lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 May 2019 12:50:57 +0000 From: Raphael Gault <Raphael.Gault@....com> To: Josh Poimboeuf <jpoimboe@...hat.com> CC: "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "peterz@...radead.org" <peterz@...radead.org>, Catalin Marinas <Catalin.Marinas@....com>, Will Deacon <Will.Deacon@....com>, Julien Thierry <Julien.Thierry@....com> Subject: Re: [RFC V2 00/16] objtool: Add support for Arm64 Hi Josh, Thanks for offering your help and sorry for the late answer. My understanding is that a table of offsets is built by GCC, those offsets being scaled by 4 before adding them to the base label. I believe the offsets are stored in the .rodata section. To find the size of that table, it is needed to find a comparison, which can be optimized out apprently. In that case the end of the array can be found by locating labels pointing to data behind it (which is not 100% safe). On 5/16/19 3:29 PM, Josh Poimboeuf wrote: > On Thu, May 16, 2019 at 11:36:39AM +0100, Raphael Gault wrote: >> Noteworthy points: >> * I still haven't figured out how to detect switch-tables on arm64. I >> have a better understanding of them but still haven't implemented checks >> as it doesn't look trivial at all. > > Switch tables were tricky to get right on x86. If you share an example > (or even just a .o file) I can take a look. Hopefully they're somewhat > similar to x86 switch tables. Otherwise we may want to consider a > different approach (for example maybe a GCC plugin could help annotate > them). > The case which made me realize the issue is the one of arch/arm64/kernel/module.o:apply_relocate_add: ``` What seems to happen in the case of module.o is: 334: 90000015 adrp x21, 0 <do_reloc> which retrieves the location of an offset in the rodata section, and a bit later we do some extra computation with it in order to compute the jump destination: 3e0: 78625aa0 ldrh w0, [x21, w2, uxtw #1] 3e4: 10000061 adr x1, 3f0 <apply_relocate_add+0xf8> 3e8: 8b20a820 add x0, x1, w0, sxth #2 3ec: d61f0000 br x0 ``` Please keep in mind that the actual offsets might vary. I'm happy to provide more details about what I have identified if you want me to. Thanks, -- Raphael Gault IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Powered by blists - more mailing lists