lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 8 Mar 2019 09:07:03 -0600
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Anvin <hpa@...or.com>,
        Julien Thierry <julien.thierry@....com>,
        Will Deacon <will.deacon@....com>,
        Andy Lutomirski <luto@...capital.net>,
        Ingo Molnar <mingo@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        James Morse <james.morse@....com>, valentin.schneider@....com,
        Brian Gerst <brgerst@...il.com>,
        Andrew Lutomirski <luto@...nel.org>,
        Borislav Petkov <bp@...en8.de>,
        Denys Vlasenko <dvlasenk@...hat.com>,
        Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [PATCH 18/20] objtool: Add UACCESS validation

On Thu, Mar 07, 2019 at 09:40:21PM +0100, Peter Zijlstra wrote:
> On Thu, Mar 07, 2019 at 09:23:19PM +0100, Peter Zijlstra wrote:
> > On Thu, Mar 07, 2019 at 07:48:13PM +0100, Peter Zijlstra wrote:
> > > Another thing I need to look at is why objtool only found memset_orig
> > > (from __memset) but not memset_erms, which if I read the code right, is
> > > a possible alternative there.
> > 
> > Turns out we only look for sibling calls in the original instruction
> > stream, not in any alternatives; which in general seems like a fair
> > enough assumption.
> 
> And while I'm looking at memset_64.S, why are memset_erms and
> memset_orig global functions? At the very least they should be local,
> and ideally not even functions.

I think the only benefit is that they would show up better on stack
traces, but that could also be solved by just making them local labels
inside memset.  Which is what I think they should be.

The general rule is that ENDPROC is only used for callable functions, so
yeah, I think the current setup isn't ideal, and also prevents objtool
from properly doing the AC analysis as you pointed out earlier.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ