lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4d354ca6-75b1-dd91-d33b-b8b4e892b751@bu.edu>
Date:   Thu, 6 Oct 2022 17:00:51 -0400
From:   Ali Raza <aliraza@...edu>
To:     Andy Lutomirski <luto@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc:     Jonathan Corbet <corbet@....net>, masahiroy@...nel.org,
        michal.lkml@...kovi.net,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Arnd Bergmann <arnd@...db.de>, juri.lelli@...hat.com,
        vincent.guittot@...aro.org, dietmar.eggemann@....com,
        Steven Rostedt <rostedt@...dmis.org>,
        Ben Segall <bsegall@...gle.com>, mgorman@...e.de,
        bristot@...hat.com, vschneid@...hat.com,
        Paolo Bonzini <pbonzini@...hat.com>, jpoimboe@...nel.org,
        linux-doc@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-mm@...ck.org, linux-fsdevel@...r.kernel.org,
        linux-arch@...r.kernel.org,
        the arch/x86 maintainers <x86@...nel.org>, rjones@...hat.com,
        munsoner@...edu, tommyu@...edu, drepper@...hat.com,
        lwoodman@...hat.com, mboydmcse@...il.com, okrieg@...edu,
        rmancuso@...edu
Subject: Re: [RFC UKL 02/10] x86/boot: Load the PT_TLS segment for Unikernel
 configs

On 10/4/22 13:30, Andy Lutomirski wrote:
> On Mon, Oct 3, 2022, at 3:21 PM, Ali Raza wrote:
>> The kernel normally skips loading this segment as it is not inlcuded in
>> standard builds. However, when linked with an application in the Unikernel
>> configuration the segment will be present. Load PT_TLS when configured as a
>> unikernel.
>>
>> Cc: Jonathan Corbet <corbet@....net>
>> Cc: Masahiro Yamada <masahiroy@...nel.org>
>> Cc: Michal Marek <michal.lkml@...kovi.net>
>> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
>> Cc: Thomas Gleixner <tglx@...utronix.de>
>> Cc: Ingo Molnar <mingo@...hat.com>
>> Cc: Borislav Petkov <bp@...en8.de>
>> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
>> Cc: "H. Peter Anvin" <hpa@...or.com>
>> Cc: Andy Lutomirski <luto@...nel.org>
>> Cc: Eric Biederman <ebiederm@...ssion.com>
>> Cc: Kees Cook <keescook@...omium.org>
>> Cc: Peter Zijlstra <peterz@...radead.org>
>> Cc: Alexander Viro <viro@...iv.linux.org.uk>
>> Cc: Arnd Bergmann <arnd@...db.de>
>> Cc: Juri Lelli <juri.lelli@...hat.com>
>> Cc: Vincent Guittot <vincent.guittot@...aro.org>
>> Cc: Dietmar Eggemann <dietmar.eggemann@....com>
>> Cc: Steven Rostedt <rostedt@...dmis.org>
>> Cc: Ben Segall <bsegall@...gle.com>
>> Cc: Mel Gorman <mgorman@...e.de>
>> Cc: Daniel Bristot de Oliveira <bristot@...hat.com>
>> Cc: Valentin Schneider <vschneid@...hat.com>
>> Cc: Paolo Bonzini <pbonzini@...hat.com>
>> Cc: Josh Poimboeuf <jpoimboe@...nel.org>
>>
>> Signed-off-by: Ali Raza <aliraza@...edu>
>> ---
>>  arch/x86/boot/compressed/misc.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
>> index cf690d8712f4..0d07b5661c9c 100644
>> --- a/arch/x86/boot/compressed/misc.c
>> +++ b/arch/x86/boot/compressed/misc.c
>> @@ -310,6 +310,9 @@ static void parse_elf(void *output)
>>  		phdr = &phdrs[i];
>>
>>  		switch (phdr->p_type) {
>> +#ifdef CONFIG_UNIKERNEL_LINUX
>> +		case PT_TLS:
>> +#endif
> 
> Can you explain why exactly a Linux boot image would have a TLS segment?  What does it do?

Thank you for taking the time to review the patch. 

A UKL boot image will have a TLS segment if an application has it, or is
linked with glibc, and the resulting binary is then linked with the
kernel. This will allow applications depending on TLS to function
without modification in the UKL setting.

That is why, the first patch in this series adds TLS section to the
kernel linker script. Also, if you use an application binary that does
not have a TLS section (like the one given with this patchset in
samples/ukl), you can turn it off through the CONFIG_UKL_TLS option.
This means the size of the TLS section would be zero and this code will
effectively not load anything.

> 
>>  		case PT_LOAD:
>>  #ifdef CONFIG_X86_64
>>  			if ((phdr->p_align % 0x200000) != 0)
>> -- 
>> 2.21.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ