lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 18 Mar 2021 23:29:10 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Sami Tolvanen <samitolvanen@...gle.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Will Deacon <will@...nel.org>, Jessica Yu <jeyu@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Christoph Hellwig <hch@...radead.org>, bpf@...r.kernel.org,
        linux-hardening@...r.kernel.org, linux-arch@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org,
        linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 01/17] add support for Clang CFI

On Thu, Mar 18, 2021 at 10:10:55AM -0700, Sami Tolvanen wrote:
> +static void update_shadow(struct module *mod, unsigned long base_addr,
> +		update_shadow_fn fn)
> +{
> +	struct cfi_shadow *prev;
> +	struct cfi_shadow *next;
> +	unsigned long min_addr, max_addr;
> +
> +	next = vmalloc(SHADOW_SIZE);
> +
> +	mutex_lock(&shadow_update_lock);
> +	prev = rcu_dereference_protected(cfi_shadow,
> +					 mutex_is_locked(&shadow_update_lock));
> +
> +	if (next) {
> +		next->base = base_addr >> PAGE_SHIFT;
> +		prepare_next_shadow(prev, next);
> +
> +		min_addr = (unsigned long)mod->core_layout.base;
> +		max_addr = min_addr + mod->core_layout.text_size;
> +		fn(next, mod, min_addr & PAGE_MASK, max_addr & PAGE_MASK);
> +
> +		set_memory_ro((unsigned long)next, SHADOW_PAGES);
> +	}
> +
> +	rcu_assign_pointer(cfi_shadow, next);
> +	mutex_unlock(&shadow_update_lock);
> +	synchronize_rcu_expedited();

expedited is BAD(tm), why is it required and why doesn't it have a
comment?

> +
> +	if (prev) {
> +		set_memory_rw((unsigned long)prev, SHADOW_PAGES);
> +		vfree(prev);
> +	}
> +}

Powered by blists - more mailing lists