lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <62c11336-cac1-8501-19fe-980ebfa050e9@collabora.com>
Date:   Thu, 10 Mar 2022 22:21:57 +0500
From:   Muhammad Usama Anjum <usama.anjum@...labora.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     usama.anjum@...labora.com, Shuah Khan <shuah@...nel.org>,
        kernel@...labora.com, kernelci@...ups.io,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Shuah Khan <skhan@...uxfoundation.org>,
        linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] selftests/lkdtm: add config and turn off
 CFI_FORWARD_PROTO

On 3/10/22 12:22 AM, Kees Cook wrote:
> On Fri, Feb 18, 2022 at 01:56:19AM +0500, Muhammad Usama Anjum wrote:
>> Add config options which are needed for LKDTM sub-tests.
>> STACKLEAK_ERASING test needs GCC_PLUGIN_STACKLEAK config.
>> READ_AFTER_FREE and READ_BUDDY_AFTER_FREE tests need
>> INIT_ON_FREE_DEFAULT_ON config.
>>
>> CFI_FORWARD_PROTO always fails as there is no active CFI system of some
>> kind. Turn it off for now by default until proper support.
> 
> Building under LTO Clang on arm64, this is available. What's the right
> way to add a CONFIG that isn't always available?
> 
> -Kees
Yeah, as you had mentioned
(https://github.com/kernelci/kernelci-project/issues/84#issuecomment-1042015431):

CFI_FORWARD_PROTO is going to fail unless there is an active CFI system
in place of some kind. Right now this depends on arm64+Clang. In the
future, this will be arch-agnostic+Clang, but for the moment, it should
be safe to exclude this test.

In this patch, I'm turning off CFI_FORWARD_PROTO by default here. We can
re-enable it when it becomes arch agnostic. CFI_FORWARD_PROTO cannot be
turned off by using a config. Please let me know your thoughts otherwise.

-- 
Muhammad Usama Anjum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ