On Wed, Mar 19, 2025 at 01:04:20PM +, David Woodhouse wrote:
> On 18 March 2025 22:41:43 GMT, Josh Poimboeuf wrote:
> >On Tue, Mar 18, 2025 at 09:06:58PM +, David Woodhouse wrote:
> >> On Tue, 2025-03-18 at 10:14 -0700, Josh Poimboeuf wrote:
> >> > On Tue, Ma
On Tue, Mar 18, 2025 at 09:06:58PM +, David Woodhouse wrote:
> On Tue, 2025-03-18 at 10:14 -0700, Josh Poimboeuf wrote:
> > On Tue, Mar 18, 2025 at 03:56:36PM +, David Woodhouse wrote:
> > > For the relocate_kernel() case I don't think we care much about the
>
On Tue, Mar 18, 2025 at 03:56:36PM +, David Woodhouse wrote:
> But on the whole, I'm not sure the CFI check is worth it.
>
> CFI checks that the caller and callee agree about the prototype of the
> function being called. There are two main benefits of this:
>
> • to protect against attacks w
On Mon, Mar 17, 2025 at 05:17:24PM -0700, Josh Poimboeuf wrote:
> On Mon, Mar 17, 2025 at 12:40:14PM +, David Woodhouse wrote:
> > On Fri, 2025-03-14 at 10:52 -0700, Josh Poimboeuf wrote:
> > >
> > > IIRC, the reasons were the patched alternative, and also you wante
On Mon, Mar 17, 2025 at 12:40:14PM +, David Woodhouse wrote:
> On Fri, 2025-03-14 at 10:52 -0700, Josh Poimboeuf wrote:
> >
> > IIRC, the reasons were the patched alternative, and also you wanted to
> > disassemble (but note that's still possible with gdb).
>
On Fri, Mar 14, 2025 at 05:23:15PM +, David Woodhouse wrote:
> ISTR this version is OK with Clang and CONFIG_CFI_CLANG but with GCC I
> get this:
>
> vmlinux.o: warning: objtool: relocate_kernel+0x69: unsupported stack register
> modification
>
> /* setup a new stack at the end of th
On Wed, Mar 12, 2025 at 02:34:20PM +, David Woodhouse wrote:
> From: David Woodhouse
>
> A previous commit added __nocfi to machine_kexec() because it makes an
> indirect call to relocate_kernel() which lacked CFI type information,
> and caused the system to crash.
>
> Use SYM_TYPED_FUNC_STA
On Thu, Dec 19, 2024 at 11:02:55AM +0100, David Woodhouse wrote:
> On Wed, 2024-12-18 at 16:20 -0800, Josh Poimboeuf wrote:
> > Anyway, what I think you're looking for is UNWIND_HINT_UNDEFINED. In
> > fact all the unwind annotations in that file should be UNDEFINED since
&
On Wed, Dec 18, 2024 at 11:27:27PM +0100, David Woodhouse wrote:
> On Wed, 2024-12-18 at 13:23 -0800, Josh Poimboeuf wrote:
> >
> > The linker script does place it in .data, but objtool runs on the object
> > file before linking, where it's still in an exe
On Wed, Dec 18, 2024 at 10:44:25AM +0100, David Woodhouse wrote:
> > At some point we had discussed placing the code in .rodata, was it the
> > alternative preventing that?
>
> No, the alternative seems to be fine, and it's all in the .data section
> now (since the kernel does write some variables
On Tue, Dec 17, 2024 at 01:03:07PM +0100, David Woodhouse wrote:
> I've dropped this for now and just posted the __nocfi thing as the
> regression fix. I think we *should* provide the CFI information in
> relocate_kernel_64.S though, so I've left these commits in my tree at
> https://git.infradead.
On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote:
> > it is called so early. I can get past it by adding:
> >
> > CFLAGS_mem_encrypt.o := $(nostackp)
> >
> > in the arch/x86/mm/Makefile, but that obviously eliminates the support
> > for the whole file. Would it be better to split
12 matches
Mail list logo
