lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABCJKudYd9HiOX=d9ghVB+v37JEPJoKX_XHyopF=S7FYFabQSQ@mail.gmail.com>
Date: Thu, 2 Jan 2025 15:59:18 -0800
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Petr Pavlu <petr.pavlu@...e.com>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>, linux-modules@...r.kernel.org, 
	linux-kernel@...r.kernel.org, Daniel Gomez <da.gomez@...sung.com>, 
	Luis Chamberlain <mcgrof@...nel.org>, "Paul E . McKenney" <paulmck@...nel.org>, 
	Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, 
	Elliot Berman <quic_eberman@...cinc.com>, Kees Cook <kees@...nel.org>, 
	Nathan Chancellor <nathan@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, llvm@...ts.linux.dev
Subject: Re: [PATCH v2 28/28] cfi: Use RCU while invoking __module_address().

Hi Petr,

On Mon, Dec 30, 2024 at 1:13 PM Petr Pavlu <petr.pavlu@...e.com> wrote:
>
> On 12/20/24 18:41, Sebastian Andrzej Siewior wrote:
> > __module_address() can be invoked within a RCU section, there is no
> > requirement to have preemption disabled.
> >
> > I'm not sure if using rcu_read_lock() will introduce the regression that
> > has been fixed in commit 14c4c8e41511a ("cfi: Use
> > rcu_read_{un}lock_sched_notrace").
> >
> > Cc: Elliot Berman <quic_eberman@...cinc.com>
> > Cc: Kees Cook <kees@...nel.org>
> > Cc: Nathan Chancellor <nathan@...nel.org>
> > Cc: Sami Tolvanen <samitolvanen@...gle.com>
> > Cc: Steven Rostedt <rostedt@...dmis.org>
> > Cc: llvm@...ts.linux.dev
> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> > ---
> >  kernel/cfi.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/kernel/cfi.c b/kernel/cfi.c
> > index 08caad7767176..c8f2b5a51b2e6 100644
> > --- a/kernel/cfi.c
> > +++ b/kernel/cfi.c
> > @@ -71,6 +71,10 @@ static bool is_module_cfi_trap(unsigned long addr)
> >       struct module *mod;
> >       bool found = false;
> >
> > +     /*
> > +      * XXX this could be RCU protected but would it introcude the regression
> > +      * fixed in 14c4c8e41511a ("cfi: Use rcu_read_{un}lock_sched_notrace")
> > +      */
> >       rcu_read_lock_sched_notrace();
> >
> >       mod = __module_address(addr);
>
> I think that since 89245600941e ("cfi: Switch to -fsanitize=kcfi"), this
> can be a call to rcu_read_lock_sched(), or in your case rcu_read_lock().
> The recursive case where __cfi_slowpath_diag() could end up calling
> itself is no longer present, as all that logic is gone. I then don't see
> another reason this should use the notrace variant.
>
> @Sami, could you please confirm this?

Switching is_module_cfi_trap() to use rcu_read_lock() in this series
should be fine. KCFI checks don't perform function calls, so there's
no risk of recursion, and this function is only called during the
error handling path.

Sami

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ