lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Mar 2020 09:39:15 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     tglx@...utronix.de, linux-kernel@...r.kernel.org, x86@...nel.org,
        mhiramat@...nel.org, mbenes@...e.cz, brgerst@...il.com
Subject: Re: [PATCH v3 18/26] objtool: Fix !CFI insn_state propagation

On Wed, Mar 25, 2020 at 12:00:10AM +0100, Peter Zijlstra wrote:
> On Tue, Mar 24, 2020 at 11:11:09PM +0100, Peter Zijlstra wrote:
> > On Tue, Mar 24, 2020 at 04:40:06PM -0500, Josh Poimboeuf wrote:
> > > On Tue, Mar 24, 2020 at 04:31:31PM +0100, Peter Zijlstra wrote:
> > 
> > > > +		if (!save_insn->visited) {
> > > > +			/*
> > > > +			 * Oops, no state to copy yet.
> > > > +			 * Hopefully we can reach this
> > > > +			 * instruction from another branch
> > > > +			 * after the save insn has been
> > > > +			 * visited.
> > > > +			 */
> > > > +			if (insn == first)
> > > > +				return 0; // XXX
> > > 
> > > Yeah, moving this code out to apply_insn_hint() seems like a nice idea,
> > > but it wouldn't be worth it if it breaks this case.  TBH I don't
> > > remember if this check was for a real-world case.  Might be worth
> > > looking at...  If this case doesn't exist in reality then we could just
> > > remove this check altogether.
> > 
> > I'll go run a bunch of builds with a print on it, that should tell us I
> > suppose.
> 
> I can a bunch of builds, including an allmodconfig with the below on top
> and it 'works'.
> 
> So I suppose we can remove this special case.
> 
> ---
> --- a/tools/objtool/check.c
> +++ b/tools/objtool/check.c
> @@ -2134,11 +2134,13 @@ static int apply_insn_hint(struct objtoo
>  			 * after the save insn has been
>  			 * visited.
>  			 */
> -			if (insn == first)
> -				return 0; // XXX
> 
>  			WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo",
>  					sec, insn->offset);
> +
> +			if (insn == first)
> +				return -1;
> +

I think all the validate_branch() callers aren't prepared to handle a -1
return code.

We can just be lazy and remove this 'insn == first' check and consider
it a non-fatal warning.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ