lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YtAGzqfT9EkYTFBm@sirena.org.uk>
Date:   Thu, 14 Jul 2022 13:06:38 +0100
From:   Mark Brown <broonie@...nel.org>
To:     Mark Rutland <mark.rutland@....com>
Cc:     linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        Kees Cook <keescook@...omium.org>, peterz@...radead.org
Subject: Re: [PATCH] lkdtm: cfi: add test for HW landing pad CFI

On Thu, Jul 14, 2022 at 12:31:54PM +0100, Mark Rutland wrote:
> On Wed, Jul 13, 2022 at 05:13:57PM +0100, Mark Brown wrote:

> > Not sure that worrying about that at this point isn't making perfect the
> > enemy of good though, it could be dealt with later.  Perhaps just put
> > the offset behind a #define to make it a tiny bit more discoverable?

> How about I just add a comment for now? e.g.

> 	/*
> 	 * Skip past a landing pad instruction.
> 	 * On arm64 all instructions are 4-byte aligned, and x86's ENDBR is 4
> 	 * bytes.
> 	 */

I'd rather have something that will definitely either fail or skip the
test so it can't silently pass, if people need to look at the source to
discover this there's more chance they'll mistakenly think things are
working.  Something like

#ifdef __aarch64__
#define LANDING_PAD_SKIP 4
#elif defined (__x86_64__)
#define LANDING_PAD_SKIP 4
#endif

then #ifdef LANDING_PAD_SKIP around the test perhaps?

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ