lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Nov 2020 20:53:16 +0100
From:   Alexandre Chartre <alexandre.chartre@...cle.com>
To:     Dave Hansen <dave.hansen@...el.com>, tglx@...utronix.de,
        mingo@...hat.com, bp@...en8.de, hpa@...or.com, x86@...nel.org,
        dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
        linux-kernel@...r.kernel.org, thomas.lendacky@....com,
        jroedel@...e.de
Cc:     konrad.wilk@...cle.com, jan.setjeeilers@...cle.com,
        junaids@...gle.com, oweisse@...gle.com, rppt@...ux.vnet.ibm.com,
        graf@...zon.de, mgross@...ux.intel.com, kuzuno@...il.com
Subject: Re: [RFC][PATCH 00/24] x86/pti: Defer CR3 switch to C code


On 11/9/20 8:35 PM, Dave Hansen wrote:
> On 11/9/20 6:44 AM, Alexandre Chartre wrote:
>>   - map more syscall, interrupt and exception entry code into the user
>>     page-table (map all noinstr code);
> 
> This seems like the thing we'd want to tag explicitly rather than make
> it implicit with 'noinstr' code.  Worst-case, shouldn't this be:
> 
> #define __entry_func	noinstr
> 
> or something?

Yes. I use the easy solution to just use noinstr because noinstr is mostly
use for entry functions. But if we want to use the user page-table beyond
the entry functions then we will definitively need a dedicated tag.

> I'd also like to see a lot more discussion about what the rules are for
> the C code and the compiler.  We can't, for instance, do a normal
> printk() in this entry functions.  Should we stick them in a special
> section and have objtool look for suspect patterns or references?
> 
> I'm most worried about things like this:
> 
> 	if (something_weird)
> 		pr_warn("this will oops the kernel\n");

That would be similar to noinstr which uses the .noinstr.text section, and if
I remember correctly objtool detects if a noinstr function calls a non-noinst.
Similarly here, an entry function should not call a non-entry function.

alex.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ