lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dc059a127d59ccc77be0c92b686f72616c2d1c0f.camel@infradead.org>
Date: Wed, 18 Dec 2024 23:27:27 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>, kexec@...ts.infradead.org, Thomas
 Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav
 Petkov <bp@...en8.de>,  Dave Hansen <dave.hansen@...ux.intel.com>,
 x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, "Kirill A. Shutemov"
 <kirill.shutemov@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, Nikolay
 Borisov <nik.borisov@...e.com>, linux-kernel@...r.kernel.org, Simon Horman
 <horms@...nel.org>, Dave Young <dyoung@...hat.com>, Peter Zijlstra
 <peterz@...radead.org>, bsz@...zon.de
Subject: Re: [PATCH v5 07/20] x86/kexec: Invoke copy of relocate_kernel()
 instead of the original

On Wed, 2024-12-18 at 13:23 -0800, Josh Poimboeuf wrote:
> 
> The linker script does place it in .data, but objtool runs on the object
> file before linking, where it's still in an executable section
> (.text..relocate_kernel).
> 
> How about something like below?
> 
>   - move text to .data..relocate_kernel
>   - remove objtool annotations
>   - replace the alternative with a runtime check

That leaves me unable to use 'objdump -S
arch/x86/kernel/relocate_kernel_64.o' so I hate it :)

At the moment objtool is *mostly* happy with the code in here; is there
no way to make it happy even with the CFI annotation?

In practice I probably don't even need to use SYM_TYPED_FUNC_START()
anyway, as it's doing the wrong thing. It's pointless if it just uses
the external __cfi_typeid_relocate_kernel symbol that the C code emits,
because that's obviously going to match the prototype that the C code
expects.

So I might emit the __cfi_relocate_kernel prologue entirely manually,
and then maybe objtool will thinking it's entitled to opinions :)



Download attachment "smime.p7s" of type "application/pkcs7-signature" (5965 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ