[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jKkHAHpzEpmHNJ6iPhXJKXoZH9Wy4mnCnE1=TEgTcHSRw@mail.gmail.com>
Date: Wed, 28 Feb 2018 08:54:31 -0800
From: Kees Cook <keescook@...omium.org>
To: Jinbum Park <jinb.park7@...il.com>
Cc: linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
LKML <linux-kernel@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Philippe Ombredanne <pombredanne@...b.co>,
Greg KH <gregkh@...uxfoundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Kate Stewart <kstewart@...uxfoundation.org>,
Andy Lutomirski <luto@...capital.net>,
Dmitry Safonov <dsafonov@...tuozzo.com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Daniel Micay <danielmicay@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Catalin Marinas <catalin.marinas@....com>
Subject: Re: [kernel-hardening] [PATCH 1/2] arm: mm: Define vdso_start,
vdso_end as array
On Wed, Feb 28, 2018 at 6:29 AM, Jinbum Park <jinb.park7@...il.com> wrote:
> Define vdso_start, vdso_end as array to avoid compile-time analysis error
> for the case of built with CONFIG_FORTIFY_SOURCE.
>
> and, since vdso_start, vdso_end are used in vdso.c only,
> move extern-declaration from vdso.h to vdso.c.
>
> If kernel is built with CONFIG_FORTIFY_SOURCE,
> compile-time error happens at this code.
> - if (memcmp(&vdso_start, "\177ELF", 4))
>
> The size of "&vdso_start" is recognized as 1 byte, but n is 4,
> So that compile-time error is reported.
>
> Signed-off-by: Jinbum Park <jinb.park7@...il.com>
Thanks!
Acked-by: Kees Cook <keescook@...omium.org>
-Kees
> ---
> arch/arm/include/asm/vdso.h | 2 --
> arch/arm/kernel/vdso.c | 12 +++++++-----
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/arch/arm/include/asm/vdso.h b/arch/arm/include/asm/vdso.h
> index 9c99e81..5b85889 100644
> --- a/arch/arm/include/asm/vdso.h
> +++ b/arch/arm/include/asm/vdso.h
> @@ -12,8 +12,6 @@
>
> void arm_install_vdso(struct mm_struct *mm, unsigned long addr);
>
> -extern char vdso_start, vdso_end;
> -
> extern unsigned int vdso_total_pages;
>
> #else /* CONFIG_VDSO */
> diff --git a/arch/arm/kernel/vdso.c b/arch/arm/kernel/vdso.c
> index a4d6dc0..f4dd7f9 100644
> --- a/arch/arm/kernel/vdso.c
> +++ b/arch/arm/kernel/vdso.c
> @@ -39,6 +39,8 @@
>
> static struct page **vdso_text_pagelist;
>
> +extern char vdso_start[], vdso_end[];
> +
> /* Total number of pages needed for the data and text portions of the VDSO. */
> unsigned int vdso_total_pages __ro_after_init;
>
> @@ -197,13 +199,13 @@ static int __init vdso_init(void)
> unsigned int text_pages;
> int i;
>
> - if (memcmp(&vdso_start, "\177ELF", 4)) {
> + if (memcmp(vdso_start, "\177ELF", 4)) {
> pr_err("VDSO is not a valid ELF object!\n");
> return -ENOEXEC;
> }
>
> - text_pages = (&vdso_end - &vdso_start) >> PAGE_SHIFT;
> - pr_debug("vdso: %i text pages at base %p\n", text_pages, &vdso_start);
> + text_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;
> + pr_debug("vdso: %i text pages at base %p\n", text_pages, vdso_start);
>
> /* Allocate the VDSO text pagelist */
> vdso_text_pagelist = kcalloc(text_pages, sizeof(struct page *),
> @@ -218,7 +220,7 @@ static int __init vdso_init(void)
> for (i = 0; i < text_pages; i++) {
> struct page *page;
>
> - page = virt_to_page(&vdso_start + i * PAGE_SIZE);
> + page = virt_to_page(vdso_start + i * PAGE_SIZE);
> vdso_text_pagelist[i] = page;
> }
>
> @@ -229,7 +231,7 @@ static int __init vdso_init(void)
>
> cntvct_ok = cntvct_functional();
>
> - patch_vdso(&vdso_start);
> + patch_vdso(vdso_start);
>
> return 0;
> }
> --
> 1.9.1
>
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists