lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200114165135.GK31032@zn.tnic>
Date:   Tue, 14 Jan 2020 17:51:35 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Kees Cook <keescook@...omium.org>, "H. Peter Anvin" <hpa@...or.com>
Cc:     Arvind Sankar <nivedita@...m.mit.edu>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Thomas Lendacky <Thomas.Lendacky@....com>,
        Mauro Rossi <issor.oruam@...il.com>,
        Michael Matz <matz@...e.de>
Subject: Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils

On Mon, Jan 13, 2020 at 05:53:32PM -0800, Kees Cook wrote:
> NAK: linkers can add things at the end of .text that will go missing from
> the kernel if _etext isn't _outside_ the .text section, truly beyond the
> end of the .text section. This patch will break Control Flow Integrity
> checking since the jump tables are at the end of .text.

Err, which linkers are those? Please elaborate.

In any case, after reading the thread, I can't help but favor the idea
of us bumping min binutils version to 2.23.

Michael (on Cc) says that the 2.21 was kinda broken wrt to the symbols
fun outside of sections, 2.22 tried to fix it, see

  fd952815307f ("x86-32, relocs: Whitelist more symbols for ld bug workaround")

which Arvind pointed out and 2.23 fixed it for real.

Now, 2.23 is still very ancient. I'm looking at our releases: openSUSE
12.1 has the minimum supported gcc version 4.6 by the kernel and
also the minimum binutils version 2.21 which we support according to
Documentation/process/changes.rst

Now, openSUSE 12.1 is ancient and we ourselves advise people to update
to current distros so I don't think anyone would still run it.

So, considering that upping the binutils version would save us from all
this trouble I say we try it after 5.5 releases for a maximum time of a
full 5.6 release cycle and see who complains.

Considering how no one triggered this yet until Arvind, I think no one
would complain. But I might be wrong.

So what do people think? hpa?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ