lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 08 Nov 2023 17:46:46 +0800
From:   Xi Ruoyao <xry111@...111.site>
To:     WANG Rui <wangrui@...ngson.cn>
Cc:     Huacai Chen <chenhuacai@...nel.org>,
        WANG Xuerui <kernel@...0n.name>, linux-kernel@...r.kernel.org,
        loongarch@...ts.linux.dev, linux-kbuild@...r.kernel.org,
        llvm@...ts.linux.dev, loongson-kernel@...ts.loongnix.cn,
        Fangrui Song <maskray@...gle.com>
Subject: Re: [PATCH] LoongArch: Disable module from accessing external data
 directly

On Wed, 2023-11-08 at 17:36 +0800, WANG Rui wrote:
> > xry111@...men2 ~ $ clang t1.c -O2 -fno-pie -no-pie
> > xry111@...men2 ~ $ ./a.out
> > Bus error (core dumped)
> > 
> > I'll consider it a Clang bug then.

https://github.com/llvm/llvm-project/issues/71645

> That's it, no copy relocations. As far as I know, copying relocations
> has some issues and is not recommended by Fangrui.
> 
> For modules, if distance is not a problem, `no-pic` and
> `direct-access-external-data` can be together because the code is
> writable. Does it seem reasonable to exist?

It may be usable, but the result is generally worse than relying on GOT.

For example, consider a module referring two data symbols in vmlinux,
foo and bar.  The symbol foo is referred 10 times and bar is referred 8
times.

With the current GOT-based approach, the total space usage is (2 GOT
entry * (8 bytes / GOT entry)) + ((10 + 8) * 2 instruction * 4 (bytes /
instruction)) = 160 bytes.

With -fdirect-access-external-data, we must add -mcmodel=extreme too
because the modules are too far away from vmlinux in the kernel address
space, then the total space usage will be (10 + 8) * 5 instruction * 4
(bytes / instruction) = 360 bytes.

One possible approach to resolve the issue is relocating vmlinux from
XKPRANGE to XKVRANGE and fit vmlinux + all modules into a 2GiB range. 
Then the total space usage will be (10 + 8) * 2 instruction * 4 (bytes /
instruction) = 144 bytes.  But I don't know how to implement this, and
running vmlinux in XKVRANGE may have a performance penalty.

-- 
Xi Ruoyao <xry111@...111.site>
School of Aerospace Science and Technology, Xidian University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ