lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241125102223.GBZ0RP375DufF0QQds@fat_crate.local>
Date: Mon, 25 Nov 2024 11:22:23 +0100
From: Borislav Petkov <bp@...en8.de>
To: Ingo Molnar <mingo@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>, x86-ml <x86@...nel.org>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] x86/boot: Get rid of linux/init.h include

On Mon, Nov 25, 2024 at 09:24:28AM +0100, Ingo Molnar wrote:
> And if someone doesn't add the ugly KERNEL_PROPER_HEADER defines to a 
> new header that somehow gets included into the decompressor build 
> virally, it won't fire either. I think it's better to concentrate the 
> uglies in the 'weird' code, ie. the decompressor.

Yes, I'd need to think of something slicker...
 
> Also, what's the root problem being solved? The changelog says:
> 
>    > no collisions and ugly ifdeffery when those kernel proper headers 
>    > get shared.
> 
> But that's pretty vague - is there some recent build regression this is 
> responding to? Which kernel headers collided with which headers used by 
> the decompressor build?

The sharing of headers has always been a PITA. Because the decompressor is
different from kernel proper, the moment you start including kernel proper
headers for functionality, you need to exempt or add ifdeffery or do some
other weird dance to be able to share those headers.

Things like below are only some examples.

So I'd like to separate the two namespaces and only share common functionality
through asm/shared/ and avoid all that ugly ifdeffery and workarounds we're
doing. Because each time we have to touch the decompressor - and we get to
touch it a lot with the confidential computing stuff recently - it is like
a house of cards.

I hope that makes sense.

/* Use the static base for this part of the boot process */
#undef __PAGE_OFFSET
#define __PAGE_OFFSET __PAGE_OFFSET_BASE
#include "../../mm/ident_map.c"

or 

#define _SETUP
#include <asm/setup.h>	/* For COMMAND_LINE_SIZE */
#undef _SETUP

/* No MITIGATION_PAGE_TABLE_ISOLATION support needed either: */
#undef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION

or

#define KASLR_COMPRESSED_BOOT
#include "../../lib/kaslr.c"

or

#ifdef CONFIG_X86_5LEVEL
#ifdef USE_EARLY_PGTABLE_L5
/*
 * cpu_feature_enabled() is not available in early boot code.
 * Use variable instead.
 */
static inline bool pgtable_l5_enabled(void)
{
	return __pgtable_l5_enabled;
}



-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ