lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2019 19:03:38 +0100 From: Christophe Leroy <christophe.leroy@....fr> To: Michael Ellerman <mpe@...erman.id.au>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Paul Mackerras <paulus@...ba.org>, Nicholas Piggin <npiggin@...il.com>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.ibm.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>, Daniel Axtens <dja@...ens.net> Cc: linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, kasan-dev@...glegroups.com, linux-mm@...ck.org Subject: Re: [PATCH v5 3/3] powerpc/32: Add KASAN support Le 18/02/2019 à 10:27, Michael Ellerman a écrit : > Christophe Leroy <christophe.leroy@....fr> writes: > >> diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h >> index e0637730a8e7..dba2c1038363 100644 >> --- a/arch/powerpc/include/asm/ppc_asm.h >> +++ b/arch/powerpc/include/asm/ppc_asm.h >> @@ -251,6 +251,10 @@ GLUE(.,name): >> >> #define _GLOBAL_TOC(name) _GLOBAL(name) >> >> +#define KASAN_OVERRIDE(x, y) \ >> + .weak x; \ >> + .set x, y >> + > > Can you add a comment describing what that does and why? It's gone. Hope the new approach is more clear. It's now in a dedicated patch. > >> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile >> index 879b36602748..fc4c42262694 100644 >> --- a/arch/powerpc/kernel/Makefile >> +++ b/arch/powerpc/kernel/Makefile >> @@ -16,8 +16,9 @@ CFLAGS_prom_init.o += -fPIC >> CFLAGS_btext.o += -fPIC >> endif >> >> -CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) >> -CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) >> +CFLAGS_early_32.o += -DDISABLE_BRANCH_PROFILING >> +CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) -DDISABLE_BRANCH_PROFILING >> +CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) -DDISABLE_BRANCH_PROFILING > > Why do we need to disable branch profiling now? Recommended by Andrey, see https://patchwork.ozlabs.org/patch/1023887/ Maybe it should be only when KASAN is active ? For prom_init it should probably be all the time, for the others I don't know. Can't remember why I did it that way. > > I'd probably be happier if all the CFLAGS changes were done in a leadup > patch to make them more obvious. Oops, I forgot to read your mail entirely before sending out v6. Indeed I only read first part. Anyway, that's probably not the last run. > >> diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh >> index 667df97d2595..da6bb16e0876 100644 >> --- a/arch/powerpc/kernel/prom_init_check.sh >> +++ b/arch/powerpc/kernel/prom_init_check.sh >> @@ -16,8 +16,16 @@ >> # If you really need to reference something from prom_init.o add >> # it to the list below: >> >> +grep CONFIG_KASAN=y .config >/dev/null > > Just to be safe "^CONFIG_KASAN=y$" ? ok > >> +if [ $? -eq 0 ] >> +then >> + MEMFCT="__memcpy __memset" >> +else >> + MEMFCT="memcpy memset" >> +fi > > MEM_FUNCS ? Yes, I change it now before I forget. > >> diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile >> index 3bf9fc6fd36c..ce8d4a9f810a 100644 >> --- a/arch/powerpc/lib/Makefile >> +++ b/arch/powerpc/lib/Makefile >> @@ -8,6 +8,14 @@ ccflags-$(CONFIG_PPC64) := $(NO_MINIMAL_TOC) >> CFLAGS_REMOVE_code-patching.o = $(CC_FLAGS_FTRACE) >> CFLAGS_REMOVE_feature-fixups.o = $(CC_FLAGS_FTRACE) >> >> +KASAN_SANITIZE_code-patching.o := n >> +KASAN_SANITIZE_feature-fixups.o := n >> + >> +ifdef CONFIG_KASAN >> +CFLAGS_code-patching.o += -DDISABLE_BRANCH_PROFILING >> +CFLAGS_feature-fixups.o += -DDISABLE_BRANCH_PROFILING >> +endif > > There's that branch profiling again, though here it's only if KASAN is enabled. > >> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c >> new file mode 100644 >> index 000000000000..bd8e0a263e12 >> --- /dev/null >> +++ b/arch/powerpc/mm/kasan_init.c >> @@ -0,0 +1,114 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> + >> +#define DISABLE_BRANCH_PROFILING >> + >> +#include <linux/kasan.h> >> +#include <linux/printk.h> >> +#include <linux/memblock.h> >> +#include <linux/sched/task.h> >> +#include <asm/pgalloc.h> >> + >> +void __init kasan_early_init(void) >> +{ >> + unsigned long addr = KASAN_SHADOW_START; >> + unsigned long end = KASAN_SHADOW_END; >> + unsigned long next; >> + pmd_t *pmd = pmd_offset(pud_offset(pgd_offset_k(addr), addr), addr); > > Can none of those fail? map_kernel_page() in pgtable_32.c does exactly the same. pud_offset() and pmd_offset() are no-ops and only serve as type modifiers, so pmd will get the value returned by pgd_offset_k() which should always be valid unless init_mm->pgd is bad. Christophe > > > cheers >
Powered by blists - more mailing lists