| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 May 2020 17:11:03 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Ingo Molnar <mingo@...nel.org>
Cc: linux-efi <linux-efi@...r.kernel.org>, X86 ML <x86@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Arvind Sankar <nivedita@...m.mit.edu>
Subject: Re: [PATCH v2 1/3] x86/boot/compressed: move .got.plt entries out of
the .got section
On Sun, 24 May 2020 at 17:08, Ingo Molnar <mingo@...nel.org> wrote:
>
>
> * Ard Biesheuvel <ardb@...nel.org> wrote:
>
> > The .got.plt section contains the part of the GOT which is used by PLT
> > entries, and which gets updated lazily by the dynamic loader when
> > function calls are dispatched through those PLT entries.
> >
> > On fully linked binaries such as the kernel proper or the decompressor,
> > this never happens, and so in practice, the .got.plt section consists
> > only of the first 3 magic entries that are meant to point at the _DYNAMIC
> > section and at the fixup routine in the loader. However, since we don't
> > use a dynamic loader, those entries are never populated or used.
> >
> > This means that treating those entries like ordinary GOT entries, and
> > updating their values based on the actual placement of the executable in
> > memory is completely pointless, and we can just ignore the .got.plt
> > section entirely, provided that it has no additional entries beyond
> > the first 3 ones.
> >
> > So add an assertion in the linker script to ensure that this assumption
> > holds, and move the contents out of the [_got, _egot) memory range that
> > is modified by the GOT fixup routines.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> > ---
> > arch/x86/boot/compressed/vmlinux.lds.S | 13 ++++++++++++-
> > 1 file changed, 12 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
> > index 0dc5c2b9614b..ce3fdfb93b57 100644
> > --- a/arch/x86/boot/compressed/vmlinux.lds.S
> > +++ b/arch/x86/boot/compressed/vmlinux.lds.S
> > @@ -44,10 +44,13 @@ SECTIONS
> > }
> > .got : {
> > _got = .;
> > - KEEP(*(.got.plt))
> > KEEP(*(.got))
> > _egot = .;
> > }
> > + .got.plt : {
> > + KEEP(*(.got.plt))
> > + }
> > +
> > .data : {
> > _data = . ;
> > *(.data)
> > @@ -75,3 +78,11 @@ SECTIONS
> > . = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */
> > _end = .;
> > }
> > +
> > +#ifdef CONFIG_X86_64
> > +ASSERT (SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
> > + "Unexpected GOT/PLT entries detected!")
> > +#else
> > +ASSERT (SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc,
> > + "Unexpected GOT/PLT entries detected!")
> > +#endif
>
> Cool debugging check!
>
> Minor consistent-style nit:
>
> s/ASSERT (
> /ASSERT(
>
ok
> Optional: maybe even merge these on a single line, as a special exception to the col80 rule?
>
> #ifdef CONFIG_X86_64
> ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
> #else
> ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
> #endif
>
> But fine either way.
>
SIZEOF(.got.plt) <= 0x18
could be used as well, given that the section is either empty, or has
at least the 3 magic entries.
Powered by blists - more mailing lists