| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240930214218.aysuqlecl6olflow@treble> Date: Mon, 30 Sep 2024 14:42:18 -0700 From: Josh Poimboeuf <jpoimboe@...nel.org> To: Peter Zijlstra <peterz@...radead.org> Cc: x86@...nel.org, linux-kernel@...r.kernel.org, alyssa.milburn@...el.com, scott.d.constable@...el.com, joao@...rdrivepizza.com, andrew.cooper3@...rix.com, jose.marchesi@...cle.com, hjl.tools@...il.com, ndesaulniers@...gle.com, samitolvanen@...gle.com, nathan@...nel.org, ojeda@...nel.org, kees@...nel.org, alexei.starovoitov@...il.com Subject: Re: [PATCH 01/14] x86/cfi: Wreck things... On Sat, Sep 28, 2024 at 03:31:14PM +0200, Peter Zijlstra wrote: > On Fri, Sep 27, 2024 at 04:15:27PM -0700, Josh Poimboeuf wrote: > > Even better, require exported+indirect-called symbols to use > > EXPORT_SYMBOL_TYPED, otherwise they get sealed. I suppose we'd need to > > add some module-to-vmlinux ENDBR validation to make sure modules don't > > get broken by this. > > So I like this idea. but yeah, this is going to be a bit tricky to > validate. If Module.symvers had EXPORT_SYMBOL[_GPL][_TYPED], objtool could read that to decide whether a given module indirect branch is allowed. Objtool is going to be getting support for reading Module.symvers anyway for klp-build so it should actually be pretty easy. -- Josh
Powered by blists - more mailing lists