| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Apr 2022 12:26:58 -0500
From: "Madhavan T. Venkataraman" <madvenka@...ux.microsoft.com>
To: Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>
Cc: mark.rutland@....com, broonie@...nel.org, ardb@...nel.org,
nobuta.keiya@...itsu.com, sjitindarsingh@...il.com,
catalin.marinas@....com, will@...nel.org, jmorris@...ei.org,
linux-arm-kernel@...ts.infradead.org,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
chenzhongjin@...wei.com
Subject: Re: [RFC PATCH v1 0/9] arm64: livepatch: Use DWARF Call Frame
Information for frame pointer validation
On 4/8/22 06:41, Peter Zijlstra wrote:
>
> Right; so not having seen the patches due to Madhaven's email being
> broken, I can perhaps less appreciated the crazy involved.
>
Crazy like a fox.
> On Thu, Apr 07, 2022 at 05:21:51PM -0700, Josh Poimboeuf wrote:
>> 2)
>>
>> If I understand correctly, objtool is converting parts of DWARF to a new
>> format which can then be read by the kernel. In that case, please don't
>> call it DWARF as that will cause a lot of confusion.
>>
>> There are actually several similarities between your new format and ORC,
>> which is also an objtool-created DWARF alternative. It would be
>> interesting to see if they could be combined somehow.
>
> What Josh said; please use/extend ORC.
>
Yes. I am looking into it.
> I really don't understand where all this crazy is coming from; why does
> objtool need to do something radically weird for ARM64?
>
> There are existing ARM64 patches for objtool; in fact they have recently
> been re-posted:
>
> https://lkml.kernel.org/r/20220407120141.43801-1-chenzhongjin@huawei.com
>
> The only tricky bit seems to be the whole jump-table issue. Using DWARF
> as input to deal with jump-tables should be possible -- exceedingly
> overkill, but possible I suppose. Mandating DWARF sucks though, compile
> times are so much worse with DWARVES on :/
>
> Once objtool can properly follow/validate ARM64 code, it should be
> fairly straight forward to have it generate ORC data just like it does
> on x86_64.
>
My reasons for attempting the DWARF based implementation:
- My implementation is largely architecture independent. There are a couple of
minor pieces that are architecture-specific, but they are minor in nature.
So, if an architecture wanted to support the livepatch feature but did not
want to do a heavy weight objtool implementation, then it has an option.
There has been some debate about whether static analysis should be mandated
for livepatch. My patch series is an attempt to provide an option.
- To get an objtool static analysis implementation working for an architecture
as reliably as X64 and getting it reviewed and upstreamed can take years. It took
years for X64, am I right? I mean, it has been quite a while since the original
patch series for arm64 was posted. There have been only one or two minor comments
so far. I am sure arm64 linux users would very much want to have livepatch available
ASAP to be able to install security fixes without downtime. This is an immediate need.
- No software is bug free. So, even if static analysis is implemented for an architecture,
it would be good to have another method of verifying the unwind rules generated from
the static analysis. DWARF can provide that additional verification.
Madhavan
Powered by blists - more mailing lists