linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Alexander Lobakin <alexandr.lobakin@intel.com>
Cc: linux-hardening@vger.kernel.org, x86@kernel.org,
	Jesse Brandeburg <jesse.brandeburg@intel.com>,
	Kristen Carlson Accardi <kristen@linux.intel.com>,
	Kees Cook <keescook@chromium.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Ard Biesheuvel <ardb@kernel.org>, Tony Luck <tony.luck@intel.com>,
	Bruce Schlobohm <bruce.schlobohm@intel.com>,
	Jessica Yu <jeyu@kernel.org>, kernel test robot <lkp@intel.com>,
	Miroslav Benes <mbenes@suse.cz>,
	Evgenii Shatokhin <eshatokhin@virtuozzo.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Michal Marek <michal.lkml@markovi.net>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Thomas Gleixner <tglx@linutronix.de>,
	Will Deacon <will@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Marios Pomonis <pomonis@google.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	"H.J. Lu" <hjl.tools@gmail.com>, Nicolas Pitre <nico@fluxnic.net>,
	linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
	linux-arch@vger.kernel.org, live-patching@vger.kernel.org,
	llvm@lists.linux.dev
Subject: Re: [PATCH v9 03/15] kallsyms: Hide layout
Date: Mon, 3 Jan 2022 17:59:27 +0100	[thread overview]
Message-ID: <YdMrb/t2zJbpLYj0@zn.tnic> (raw)
In-Reply-To: <20220103154023.7326-1-alexandr.lobakin@intel.com>

On Mon, Jan 03, 2022 at 04:40:23PM +0100, Alexander Lobakin wrote:
> "kallsyms: randomize /proc/kallsyms output order"?

Better.

> It displays zeros for non-roots, but the symbols are still sorted by
> their addresses. As a result, if you leak one address, you could
> determine some others.

Because if an attacker has the corresponding vmlinux, he has the offsets
too so, game over?

> This is especially critical with FG-KASLR as its text layout is
> random each time and sorted /proc/kallsyms would make the entire
> feature useless.

Do you notice how exactly this needs to absolutely be in the commit
message? Instead of that "this patch" bla which is more or less obvious.

IOW, always talk about *why* you're doing a change.

> I either have some problems with checkpatch + codespell, or they
> missed all that typos you're noticing. Thanks, and apologies =\

No worries, and thank python's enchant module which I use to spellcheck
stuff.

So lemme look at the actual patch then :)

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  reply	other threads:[~2022-01-03 16:59 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-23  0:21 [PATCH v9 00/15] Function Granular KASLR Alexander Lobakin
2021-12-23  0:21 ` [PATCH v9 01/15] modpost: fix removing numeric suffixes Alexander Lobakin
2021-12-23 16:19   ` Borislav Petkov
2021-12-27 18:22     ` Alexander Lobakin
2021-12-27 21:26       ` Borislav Petkov
2021-12-28 17:03         ` Alexander Lobakin
2022-01-03 13:07   ` Miroslav Benes
2021-12-23  0:21 ` [PATCH v9 02/15] livepatch: use `-z unique-symbol` if available to nuke pos-based search Alexander Lobakin
2021-12-30 11:10   ` Borislav Petkov
2021-12-30 18:31     ` Fāng-ruì Sòng
2022-01-03 13:55       ` Miroslav Benes
2022-01-03 16:06         ` Alexander Lobakin
2022-01-05  3:24           ` Fāng-ruì Sòng
2022-01-03 16:29     ` Alexander Lobakin
2022-01-03 13:44   ` Miroslav Benes
2021-12-23  0:21 ` [PATCH v9 03/15] kallsyms: Hide layout Alexander Lobakin
2021-12-30 22:36   ` Borislav Petkov
2022-01-03 15:40     ` Alexander Lobakin
2022-01-03 16:59       ` Borislav Petkov [this message]
2022-01-05 18:46   ` Borislav Petkov
2021-12-23  0:21 ` [PATCH v9 04/15] arch: introduce ASM function sections Alexander Lobakin
2022-01-17 21:08   ` Borislav Petkov
2022-01-17 21:38     ` Nicolas Pitre
2022-01-17 21:55       ` Borislav Petkov
2021-12-23  0:21 ` [PATCH v9 05/15] x86: support " Alexander Lobakin
2022-01-21 15:08   ` Borislav Petkov
2022-01-26 14:49     ` Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 06/15] x86: decouple ORC table sorting into a separate file Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 07/15] Makefile: Add build and config option for CONFIG_FG_KASLR Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 08/15] x86/tools: Add relative relocs for randomized functions Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 09/15] x86: Add support for function granular KASLR Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 10/15] FG-KASLR: use a scripted approach to handle .text.* sections Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 11/15] x86/boot: allow FG-KASLR to be selected Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 12/15] module: Reorder functions Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 13/15] module: use a scripted approach for FG-KASLR Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 14/15] Documentation: add documentation " Alexander Lobakin
2021-12-23  0:22 ` [PATCH v9 15/15] maintainers: add MAINTAINERS entry " Alexander Lobakin
2021-12-23 15:15 ` [PATCH v9 00/15] Function Granular KASLR Alexander Lobakin
2021-12-23 15:40   ` Peter Zijlstra
2021-12-24  6:38 ` Christoph Hellwig
2021-12-27 18:33   ` Alexander Lobakin
2021-12-30  9:00     ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YdMrb/t2zJbpLYj0@zn.tnic \
    --to=bp@alien8.de \
    --cc=alexandr.lobakin@intel.com \
    --cc=ardb@kernel.org \
    --cc=arnd@arndb.de \
    --cc=bruce.schlobohm@intel.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=eshatokhin@virtuozzo.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=hjl.tools@gmail.com \
    --cc=hpa@zytor.com \
    --cc=jesse.brandeburg@intel.com \
    --cc=jeyu@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=kristen@linux.intel.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=llvm@lists.linux.dev \
    --cc=luto@kernel.org \
    --cc=masahiroy@kernel.org \
    --cc=mbenes@suse.cz \
    --cc=mhiramat@kernel.org \
    --cc=michal.lkml@markovi.net \
    --cc=miklos@szeredi.hu \
    --cc=mingo@redhat.com \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=nico@fluxnic.net \
    --cc=peterz@infradead.org \
    --cc=pomonis@google.com \
    --cc=samitolvanen@google.com \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).