| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190514161051.GA21695@probook>
Date: Tue, 14 May 2019 18:10:55 +0200
From: Johannes Hirte <johannes.hirte@...enkhaos.de>
To: Kees Cook <keescook@...omium.org>
Cc: Borislav Petkov <bp@...e.de>,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH] x86/build: Move _etext to actual end of .text
On 2019 Mai 14, Kees Cook wrote:
> On Tue, May 14, 2019 at 02:04:21PM +0200, Johannes Hirte wrote:
> > On 2019 Apr 23, Kees Cook wrote:
> > > When building x86 with Clang LTO and CFI, CFI jump regions are
> > > automatically added to the end of the .text section late in linking. As a
> > > result, the _etext position was being labelled before the appended jump
> > > regions, causing confusion about where the boundaries of the executable
> > > region actually are in the running kernel, and broke at least the fault
> > > injection code. This moves the _etext mark to outside (and immediately
> > > after) the .text area, as it already the case on other architectures
> > > (e.g. arm64, arm).
> > >
> > > Reported-and-tested-by: Sami Tolvanen <samitolvanen@...gle.com>
> > > Signed-off-by: Kees Cook <keescook@...omium.org>
> > > ---
> > > arch/x86/kernel/vmlinux.lds.S | 6 +++---
> > > 1 file changed, 3 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
> > > index bad8c51fee6e..de94da2366e7 100644
> > > --- a/arch/x86/kernel/vmlinux.lds.S
> > > +++ b/arch/x86/kernel/vmlinux.lds.S
> > > @@ -141,11 +141,11 @@ SECTIONS
> > > *(.text.__x86.indirect_thunk)
> > > __indirect_thunk_end = .;
> > > #endif
> > > -
> > > - /* End of text section */
> > > - _etext = .;
> > > } :text = 0x9090
> > >
> > > + /* End of text section */
> > > + _etext = .;
> > > +
> > > NOTES :text :note
> > >
> > > EXCEPTION_TABLE(16) :text = 0x9090
> > > --
> > > 2.17.1
> >
> > This breaks the build on my system:
> >
> > RELOCS arch/x86/boot/compressed/vmlinux.relocs
> > CC arch/x86/boot/compressed/early_serial_console.o
> > CC arch/x86/boot/compressed/kaslr.o
> > AS arch/x86/boot/compressed/mem_encrypt.o
> > CC arch/x86/boot/compressed/kaslr_64.o
> > Invalid absolute R_X86_64_32S relocation: _etext
> > make[2]: *** [arch/x86/boot/compressed/Makefile:130: arch/x86/boot/compressed/vmlinux.relocs] Error 1
> > make[2]: *** Deleting file 'arch/x86/boot/compressed/vmlinux.relocs'
> > make[2]: *** Waiting for unfinished jobs....
> > make[1]: *** [arch/x86/boot/Makefile:112: arch/x86/boot/compressed/vmlinux] Error 2
> > make: *** [arch/x86/Makefile:283: bzImage] Error 2
>
> Interesting! Can you send along your .config and compiler details?
Tested with gcc-8.3 and gcc-9.1, both the same result.
Using built-in specs.
COLLECT_GCC=gcc-8.3.0
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/8.3.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-8.3.0-r1/work/gcc-8.3.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/8.3.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/include/g++-v8 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 8.3.0-r1 p1.1' --disable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-altivec --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libmudflap --disable-libssp --disable-libmpx --disable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp
Thread model: posix
gcc version 8.3.0 (Gentoo 8.3.0-r1 p1.1)
Using built-in specs.
COLLECT_GCC=gcc-9.1.0
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/9.1.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-9.1.0/work/gcc-9.1.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/9.1.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/g++-v9 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 9.1.0 p1.0' --disable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-altivec --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libmudflap --disable-libssp --disable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp
Thread model: posix
gcc version 9.1.0 (Gentoo 9.1.0 p1.0)
--
Regards,
Johannes
View attachment "config" of type "text/plain" (139949 bytes)
Powered by blists - more mailing lists