lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKwvOdkETA4OU5d_f_8eCeXgo4juagHuPWo6Fd4jg7C1cWqoYA@mail.gmail.com>
Date:   Thu, 18 Mar 2021 12:00:39 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Sami Tolvanen <samitolvanen@...gle.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Will Deacon <will@...nel.org>, Jessica Yu <jeyu@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Christoph Hellwig <hch@...radead.org>,
        bpf <bpf@...r.kernel.org>, linux-hardening@...r.kernel.org,
        linux-arch <linux-arch@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        PCI <linux-pci@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 07/17] kallsyms: strip ThinLTO hashes from static functions

On Thu, Mar 18, 2021 at 10:11 AM Sami Tolvanen <samitolvanen@...gle.com> wrote:
>
> With CONFIG_CFI_CLANG and ThinLTO, Clang appends a hash to the names
> of all static functions not marked __used. This can break userspace
> tools that don't expect the function name to change, so strip out the
> hash from the output.
>
> Suggested-by: Jack Pham <jackp@...eaurora.org>
> Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> ---
>  kernel/kallsyms.c | 54 ++++++++++++++++++++++++++++++++++++++++++-----
>  1 file changed, 49 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 8043a90aa50e..17d3a704bafa 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -161,6 +161,26 @@ static unsigned long kallsyms_sym_address(int idx)
>         return kallsyms_relative_base - 1 - kallsyms_offsets[idx];
>  }
>
> +#if defined(CONFIG_CFI_CLANG) && defined(CONFIG_LTO_CLANG_THIN)
> +/*
> + * LLVM appends a hash to static function names when ThinLTO and CFI are
> + * both enabled, which causes confusion and potentially breaks user space

Might be nice to add an example, something along the lines of:
ie. foo() becomes foo$asfdasdfasdfasdf()

> + * tools, so we will strip the postfix from expanded symbol names.

s/postfix/suffix/ ?

> + */
> +static inline char *cleanup_symbol_name(char *s)
> +{
> +       char *res = NULL;
> +
> +       res = strrchr(s, '$');
> +       if (res)
> +               *res = '\0';
> +
> +       return res;
> +}
> +#else
> +static inline char *cleanup_symbol_name(char *s) { return NULL; }
> +#endif

Might be nicer to return a `bool` and have the larger definition
`return res != NULL`).  Not sure what a caller would do with `res` if
it was not `NULL`?

> +
>  /* Lookup the address for this symbol. Returns 0 if not found. */
>  unsigned long kallsyms_lookup_name(const char *name)
>  {
> @@ -173,6 +193,9 @@ unsigned long kallsyms_lookup_name(const char *name)
>
>                 if (strcmp(namebuf, name) == 0)
>                         return kallsyms_sym_address(i);
> +
> +               if (cleanup_symbol_name(namebuf) && strcmp(namebuf, name) == 0)
> +                       return kallsyms_sym_address(i);
>         }
>         return module_kallsyms_lookup_name(name);
>  }
> @@ -303,7 +326,9 @@ const char *kallsyms_lookup(unsigned long addr,
>                                        namebuf, KSYM_NAME_LEN);
>                 if (modname)
>                         *modname = NULL;
> -               return namebuf;
> +
> +               ret = namebuf;
> +               goto found;
>         }
>
>         /* See if it's in a module or a BPF JITed image. */
> @@ -316,11 +341,16 @@ const char *kallsyms_lookup(unsigned long addr,
>         if (!ret)
>                 ret = ftrace_mod_address_lookup(addr, symbolsize,
>                                                 offset, modname, namebuf);
> +
> +found:
> +       cleanup_symbol_name(namebuf);
>         return ret;
>  }
>
>  int lookup_symbol_name(unsigned long addr, char *symname)
>  {
> +       int res;
> +
>         symname[0] = '\0';
>         symname[KSYM_NAME_LEN - 1] = '\0';
>
> @@ -331,15 +361,23 @@ int lookup_symbol_name(unsigned long addr, char *symname)
>                 /* Grab name */
>                 kallsyms_expand_symbol(get_symbol_offset(pos),
>                                        symname, KSYM_NAME_LEN);
> -               return 0;
> +               goto found;
>         }
>         /* See if it's in a module. */
> -       return lookup_module_symbol_name(addr, symname);
> +       res = lookup_module_symbol_name(addr, symname);
> +       if (res)
> +               return res;
> +
> +found:
> +       cleanup_symbol_name(symname);
> +       return 0;
>  }
>
>  int lookup_symbol_attrs(unsigned long addr, unsigned long *size,
>                         unsigned long *offset, char *modname, char *name)
>  {
> +       int res;
> +
>         name[0] = '\0';
>         name[KSYM_NAME_LEN - 1] = '\0';
>
> @@ -351,10 +389,16 @@ int lookup_symbol_attrs(unsigned long addr, unsigned long *size,
>                 kallsyms_expand_symbol(get_symbol_offset(pos),
>                                        name, KSYM_NAME_LEN);
>                 modname[0] = '\0';
> -               return 0;
> +               goto found;
>         }
>         /* See if it's in a module. */
> -       return lookup_module_symbol_attrs(addr, size, offset, modname, name);
> +       res = lookup_module_symbol_attrs(addr, size, offset, modname, name);
> +       if (res)
> +               return res;
> +
> +found:
> +       cleanup_symbol_name(name);
> +       return 0;
>  }
>
>  /* Look up a kernel symbol and return it in a text buffer. */
> --
> 2.31.0.291.g576ba9dcdaf-goog
>


-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ