lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAB=+i9RCCxHH755gWm+Y=3xdpXoRWbz1nwO3_CKDM8Vdmki0dA@mail.gmail.com>
Date:   Thu, 5 Oct 2023 17:26:04 +0900
From:   Hyeonggon Yoo <42.hyeyoo@...il.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        David Kaplan <David.Kaplan@....com>,
        Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...nel.org>,
        x86@...nel.org
Subject: Re: Linux 6.6-rc3 (DEBUG_VIRTUAL is unhappy on x86)

On Mon, Oct 2, 2023 at 7:41 PM Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Sun, Oct 01, 2023 at 11:17:21PM +0900, Hyeonggon Yoo wrote:
>
> > OK, I looked into this a little bit, and it turns out that the problematic
> > address here is from cleanup_trusted() in
> > security/keys/trusted-keys/trusted_core.c.
> > (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
>
> That code is insane.. wth would you want to use an explicit
> static_call() in either __init or __exit ?!?
>
> I think the reason we support init was because it was just really hard
> to avoid throughout the abstraction layers etc.. But this seems to be
> the only __exit user, and it is really quite daft.

Actually that's a good point (that static call in __exit is a bit insane).
One thing I still wonder is,  will the alternative instructions functionality be
affected in the same way as static calls? Because it's just another way to patch
kernel code at runtime.

> > The function is marked as __exit, so it does not fall within the
> > 'core kernel text address range,' which is between _stext and _etext
> > (or between _sinittext and _einittext). and thus __text_poke() thinks that
> > it's vmalloc/module area.
> >
> > I think __text_poke() should be taught that functions marked as __exit
> > also belong to kernel code just like __init.
>
> Should we not do something like:
>
> #ifdef MODULE
> #define __exit __section(".exit.text") __exitused __cold notrace
> #else
> #define __exit __section(".discard.exit.text")
> #endif
>
> It's not like that code should ever be ran or referenced when built-in.

It looked fine to me, but with a quick testing my linker seems to be unhappy
(removed duplicate lines):

$ make -j12 bzImage
  DESCEND objtool
  DESCEND bpf/resolve_btfids
make[4]: 'install_headers' is up to date.
  CALL    scripts/checksyscalls.sh
  UPD     include/generated/utsversion.h
  CC      init/version-timestamp.o
  LD      .tmp_vmlinux.btf
`.discard.exit.text' referenced in section `__mcount_loc' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.smp_locks' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `__bug_table' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `__jump_table' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.static_call_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.retpoline_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.return_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.call_sites' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `.ibt_endbr_seal' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
  BTF     .btf.vmlinux.bin.o
pahole: .tmp_vmlinux.btf: Invalid argument
  LD      .tmp_vmlinux.kallsyms1
.btf.vmlinux.bin.o: file not recognized: file format not recognized
make[2]: *** [scripts/Makefile.vmlinux:36: vmlinux] Error 1
make[1]: *** [/home/hyeyoo/Desktop/linux/Makefile:1165: vmlinux] Error 2
make: *** [Makefile:234: __sub-make] Error 2

--
Hyeonggon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ