lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aBXqi4XpCsN3otHe@arm.com>
Date: Sat, 3 May 2025 11:06:03 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: Ard Biesheuvel <ardb@...nel.org>, will@...nel.org, nathan@...nel.org,
	nick.desaulniers+lkml@...il.com, morbo@...gle.com,
	justinstitt@...gle.com, broonie@...nel.org, maz@...nel.org,
	oliver.upton@...ux.dev, frederic@...nel.org, joey.gouly@....com,
	james.morse@....com, hardevsinh.palaniya@...iconsignals.io,
	shameerali.kolothum.thodi@...wei.com, ryan.roberts@....com,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	llvm@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] arm64/cpufeature: annotate arm64_use_ng_mappings with
 ro_after_init to prevent wrong idmap generation

On Fri, May 02, 2025 at 07:14:12PM +0100, Yeoreum Yun wrote:
> > On Fri, May 02, 2025 at 06:41:33PM +0200, Ard Biesheuvel wrote:
> > > Making arm64_use_ng_mappings __ro_after_init seems like a useful
> > > change by itself, so I am not objecting to that. But we don't solve it
> > > more fundamentally, please at least add a big fat comment why it is
> > > important that the variable remains there.
> >
> > Maybe something like the section reference checker we use for __init -
> > verify that the early C code does not refer anything in the BSS section.
> 
> Maybe but it would be better to be checked at compile time (I don't
> know it's possible) otherwise, early C code writer should check
> mandatroy by calling is_kernel_bss_data() (not exist) for data it refers.

This would be compile time (or rather final link time). See
scripts/mod/modpost.c (the sectioncheck[] array) on how we check if, for
example, a .text section references a .init one. We could move the whole
pi code to its own section (e.g. .init.nommu.*) and add modpost checks
for references to the bss or other sections.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ