lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Mar 2022 11:09:58 -0800
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
        andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
        ndesaulniers@...gle.com, keescook@...omium.org,
        samitolvanen@...gle.com, mark.rutland@....com,
        alyssa.milburn@...el.com, mbenes@...e.cz, rostedt@...dmis.org,
        mhiramat@...nel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH v3 00/39] x86: Kernel IBT

On Thu, Mar 03, 2022 at 12:23:21PM +0100, Peter Zijlstra wrote:
> Hi, another week, another series.
> 
> Since last time:
> 
>  - fixed and tested kexec (redgecomb)
>  - s/4*HAS_KERNEL_IBT/ENDBR_INSN_SIZE/ (jpoimboe)
>  - re-arranged Xen patches to avoid churn (andyhpp)
>  - folded IBT_SEAL Kconfig and objtool options (jpoimboe)
>  - dropped direct call/jmp rewrite from objtool (jpoimboe)
>  - dropped UD1 poison (jpoimboe)
>  - fixed kprobe selftests (masami,naveen)
>  - fixed ftrace selftests (rostedt)
>  - simplified CET/INT3 selftests (jpoimboe)
>  - boot time msg on IBT (kees)
>  - objtool WARN_FUNC sym+off fallback (jpoimboe)
>  - picked up tags for unchanged patches
>  - probably more
> 
> Supposedly clang-14-rc2 will work on this series, I'll validate the moment the
> Debian package gets updated.
> 
> Patches go on top of tip/master + arm64/for-next/linkage. Also available here:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt

I'm getting some warnings with CONFIG_X86_KERNEL_IBT=n:

  arch/x86/entry/entry_64.o: warning: objtool: irq_entries_start()+0x7: unreachable instruction
  arch/x86/kernel/ftrace_64.o: warning: objtool: return_to_handler()+0x2a: unreachable instruction

And a warning with CONFIG_X86_KERNEL_IBT=y:

  vmlinux.o: warning: objtool: .text+0xaf0: unreachable instruction

And if I remove the per-file limiting on "unreachable instruction"
warnings, I get a boat-load more warnings for vmlinux.o.

The last two patches (IBT sealing) aren't going to be viable until all
the "unreachable instruction" warnings get cleaned up, because that
means we have missing coverage.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ