lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXHL5_2TM1ZTaPEgGm9uU7xvFpRxxarKpOTr=YVvj+72cQ@mail.gmail.com>
Date: Sat, 3 May 2025 13:22:37 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Yeoreum Yun <yeoreum.yun@....com>, will@...nel.org, nathan@...nel.org, 
	nick.desaulniers+lkml@...il.com, morbo@...gle.com, justinstitt@...gle.com, 
	broonie@...nel.org, maz@...nel.org, oliver.upton@...ux.dev, 
	frederic@...nel.org, joey.gouly@....com, james.morse@....com, 
	hardevsinh.palaniya@...iconsignals.io, shameerali.kolothum.thodi@...wei.com, 
	ryan.roberts@....com, linux-arm-kernel@...ts.infradead.org, 
	linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] arm64/cpufeature: annotate arm64_use_ng_mappings with
 ro_after_init to prevent wrong idmap generation

On Sat, 3 May 2025 at 12:06, Catalin Marinas <catalin.marinas@....com> wrote:
>
> On Fri, May 02, 2025 at 07:14:12PM +0100, Yeoreum Yun wrote:
> > > On Fri, May 02, 2025 at 06:41:33PM +0200, Ard Biesheuvel wrote:
> > > > Making arm64_use_ng_mappings __ro_after_init seems like a useful
> > > > change by itself, so I am not objecting to that. But we don't solve it
> > > > more fundamentally, please at least add a big fat comment why it is
> > > > important that the variable remains there.
> > >
> > > Maybe something like the section reference checker we use for __init -
> > > verify that the early C code does not refer anything in the BSS section.
> >
> > Maybe but it would be better to be checked at compile time (I don't
> > know it's possible) otherwise, early C code writer should check
> > mandatroy by calling is_kernel_bss_data() (not exist) for data it refers.
>
> This would be compile time (or rather final link time). See
> scripts/mod/modpost.c (the sectioncheck[] array) on how we check if, for
> example, a .text section references a .init one. We could move the whole
> pi code to its own section (e.g. .init.nommu.*) and add modpost checks
> for references to the bss or other sections.
>

We can take care of this locally in image-vars.h, where each variable
used by the startup code is made available to it explicitly.

Sending out a separate series shortly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ