lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e587d63f-f28c-460a-8815-efbc61cb6d93@suse.com>
Date: Fri, 3 Jan 2025 17:24:00 +0100
From: Petr Pavlu <petr.pavlu@...e.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Luis Chamberlain <mcgrof@...nel.org>,
 Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez
 <da.gomez@...sung.com>, Peter Zijlstra <peterz@...radead.org>,
 Josh Poimboeuf <jpoimboe@...nel.org>, Jason Baron <jbaron@...mai.com>,
 Steven Rostedt <rostedt@...dmis.org>, Ard Biesheuvel <ardb@...nel.org>,
 linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] module: Make .static_call_sites read-only after init

On 1/3/25 15:06, Christophe Leroy wrote:
> Le 23/12/2024 à 10:37, Petr Pavlu a écrit :
>> Section .static_call_sites holds data structures that need to be sorted and
>> processed only at module load time. The section is never modified afterwards.
>> Make it therefore read-only after module initialization to avoid any
>> (non-)accidental modifications.
>>
>> Petr Pavlu (3):
>>    module: Constify parameters of module_enforce_rwx_sections()
>>    module: Add a separate function to mark sections as read-only after
>>      init
>>    module: Make .static_call_sites read-only after init
>>
>>   kernel/module/internal.h   |  7 ++++--
>>   kernel/module/main.c       | 18 +++------------
>>   kernel/module/strict_rwx.c | 47 ++++++++++++++++++++++++++++++++++++--
>>   3 files changed, 53 insertions(+), 19 deletions(-)
>>
>>
> 
> We have a problem at the moment with ro_after_init sections, isn't it 
> better to fix it before adding new stuff to ro_after_init ?
> 
> This series conflicts with my series which aims at fixing up 
> ro_after_init handling in modules, see 
> https://patchwork.kernel.org/project/linux-modules/cover/cover.1733427536.git.christophe.leroy@csgroup.eu/

Sure, this is a fairly minor change to keep what the modules loader does
in sync with how the same .static_call_sites data in vmlinux is handled.
It can wait.

> I was expecting my series to land in modules-next, do you or Luis plan 
> to take it anytime soon ?

Sorry for the lack of clarity. I've been waiting with applying that
series as there was still some discussion. I have now replied in its
thread [1].

[1] https://lore.kernel.org/linux-modules/f0e892c7-43cd-4310-9d60-1d6e839f5bb2@suse.com/

-- 
Thanks,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ