lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241122170227.GAZ0C5I-F8AUpwCAcG@fat_crate.local>
Date: Fri, 22 Nov 2024 18:02:27 +0100
From: Borislav Petkov <bp@...en8.de>
To: Ingo Molnar <mingo@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>, x86-ml <x86@...nel.org>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] x86/boot: Get rid of linux/init.h include

On Fri, Nov 22, 2024 at 05:55:52PM +0100, Ingo Molnar wrote:
> > --- a/arch/x86/boot/compressed/head_32.S
> > +++ b/arch/x86/boot/compressed/head_32.S
> > @@ -24,7 +24,6 @@
> >   */
> >  	.text
> >  
> > -#include <linux/init.h>
> >  #include <linux/linkage.h>
> >  #include <asm/segment.h>
> >  #include <asm/page_types.h>
> > @@ -32,6 +31,10 @@
> >  #include <asm/asm-offsets.h>
> >  #include <asm/bootparam.h>
> >  
> > +#ifdef KERNEL_PROPER_HEADER
> > +#error Do not include kernel proper namespace headers
> > +#endif
> 
> The canonical solution in such cases is to use the existing header 
> guard, ie:
> 
>  #ifdef _LINUX_INIT_H
>  # error Do not include kernel proper namespace headers
>  #endif
> 
> Then we can skip defining KERNEL_PROPER_HEADER as well, and this change 
> will be purely to x86 code.

Yap, I know, thought about it.

However, if we have to protect against every header, then we will have to do
a big

if defined...

which doesn't really work.

For the above example:

#if defined(_LINUX_INIT_H) || defined(_LINUX_LINKAGE_H)

and that would protect against the two headers which are included here.

If someone includes another one, it won't fire.

So we need a generic way to identify a kernel proper header. Either with
a define like KERNEL_PROPER_HEADER or some other magic (I don't know if there
is something like that), perhaps some preprocessor hackery which can figure
out whether some of the include paths have a include/linux/ in them and then
error out if so...

Maybe I should talk to toolchain folks...

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ