| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Mar 2023 17:30:47 +0300
From: Evgeniy Baskov <baskov@...ras.ru>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Borislav Petkov <bp@...en8.de>, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Alexey Khoroshilov <khoroshilov@...ras.ru>,
Peter Jones <pjones@...hat.com>,
"Limonciello, Mario" <mario.limonciello@....com>,
joeyli <jlee@...e.com>, lvc-project@...uxtesting.org,
x86@...nel.org, linux-efi@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v4 01/26] x86/boot: Align vmlinuz sections on page size
On 2023-03-10 17:43, Ard Biesheuvel wrote:
> On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@...ras.ru> wrote:
>>
>> To protect sections on page table level each section
>> needs to be aligned on page size (4KB).
>>
>> Set sections alignment in linker script.
>>
>> Tested-by: Mario Limonciello <mario.limonciello@....com>
>> Tested-by: Peter Jones <pjones@...hat.com>
>> Signed-off-by: Evgeniy Baskov <baskov@...ras.ru>
>> ---
>> arch/x86/boot/compressed/vmlinux.lds.S | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/arch/x86/boot/compressed/vmlinux.lds.S
>> b/arch/x86/boot/compressed/vmlinux.lds.S
>> index 112b2375d021..6be90f1a1198 100644
>> --- a/arch/x86/boot/compressed/vmlinux.lds.S
>> +++ b/arch/x86/boot/compressed/vmlinux.lds.S
>> @@ -27,21 +27,27 @@ SECTIONS
>> HEAD_TEXT
>> _ehead = . ;
>> }
>> + . = ALIGN(PAGE_SIZE);
>> .rodata..compressed : {
>> + _compressed = .;
>> *(.rodata..compressed)
>
> Can you just move this bit into the rodata section below?
I don't think that easily possible, as the layout need
to stay compatible with in-place extraction for non-UEFI boot.
For that execution path the code in .head.text moves everything
behind it to the end of the extraction buffer and extraction
code overwrites compressed kernel blob progressively during
extraction. And that is why we have effectively have two code
sections...
>
>> + _ecompressed = .;
>> }
>> + . = ALIGN(PAGE_SIZE);
>> .text : {
>
> Please use
>
> .text : ALIGN(PAGE_SIZE) {
>
> which marks the section as being page aligned, rather than just being
> placed on a 4k boundary.
Will fix in v5.
>
>> _text = .; /* Text */
>> *(.text)
>> *(.text.*)
>> _etext = . ;
>> }
>> + . = ALIGN(PAGE_SIZE);
>> .rodata : {
>> _rodata = . ;
>> *(.rodata) /* read-only data */
>> *(.rodata.*)
>> _erodata = . ;
>> }
>> + . = ALIGN(PAGE_SIZE);
>> .data : {
>> _data = . ;
>> *(.data)
>> --
>> 2.37.4
>>
Powered by blists - more mailing lists