lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241023163507.GC29251@willie-the-truck>
Date: Wed, 23 Oct 2024 17:35:08 +0100
From: Will Deacon <will@...nel.org>
To: Huang Shijie <shijie@...amperecomputing.com>
Cc: catalin.marinas@....com, patches@...erecomputing.com,
	cl@...amperecomputing.com, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org, adamli@...amperecomputing.com
Subject: Re: [PATCH] arm64: set "rodata=on" as default

On Mon, Oct 21, 2024 at 01:39:48PM +0800, Huang Shijie wrote:
> From Documentation/admin-guide/kernel-parameters.txt, we know that:
>  rodata=	[KNL,EARLY]
> 	on	Mark read-only kernel memory as read-only (default).
> 	off	Leave read-only kernel memory writable for debugging.
> 	full	Mark read-only kernel memory and aliases as read-only
> 		[arm64]
> 
> So the "rodata=on" is the default.
> 
> But the current code does not follow the document, it makes "rodata=full"
> as the default.
> 
> After patch
>   commit acfa60dbe038 ("arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y")
> the "rodata=on" can works fine now.
> 
> The "rodata=on" can provide us more block mappings and contiguous hits
> to map the linear region which minimize the TLB footprint. And the
> linear aliases of pages belonging to read-only mappings in vmalloc
> region are also marked as read-only now.
> 
> This patch disables RODATA_FULL_DEFAULT_ENABLED by default,
> so the default value:
>      rodata_full=false, rodata_enabled=true
> then the default behavior follows the "rodata=on".
> And we can get better performance with the "rodata=on" as the default
> too.
> 
> Signed-off-by: Huang Shijie <shijie@...amperecomputing.com>
> ---
>  arch/arm64/Kconfig | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index fd9df6dcc593..6f30f749156e 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1649,7 +1649,6 @@ config MITIGATE_SPECTRE_BRANCH_HISTORY
>  
>  config RODATA_FULL_DEFAULT_ENABLED
>  	bool "Apply r/o permissions of VM areas also to their linear aliases"
> -	default y
>  	help
>  	  Apply read-only attributes of VM areas to the linear alias of
>  	  the backing pages as well. This prevents code or read-only data

I think this is the wrong approach.

The "full" behaviour on arm64 is equivalent to the "on" behaviour on x86
so the more consistent change to make would be:

  - Make our "on" behaviour be what is currently done by "full"
  - Remove RODATA_FULL_DEFAULT_ENABLED
  - Introduce a new option (e.g. "rodata=noalias") which would match the
    current "on" behaviour
  - Update (simplify) the documentation

That way, the default behaviour and the "on"/"off" options follow the
x86 behaviour and expert users can fine-tune the security/performance
trade-off using the "noalias" option.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ