lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1566908344.dio7j9zb2h.astroid@bobo.none>
Date:   Tue, 27 Aug 2019 22:42:20 +1000
From:   Nicholas Piggin <npiggin@...il.com>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Arnd Bergmann <arnd@...db.de>,
        Ben Hutchings <ben@...adent.org.uk>,
        Greg KH <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Michal Marek <michal.lkml@...kovi.net>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Will Deacon <will@...nel.org>
Subject: Re: a bug in genksysms/CONFIG_MODVERSIONS w/ __attribute__((foo))?

Masahiro Yamada's on August 27, 2019 8:49 pm:
> Hi.
> 
> On Tue, Aug 27, 2019 at 6:59 PM Nicholas Piggin <npiggin@...il.com> wrote:
>>
>> Nick Desaulniers's on August 27, 2019 8:57 am:
>> > On Mon, Aug 26, 2019 at 2:22 PM Nick Desaulniers
>> > <ndesaulniers@...gle.com> wrote:
>> >>
>> >> I'm looking into a linkage failure for one of our device kernels, and
>> >> it seems that genksyms isn't producing a hash value correctly for
>> >> aggregate definitions that contain __attribute__s like
>> >> __attribute__((packed)).
>> >>
>> >> Example:
>> >> $ echo 'struct foo { int bar; };' | ./scripts/genksyms/genksyms -d
>> >> Defn for struct foo == <struct foo { int bar ; } >
>> >> Hash table occupancy 1/4096 = 0.000244141
>> >> $ echo 'struct __attribute__((packed)) foo { int bar; };' |
>> >> ./scripts/genksyms/genksyms -d
>> >> Hash table occupancy 0/4096 = 0
>> >>
>> >> I assume the __attribute__ part isn't being parsed correctly (looks
>> >> like genksyms is a lex/yacc based C parser).
>> >>
>> >> The issue we have in our out of tree driver (*sadface*) is basically a
>> >> EXPORT_SYMBOL'd function whose signature contains a packed struct.
>> >>
>> >> Theoretically, there should be nothing wrong with exporting a function
>> >> that requires packed structs, and this is just a bug in the lex/yacc
>> >> based parser, right?  I assume that not having CONFIG_MODVERSIONS
>> >> coverage of packed structs in particular could lead to potentially
>> >> not-fun bugs?  Or is using packed structs in exported function symbols
>> >> with CONFIG_MODVERSIONS forbidden in some documentation somewhere I
>> >> missed?
>> >
>> > Ah, looks like I'm late to the party:
>> > https://lwn.net/Articles/707520/
>>
>> Yeah, would be nice to do something about this.
> 
> modversions is ugly, so it would be great if we could dump it.
> 
>> IIRC (without re-reading it all), in theory distros would be okay
>> without modversions if they could just provide their own explicit
>> versioning. They take care about ABIs, so they can version things
>> carefully if they had to change.
> 
> We have not provided any alternative solution for this, haven't we?
> 
> In your patch (https://lwn.net/Articles/707729/),
> you proposed CONFIG_MODULE_ABI_EXPLICIT.

Right, that was just my first proposal, but I am not confident that I
understood everybody's requirements. I don't think the distro people
had much time to to test things out.

One possible shortcoming with that patch is no per-symbol version. The 
distro may break an ABI for a security fix, but they don't want to break
all out of tree modules if it's an obscure ABI. The counter argument to 
that is they should just rename the symbol in their kernel for such 
cases, so I didn't implement it without somebody describing a good
requirement.

> If it is good enough for distros, we merge it first,
> give them time to migrate over to it, then finally remove modversions??

I guess. Do we really need to merge and wait? If they _really_ want it,
and won't put in effort to convert their kernel packaging, then they
can carry the patch and support it quite easily. The code doesn't
change frequently so it should not be a big roadblock

I'm more concerned about developer and hobbyists etc who don't have the
resources. But IIRC we are satisfied that git version has superseded
the benefits of modversions for that case now.

Thanks,
Nick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ