You are not logged in.

#1 2018-03-17 17:56:52

loqs
Member
Registered: 2014-03-06
Posts: 14,884

Is ndiswrapper's use of indrect calls safe with retpoline?

While testing a patch for 57784 I noticed the following output:

./tools/objtool/objtool orc generate --module --no-fp --retpoline "/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o";
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win0()+0x8: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win1()+0xb: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win2()+0xb: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win3()+0xe: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win4()+0x11: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win5()+0x16: indirect call found in RETPOLINE build
/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win6()+0x20: indirect call found in RETPOLINE build
it is detected seven times as the macro is expanded to seven functions
lin2win lin2win0, 0
lin2win lin2win1, 1
lin2win lin2win2, 2
lin2win lin2win3, 3
lin2win lin2win4, 4
lin2win lin2win5, 5
lin2win lin2win6, 6

linux 4.16-rc4+ and linux 4.15.10 include a pass to detect indirect calls https://git.kernel.org/pub/scm/linux/ke … da690bc774
This seems to be caused by https://sourceforge.net/p/ndiswrapper/c … win.S#l117
Is the objtool detection accurate?  Is the indirect call safe and should be annotated as such or should it be reworked to a direct call and marked as a security issue until that is done?

Offline

#2 2018-03-17 18:29:16

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Is ndiswrapper's use of indrect calls safe with retpoline?

I'd say you should assume it is insecure until proven otherwise. On the other hand even if that code is safe I suppose you are still potentially left with insecure code in the driver that it loads/uses.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

Board footer

Powered by FluxBB