| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aM2HX3BVXmNvCT3i@google.com>
Date: Fri, 19 Sep 2025 16:39:59 +0000
From: Adrian Barnaś <abarnas@...gle.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>, Dylan Hatch <dylanbhatch@...gle.com>,
Mark Rutland <mark.rutland@....com>,
Fanqin Cui <cuifq1@...natelecom.cn>
Subject: Re: [PATCH 2/2] arch: arm64: Reject modules with internal
alternative callbacks
On Fri, Sep 19, 2025 at 05:01:09PM +0200, Ard Biesheuvel wrote:
>Hi Adrian,
>
>On Fri, 19 Sept 2025 at 14:23, Adrian Barnaś <abarnas@...gle.com> wrote:
>>
>> During module loading, check if there is a callback function used by the
>> alternatives specified in the '.altinstruction' ELF section and block
>> loading the module if such a function is present.
>>
>
>Why?
>
>AIUI, the issue being addressed is the fact that we cannot yet execute
>code from the module itself when alternatives are being applied, and
>so the callback must live in the core kernel, or in another module.
>
>So this is a really big hammer, given that it disallows all callback
>alternatives, including ones that we could easily support.
Yes, it is true.
What about we check if cb resides in kernel .text using core_kernel_text()?
Pointer should be valid already since applying alternatives is done after
relocation. We can shrink the hammer a bit.
Then we allow the callback from inside the kernel to be called from
the module but reject modules with callbacks that are invalid.
Thanks,
Adrian
Powered by blists - more mailing lists