| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXEy0B3Jf_njyign-WuPup-hEB4a9C3dPk4xrZzH9mz4Ww@mail.gmail.com> Date: Thu, 7 Nov 2024 17:12:27 +0100 From: Ard Biesheuvel <ardb@...nel.org> To: Borislav Petkov <bp@...en8.de> Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org, Tom Lendacky <thomas.lendacky@....com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Arnd Bergmann <arnd@...db.de>, Kees Cook <keescook@...omium.org>, Brian Gerst <brgerst@...il.com> Subject: Re: [PATCH v3 0/4] x86: Rid .head.text of all abs references On Thu, 7 Nov 2024 at 17:00, Borislav Petkov <bp@...en8.de> wrote: > > On Wed, Jun 05, 2024 at 12:16:11PM +0200, Ard Biesheuvel wrote: > > From: Ard Biesheuvel <ardb@...nel.org> > > > > This series removes the last remaining absolute symbol references from > > .head.text. Doing so is necessary because code in this section may be > > called from a 1:1 mapping of memory, which deviates from the mapping > > this code was linked and/or relocated to run at. This is not something > > that the toolchains support: even PIC/PIE code is still assumed to > > execute from the same mapping that it was relocated to run from by the > > startup code or dynamic loader. This means we are basically on our own > > here, and need to add measures to ensure the code works as expected in > > this manner. > > > > Given that the startup code needs to create the kernel virtual mapping > > in the page tables, early references to some kernel virtual addresses > > are valid even if they cannot be dereferenced yet. To avoid having to > > make this distinction at build time, patches #3 and #4 replace such > > valid references with RIP-relative references with an offset applied. > > > > Patches #1 and #2 remove some absolute references from .head.text that > > don't need to be there in the first place. > > > > Changes since v2: > > - Rebase onto v6.10-rc2 > > - Tweak commit log of patch #3 > > > > Changes since v1/RFC: > > - rename va_offset to p2v_offset > > - take PA of _text in C code directly > > > > Cc: Tom Lendacky <thomas.lendacky@....com> > > Cc: Thomas Gleixner <tglx@...utronix.de> > > Cc: Ingo Molnar <mingo@...hat.com> > > Cc: Borislav Petkov <bp@...en8.de> > > Cc: Dave Hansen <dave.hansen@...ux.intel.com> > > Cc: Andy Lutomirski <luto@...nel.org> > > Cc: Arnd Bergmann <arnd@...db.de> > > Cc: Kees Cook <keescook@...omium.org> > > Cc: Brian Gerst <brgerst@...il.com> > > > > Ard Biesheuvel (4): > > x86/sev: Avoid WARN()s in early boot code > > x86/xen/pvh: Move startup code into .ref.text > > x86/boot/64: Determine VA/PA offset before entering C code > > x86/boot/64: Avoid intentional absolute symbol references in > > .head.text > > Those look forgotten in my mbox. Do we still want them to go somewhere? > I'll get back to this next cycle. Patch #2 has become redundant now, and I need to incorporate some feedback from Tom into patch #1. I imagine #3 and #4 should still apply, and they could be taken independently, but there is no urgency.
Powered by blists - more mailing lists