| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8c4e1c37-1a8e-9e5e-c276-f7bd3cfb248b@suse.cz>
Date: Tue, 17 Jan 2017 17:11:32 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: Stafford Horne <shorne@...il.com>,
Peter Zijlstra <peterz@...radead.org>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Kees Cook <keescook@...omium.org>,
Jessica Yu <jeyu@...hat.com>, Petr Mladek <pmladek@...e.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Yang Shi <yang.shi@...aro.org>, Tejun Heo <tj@...nel.org>,
Prarit Bhargava <prarit@...hat.com>,
Yaowei Bai <baiyaowei@...s.chinamobile.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: Re: [PATCH -next] init/main: Init jump_labels before they are used to
build zonelists
On 01/17/2017 03:30 PM, Stafford Horne wrote:
> On Tue, Jan 17, 2017 at 02:44:54PM +0100, Peter Zijlstra wrote:
>> On Tue, Jan 17, 2017 at 02:07:36PM +0100, Vlastimil Babka wrote:
>>
>>> Anyway I'm not sure if this patch is safe. Hopefully Peter can judge
>>> this better...
>>>
>>>> Cc: Vlastimil Babka <vbabka@...e.cz>
>>>> Signed-off-by: Stafford Horne <shorne@...il.com>
>>>> ---
>>>> init/main.c | 3 +--
>>>> 1 file changed, 1 insertion(+), 2 deletions(-)
>>>>
>>>> diff --git a/init/main.c b/init/main.c
>>>> index 8b1adb6e..d1ca7cb 100644
>>>> --- a/init/main.c
>>>> +++ b/init/main.c
>>>> @@ -513,6 +513,7 @@ asmlinkage __visible void __init start_kernel(void)
>>>> boot_cpu_state_init();
>>>> smp_prepare_boot_cpu(); /* arch-specific boot-cpu hooks */
>>>>
>>>> + jump_label_init();
>>>> build_all_zonelists(NULL, NULL);
>>>> page_alloc_init();
>>>>
>>>> @@ -526,8 +527,6 @@ asmlinkage __visible void __init start_kernel(void)
>>>> parse_args("Setting init args", after_dashes, NULL, 0, -1, -1,
>>>> NULL, set_init_arg);
>>>>
>>>> - jump_label_init();
>>>> -
>>
>> Urgh, that means auditing all archs that implement this. The thing
>> you're looking for is if the self-modifying code cruft can be done that
>> early.
>>
>> x86 looks to be fine, because this is after setup_arch() which is
>> required for ideal_nops[] to be initialied and we use text_poke_early()
>> which doesn't really need anything else.
>>
>> I've not gone through the other arches...
>
> Vlastimil,
>
> Will you be able to look into that? Openrisc doesnt have jump_label
> support, so its no issue at the moment.
>
> Archs that do have it:
>
> arch/arm64/Kconfig: select HAVE_ARCH_JUMP_LABEL
> arch/mips/Kconfig: select HAVE_ARCH_JUMP_LABEL
> arch/s390/Kconfig: select HAVE_ARCH_JUMP_LABEL
> arch/sparc/Kconfig: select HAVE_ARCH_JUMP_LABEL if SPARC64
> arch/tile/Kconfig: select HAVE_ARCH_JUMP_LABEL
> arch/x86/Kconfig: select HAVE_ARCH_JUMP_LABEL
> arch/arm/Kconfig: select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL && !CPU_ENDIAN_BE32 && MMU
> arch/powerpc/Kconfig: select HAVE_ARCH_JUMP_LABEL
>
> I looked at a few (arm, tile) and I dont see their arch_jump_label_transform*
> implementations depending on global state like ideal_nops from x86. They
> should be ok.
Thanks, I'll try.
> If no time, Should you change your patch to not use static keys for
> build_all_zonelists at least?
Yes that would be uglier but possible if I find issues or I'm not
confident enough with the auditing...
Powered by blists - more mailing lists