lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 13 Jul 2022 14:31:33 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Kees Cook <keescook@...omium.org>,
        kernel test robot <oliver.sang@...el.com>, x86@...nel.org,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: [PATCH] x86: Allow for exclusions in checking RETHUNK

LKDTM builds a "just return" function that lives in .rodata, but this
creates problems when validating alternatives in the face of RETHUNK.
Export RETHUNK_CFLAGS so they can be disabled for the LKDTM function,
and ask objtool to ignore this function. (Use of STACK_FRAME_NON_STANDARD
here seems to generate a non-.rela section, that needed to be adjusted.)

Reported-by: kernel test robot <oliver.sang@...el.com>
Link: https://lore.kernel.org/lkml/Ys58BxHxoDZ7rfpr@xsang-OptiPlex-9020/
Debugged-by: Peter Zijlstra <peterz@...radead.org>
Fixes: ee88d363d156 ("x86,static_call: Use alternative RET encoding")
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: x86@...nel.org
Signed-off-by: Kees Cook <keescook@...omium.org>
---
 arch/x86/Makefile           | 1 +
 drivers/misc/lkdtm/Makefile | 2 +-
 drivers/misc/lkdtm/rodata.c | 4 ++++
 tools/objtool/check.c       | 4 +++-
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 1f40dad30d50..7854685c5f25 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -27,6 +27,7 @@ RETHUNK_CFLAGS		:= -mfunction-return=thunk-extern
 RETPOLINE_CFLAGS	+= $(RETHUNK_CFLAGS)
 endif
 
+export RETHUNK_CFLAGS
 export RETPOLINE_CFLAGS
 export RETPOLINE_VDSO_CFLAGS
 
diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile
index 2e0aa74ac185..fd96ac1617f7 100644
--- a/drivers/misc/lkdtm/Makefile
+++ b/drivers/misc/lkdtm/Makefile
@@ -16,7 +16,7 @@ lkdtm-$(CONFIG_PPC_64S_HASH_MMU)	+= powerpc.o
 KASAN_SANITIZE_rodata.o		:= n
 KASAN_SANITIZE_stackleak.o	:= n
 KCOV_INSTRUMENT_rodata.o	:= n
-CFLAGS_REMOVE_rodata.o		+= $(CC_FLAGS_LTO)
+CFLAGS_REMOVE_rodata.o		+= $(CC_FLAGS_LTO) $(RETHUNK_CFLAGS)
 
 OBJCOPYFLAGS :=
 OBJCOPYFLAGS_rodata_objcopy.o	:= \
diff --git a/drivers/misc/lkdtm/rodata.c b/drivers/misc/lkdtm/rodata.c
index baacb876d1d9..708a2558a7ac 100644
--- a/drivers/misc/lkdtm/rodata.c
+++ b/drivers/misc/lkdtm/rodata.c
@@ -4,8 +4,12 @@
  * (via objcopy tricks), to validate the non-executability of .rodata.
  */
 #include "lkdtm.h"
+#include <linux/objtool.h>
 
 void noinstr lkdtm_rodata_do_nothing(void)
 {
 	/* Does nothing. We just want an architecture agnostic "return". */
 }
+
+/* This is a lie, but given the objcopy, we need objtool to ignore it. */
+STACK_FRAME_NON_STANDARD(lkdtm_rodata_do_nothing);
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index b341f8a8c7c5..c1b58a682ace 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -902,6 +902,8 @@ static void add_ignores(struct objtool_file *file)
 	struct reloc *reloc;
 
 	sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
+	if (!sec)
+		sec = find_section_by_name(file->elf, ".discard.func_stack_frame_non_standard");
 	if (!sec)
 		return;
 
@@ -3719,7 +3721,7 @@ static int validate_retpoline(struct objtool_file *file)
 		    insn->type != INSN_RETURN)
 			continue;
 
-		if (insn->retpoline_safe)
+		if (insn->retpoline_safe || insn->ignore)
 			continue;
 
 		/*
-- 
2.32.0

Powered by blists - more mailing lists