lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Oct 2020 13:38:52 -0700
From:   Atish Patra <atishp@...shpatra.org>
To:     Guo Ren <guoren@...nel.org>
Cc:     Andreas Schwab <schwab@...ux-m68k.org>,
        Tycho Andersen <tycho@...ho.ws>,
        Albert Ou <aou@...s.berkeley.edu>,
        Nick Hu <nickhu@...estech.com>,
        Anup Patel <anup@...infault.org>,
        Palmer Dabbelt <palmerdabbelt@...gle.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-csky@...r.kernel.org, Guo Ren <guoren@...ux.alibaba.com>,
        Zong Li <zong.li@...ive.com>,
        Paul Walmsley <paul.walmsley@...ive.com>,
        Greentime Hu <greentime.hu@...ive.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-riscv <linux-riscv@...ts.infradead.org>
Subject: Re: [PATCH V2 1/3] riscv: Fixup static_obj() fail

On Tue, Oct 6, 2020 at 9:46 AM Guo Ren <guoren@...nel.org> wrote:
>
> On Tue, Oct 6, 2020 at 3:14 AM Atish Patra <atishp@...shpatra.org> wrote:
> >
> > On Thu, Sep 24, 2020 at 9:19 AM Guo Ren <guoren@...nel.org> wrote:
> > >
> > > How about this, revert the commit and don't free INIT_DATA_SECTION. I
> > > think the solution is safe enough, but wast a little memory.
> > >
> > > diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
> > > index f3586e3..34d00d9 100644
> > > --- a/arch/riscv/kernel/vmlinux.lds.S
> > > +++ b/arch/riscv/kernel/vmlinux.lds.S
> > > @@ -22,13 +22,11 @@ SECTIONS
> > >         /* Beginning of code and text segment */
> > >         . = LOAD_OFFSET;
> > >         _start = .;
> > > -       _stext = .;
> > >         HEAD_TEXT_SECTION
> > >         . = ALIGN(PAGE_SIZE);
> > >
> > >         __init_begin = .;
> > >         INIT_TEXT_SECTION(PAGE_SIZE)
> > > -       INIT_DATA_SECTION(16)
> > >         . = ALIGN(8);
> > >         __soc_early_init_table : {
> > >                 __soc_early_init_table_start = .;
> > > @@ -55,6 +53,7 @@ SECTIONS
> > >         . = ALIGN(SECTION_ALIGN);
> > >         .text : {
> > >                 _text = .;
> > > +               _stext = .;
> > >                 TEXT_TEXT
> > >                 SCHED_TEXT
> > >                 CPUIDLE_TEXT
> > > @@ -67,6 +66,8 @@ SECTIONS
> > >                 _etext = .;
> > >         }
> > >
> > > +       INIT_DATA_SECTION(16)
> > > +
> >
> > I think you need to move EXIT_DATA as well. Currently, we have init
> > data & text in one section.
> It's not related to this issue. There is two check code problem:

Yes. But we shouldn't move only INIT_DATA_SECTION out of __init section
while leaving percpu & exit data in the __init section. Here is what I
have in mind.

diff --git a/arch/riscv/kernel/vmlinux.lds.S
b/arch/riscv/kernel/vmlinux.lds.S
index 9795359cb9da..4432cef8184e 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -26,13 +26,11 @@ SECTIONS
        /* Beginning of code and text segment */
        . = LOAD_OFFSET;
        _start = .;
        _start = .;
-       _stext = .;
        HEAD_TEXT_SECTION
        . = ALIGN(PAGE_SIZE);

        __init_begin = .;
        INIT_TEXT_SECTION(PAGE_SIZE)
-       INIT_DATA_SECTION(16)
        . = ALIGN(8);
        __soc_early_init_table : {
                __soc_early_init_table_start = .;
@@ -49,16 +47,13 @@ SECTIONS
        {
                EXIT_TEXT
        }
-       .exit.data :
-       {
-               EXIT_DATA
-       }
-       PERCPU_SECTION(L1_CACHE_BYTES)
+
        __init_end = .;

        . = ALIGN(SECTION_ALIGN);
        .text : {
                _text = .;
+               _stext = .;
                TEXT_TEXT
                SCHED_TEXT
                CPUIDLE_TEXT
@@ -77,6 +72,17 @@ SECTIONS
 #endif

        /* Start of data section */
+       __init_data_begin = .;
+       INIT_DATA_SECTION(16)
+       .exit.data :
+       {
+               EXIT_DATA
+       }
+
+       PERCPU_SECTION(L1_CACHE_BYTES)
+
+       __init_data_end = .;
+

As you correctly pointed out, this wastes around ~200K init memory
that is wasted.
That is not an ideal solution.

The other alternative is to move __init_text section after _text as
well similar to other architectures. But that won't work
for RISC-V as we jump from _start to __start_kernel(in __init section)
in head.S.  A JAL instruction can't be fit because
__start_kernel is now too far. We can't replace JAL with a JALR
because that would require an additional
instruction and violates image header format.

Any other ideas to solve this problem without wasting memory ?

>  1.     static int static_obj(const void *obj)
>     {
>             unsigned long start = (unsigned long) &_stext,
>                           end   = (unsigned long) &_end,
>                           addr  = (unsigned long) obj;
>
>             /*
>              * static variable?
>              */
>             if ((addr >= start) && (addr < end))
>                     return 1;
>
>  2.     /* Is this address range in the kernel text area? */
>     static inline void check_kernel_text_object(const unsigned long ptr,
>                                                 unsigned long n, bool to_user)
>     {
>             unsigned long textlow = (unsigned long)_stext;
>             unsigned long texthigh = (unsigned long)_etext;
>             unsigned long textlow_linear, texthigh_linear;
>
>             if (overlaps(ptr, n, textlow, texthigh))
>                     usercopy_abort("kernel text", NULL, to_user, ptr -
> textlow, n);
>
> The patch of commit: a0fa4027dc911 (riscv: Fixup static_obj() fail) broke 2th.
>
> > In general it is better idea to separate those similar to ARM64.
> > Additionally, ARM64 applies different mapping for init data & text
> > as the init data section is marked as non-executable[1]
> Yes, it's safer to protect init text & init data, but it's should be
> another patch.
>

Yes. I will send the patch based on this fix.

> >
> > However, we don't modify any permission for any init sections. Should
> > we do that as well ?
> Agree, we should do that.
>
> >
> > [1] https://patchwork.kernel.org/patch/9572869/
> >
> > >         /* Start of data section */
> > >         _sdata = .;
> > >         RO_DATA(SECTION_ALIGN)
> > >
> > > On Thu, Sep 24, 2020 at 3:36 PM Andreas Schwab <schwab@...ux-m68k.org> wrote:
> > > >
> > > > On Sep 14 2020, Aurelien Jarno wrote:
> > > >
> > > > > How should we proceed to get that fixed in time for 5.9? For the older
> > > > > branches where it has been backported (so far 5.7 and 5.8), should we
> > > > > just get that commit reverted instead?
> > > >
> > > > Can this please be resolved ASAP?
> > > >
> > > > Andreas.
> > > >
> > > > --
> > > > Andreas Schwab, schwab@...ux-m68k.org
> > > > GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
> > > > "And now for something completely different."
> > >
> > >
> > >
> > > --
> > > Best Regards
> > >  Guo Ren
> > >
> > > ML: https://lore.kernel.org/linux-csky/
> > >
> > > _______________________________________________
> > > linux-riscv mailing list
> > > linux-riscv@...ts.infradead.org
> > > http://lists.infradead.org/mailman/listinfo/linux-riscv
> >
> >
> >
> > --
> > Regards,
> > Atish
>
>
>
> --
> Best Regards
>  Guo Ren
>
> ML: https://lore.kernel.org/linux-csky/



-- 
Regards,
Atish

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ