lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aByy1CFUieJQeofl@e129823.arm.com>
Date: Thu, 8 May 2025 14:34:12 +0100
From: Yeoreum Yun <yeoreum.yun@....com>
To: Ard Biesheuvel <ardb+git@...gle.com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	will@...nel.org, catalin.marinas@....com, mark.rutland@....com,
	Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH v2 3/3] arm64/boot: Disallow BSS exports to startup code

Hi Ard,

> From: Ard Biesheuvel <ardb@...nel.org>
>
> BSS might be uninitialized when entering the startup code, so forbid the
> use by the startup code of any variables that live after __bss_start in
> the linker map.
>
> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> ---
>  arch/arm64/kernel/image-vars.h  | 62 +++++++++++---------
>  arch/arm64/kernel/vmlinux.lds.S |  2 +
>  2 files changed, 35 insertions(+), 29 deletions(-)
>
> diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
> index c3b4c0479d5c..a928e0c0b45a 100644
> --- a/arch/arm64/kernel/image-vars.h
> +++ b/arch/arm64/kernel/image-vars.h
> @@ -10,6 +10,12 @@
>  #error This file should only be included in vmlinux.lds.S
>  #endif
>
> +#define PI_EXPORT_SYM(sym)		\
> +	__PI_EXPORT_SYM(sym, __pi_ ## sym, Cannot export BSS symbol sym to startup code)
> +#define __PI_EXPORT_SYM(sym, pisym, msg)\
> +	PROVIDE(pisym = sym);		\
> +	ASSERT((sym - KIMAGE_VADDR) < (__bss_start - KIMAGE_VADDR), #msg)
> +
>  PROVIDE(__efistub_primary_entry		= primary_entry);
>
>  /*
> @@ -36,37 +42,35 @@ PROVIDE(__pi___memcpy			= __pi_memcpy);
>  PROVIDE(__pi___memmove			= __pi_memmove);
>  PROVIDE(__pi___memset			= __pi_memset);
>
> -PROVIDE(__pi_id_aa64isar1_override	= id_aa64isar1_override);
> -PROVIDE(__pi_id_aa64isar2_override	= id_aa64isar2_override);
> -PROVIDE(__pi_id_aa64mmfr0_override	= id_aa64mmfr0_override);
> -PROVIDE(__pi_id_aa64mmfr1_override	= id_aa64mmfr1_override);
> -PROVIDE(__pi_id_aa64mmfr2_override	= id_aa64mmfr2_override);
> -PROVIDE(__pi_id_aa64pfr0_override	= id_aa64pfr0_override);
> -PROVIDE(__pi_id_aa64pfr1_override	= id_aa64pfr1_override);
> -PROVIDE(__pi_id_aa64smfr0_override	= id_aa64smfr0_override);
> -PROVIDE(__pi_id_aa64zfr0_override	= id_aa64zfr0_override);
> -PROVIDE(__pi_arm64_sw_feature_override	= arm64_sw_feature_override);
> -PROVIDE(__pi_arm64_use_ng_mappings	= arm64_use_ng_mappings);
> +PI_EXPORT_SYM(id_aa64isar1_override);
> +PI_EXPORT_SYM(id_aa64isar2_override);
> +PI_EXPORT_SYM(id_aa64mmfr0_override);
> +PI_EXPORT_SYM(id_aa64mmfr1_override);
> +PI_EXPORT_SYM(id_aa64mmfr2_override);
> +PI_EXPORT_SYM(id_aa64pfr0_override);
> +PI_EXPORT_SYM(id_aa64pfr1_override);
> +PI_EXPORT_SYM(id_aa64smfr0_override);
> +PI_EXPORT_SYM(id_aa64zfr0_override);
> +PI_EXPORT_SYM(arm64_sw_feature_override);
> +PI_EXPORT_SYM(arm64_use_ng_mappings);
>  #ifdef CONFIG_CAVIUM_ERRATUM_27456
> -PROVIDE(__pi_cavium_erratum_27456_cpus	= cavium_erratum_27456_cpus);
> -PROVIDE(__pi_is_midr_in_range_list	= is_midr_in_range_list);
> +PI_EXPORT_SYM(cavium_erratum_27456_cpus);
> +PI_EXPORT_SYM(is_midr_in_range_list);

small nit:
Would you rebase this patchset after
commit 117c3b21d3c7 ("arm64: Rework checks for broken Cavium HW in the PI code")?
Otherwise, I experience boot failure because of SCS related code:

  ffff80008009fbc0 <is_midr_in_range_list>:
  ffff80008009fbc0: d503245f   	bti	c
  ffff80008009fbc4: d503201f   	nop
  ffff80008009fbc8: d503201f   	nop
  ffff80008009fbcc: f800865e   	str	x30, [x18], #0x8 ---- (1)
  ffff80008009fbd0: d503233f   	paciasp
  ...

At pi phase, platform register initialized properly...
So it makes panic on (1).

Thanks!


>  #endif
> -PROVIDE(__pi__ctype			= _ctype);
> -PROVIDE(__pi_memstart_offset_seed	= memstart_offset_seed);
> -
> -PROVIDE(__pi_swapper_pg_dir		= swapper_pg_dir);
> -
> -PROVIDE(__pi__text			= _text);
> -PROVIDE(__pi__stext               	= _stext);
> -PROVIDE(__pi__etext               	= _etext);
> -PROVIDE(__pi___start_rodata       	= __start_rodata);
> -PROVIDE(__pi___inittext_begin     	= __inittext_begin);
> -PROVIDE(__pi___inittext_end       	= __inittext_end);
> -PROVIDE(__pi___initdata_begin     	= __initdata_begin);
> -PROVIDE(__pi___initdata_end       	= __initdata_end);
> -PROVIDE(__pi__data                	= _data);
> -PROVIDE(__pi___bss_start		= __bss_start);
> -PROVIDE(__pi__end			= _end);
> +PI_EXPORT_SYM(_ctype);
> +PI_EXPORT_SYM(memstart_offset_seed);
> +
> +PI_EXPORT_SYM(swapper_pg_dir);
> +
> +PI_EXPORT_SYM(_text);
> +PI_EXPORT_SYM(_stext);
> +PI_EXPORT_SYM(_etext);
> +PI_EXPORT_SYM(__start_rodata);
> +PI_EXPORT_SYM(__inittext_begin);
> +PI_EXPORT_SYM(__inittext_end);
> +PI_EXPORT_SYM(__initdata_begin);
> +PI_EXPORT_SYM(__initdata_end);
> +PI_EXPORT_SYM(_data);
>
>  #ifdef CONFIG_KVM
>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index 466544c47dca..e4a525a865c1 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -319,6 +319,7 @@ SECTIONS
>
>  	/* start of zero-init region */
>  	BSS_SECTION(SBSS_ALIGN, 0, 0)
> +	__pi___bss_start = __bss_start;
>
>  	. = ALIGN(PAGE_SIZE);
>  	__pi_init_pg_dir = .;
> @@ -332,6 +333,7 @@ SECTIONS
>  	. = ALIGN(SEGMENT_ALIGN);
>  	__pecoff_data_size = ABSOLUTE(. - __initdata_begin);
>  	_end = .;
> +	__pi__end = .;
>
>  	STABS_DEBUG
>  	DWARF_DEBUG
> --
> 2.49.0.987.g0cc8ee98dc-goog
>

--
Sincerely,
Yeoreum Yun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ