lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YryQvUtupEgn+vO1@noodles-fedora.dhcp.thefacebook.com>
Date:   Wed, 29 Jun 2022 17:49:53 +0000
From:   Jonathan McDowell <noodles@...com>
To:     Borislav Petkov <bp@...en8.de>
CC:     kernel test robot <lkp@...el.com>,
        "llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
        "kbuild-all@...ts.01.org" <kbuild-all@...ts.01.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>, Baoquan He <bhe@...hat.com>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>
Subject: Re: [PATCH] of: Correctly annotate IMA kexec buffer functions

On Wed, Jun 29, 2022 at 04:01:15PM +0200, Borislav Petkov wrote:
> On Wed, Jun 29, 2022 at 09:52:50AM +0000, Jonathan McDowell wrote:
> > Below is on top of what was in tip; I can roll a v7 if preferred but
> > I think seeing the fix on its own is clearer.
> 
> Yes, and you don't have to base it on top because, as I've said, I've
> zapped your other patch there.
> 
> Once IMA folks are fine with that fix of yours I can take both, if they
> wish so.

I'll roll a v7 collapsing them together and moving to __init as per
below.

> > ima_free_kexec_buffer() calls into memblock_phys_free() so must be
> > annotated __meminit.
> 
> Why __meminit?
> 
> The very sparse comment over it says:
> 
> /* Used for MEMORY_HOTPLUG */
> #define __meminit        __section(".meminit.text") __cold notrace \
>                                                   __latent_entropy
> 
> so how does ima_free_kexec_buffer() have anything to do with
> MEMORY_HOTPLUG?
> 
> It calls memblock_phys_free() which is __init_memblock.
> 
> Now __init_memblock is defined as
> 
> #define __init_memblock __meminit
> 
> for some CONFIG_ARCH_KEEP_MEMBLOCK thing so I guess that is the
> connection.
> 
> But then the couple other functions which call into memblock are all
> __init...
> 
> IOW, I probably am missing something...

I think the answer is that __meminit (or __init_memblock) works out as
the minimum required annotation, because memblock_phys_free() has that
annotation, but having looked closer at the call stack all of the usage
is under ima_init() which is marked __init, so it's more appropriate to
use that and discard the code after boot. There's no need for the ima
related functions to stay hanging around in the case memory hotplug is
enabled, because it's purely a boot time mechanism for passing the
buffer over a kexec boundary.

J.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ