lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170328102203.GB24221@leverpostej>
Date:   Tue, 28 Mar 2017 11:22:03 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Dmitry Vyukov <dvyukov@...gle.com>, Arnd Bergmann <arnd@...db.de>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] lkdtm: turn off kcov for lkdtm_rodata_do_nothing:

Hi,

On Tue, Mar 28, 2017 at 12:00:15PM +0200, Dmitry Vyukov wrote:
> On Tue, Mar 28, 2017 at 11:57 AM, Arnd Bergmann <arnd@...db.de> wrote:
> > I ran into a link error on ARM64 for lkdtm_rodata_do_nothing:
> >
> > drivers/misc/built-in.o: In function `lkdtm_rodata_do_nothing':
> > :(.rodata+0x68c8): relocation truncated to fit: R_AARCH64_CALL26 against symbol `__sanitizer_cov_trace_pc' defined in .text section in kernel/built-in.o
> >
> > I did not analyze this further, but my theory is that we would need a trampoline
> > to call __sanitizer_cov_trace_pc(), but the linker (correctly) only adds trampolines
> > for callers in executable sections.

For reference, is this a "large" config, e.g. allyesconfig?

I'm aware that at least as recently as GCC 6 there were issues with
veneer generation for calls across sections (which I personally saw with
calls from .init.text to .text) when the kernel was sufficiently large.

FWIW, I have no problem building a v4.11-rc3 kernel with both KCOV and
LKDTM using the Linaro 15.08 aarch64-linux-gnu GCC 5 toolchain. Which
toolchain are you using?

No strong feelings on this patch, but it may be indicative of a larger
problem, and we probably don't want to play whack-a-mole to fix
relocation truncation more generally.

Thanks,
Mark.

> > Disabling KCOV for this one file avoids the build failure with no
> > other practical downsides I can think of.
> >
> > The problem can only happen on kernels that contain both kcov and
> > lkdtm, so if we want to backport this, it should be in the earliest
> > version that has both (v4.8).
> >
> > Cc: Dmitry Vyukov <dvyukov@...gle.com>
> > Cc: Kees Cook <keescook@...omium.org>
> > Fixes: 5c9a8750a640 ("kernel: add kcov code coverage")
> > Fixes: 9a49a528dcf3 ("lkdtm: add function for testing .rodata section")
> > Signed-off-by: Arnd Bergmann <arnd@...db.de>
> > ---
> >  drivers/misc/Makefile | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
> > index 4925ea8e1952..7a321047bfbe 100644
> > --- a/drivers/misc/Makefile
> > +++ b/drivers/misc/Makefile
> > @@ -63,6 +63,8 @@ lkdtm-$(CONFIG_LKDTM)         += lkdtm_perms.o
> >  lkdtm-$(CONFIG_LKDTM)          += lkdtm_rodata_objcopy.o
> >  lkdtm-$(CONFIG_LKDTM)          += lkdtm_usercopy.o
> >
> > +KCOV_INSTRUMENT_lkdtm_rodata.o := n
> > +
> >  OBJCOPYFLAGS :=
> >  OBJCOPYFLAGS_lkdtm_rodata_objcopy.o := \
> >                         --set-section-flags .text=alloc,readonly \
> > --
> > 2.9.0
> 
> 
> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ