lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <xhsmhh67l5649.mognet@vschneid-thinkpadt14sgen2i.remote.csb>
Date: Tue, 03 Dec 2024 13:00:06 +0100
From: Valentin Schneider <vschneid@...hat.com>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: linux-kernel@...r.kernel.org, Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH v2 0/3] objtool: noinstr validation for static
 branches/calls

On 27/11/24 17:35, Josh Poimboeuf wrote:
> On Tue, Nov 26, 2024 at 08:47:39PM -0800, Josh Poimboeuf wrote:
>> v2:
>> - Add some fixes reported by kbuild.
>> 
>> 
>> FWIW, this reports the following static keys:
>> 
>>   - sched_clock_running
>>   - __sched_clock_stable
>>   - mds_idle_clear
>>   - vmx_l1d_flush_cond
>>   - stack_erasing_bypass
>

sched_clock_running, __sched_clock_stable and mds_idle_clear are already
covered in v3

vmx_l1d_flush_cond is modified
- at init via __init vmx_init()
- via a module parameter write ending in vmentry_l1d_flush_set()
So either init or user/admin action, IMO that's a "don't touch it"
scenario.

stack_erasing_bypass is modified only via a sysctl write, so IMO same
argument.


>> and the following static calls:
>> 
>>   - pv_sched_clock
>>   - x86_idle
>     - perf_lopwr_cb

All of these are only ever modified at __init, so they can be made
__ro_after_init.

>
> -- 
> Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ