lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87pp78tgwr.fsf@rustcorp.com.au>
Date:	Mon, 13 Apr 2015 20:49:00 +0930
From:	Rusty Russell <rusty@...abs.org>
To:	Quentin Casasnovas <quentin.casasnovas@...cle.com>
Cc:	Quentin Casasnovas <quentin.casasnovas@...cle.com>,
	lkml <linux-kernel@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 1/7] modpost: add strict white-listing when referencing sections.

Quentin Casasnovas <quentin.casasnovas@...cle.com> writes:
> On Fri, Mar 20, 2015 at 11:59:41AM +1030, Rusty Russell wrote:
>> Quentin Casasnovas <quentin.casasnovas@...cle.com> writes:
>> > Prints a warning when a section references a section outside a strict
>> > white-list.  This will be useful to print a warning if __ex_table
>> > references a non-executable section.
>> 
>> Hi Quentin,
>> 
>>         Really pleasant to read these patches; nice work!
>>
>
> Thanks! :)
>
>> > diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
>> > index d439856..7094a57 100644
>> > --- a/scripts/mod/modpost.c
>> > +++ b/scripts/mod/modpost.c
>> > @@ -925,7 +925,8 @@ enum mismatch {
>> >  
>> >  struct sectioncheck {
>> >  	const char *fromsec[20];
>> > -	const char *tosec[20];
>> > +	const char *bad_tosec[20];
>> > +	const char *good_tosec[20];
>> >  	enum mismatch mismatch;
>> >  	const char *symbol_white_list[20];
>> 
>> My only gripe is that these fields are undocumented.  You maintain
>> the status quo, but some comments indicating what the mean would be
>> nice.  Perhaps as a separate patch.
>>
>
> Derp, I was sure I had sent a patch following your comment..  Please find
> one attached to this e-mail.  It should apply cleanly on top of this
> series.
>
>> In case you need it (for the whole series):
>>         Acked-by: Rusty Russell <rusty@...tcorp.com.au>
>>
>
> Thanks again!
>
> May I aks who's supposed to take the series?  Or maybe it needs more
> acking?

If noone else has taken it, I'll do so now.

Applied,
Rusty.

>
> Quentin
>>>From acab15181879a18140ca3afa69776292e830ea72 Mon Sep 17 00:00:00 2001
> From: Quentin Casasnovas <quentin.casasnovas@...cle.com>
> Date: Mon, 13 Apr 2015 10:55:38 +0200
> Subject: [PATCH] modpost: document the use of struct section_check.
>
> struct section_check is used as a generic way of describing what
> relocations are authorized/forbidden when running modpost.  This commit
> tries to describe how each field is used.
>
> Signed-off-by: Quentin Casasnovas <quentin.casasnovas@...cle.com>
> ---
>  scripts/mod/modpost.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index dfe9c3c..7b56ae5 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -930,6 +930,26 @@ enum mismatch {
>  	EXTABLE_TO_NON_TEXT,
>  };
>  
> +/**
> + * Describe how to match sections on different criterias:
> + *
> + * @fromsec: Array of sections to be matched.
> + *
> + * @bad_tosec: Relocations applied to a section in @fromsec to a section in
> + * this array is forbidden (black-list).  Can be empty.
> + *
> + * @good_tosec: Relocations applied to a section in @fromsec must be
> + * targetting sections in this array (white-list).  Can be empty.
> + *
> + * @mistmatch: Type of mismatch.
> + *
> + * @symbol_white_list: Do not match a relocation to a symbol in this list
> + * even if it is targetting a section in @bad_to_sec.
> + *
> + * @handler: Specific handler to call when a match is found.  If NULL,
> + * default_mismatch_handler() will be called.
> + *
> + */
>  struct sectioncheck {
>  	const char *fromsec[20];
>  	const char *bad_tosec[20];
> -- 
> 2.0.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ