lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 16 May 2016 10:57:34 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...e.de>,
	Baoquan He <bhe@...hat.com>, Yinghai Lu <yinghai@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andrey Ryabinin <aryabinin@...tuozzo.com>,
	"H.J. Lu" <hjl.tools@...il.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/boot: Refuse to build with data relocations

On Thu, May 12, 2016 at 01:31:04PM -0700, Kees Cook wrote:
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index cfdd8c3f8af2..25d477fcd5b4 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -85,7 +85,25 @@ vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \
>  	$(objtree)/drivers/firmware/efi/libstub/lib.a
>  vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
>  
> +# The compressed kernel is built with -fPIC/-fPIE so that a boot loader
> +# can place it anywhere in memory and it will still run. However, since
> +# it is executed as-is without any ELF relocation processing performed
> +# (and has already had all relocation sections stripped from the binary),
> +# none of the code can use data relocations (e.g. static assignments of
> +# pointer values), since they will be meaningless at runtime. This check
> +# will refuse to link the vmlinux if any of these relocations are found.
> +quiet_cmd_check_data_rel = DATAREL $@
> +define cmd_check_data_rel
> +	for obj in $(filter %.o,$^); do \
> +		readelf -S $$obj | grep -qF .data.rel && { \
> +			echo "error: $$obj has data relocations!" >&2; \
> +			exit 1; \
> +		} || true; \
> +	done
> +endef

Why only data relocations?  If relocations haven't been applied yet,
wouldn't text relocations also be a problem?

-- 
Josh

Powered by blists - more mailing lists