lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 9 Jan 2024 11:31:51 -0800
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Dimitri John Ledkov <dimitri.ledkov@...onical.com>
Cc: peterz@...radead.org, x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/3] objtool: make objtool SLS validation fatal when
 building with CONFIG_SLS=y

On Wed, Dec 13, 2023 at 01:43:01PM +0000, Dimitri John Ledkov wrote:
> Make objtool SLS validation fatal when building with CONFIG_SLS=y,
> currently it is a build.log warning only.
> 
> This is a standalone patch, such that if regressions are identified
> (with any config or toolchain configuration) it can be reverted until
> relevant identified code is fixed up or otherwise
> ignored/silecned/marked as safe.
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@...onical.com>
> ---
>  tools/objtool/check.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/objtool/check.c b/tools/objtool/check.c
> index 15df4afae2..9709f037f1 100644
> --- a/tools/objtool/check.c
> +++ b/tools/objtool/check.c
> @@ -4500,7 +4500,9 @@ static int validate_sls(struct objtool_file *file)
>  		}
>  	}
>  
> -	return warnings;
> +	/* SLS is an optional security safety feature, make it fatal
> +	 * to ensure no new code is introduced that fails SLS */
> +	return -warnings;
>  }

I'm thinking this patch (and the next one) go too far, yet not far
enough :-)

Too far, because there are still some outstanding randconfig warnings
which need to be fixed.

Not far enough, because there are other warnings which might also have
disastrous effects.  For example, even the "unreachable warning" could
mean missing SLS or retpoline mitigations.

So I'm thinking we should try to get as many of the outstanding warnings
fixed as we can, and then flip the CONFIG_WERROR switch for all
non-fatal warnings.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ