lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABe3_aH6wRzKt+f8RyG+0mN0Kyu2eASRn4URxgU4R-zEmdwBgA@mail.gmail.com>
Date: Thu, 4 Dec 2025 12:18:57 -0500
From: Charles Mirabile <cmirabil@...hat.com>
To: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
Cc: Deepak Gupta <debug@...osinc.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	"Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, 
	Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Paul Walmsley <paul.walmsley@...ive.com>, 
	Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, 
	Conor Dooley <conor@...nel.org>, Rob Herring <robh@...nel.org>, 
	Krzysztof Kozlowski <krzk+dt@...nel.org>, Arnd Bergmann <arnd@...db.de>, 
	Christian Brauner <brauner@...nel.org>, Peter Zijlstra <peterz@...radead.org>, 
	Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Kees Cook <kees@...nel.org>, 
	Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>, Jann Horn <jannh@...gle.com>, 
	Conor Dooley <conor+dt@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, 
	Trevor Gross <tmgross@...ch.edu>, Benno Lossin <lossin@...nel.org>, linux-kernel@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, 
	linux-riscv@...ts.infradead.org, devicetree@...r.kernel.org, 
	linux-arch@...r.kernel.org, linux-doc@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, alistair.francis@....com, 
	richard.henderson@...aro.org, jim.shu@...ive.com, andybnac@...il.com, 
	kito.cheng@...ive.com, charlie@...osinc.com, atishp@...osinc.com, 
	evan@...osinc.com, cleger@...osinc.com, alexghiti@...osinc.com, 
	samitolvanen@...gle.com, broonie@...nel.org, rick.p.edgecombe@...el.com, 
	rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v23 24/28] arch/riscv: dual vdso creation logic and select
 vdso based on hw

On Thu, Dec 4, 2025 at 12:04 PM Thomas Weißschuh
<thomas.weissschuh@...utronix.de> wrote:
>
> On Wed, Nov 12, 2025 at 04:43:22PM -0800, Deepak Gupta via B4 Relay wrote:
> > From: Deepak Gupta <debug@...osinc.com>
> >
> > Shadow stack instructions are taken from zimop (mandated on RVA23).
> > Any hardware prior to RVA23 profile will fault on shadow stack instruction.
> > Any userspace with shadow stack instruction in it will fault on such
> > hardware. Thus such userspace can't be brought onto such a hardware.
> >
> > It's not known how userspace will respond to such binary fragmentation.
> > However in order to keep kernel portable across such different hardware,
> > `arch/riscv/kernel/vdso_cfi` is created which has logic (Makefile) to
> > compile `arch/riscv/kernel/vdso` sources with cfi flags and then changes
> > in `arch/riscv/kernel/vdso.c` for selecting appropriate vdso depending
> > on whether underlying hardware(cpu) implements zimop extension. Offset
> > of vdso symbols will change due to having two different vdso binaries,
> > there is added logic to include new generated vdso offset header and
> > dynamically select offset (like for rt_sigreturn).
>
> If the used vDSO variant only depends on the hardware and nothing else,
> why not use alternative patching and avoid the complexity?
> I see that RISCV_ALTERNATIVE depends on !XIP_KERNEL but the vDSO code is
> moved to dynamically allocated memory in any case, so it is patchable.

These instructions are emitted by the toolchain in the C code, so a
traditional approach with alternatives is not exactly feasible. Maybe
you could do it by scan the binary for them, but that sounds dubious.

>
> > Signed-off-by: Deepak Gupta <debug@...osinc.com>
> > Acked-by: Charles Mirabile <cmirabil@...hat.com>
>
> (...)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ