On Thu, Nov 21, 2024 at 04:51:09PM +0100, Valentin Schneider wrote:
> Okay so forcing the IPI for .noinstr patching lets us get rid of all the
> force_ipi faff; however I would still want the special marking to tell
> objtool "yep we're okay with this one", and still get warnings when a new
> .noin
On Thu, Nov 21, 2024 at 12:00:20PM +0100, Peter Zijlstra wrote:
> But yeah, this is not quite the same as not marking anything and simply
> forcing the IPI when the target address is noinstr.
>
> And having written all that; perhaps that is the better solution, it
> sticks the logic in text_poke a
ther flagged as __ro_after_init, or as forceful static keys. Any
> occurrence of this new warning would be the result of a code change that
> will need looking at.
>
> Suggested-by: Josh Poimboeuf
> Signed-off-by: Valentin Schneider
> ---
> offset_of(static_key.type) and JUMP_T
On Wed, Nov 20, 2024 at 03:57:46PM +0100, Peter Zijlstra wrote:
> On Wed, Nov 20, 2024 at 03:56:49PM +0100, Peter Zijlstra wrote:
>
> > But I think we can make the fall-back safer, we can simply force the IPI
> > when we poke at noinstr code -- then NOHZ_FULL gets to keep the pieces,
> > but at le
On Tue, Nov 19, 2024 at 04:34:53PM +0100, Valentin Schneider wrote:
> +++ b/include/linux/jump_label.h
> @@ -200,7 +200,8 @@ struct module;
> #define JUMP_TYPE_FALSE 0UL
> #define JUMP_TYPE_TRUE 1UL
> #define JUMP_TYPE_LINKED 2UL
> -#define JUMP_TYPE_MASK
On Tue, Nov 19, 2024 at 04:34:53PM +0100, Valentin Schneider wrote:
> Later commits will cause objtool to warn about non __ro_after_init static
> keys being used in .noinstr sections in order to safely defer instruction
> patching IPIs targeted at NOHZ_FULL CPUs.
Don't we need similar checking for
t;
> now:
>
> vmlinux.o: warning: objtool: __flush_tlb_all_noinstr+0x4: call to
> pv_ops[1]() leaves .noinstr.text section
>
> Signed-off-by: Valentin Schneider
Acked-by: Josh Poimboeuf
--
Josh
On Tue, Nov 19, 2024 at 04:34:49PM +0100, Valentin Schneider wrote:
> I had to look into objtool itself to understand what this warning was
> about; make it more explicit.
>
> Signed-off-by: Valentin Schneider
Acked-by: Josh Poimboeuf
--
Josh
first node to compute the hole if hole.sym
> > is empty. If there is no symbol in the section, the first node
> > will be NULL, in which case, -1 is returned to skip the whole
> > section.
> >
> > Co-developed-by: Han Shen
> > Signed-off-by: Han Shen
&
On Thu, Feb 15, 2024 at 01:10:55PM +0100, Greg Kroah-Hartman wrote:
> +Note, due to the layer at which the Linux kernel is in a system, almost
> +any bug might be exploitable to compromise the security of the kernel,
> +but the possibility of exploitation is often not evident when the bug is
> +fix
On Thu, Aug 15, 2019 at 11:25:05PM +0200, Greg Kroah-Hartman wrote:
> +Contact
> +---
> +
> +The Linux kernel hardware security team is separate from the regular Linux
> +kernel security team.
> +
> +The team only handles the coordination of embargoed hardware security
> +issues. Reports of pu
On Thu, Nov 08, 2018 at 07:04:48PM +1100, Aleksa Sarai wrote:
> On 2018-11-08, Aleksa Sarai wrote:
> > I will attach what I have at the moment to hopefully explain what the
> > issue I've found is (re-using the kretprobe architecture but with the
> > shadow-stack idea).
>
> Here is the patch I ha
On Fri, Nov 02, 2018 at 09:16:58AM -0400, Steven Rostedt wrote:
> On Fri, 2 Nov 2018 17:59:32 +1100
> Aleksa Sarai wrote:
>
> > As an aside, I just tested with the frame unwinder and it isn't thrown
> > off-course by kretprobe_trampoline (though obviously the stack is still
> > wrong). So I think
On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote:
> > it is called so early. I can get past it by adding:
> >
> > CFLAGS_mem_encrypt.o := $(nostackp)
> >
> > in the arch/x86/mm/Makefile, but that obviously eliminates the support
> > for the whole file. Would it be better to split
On Mon, Jan 09, 2017 at 01:50:19PM +0100, Miroslav Benes wrote:
> There is still one thing which I don't understand. Why __schedule()
> (patched or the original) is not on the stack. The actual "sleep"
> should happen in __switch_to_asm() which is C function now. And there is a
> call to __switc
t; Of course __switch_to_asm() is not patchable for the reason described in
> the section. But there is no __fentry__ call and I cannot imagine a
> reason to do it anyway.
>
> Therefore, remove the paragraphs from the section.
>
> Signed-off-by: Miroslav Benes
Acked-by: Josh Poi
on, as sscanf() takes care to put a null byte at the end of
>the bufs.
> - Fix compiler kbuild errors for the !CONFIG_LIVEPATCH case
> - Fixed some small module.c nits
For the series:
Acked-by: Josh Poimboeuf
Thanks Jessica!
--
Josh
--
To unsubscribe from this list: send the line
On Tue, Mar 22, 2016 at 01:57:01PM -0400, Jessica Yu wrote:
> +++ Josh Poimboeuf [21/03/16 09:06 -0500]:
> >On Wed, Mar 16, 2016 at 03:47:04PM -0400, Jessica Yu wrote:
> >>For livepatch modules, copy Elf section, symbol, and string information
> >>from the load_info
On Mon, Mar 21, 2016 at 10:16:17PM +0100, Jiri Kosina wrote:
> On Mon, 21 Mar 2016, Jessica Yu wrote:
>
> > Yes, this is a concern and I'm not sure what the best way to fix it
> > is. If both MODULE_NAME_LEN and KSYM_NAME_LEN were straight up
> > constants, then I think Josh's stringify approach w
On Mon, Mar 21, 2016 at 03:18:32PM -0400, Jessica Yu wrote:
> +++ Miroslav Benes [21/03/16 14:55 +0100]:
> >On Wed, 16 Mar 2016, Jessica Yu wrote:
> >
> >[...]
> >
> >>+struct klp_buf {
> >>+ char symname[KSYM_SYMBOL_LEN];
> >
> >I think it is better to make this KSYM_NAME_LEN. KSYM_SYMBOL_LEN lo
On Mon, Mar 21, 2016 at 11:46:51AM -0500, Josh Poimboeuf wrote:
> On Mon, Mar 21, 2016 at 05:31:57PM +0100, Petr Mladek wrote:
> > > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> > > index 780f00c..2aa20fa 100644
> > > --- a/kernel/livepatch/core.
On Mon, Mar 21, 2016 at 05:31:57PM +0100, Petr Mladek wrote:
> > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> > index 780f00c..2aa20fa 100644
> > --- a/kernel/livepatch/core.c
> > +++ b/kernel/livepatch/core.c
> > +static int klp_resolve_symbols(Elf_Shdr *relasec, struct module
On Wed, Mar 16, 2016 at 03:47:07PM -0400, Jessica Yu wrote:
> Mark the module as a livepatch module so that the module loader can
> appropriately identify and initialize it.
>
> Signed-off-by: Jessica Yu
> ---
> samples/livepatch/livepatch-sample.c | 1 +
> 1 file changed, 1 insertion(+)
>
> di
On Wed, Mar 16, 2016 at 03:47:06PM -0400, Jessica Yu wrote:
> Reuse module loader code to write relocations, thereby eliminating the need
> for architecture specific relocation code in livepatch. Specifically, reuse
> the apply_relocate_add() function in the module loader to write relocations
> ins
On Wed, Mar 16, 2016 at 03:47:04PM -0400, Jessica Yu wrote:
> For livepatch modules, copy Elf section, symbol, and string information
> from the load_info struct in the module loader. Persist copies of the
> original symbol table and string table.
>
> Livepatch manages its own relocation sections
On Mon, Feb 08, 2016 at 03:54:22PM +0100, Miroslav Benes wrote:
> On Wed, 3 Feb 2016, Jessica Yu wrote:
>
> > Jessica Yu (6):
> > Elf: add livepatch-specific Elf constants
> > module: preserve Elf information for livepatch modules
> > module: s390: keep mod_arch_specific for livepatch module
On Wed, Feb 03, 2016 at 08:11:09PM -0500, Jessica Yu wrote:
> Reuse module loader code to write relocations, thereby eliminating the need
> for architecture specific relocation code in livepatch. Specifically, reuse
> the apply_relocate_add() function in the module loader to write relocations
> ins
On Wed, Feb 03, 2016 at 08:11:07PM -0500, Jessica Yu wrote:
> For livepatch modules, copy Elf section, symbol, and string information
> from the load_info struct in the module loader. Persist copies of the
> original symbol table and string table.
>
> Livepatch manages its own relocation sections
On Wed, Feb 03, 2016 at 08:37:52PM -0500, Jessica Yu wrote:
> +++ Jessica Yu [03/02/16 20:11 -0500]:
> >Livepatch needs to utilize the symbol information contained in the
> >mod_arch_specific struct in order to be able to call the s390
> >apply_relocate_add() function to apply relocations. Keep a r
29 matches
Mail list logo
