| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Oct 2020 10:00:49 +0000
From: Will Deacon <will@...nel.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
catalin.marinas@....com, Jessica Yu <jeyu@...nel.org>,
Kees Cook <keescook@...omium.org>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Nick Desaulniers <ndesaulniers@...gle.com>
Subject: Re: [PATCH] module: use hidden visibility for weak symbol references
Hi Ard,
On Tue, Oct 27, 2020 at 04:11:32PM +0100, Ard Biesheuvel wrote:
> Geert reports that commit be2881824ae9eb92 ("arm64/build: Assert for
> unwanted sections") results in build errors on arm64 for configurations
> that have CONFIG_MODULES disabled.
>
> The commit in question added ASSERT()s to the arm64 linker script to
> ensure that linker generated sections such as .got, .plt etc are empty,
> but as it turns out, there are corner cases where the linker does emit
> content into those sections. More specifically, weak references to
> function symbols (which can remain unsatisfied, and can therefore not
> be emitted as relative references) will be emitted as GOT and PLT
> entries when linking the kernel in PIE mode (which is the case when
> CONFIG_RELOCATABLE is enabled, which is on by default).
>
> What happens is that code such as
>
> struct device *(*fn)(struct device *dev);
> struct device *iommu_device;
>
> fn = symbol_get(mdev_get_iommu_device);
> if (fn) {
> iommu_device = fn(dev);
>
> essentially gets converted into the following when CONFIG_MODULES is off:
>
> struct device *iommu_device;
>
> if (&mdev_get_iommu_device) {
> iommu_device = mdev_get_iommu_device(dev);
>
> where mdev_get_iommu_device is emitted as a weak symbol reference into
> the object file. The first reference is decorated with an ordinary
> ABS64 data relocation (which yields 0x0 if the reference remains
> unsatisfied). However, the indirect call is turned into a direct call
> covered by a R_AARCH64_CALL26 relocation, which is converted into a
> call via a PLT entry taking the target address from the associated
> GOT entry.
>
> Given that such GOT and PLT entries are unnecessary for fully linked
> binaries such as the kernel, let's give these weak symbol references
> hidden visibility, so that the linker knows that the weak reference
> via R_AARCH64_CALL26 can simply remain unsatisfied.
>
> Cc: Jessica Yu <jeyu@...nel.org>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> ---
> include/linux/module.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Cheers. I gave this a spin, but I unfortunately still see the following
linker warning with allnoconfig:
aarch64-linux-gnu-ld: warning: orphan section `.igot.plt' from `arch/arm64/kernel/head.o' being placed in section `.igot.plt'
which looks unrelated to symbol_get(), but maybe it's worth knocking these
things on the head (no pun intended) at the same time?
Cheers,
Will
Powered by blists - more mailing lists