lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  3 Feb 2021 14:19:29 +0000
From:   Quentin Perret <qperret@...gle.com>
To:     arnd@...db.de, maz@...nel.org, catalin.marinas@....com,
        will@...nel.org
Cc:     james.morse@....com, julien.thierry.kdev@...il.com,
        suzuki.poulose@....com, ardb@...nel.org,
        linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.cs.columbia.edu,
        kernel-team@...roid.com, qperret@...gle.com
Subject: [PATCH 0/2] KVM: arm64: Stub exports in nvhe code

Hi all,

In the context of the currently ongoing work to remove the host kernel
from the TCB under KVM/arm64, I have been trying to wrap the host kernel
with a stage 2 page-table -- see [1].

Using this infrastructure, I attempted to unmap the .hyp. sections from
the host stage 2 as it really shouldn't need to access them. But by
doing so, I realized quickly the module loader was getting very confused
by the usage of EXPORT_SYMBOL() macros in library functions that have
been pulled into the EL2 object, and that we end up linking modules
against the EL2 copy of e.g. memset. And so, this series essentially
tries to fix this.

 - Patch 01 changes asm-generic/export.h to ensure we respect
   __DISABLE_EXPORTS even for asm exports;

 - and patch 02 makes use of it for all of the nVHE EL2 code.

This was tested on aml-s905x-cc, which now successfully loads kernel
modules with .hyp.text unmapped from the host.

Thanks,
Quentin

[1] https://lore.kernel.org/kvmarm/20210108121524.656872-1-qperret@google.com/

Quentin Perret (2):
  asm-generic: export: Stub EXPORT_SYMBOL with __DISABLE_EXPORTS
  KVM: arm64: Stub EXPORT_SYMBOL for nVHE EL2 code

 arch/arm64/kvm/hyp/nvhe/Makefile | 4 ++--
 include/asm-generic/export.h     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

-- 
2.30.0.365.g02bc693789-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ