lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Mar 2020 09:56:28 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     tglx@...utronix.de, jpoimboe@...hat.com,
        linux-kernel@...r.kernel.org, x86@...nel.org,
        Dan Carpenter <dan.carpenter@...cle.com>
Subject: Re: [RFC][PATCH 00/16] objtool: vmlinux.o and noinstr validation

On Thu, 12 Mar 2020 17:23:37 +0100
Peter Zijlstra <peterz@...radead.org> wrote:

> On Thu, Mar 12, 2020 at 02:41:07PM +0100, Peter Zijlstra wrote:
> > Hi all,
> > 
> > These patches extend objtool to be able to run on vmlinux.o and validate
> > Thomas's proposed noinstr annotation:
> > 
> >   https://lkml.kernel.org/r/20200310170951.87c29e9c1cfbddd93ccd92b3@kernel.org
> > 
> >  "That's why we want the sections and the annotation. If something calls
> >   out of a noinstr section into a regular text section and the call is not
> >   annotated at the call site, then objtool can complain and tell you. What
> >   Peter and I came up with looks like this:
> > 
> >   noinstr foo()
> > 	do_protected(); <- Safe because in the noinstr section
> > 	instr_begin();  <- Marks the begin of a safe region, ignored
> > 			   by objtool
> > 	do_stuff();     <- All good
> > 	instr_end();    <- End of the safe region. objtool starts
> > 			   looking again
> > 	do_other_stuff();  <- Unsafe because do_other_stuff() is
> > 			      not protected
> > 
> >   and:
> > 
> >   noinstr do_protected()
> > 	bar();          <- objtool will complain here
> >   "
> > 
> > It should be accompanied by something like the below; which you'll find in a
> > series by Thomas.
> > 
> 
> So one of the problem i've ran into while playing with this and Thomas'
> patches is that it is 'difficult' to deal with indirect function calls.
> 
> objtool basically gives up instantly.

Can we introduce a "safe-call" wrapper function instead of indirect
call, and if objtool found an indirect call without safe-call function,
it can make it an error?

static int __noinstr safe_indirect_callback(int (*fn)(...), real-args)
{
	if (!is_instr_text(fn))
		return -ERANGE;
	return fn(real-args)
}

BTW, out of curiously, if BUG*() or WARN*() cases happens in the noinstr
section, do we also need to move them (register dump, stack unwinding,
printk, console output, etc.) all into noinstr section?

Thank you,

-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ