lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <de70f11174e8f8e294071b70542e23f5@ispras.ru>
Date:   Sat, 08 Apr 2023 18:03:20 +0300
From:   Evgeniy Baskov <baskov@...ras.ru>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Ard Biesheuvel <ardb@...nel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Alexey Khoroshilov <khoroshilov@...ras.ru>,
        Peter Jones <pjones@...hat.com>,
        Gerd Hoffmann <kraxel@...hat.com>,
        "Limonciello, Mario" <mario.limonciello@....com>,
        joeyli <jlee@...e.com>, lvc-project@...uxtesting.org,
        x86@...nel.org, linux-efi@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v5 01/27] x86/boot: Align vmlinuz sections on page size

On 2023-04-05 20:13, Borislav Petkov wrote:

Sorry for delayed reply.

> On Tue, Mar 14, 2023 at 01:13:28PM +0300, Evgeniy Baskov wrote:
>> To protect sections on page table level each section needs to be
>> aligned on page size (4KB).
> 
> Protect against what?

Protect against invalid memory accesses, mainly caused by bugs, I guess.
I meant just applying tight memory attributes, sorry for the
bad wording. I will change it in the next version.

> 
>> Set sections alignment in linker script for the kernel decompressor
>> (boot/compressed/vmlinux.lds.S).
> 
> Do not talk about *what* the patch is doing in the commit message - 
> that
> should be obvious from the diff itself. Rather, concentrate on the 
> *why*
> it needs to be done.

Makes sense. I'll try to improve it before resubmitting.

> 
>> Also introduce symbols that can be used to reference compressed
>> kernel blob section later in the later patches.
> 
> Introduce those with the respective patch that uses them. This one is
> adding section alignment only and that's all that it should do.

Oh, good point, will do.

> 
> Thx.

Thanks,
Evgeniy Baskov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ