where we actually have to disable certain compiler optimizations because they interfere with objtool's ability to understand the resulting object code. Correctness and performance are challenging enough as requirements for generated code. Mind you, I am not saying it is not worth it *for x86*, where there is a lot of other stuff going on. But on arm64, we don't care about ORC, about -fomit-frame-pointer, about retpolines or about any of the other things objtool enables. On arm64, all it currently seems to provide is a way to capture the call stack accurately, and given that it needs a GCC plugin for this (which needs to be maintained as well, which is non-trivial, and also bars us from using objtool with Clang builds), my current position is simply that opening this can of worms at this point is just not worth it.
Powered by blists - more mailing lists