linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	linux-arch@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-alpha@vger.kernel.org, linux-ia64@vger.kernel.org,
	linux-s390@vger.kernel.org, linux-c6x-dev@linux-c6x.org,
	Yoshinori Sato <ysato@users.sourceforge.jp>,
	Michal Simek <monstr@monstr.eu>,
	linux-parisc@vger.kernel.org, linux-xtensa@linux-xtensa.org,
	x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES
Date: Thu, 10 Oct 2019 20:03:31 +0200	[thread overview]
Message-ID: <20191010180331.GI7658@zn.tnic> (raw)
In-Reply-To: <20190926175602.33098-1-keescook@chromium.org>

On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote:
> This series works to move the linker sections for NOTES and
> EXCEPTION_TABLE into the RO_DATA area, where they belong on most
> (all?) architectures. The problem being addressed was the discovery
> by Rick Edgecombe that the exception table was accidentally marked
> executable while he was developing his execute-only-memory series. When
> permissions were flipped from readable-and-executable to only-executable,
> the exception table became unreadable, causing things to explode rather
> badly. :)
> 
> Roughly speaking, the steps are:
> 
> - regularize the linker names for PT_NOTE and PT_LOAD program headers
>   (to "note" and "text" respectively)
> - regularize restoration of linker section to program header assignment
>   (when PT_NOTE exists)
> - move NOTES into RO_DATA
> - finish macro naming conversions for RO_DATA and RW_DATA
> - move EXCEPTION_TABLE into RO_DATA on architectures where this is clear
> - clean up some x86-specific reporting of kernel memory resources
> - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because
>   I finally realized what that trailing ": 0x9090" meant -- and we should
>   trap, not slide, if execution lands in section padding

Yap, nice patchset overall.

> Since these changes are treewide, I'd love to get architecture-maintainer
> Acks and either have this live in x86 -tip or in my own tree, however
> people think it should go.

Sure, I don't mind taking v2 through tip once I get ACKs from the
respective arch maintainers.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  parent reply	other threads:[~2019-10-10 18:03 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-26 17:55 [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES Kees Cook
2019-09-26 17:55 ` [PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note" Kees Cook
2019-09-26 17:55 ` [PATCH 02/29] powerpc: Remove PT_NOTE workaround Kees Cook
2019-09-26 17:55 ` [PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text" Kees Cook
2019-09-26 17:55 ` [PATCH 04/29] alpha: " Kees Cook
2019-09-26 17:55 ` [PATCH 05/29] ia64: Rename PT_LOAD identifier "code" " Kees Cook
2019-09-26 17:55 ` [PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header Kees Cook
2019-09-26 17:55 ` [PATCH 07/29] x86: Restore "text" Program Header with dummy section Kees Cook
2019-10-10 10:33   ` Borislav Petkov
2019-10-10 16:46     ` Kees Cook
2019-09-26 17:55 ` [PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes Kees Cook
2019-10-10 10:40   ` Borislav Petkov
2019-09-26 17:55 ` [PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro Kees Cook
2019-09-26 17:55 ` [PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA Kees Cook
2019-09-26 17:55 ` [PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA Kees Cook
2019-09-26 17:55 ` [PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION " Kees Cook
2019-09-26 17:55 ` [PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA Kees Cook
2019-09-26 17:55 ` [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA Kees Cook
2019-10-01  9:05   ` Will Deacon
2019-10-10 15:25   ` Borislav Petkov
2019-10-10 16:47     ` Kees Cook
2019-09-26 17:55 ` [PATCH 15/29] x86: Actually use _etext for end of text segment Kees Cook
2019-09-26 17:55 ` [PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment Kees Cook
2019-09-26 17:55 ` [PATCH 17/29] alpha: " Kees Cook
2019-09-26 17:55 ` [PATCH 18/29] arm64: " Kees Cook
2019-10-01  9:03   ` Will Deacon
2019-10-01 15:48     ` Kees Cook
2019-09-26 17:55 ` [PATCH 19/29] c6x: " Kees Cook
2019-09-26 17:55 ` [PATCH 20/29] h8300: " Kees Cook
2019-09-26 17:55 ` [PATCH 21/29] ia64: " Kees Cook
2019-09-26 17:55 ` [PATCH 22/29] microblaze: " Kees Cook
2019-09-26 17:55 ` [PATCH 23/29] parisc: " Kees Cook
2019-09-26 17:55 ` [PATCH 24/29] powerpc: " Kees Cook
2019-09-26 17:55 ` [PATCH 25/29] xtensa: " Kees Cook
2019-09-26 17:55 ` [PATCH 26/29] x86/mm: Remove redundant &s on addresses Kees Cook
2019-09-26 17:56 ` [PATCH 27/29] x86/mm: Report which part of kernel image is freed Kees Cook
2019-09-26 17:56 ` [PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem Kees Cook
2019-10-10 18:00   ` Borislav Petkov
2019-09-26 17:56 ` [PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes Kees Cook
2019-10-10 18:03 ` Borislav Petkov [this message]
2019-10-10 23:57   ` [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES Kees Cook
2019-10-11  1:38     ` hpa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191010180331.GI7658@zn.tnic \
    --to=bp@alien8.de \
    --cc=arnd@arndb.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=linux-alpha@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-c6x-dev@linux-c6x.org \
    --cc=linux-ia64@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-parisc@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=linux-xtensa@linux-xtensa.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=monstr@monstr.eu \
    --cc=rick.p.edgecombe@intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=ysato@users.sourceforge.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).