lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250307001256.GA2276503@google.com>
Date: Fri, 7 Mar 2025 00:12:56 +0000
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Petr Pavlu <petr.pavlu@...e.com>, Luis Chamberlain <mcgrof@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Jason Baron <jbaron@...mai.com>,
	Daniel Gomez <da.gomez@...sung.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ard Biesheuvel <ardb@...nel.org>, linux-modules@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 3/3] module: Make .static_call_sites read-only after
 init

On Thu, Mar 06, 2025 at 06:28:58PM +0100, Christophe Leroy wrote:
> 
> 
> Le 06/03/2025 à 14:13, Petr Pavlu a écrit :
> > Section .static_call_sites holds data structures that need to be sorted and
> > processed only at module load time. This initial processing happens in
> > static_call_add_module(), which is invoked as a callback to the
> > MODULE_STATE_COMING notification from prepare_coming_module().
> > 
> > The section is never modified afterwards. Make it therefore read-only after
> > module initialization to avoid any (non-)accidental modifications.
> 
> Maybe this suggestion is stupid, I didn't investigate the feasability but:
> why don't we group everything that is ro_after_init in a single section just
> like we do in vmlinux ? That would avoid having to add every new possible
> section in the C code.
> 
> Like we have in asm-generic/vmlinux.lds.h:
> 
> #define RO_AFTER_INIT_DATA						\
> 	. = ALIGN(8);							\
> 	__start_ro_after_init = .;					\
> 	*(.data..ro_after_init)						\
> 	JUMP_TABLE_DATA							\
> 	STATIC_CALL_DATA						\
> 	__end_ro_after_init = .;

I like this idea. Grouping the sections in the module linker script
feels cleaner than having an array of section names in the code. To be
fair, I think this code predates v5.10, where scripts/module.lds.S was
first added.

Sami

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ