| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8dcc739a-3fd4-434c-995c-1dce33cefe6f@csgroup.eu>
Date: Wed, 6 Nov 2024 10:39:43 +0100
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Michael Ellerman <mpe@...erman.id.au>
Cc: linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
Naveen N Rao <naveen@...nel.org>, Nicholas Piggin <npiggin@...il.com>,
Kees Cook <kees@...nel.org>, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] powerpc: Add __must_check to set_memory_...()
Hi Michael,
Le 07/09/2024 à 17:40, Christophe Leroy a écrit :
> After the following powerpc commits, all calls to set_memory_...()
> functions check returned value.
> - Commit 8f17bd2f4196 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
> - Commit f7f18e30b468 ("powerpc/kprobes: Handle error returned by
> set_memory_rox()")
> - Commit 009cf11d4aab ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 9cbacb834b4a ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 78cb0945f714 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
>
> All calls in core parts of the kernel also always check returned value,
> can be looked at with following query:
>
> $ git grep -w -e set_memory_ro -e set_memory_rw -e set_memory_x -e set_memory_nx -e set_memory_rox `find . -maxdepth 1 -type d | grep -v arch | grep /`
>
> It is now possible to flag those functions with __must_check to make
> sure no new unchecked call it added.
>
> Link: https://github.com/KSPP/linux/issues/7
> Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
Do you plan to take this patch anytime soon ?
The generic part of the same was already applied in previous cycle, see
https://github.com/torvalds/linux/commit/82ce8e2f31a1eb05b1527c3d807bea40031df913
Discussion at
https://lore.kernel.org/all/b0fe75b4-c1bb-47f7-a7c3-2534b31c1780@csgroup.eu/T/
suggests that it would be beneficial to enforce return checking.
Christophe
> ---
> arch/powerpc/include/asm/set_memory.h | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/set_memory.h b/arch/powerpc/include/asm/set_memory.h
> index 9a025b776a4b..9c8d5747755d 100644
> --- a/arch/powerpc/include/asm/set_memory.h
> +++ b/arch/powerpc/include/asm/set_memory.h
> @@ -12,37 +12,37 @@
>
> int change_memory_attr(unsigned long addr, int numpages, long action);
>
> -static inline int set_memory_ro(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_ro(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_RO);
> }
>
> -static inline int set_memory_rw(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_rw(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_RW);
> }
>
> -static inline int set_memory_nx(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_nx(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_NX);
> }
>
> -static inline int set_memory_x(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_x(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_X);
> }
>
> -static inline int set_memory_np(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_np(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_NP);
> }
>
> -static inline int set_memory_p(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_p(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_P);
> }
>
> -static inline int set_memory_rox(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_rox(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_ROX);
> }
Powered by blists - more mailing lists