lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 24 May 2020 17:11:03 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Ingo Molnar <mingo@...nel.org>
Cc:     linux-efi <linux-efi@...r.kernel.org>, X86 ML <x86@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Arvind Sankar <nivedita@...m.mit.edu>
Subject: Re: [PATCH v2 1/3] x86/boot/compressed: move .got.plt entries out of
 the .got section

On Sun, 24 May 2020 at 17:08, Ingo Molnar <mingo@...nel.org> wrote:
>
>
> * Ard Biesheuvel <ardb@...nel.org> wrote:
>
> > The .got.plt section contains the part of the GOT which is used by PLT
> > entries, and which gets updated lazily by the dynamic loader when
> > function calls are dispatched through those PLT entries.
> >
> > On fully linked binaries such as the kernel proper or the decompressor,
> > this never happens, and so in practice, the .got.plt section consists
> > only of the first 3 magic entries that are meant to point at the _DYNAMIC
> > section and at the fixup routine in the loader. However, since we don't
> > use a dynamic loader, those entries are never populated or used.
> >
> > This means that treating those entries like ordinary GOT entries, and
> > updating their values based on the actual placement of the executable in
> > memory is completely pointless, and we can just ignore the .got.plt
> > section entirely, provided that it has no additional entries beyond
> > the first 3 ones.
> >
> > So add an assertion in the linker script to ensure that this assumption
> > holds, and move the contents out of the [_got, _egot) memory range that
> > is modified by the GOT fixup routines.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> > ---
> >  arch/x86/boot/compressed/vmlinux.lds.S | 13 ++++++++++++-
> >  1 file changed, 12 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
> > index 0dc5c2b9614b..ce3fdfb93b57 100644
> > --- a/arch/x86/boot/compressed/vmlinux.lds.S
> > +++ b/arch/x86/boot/compressed/vmlinux.lds.S
> > @@ -44,10 +44,13 @@ SECTIONS
> >       }
> >       .got : {
> >               _got = .;
> > -             KEEP(*(.got.plt))
> >               KEEP(*(.got))
> >               _egot = .;
> >       }
> > +     .got.plt : {
> > +             KEEP(*(.got.plt))
> > +     }
> > +
> >       .data : {
> >               _data = . ;
> >               *(.data)
> > @@ -75,3 +78,11 @@ SECTIONS
> >       . = ALIGN(PAGE_SIZE);   /* keep ZO size page aligned */
> >       _end = .;
> >  }
> > +
> > +#ifdef CONFIG_X86_64
> > +ASSERT (SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
> > +     "Unexpected GOT/PLT entries detected!")
> > +#else
> > +ASSERT (SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc,
> > +     "Unexpected GOT/PLT entries detected!")
> > +#endif
>
> Cool debugging check!
>
> Minor consistent-style nit:
>
> s/ASSERT (
>  /ASSERT(
>

ok

> Optional: maybe even merge these on a single line, as a special exception to the col80 rule?
>
>  #ifdef CONFIG_X86_64
>  ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
>  #else
>  ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) ==  0xc, "Unexpected GOT/PLT entries detected!")
>  #endif
>
> But fine either way.
>

SIZEOF(.got.plt) <= 0x18

could be used as well, given that the section is either empty, or has
at least the 3 magic entries.

Powered by blists - more mailing lists