lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3022ab59-02f8-6f95-c7a1-b4c271729120@ghiti.fr>
Date:   Mon, 22 May 2023 12:48:20 +0200
From:   Alexandre Ghiti <alex@...ti.fr>
To:     Palmer Dabbelt <palmer@...belt.com>, schwab@...ux-m68k.org
Cc:     alexghiti@...osinc.com, mpe@...erman.id.au, npiggin@...il.com,
        christophe.leroy@...roup.eu,
        Paul Walmsley <paul.walmsley@...ive.com>,
        aou@...s.berkeley.edu, linuxppc-dev@...ts.ozlabs.org,
        linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH v8 1/3] riscv: Introduce CONFIG_RELOCATABLE


On 19/05/2023 23:55, Palmer Dabbelt wrote:
> On Fri, 19 May 2023 14:48:59 PDT (-0700), schwab@...ux-m68k.org wrote:
>> On Mai 19 2023, Alexandre Ghiti wrote:
>>
>>> I have tested the following patch successfully, can you give it a try
>>> while I make sure this is the only place I forgot to add the -fno-pie
>>> flag?
>>>
>>> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
>>> index fbdccc21418a..153864e4f399 100644
>>> --- a/arch/riscv/kernel/Makefile
>>> +++ b/arch/riscv/kernel/Makefile
>>> @@ -23,6 +23,10 @@ ifdef CONFIG_FTRACE
>>>  CFLAGS_REMOVE_alternative.o = $(CC_FLAGS_FTRACE)
>>>  CFLAGS_REMOVE_cpufeature.o = $(CC_FLAGS_FTRACE)
>>>  endif
>>> +ifdef CONFIG_RELOCATABLE
>>> +CFLAGS_alternative.o += -fno-pie
>>> +CFLAGS_cpufeature.o += -fno-pie
>>> +endif
>>>  ifdef CONFIG_KASAN
>>>  KASAN_SANITIZE_alternative.o := n
>>>  KASAN_SANITIZE_cpufeature.o := n
>>
>> I can confirm that this fixes the crash.
>
> Thanks.  Alex: can you send a patch?


I don't think this patch alone will work, all the code in early 
alternatives must be compiled with -fno-pie, but I'm a bit scared that's 
a "big" constraint. For now, I see 2 solutions:

- Document somewhere the fact that anything called from early 
alternatives must be compiled with -fno-pie
- Or relocate once with physical address, call early alternatives, and 
then do the final virtual relocation

Both options can be cumbersome in their own way, if anyone has an 
opinion, I'd be happy to discuss that :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ