lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGG=3QV0kR__23yEmwwXBpcE1gvjLqRNmF667hhVeY0B3urTqQ@mail.gmail.com>
Date:   Thu, 29 Apr 2021 02:23:41 -0700
From:   Bill Wendling <morbo@...gle.com>
To:     Szabolcs Nagy <szabolcs.nagy@....com>
Cc:     Mark Brown <broonie@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Kees Cook <keescook@...gle.com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Will Deacon <will@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-arm-kernel@...ts.infradead.org,
        Daniel Kiss <Daniel.Kiss@....com>
Subject: Re: [PATCH] arm64/vdso: Discard .note.gnu.property sections in vDSO

On Thu, Apr 29, 2021 at 12:55 AM Szabolcs Nagy <szabolcs.nagy@....com> wrote:
> The 04/28/2021 12:31, Bill Wendling wrote:
> > On Wed, Apr 28, 2021 at 12:21 PM Bill Wendling <morbo@...gle.com> wrote:
> > > On Wed, Apr 28, 2021 at 10:40 AM Mark Brown <broonie@...nel.org> wrote:
> > > > On Wed, Apr 28, 2021 at 06:28:47PM +0100, Catalin Marinas wrote:
> > > > > On Fri, Apr 23, 2021 at 01:51:59PM -0700, Bill Wendling wrote:
> > > >
> > > > > > Since the note.gnu.property section in the vDSO is not checked by the
> > > > > > dynamic linker, discard the .note.gnu.property sections in the vDSO.
> > > >
> > > > > Can we not instead fix the linker script to preserve the
> > > > > .note.gnu.property, correctly aligned? It doesn't take much space and
> > > > > while we don't use it now, it has the BTI information about the binary.
> > > >
> > > > > Cc'ing a few others who were involved in the BTI support.
> > > >
> > > > Not just BTI, we also flag PAC usage in there too and could add other
> > > > extensions going forwards.  While the note isn't actively used by
> > > > anything right now due to the kernel mapping the vDSO prior to userspace
> > > > starting it is part of the ABI and something could end up wanting to use
> > > > it and getting confused if it's not there.  It would be much better to
> > > > fix the alignment issue.
> > >
> > > If there's only one of the 8-byte aligned sections guaranteed, we
> > > could place it first in the note. Otherwise, we will have to change
> > > the alignment of the note (or somehow merge multiple notes).
> > >
> > I should have clarified that there's only one *entry* in the
> > .note.gnu.properties section, and if not then is it possible to merge
> > multiple entries into one. (Excuse my ignorance if this is already the
> > case.)
>
> .note.gnu.property should go to PT_GNU_PROPERTY and it
> should be merged following rules specified in
> https://github.com/hjl-tools/linux-abi/wiki/Linux-Extensions-to-gABI
> and
> https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst#program-property
>
> it may also be covered by a (8byte aligned) PT_NOTE, but
> that's not a requirement on aarch64 (x86 requires it for
> compatibility with old dynamic linker, but since the vdso
> is handled specially that may not be relevant either).
>
> i don't know how this works in linker scripts.

This is a potential patch. I haven't had time to test it though.
However, it does appear to format the section in the "expected" way,
so one's able to grab the build IDs. Thoughts?

$ objdump -s -j .note ./arch/arm64/kernel/vdso/vdso.so

./arch/arm64/kernel/vdso/vdso.so:     file format elf64-little

Contents of section .note:
 0288 04000000 10000000 05000000 474e5500  ............GNU.
 0298 000000c0 04000000 03000000 00000000  ................
 02a8 06000000 04000000 00000000 4c696e75  ............Linu
 02b8 78000000 000a0500 06000000 01000000  x...............
 02c8 00010000 4c696e75 78000000 00000000  ....Linux.......
 02d8 04000000 14000000 03000000 474e5500  ............GNU.
 02e8 958db149 af5156cb 45309896 7a53ae8a  ...I.QV.E0..zS..
 02f8 ef34e95c                             .4.\

diff --git a/arch/arm64/kernel/vdso/vdso.lds.S
b/arch/arm64/kernel/vdso/vdso.lds.S
index d808ad31e01f..d51e886c6223 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -31,7 +31,13 @@ SECTIONS
        .gnu.version_d  : { *(.gnu.version_d) }
        .gnu.version_r  : { *(.gnu.version_r) }

-       .note           : { *(.note.*) }                :text   :note
+       /*
+        * Add the .note.gnu.property section first, as it's aligned to
+        * 8-bytes, while other notes are aligned to 4-bytes.
+        */
+       . = ALIGN(8);
+
+       .note           : { *(.note.gnu.property) *(.note.*) }  :text   :note

        . = ALIGN(16);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ