| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200324223455.GV2452@worktop.programming.kicks-ass.net>
Date: Tue, 24 Mar 2020 23:34:55 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: tglx@...utronix.de, linux-kernel@...r.kernel.org, x86@...nel.org,
mhiramat@...nel.org, mbenes@...e.cz, brgerst@...il.com
Subject: Re: [PATCH v3 26/26] objtool: Add STT_NOTYPE noinstr validation
On Tue, Mar 24, 2020 at 05:16:16PM -0500, Josh Poimboeuf wrote:
> On Tue, Mar 24, 2020 at 04:31:39PM +0100, Peter Zijlstra wrote:
> > + if (state.noinstr) {
> > + /*
> > + * In vmlinux mode we will not run validate_unwind_hints() by
> > + * default which means we'll not otherwise visit STT_NOTYPE
> > + * symbols.
> > + *
> > + * In case of --duplicate mode, insn->visited will avoid actual
> > + * duplicate work being done.
> > + */
> > + list_for_each_entry(func, &sec->symbol_list, list) {
> > + if (func->type != STT_NOTYPE)
> > + continue;
> > +
> > + warnings += validate_symbol(file, sec, func, &state);
> > + }
> > + }
> > +
>
> I guess this is ok, but is there a valid reason why we don't just call
> validate_unwind_hints()?
>
> It's also slightly concerning that validate_reachable_instructions()
> isn't called, I'm not 100% convinced all the code will get checked.
This will only end up running on .noinstr.text, while
validate_unwind_hints() will run on *everything*. That is, we're
purposely not checking everything.
It very much relies on the !vmlinux mode to do the unreachable things.
Powered by blists - more mailing lists