Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1468723lqp; Fri, 22 Mar 2024 16:40:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW1uTZXbQQubxZi2RvX11ypueG+fY4fKYZBd7OutlJaU5XJYtUh7QQeE/bRiU+N/BUCMdUwPRyIGnkWbZ/ALgfPlVVMK2k8UL+5+2ylmQ== X-Google-Smtp-Source: AGHT+IEu5GmBy0ys0sUxXYpnV90BC3giKWh0WY35tWwEw3/3uqX+ilwxtB/es30Lg9cTocWaC1ls X-Received: by 2002:a05:6a20:a125:b0:1a3:64be:752c with SMTP id q37-20020a056a20a12500b001a364be752cmr549285pzk.26.1711150848063; Fri, 22 Mar 2024 16:40:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711150848; cv=pass; d=google.com; s=arc-20160816; b=xFxBK9O0SQdjYH+ilT06VdmJW/PVJitz4QNcJAW0FjaIkjWYlC9MT8GDMgkpZJoAkj kx1r2YunUEbILCdsCISisJGusWD4ncxM7W29biUIfiyBiIbCQK0NsQ5CWAfPUt6PifaS EAjFk32ge0B2+igd8D/cHODBkShXBw8YGfh3CYJzvLRKr71FjPAqSmo1YNdJUtVS+UAt CQd0uNnYv0/OeJgWCdJPe7xvnDPAb6Pf0NGtSIB5irgDVHLRYU2M5LQf1Y2oKmZ2B1hj VPOolH8kFCfcPGiqwFHv12ibfjuF7q8lKM4V50s9c6gFLJRuZdkYqNg9roXQqMxPJqH2 tJXA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=01sC/xb6KwRYYgbeCF1XVs83Gl9AibN3LKeqo3B8YE0=; fh=iS4UJlS+ssDJNBmCB+J3ymGifg732BcQatR/vYRGhOo=; b=fobsDfFyLC+i+gpHF9s29hnPontZoyDmXZ/4HXsHVbJ2oG5Hro2M0JDi5c8JKe//CB rUqlZEeIKk/fTS0MynD5tOylhSR50lZemmqBK3YaCrpyW3Sp9W3ZzxXOiJaY0qxoShoo I/mQXlg0QGMqhwZA8YLnQzfizrxu1oRSht90MgEbiIlhGOQQUeoWKDH/3A/8eD6o0vjj 2CgjNhI0U4b08MwhoIdB1FNosrYXH5yH7AiTJy5SLSAxYKJx7dcul/z5Zuu8j2oqtquL 4ZwJXg3hvePhSwjCXHsUP/p1PDJ8YnitTWzZ0KsZN4q3dULnmWdwBfh22SNPJny06S/e H3xg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NgDXZcnd; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-112108-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112108-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id w12-20020a63490c000000b005dc81a16015si2761103pga.118.2024.03.22.16.40.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 16:40:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112108-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NgDXZcnd; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-112108-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112108-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B52B7284A04 for ; Fri, 22 Mar 2024 23:40:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 013B482C8E; Fri, 22 Mar 2024 23:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="NgDXZcnd" Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 974BC8174C for ; Fri, 22 Mar 2024 23:40:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711150816; cv=none; b=q7jHphzkaaI+Xf1MvnB+pfEJfY9gHPl3aRNvRDMsuPbY3f+ND/6+oKnjaPZpZXE92QsyAmeFETNjqKy/7WPjZQ68PI4H1cr9eLBIxxcegjXZ8dlrbQ78I2Rz0LyAu/FtzBqFEuq/ueoI9qvbLkmWncpJMRWUUBIGKpMhobXYrYM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711150816; c=relaxed/simple; bh=eH0fgxAZoZKG2nG1if5jwZQ6PXT1CXjSRf2Ajj7jhHI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Yta18KXSkXYL1ZZhkHf80Fr5jgeMjesq0YEITXggN8iPhhWcgU403yjQpmlNBM93CWnELBW+og9SHhWvy4ahFr82t+znL48Wat0caZwDXrfuAOzA8TTDFB75rusf48MBztD0ITdhyEg52jzc9aCUNBBn20gbqi34WqydywWdFm0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=NgDXZcnd; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6e6ee9e3cffso1701228b3a.1 for ; Fri, 22 Mar 2024 16:40:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1711150814; x=1711755614; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=01sC/xb6KwRYYgbeCF1XVs83Gl9AibN3LKeqo3B8YE0=; b=NgDXZcndmcTAqMjNZ8pZI5hhEanPOYZuuxwMQPLgril8EPJ+JCIQ2bu040ZgWjHGBU m6z6Kn0w0oS9MLsLzwVthTYOYHikywiY/AZOFSf5SJpGFzTBIll+SEBMjMCUUf+N2oE3 A4RrnIhz6lV+lHq+9ow5WAE27r9QLWk6ktpDI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711150814; x=1711755614; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=01sC/xb6KwRYYgbeCF1XVs83Gl9AibN3LKeqo3B8YE0=; b=ZBPC6CXw6DwDJrvxMwwNd9psCjQSos0jII52whlJCBcQKs6Nj9+jqVGdVLMlnc7oLO fNdS3V+3RnN25G0BYTQGRzZjAr8KxEnRmk74B3cHruChrhSA0gcqceIXPYRigmmFKqPX keGwWmefZe61aqakNUSJjyIwXC2jLhsM8o5qjrPlLpfDRJ5Vqc92JUla2ydKlTqs5lSb 6zpfC8OVbo32W9SuxUgxZxbW4/ausM15DXMmVrf0Ee/79JsWkQPY1QrWFZNruq0DDk1c pYW08eJZyqLqO4RUCqFrMAc/Yn4qN88gyl5o5ZKOW1Bh+j85d7KVC5uZO/QZ+/YohvJ7 RMbA== X-Forwarded-Encrypted: i=1; AJvYcCWt4Ai/0DZ8t8yFCbfmI1Ow5iVZeviLwvkHgb2rRMiBHQTMqmF9zNK1rTTy5o/8b1GAi6XCcQ0nZ7L/p3d6rqxzT7cpE4GNfnC1ifZT X-Gm-Message-State: AOJu0Yz9ZPt2QcbLeqVOnxUKMp8/oYtAZL/5ROzUIXBoUic85bGghQ8S AsQbXr2dbdJDX8Wi9yluaD9tkV2mVq66p6OHamg5JLhTUiRya3Gh+6/6olqD/w== X-Received: by 2002:a05:6a00:4b13:b0:6e7:1cd9:c032 with SMTP id kq19-20020a056a004b1300b006e71cd9c032mr592380pfb.6.1711150813958; Fri, 22 Mar 2024 16:40:13 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id q18-20020a62e112000000b006e8f75d3b07sm310517pfh.181.2024.03.22.16.40.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 16:40:12 -0700 (PDT) Date: Fri, 22 Mar 2024 16:40:11 -0700 From: Kees Cook To: Borislav Petkov Cc: tglx@linutronix.de, Guixiong Wei , jgross@suse.com, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, gregkh@linuxfoundation.org, tony.luck@intel.com, adobriyan@gmail.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] x86, relocs: Ignore relocations in .notes section on walk_relocs Message-ID: <202403221622.6EA43547F@keescook> References: <20240317150547.24910-1-weiguixiong@bytedance.com> <171079804927.224083.15609364452504732018.b4-ty@chromium.org> <20240318215612.GDZfi4fG52DTgra51p@fat_crate.local> <202403181644.690285D3@keescook> <20240319081640.GAZflJ6IBQ7TEKD2Ll@fat_crate.local> <202403190955.25E5E03E6@keescook> <20240322194658.GCZf3gMphnWeR9upN6@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240322194658.GCZf3gMphnWeR9upN6@fat_crate.local> On Fri, Mar 22, 2024 at 08:46:58PM +0100, Borislav Petkov wrote: > On Tue, Mar 19, 2024 at 09:56:29AM -0700, Kees Cook wrote: > > > Yes, please. Just send a Reviewed-by and it'll get picked up. > > > > Okay, thanks! > > Dammit, how did this commit land upstream and in stable?! There are 2 related commits. This one ("... on walk_relocs") isn't in Linus's tree nor stable. (Thank you Ingo for taking it now.) > Forgot to zap it from your tree and sent the branch to Linus anyway? > > Kees, please refrain from taking tip patches in the future. You know how > this works - get_maintainers.pl. The earlier patch, commit aaa8736370db ("x86, relocs: Ignore relocations in .notes section"), landed via my tree. It was sent out on Feb 22nd (v1[1]) and got a suggestion from HPA and a Review from Juergen Gross. I sent v2 Feb 27th[2] and it sat ignored for two weeks. Since it was a 10 year old kernel address exposure, I sent it to Linus on Mar 12th[3]. -Kees [1] https://lore.kernel.org/all/20240222171840.work.027-kees@kernel.org/ [2] https://lore.kernel.org/all/20240227175746.it.649-kees@kernel.org/ [3] https://lore.kernel.org/lkml/202403111702.828C918E55@keescook/ -- Kees Cook