* [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
@ 2016-06-26 15:34 Emese Revfy
2016-06-27 16:05 ` [kernel-hardening] " Kees Cook
2016-11-02 5:06 ` [kernel-hardening] " Andrew Donnellan
0 siblings, 2 replies; 8+ messages in thread
From: Emese Revfy @ 2016-06-26 15:34 UTC (permalink / raw)
To: keescook; +Cc: mmarek, linux-kbuild, kernel-hardening, pageexec
Reported-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Emese Revfy <re.emese@gmail.com>
---
arch/powerpc/kernel/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 01935b8..e9ef44f 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -14,11 +14,12 @@ CFLAGS_prom_init.o += -fPIC
CFLAGS_btext.o += -fPIC
endif
-ifdef CONFIG_FUNCTION_TRACER
CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
+
+ifdef CONFIG_FUNCTION_TRACER
# Do not trace early boot code
CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
CFLAGS_REMOVE_prom_init.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
--
2.8.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [kernel-hardening] Re: [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-06-26 15:34 [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally Emese Revfy
@ 2016-06-27 16:05 ` Kees Cook
2016-06-28 11:39 ` Emese Revfy
2016-11-02 5:06 ` [kernel-hardening] " Andrew Donnellan
1 sibling, 1 reply; 8+ messages in thread
From: Kees Cook @ 2016-06-27 16:05 UTC (permalink / raw)
To: Emese Revfy
Cc: Michal Marek, linux-kbuild, kernel-hardening@lists.openwall.com,
PaX Team
On Sun, Jun 26, 2016 at 8:34 AM, Emese Revfy <re.emese@gmail.com> wrote:
>
> Reported-by: PaX Team <pageexec@freemail.hu>
> Signed-off-by: Emese Revfy <re.emese@gmail.com>
Thanks! Can you include a body in the commit message? For this, something like:
Disable the gcc-plugin unconditionlly here because ... *reason it is required*
etc
-Kees
> ---
> arch/powerpc/kernel/Makefile | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
> index 01935b8..e9ef44f 100644
> --- a/arch/powerpc/kernel/Makefile
> +++ b/arch/powerpc/kernel/Makefile
> @@ -14,11 +14,12 @@ CFLAGS_prom_init.o += -fPIC
> CFLAGS_btext.o += -fPIC
> endif
>
> -ifdef CONFIG_FUNCTION_TRACER
> CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
> CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
> CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
> CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
> +
> +ifdef CONFIG_FUNCTION_TRACER
> # Do not trace early boot code
> CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> CFLAGS_REMOVE_prom_init.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> --
> 2.8.1
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 8+ messages in thread
* [kernel-hardening] Re: [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-06-27 16:05 ` [kernel-hardening] " Kees Cook
@ 2016-06-28 11:39 ` Emese Revfy
2016-07-06 18:57 ` Kees Cook
0 siblings, 1 reply; 8+ messages in thread
From: Emese Revfy @ 2016-06-28 11:39 UTC (permalink / raw)
To: Kees Cook
Cc: Michal Marek, linux-kbuild, kernel-hardening@lists.openwall.com,
PaX Team
On Mon, 27 Jun 2016 09:05:08 -0700
Kees Cook <keescook@chromium.org> wrote:
> On Sun, Jun 26, 2016 at 8:34 AM, Emese Revfy <re.emese@gmail.com> wrote:
> >
> > Reported-by: PaX Team <pageexec@freemail.hu>
> > Signed-off-by: Emese Revfy <re.emese@gmail.com>
>
> Thanks! Can you include a body in the commit message? For this, something like:
>
> Disable the gcc-plugin unconditionlly here because ... *reason it is required*
Hi,
You can see it here:
https://github.com/ephox-gcc-plugins/gcc-plugins_linux-next/commit/a1bb2bd3fd9ac414623ec3210e9c514d9d38cf9e
--
Emese
^ permalink raw reply [flat|nested] 8+ messages in thread
* [kernel-hardening] Re: [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-06-28 11:39 ` Emese Revfy
@ 2016-07-06 18:57 ` Kees Cook
0 siblings, 0 replies; 8+ messages in thread
From: Kees Cook @ 2016-07-06 18:57 UTC (permalink / raw)
To: Emese Revfy
Cc: Michal Marek, linux-kbuild, kernel-hardening@lists.openwall.com,
PaX Team
On Tue, Jun 28, 2016 at 7:39 AM, Emese Revfy <re.emese@gmail.com> wrote:
> On Mon, 27 Jun 2016 09:05:08 -0700
> Kees Cook <keescook@chromium.org> wrote:
>
>> On Sun, Jun 26, 2016 at 8:34 AM, Emese Revfy <re.emese@gmail.com> wrote:
>> >
>> > Reported-by: PaX Team <pageexec@freemail.hu>
>> > Signed-off-by: Emese Revfy <re.emese@gmail.com>
>>
>> Thanks! Can you include a body in the commit message? For this, something like:
>>
>> Disable the gcc-plugin unconditionlly here because ... *reason it is required*
>
> Hi,
>
> You can see it here:
> https://github.com/ephox-gcc-plugins/gcc-plugins_linux-next/commit/a1bb2bd3fd9ac414623ec3210e9c514d9d38cf9e
Thanks, I've squashed this into the latenty_entropy initial commit in my tree.
-Kees
>
> --
> Emese
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-06-26 15:34 [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally Emese Revfy
2016-06-27 16:05 ` [kernel-hardening] " Kees Cook
@ 2016-11-02 5:06 ` Andrew Donnellan
2016-11-15 22:41 ` Kees Cook
1 sibling, 1 reply; 8+ messages in thread
From: Andrew Donnellan @ 2016-11-02 5:06 UTC (permalink / raw)
To: kernel-hardening, keescook
Cc: mmarek, linux-kbuild, pageexec, linuxppc-dev, Michael Ellerman
On 27/06/16 01:34, Emese Revfy wrote:
>
> Reported-by: PaX Team <pageexec@freemail.hu>
> Signed-off-by: Emese Revfy <re.emese@gmail.com>
> ---
> arch/powerpc/kernel/Makefile | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
> index 01935b8..e9ef44f 100644
> --- a/arch/powerpc/kernel/Makefile
> +++ b/arch/powerpc/kernel/Makefile
> @@ -14,11 +14,12 @@ CFLAGS_prom_init.o += -fPIC
> CFLAGS_btext.o += -fPIC
> endif
>
> -ifdef CONFIG_FUNCTION_TRACER
> CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
> CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
I think you meant prom_init.o...
Additionally, DISABLE_LATENT_ENTROPY_PLUGIN is conditioned on
CONFIG_PAX_LATENT_ENTROPY rather than CONFIG_GCC_PLUGIN_LATENT_ENTROPY,
so it doesn't get exported correctly.
Will submit fixes along with patches to enable plugins on powerpc once I
get that sorted.
(In future please remember to cc linuxppc-dev.)
--
Andrew Donnellan OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com IBM Australia Limited
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-11-02 5:06 ` [kernel-hardening] " Andrew Donnellan
@ 2016-11-15 22:41 ` Kees Cook
2016-11-15 22:45 ` Andrew Donnellan
0 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2016-11-15 22:41 UTC (permalink / raw)
To: Andrew Donnellan
Cc: kernel-hardening@lists.openwall.com, Michal Marek, linux-kbuild,
PaX Team, linuxppc-dev, Michael Ellerman
On Tue, Nov 1, 2016 at 10:06 PM, Andrew Donnellan
<andrew.donnellan@au1.ibm.com> wrote:
> On 27/06/16 01:34, Emese Revfy wrote:
>>
>>
>> Reported-by: PaX Team <pageexec@freemail.hu>
>> Signed-off-by: Emese Revfy <re.emese@gmail.com>
>> ---
>> arch/powerpc/kernel/Makefile | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
>> index 01935b8..e9ef44f 100644
>> --- a/arch/powerpc/kernel/Makefile
>> +++ b/arch/powerpc/kernel/Makefile
>> @@ -14,11 +14,12 @@ CFLAGS_prom_init.o += -fPIC
>> CFLAGS_btext.o += -fPIC
>> endif
>>
>> -ifdef CONFIG_FUNCTION_TRACER
>> CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
>> CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
>
>
> I think you meant prom_init.o...
>
> Additionally, DISABLE_LATENT_ENTROPY_PLUGIN is conditioned on
> CONFIG_PAX_LATENT_ENTROPY rather than CONFIG_GCC_PLUGIN_LATENT_ENTROPY, so
> it doesn't get exported correctly.
>
> Will submit fixes along with patches to enable plugins on powerpc once I get
> that sorted.
>
> (In future please remember to cc linuxppc-dev.)
Just checking in: did these patches materialize? I'd love to see
plugins working on v4.10 for ppc.
-Kees
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-11-15 22:41 ` Kees Cook
@ 2016-11-15 22:45 ` Andrew Donnellan
2016-11-15 23:06 ` Kees Cook
0 siblings, 1 reply; 8+ messages in thread
From: Andrew Donnellan @ 2016-11-15 22:45 UTC (permalink / raw)
To: Kees Cook
Cc: kernel-hardening@lists.openwall.com, Michal Marek, linux-kbuild,
PaX Team, linuxppc-dev, Michael Ellerman
On 16/11/16 09:41, Kees Cook wrote:
> Just checking in: did these patches materialize? I'd love to see
> plugins working on v4.10 for ppc.
Working on it!
https://github.com/ajdlinux/linux/tree/powerpc-gcc-plugin-infrastructure
Just need to test with all the compilers to figure out which ones are
broken so we can put a version check in...
--
Andrew Donnellan OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com IBM Australia Limited
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally
2016-11-15 22:45 ` Andrew Donnellan
@ 2016-11-15 23:06 ` Kees Cook
0 siblings, 0 replies; 8+ messages in thread
From: Kees Cook @ 2016-11-15 23:06 UTC (permalink / raw)
To: Andrew Donnellan
Cc: kernel-hardening@lists.openwall.com, Michal Marek, linux-kbuild,
PaX Team, linuxppc-dev, Michael Ellerman
On Tue, Nov 15, 2016 at 2:45 PM, Andrew Donnellan
<andrew.donnellan@au1.ibm.com> wrote:
> On 16/11/16 09:41, Kees Cook wrote:
>>
>> Just checking in: did these patches materialize? I'd love to see
>> plugins working on v4.10 for ppc.
>
>
> Working on it!
> https://github.com/ajdlinux/linux/tree/powerpc-gcc-plugin-infrastructure
Very cool, thanks!
> Just need to test with all the compilers to figure out which ones are broken
> so we can put a version check in...
Sounds good.
-Kees
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-11-15 23:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-26 15:34 [kernel-hardening] [PATCH] powerpc/kernel: Disable the latent entropy plugin unconditionally Emese Revfy
2016-06-27 16:05 ` [kernel-hardening] " Kees Cook
2016-06-28 11:39 ` Emese Revfy
2016-07-06 18:57 ` Kees Cook
2016-11-02 5:06 ` [kernel-hardening] " Andrew Donnellan
2016-11-15 22:41 ` Kees Cook
2016-11-15 22:45 ` Andrew Donnellan
2016-11-15 23:06 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).