lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200115002131.GA3258770@rani.riverdale.lan>
Date:   Tue, 14 Jan 2020 19:21:32 -0500
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Kees Cook <keescook@...omium.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Thomas Lendacky <Thomas.Lendacky@....com>,
        Mauro Rossi <issor.oruam@...il.com>,
        Michael Matz <matz@...e.de>
Subject: Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils

On Tue, Jan 14, 2020 at 05:51:35PM +0100, Borislav Petkov wrote:
> On Mon, Jan 13, 2020 at 05:53:32PM -0800, Kees Cook wrote:
> > NAK: linkers can add things at the end of .text that will go missing from
> > the kernel if _etext isn't _outside_ the .text section, truly beyond the
> > end of the .text section. This patch will break Control Flow Integrity
> > checking since the jump tables are at the end of .text.
> 
> Err, which linkers are those? Please elaborate.
> 
> In any case, after reading the thread, I can't help but favor the idea
> of us bumping min binutils version to 2.23.
> 
> Michael (on Cc) says that the 2.21 was kinda broken wrt to the symbols
> fun outside of sections, 2.22 tried to fix it, see
> 
>   fd952815307f ("x86-32, relocs: Whitelist more symbols for ld bug workaround")
> 
> which Arvind pointed out and 2.23 fixed it for real.
> 
> Now, 2.23 is still very ancient. I'm looking at our releases: openSUSE
> 12.1 has the minimum supported gcc version 4.6 by the kernel and
> also the minimum binutils version 2.21 which we support according to
> Documentation/process/changes.rst
> 
> Now, openSUSE 12.1 is ancient and we ourselves advise people to update
> to current distros so I don't think anyone would still run it.

RHEL7 looks to have been released with 2.23 and we already don't
support the version in RHEL6, so that should be good too.

> 
> So, considering that upping the binutils version would save us from all
> this trouble I say we try it after 5.5 releases for a maximum time of a
> full 5.6 release cycle and see who complains.
> 
> Considering how no one triggered this yet until Arvind, I think no one
> would complain. But I might be wrong.
> 
> So what do people think? hpa?
> 

Thumbs up from me -- I had thought there were a few other reports
earlier about these, but looking at those threads, it seems like they're
all actually with ld.gold, which we already decided to drop support for
in commit 75959d44f9dc ("kbuild: Fail if gold linker is detected").

> -- 
> Regards/Gruss,
>     Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ