lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Mar 2020 09:42:11 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     tglx@...utronix.de, linux-kernel@...r.kernel.org, x86@...nel.org,
        mhiramat@...nel.org, mbenes@...e.cz, brgerst@...il.com
Subject: Re: [PATCH v3 26/26] objtool: Add STT_NOTYPE noinstr validation

On Tue, Mar 24, 2020 at 11:34:55PM +0100, Peter Zijlstra wrote:
> On Tue, Mar 24, 2020 at 05:16:16PM -0500, Josh Poimboeuf wrote:
> > On Tue, Mar 24, 2020 at 04:31:39PM +0100, Peter Zijlstra wrote:
> 
> > > +	if (state.noinstr) {
> > > +		/*
> > > +		 * In vmlinux mode we will not run validate_unwind_hints() by
> > > +		 * default which means we'll not otherwise visit STT_NOTYPE
> > > +		 * symbols.
> > > +		 *
> > > +		 * In case of --duplicate mode, insn->visited will avoid actual
> > > +		 * duplicate work being done.
> > > +		 */
> > > +		list_for_each_entry(func, &sec->symbol_list, list) {
> > > +			if (func->type != STT_NOTYPE)
> > > +				continue;
> > > +
> > > +			warnings += validate_symbol(file, sec, func, &state);
> > > +		}
> > > +	}
> > > +
> > 
> > I guess this is ok, but is there a valid reason why we don't just call
> > validate_unwind_hints()?
> > 
> > It's also slightly concerning that validate_reachable_instructions()
> > isn't called, I'm not 100% convinced all the code will get checked.
> 
> This will only end up running on .noinstr.text, while
> validate_unwind_hints() will run on *everything*. That is, we're
> purposely not checking everything.
> 
> It very much relies on the !vmlinux mode to do the unreachable things.

Sure, but couldn't validate_unwind_hints() and
validate_reachable_instructions() be changed to *only* run on
.noinstr.text, for the vmlinux case?  That might help converge the
vmlinux and !vmlinux paths.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ