lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4cbc348d-02ca-4743-b8d4-21db2ebf4460@oracle.com>
Date: Thu, 4 Sep 2025 19:03:56 +0200
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Kees Cook <kees@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>,
        Nicolas Schier <nicolas.schier@...ux.dev>,
        Jonathan Corbet <corbet@....net>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Randy Dunlap
 <rdunlap@...radead.org>, Arnd Bergmann <arnd@...db.de>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        linux-kbuild@...r.kernel.org, linux-doc@...r.kernel.org,
        Miguel Ojeda <ojeda@...nel.org>,
        Stephen Brennan <stephen.s.brennan@...cle.com>,
        Marco Bonelli <marco@...eim.net>, Petr Vorel <pvorel@...e.cz>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] kconfig: Add transitional symbol attribute for
 migration support


On 04/09/2025 04:51, Kees Cook wrote:
> On Mon, Sep 01, 2025 at 08:44:56PM +0200, Vegard Nossum wrote:
>> If you change sym_calc_visibility() to always return 'yes' for
>> transitional values then I don't think you need to touch
>> sym_calc_value() at all.
> 
> Hm, it looks like sym_calc_visibility() doesn't strictly just look at
> visibility. And visibility seems to "last"? And I think the "tri" still
> can't just be "yes", don't we need the other stuff handled?
> 
> Do you see a way to do it how you're suggesting? And now I wrote the
> regression tests so we can test any alternatives! ;)

Here's what I had in mind (on top of your kcfi patchset), see the
attachment.

It basically undoes all your additions to sym_calc_value() in favour of
two straightforward additions:

@@ -214,6 +214,11 @@ static void sym_calc_visibility(struct symbol *sym)
         struct property *prop;
         tristate tri;

+       if (sym->flags & SYMBOL_HIDDEN) {
+               sym->visible = yes;
+               return;
+       }
+

and

@@ -536,7 +531,7 @@ void sym_calc_value(struct symbol *sym)
                 }
         }

-       if (sym_is_choice(sym))
+       if (sym_is_choice(sym) || sym->flags & SYMBOL_HIDDEN)
                 sym->flags &= ~SYMBOL_WRITE;
  }

Let me know how that works for you (the new test passes here).


Vegard
View attachment "hidden.patch" of type "text/x-patch" (2101 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ