lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241011160445.7clmhtgywqmkuh4u@treble>
Date: Fri, 11 Oct 2024 09:04:45 -0700
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org,
	llvm@...ts.linux.dev, keescook@...omium.org,
	linux-hardening@...r.kernel.org, nathan@...nel.org,
	Peter Zijlstra <peterz@...radead.org>,
	Jan Beulich <jbeulich@...e.com>,
	"Jose E. Marchesi" <jemarch@....org>, Kees Cook <kees@...nel.org>
Subject: Re: [PATCH v2 5/5] crypto: x86/crc32c - Tweak jump table to validate
 objtool logic

On Fri, Oct 11, 2024 at 08:32:33AM +0200, Ard Biesheuvel wrote:
> On Thu, 10 Oct 2024 at 22:34, Josh Poimboeuf <jpoimboe@...nel.org> wrote:
> >
> > On Thu, Oct 10, 2024 at 02:28:07PM +0200, Ard Biesheuvel wrote:
> > > From: Ard Biesheuvel <ardb@...nel.org>
> > >
> > > Tweak the jump table so
> > > - the address is taken far way from its use
> > > - its offset from the start of .rodata is != 0x0
> > > - its type is STT_OBJECT and its size is set to the size of the actual
> > >   table
> > > - the indirect jump is annotated with a R_X86_64_NONE relocation
> > >   pointing to the jump table
> > >
> > > Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> >
> > This needs more "why", I assume the goals are to add the annotations +
> > confuse objtool if it doesn't read them properly?
> >
> 
> As presented, this is just a vehicle to test the other changes in the
> series. That is why I split it off from the previous one.
> 
> Whether or not we want this code in the tree is up for debate, but I
> guess it could be useful as a canary for objtool, given that most
> configs now disable jump tables entirely.

The annotations are definitely needed since that's the future of jump
table handling.

The rest of the changes aren't worth the effort IMO.  In general we
don't compromise code quality to make objtool happy.

And "unit test for deprecated jump table detection" is even less of a
justification than would be something like "objtool can't otherwise
follow the code".

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ