lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  7 Jul 2021 11:18:11 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Fangrui Song <maskray@...gle.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        "KE . LI" <like1@...o.com>, Nathan Chancellor <nathan@...nel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Miroslav Benes <mbenes@...e.cz>,
        Miguel Ojeda <ojeda@...nel.org>, Joe Perches <joe@...ches.com>,
        Stephen Boyd <swboyd@...omium.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: [PATCH v4] kallsyms: strip LTO suffixes from static functions

Similar to:
commit 8b8e6b5d3b01 ("kallsyms: strip ThinLTO hashes from static
functions")

It's very common for compilers to modify the symbol name for static
functions as part of optimizing transformations. That makes hooking
static functions (that weren't inlined or DCE'd) with kprobes difficult.

LLVM has yet another name mangling scheme used by thin LTO.  Strip off
these suffixes so that we can continue to hook such static functions.

Reported-by: KE.LI(Lieke) <like1@...o.com>
Suggested-by: Nathan Chancellor <nathan@...nel.org>
Signed-off-by: Nick Desaulniers <ndesaulniers@...gle.com>
---
Changes v3 -> v4:
* Convert this function to use IS_ENABLED rather than provide multiple
  definitions based on preprocessor checks.
* Add Nathan's suggested-by.

Changes v2 -> v3:
* Un-nest preprocessor checks, as per Nathan.

Changes v1 -> v2:
* Both mangling schemes can occur for thinLTO + CFI, this new scheme can
  also occur for thinLTO without CFI. Split cleanup_symbol_name() into
  two function calls.
* Drop KE.LI's tested by tag.
* Do not carry Fangrui's Reviewed by tag.
* Drop the inline keyword; it is meaningless.

 kernel/kallsyms.c | 43 ++++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 4067564ec59f..a10dab216f4f 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -171,26 +171,43 @@ static unsigned long kallsyms_sym_address(int idx)
 	return kallsyms_relative_base - 1 - kallsyms_offsets[idx];
 }
 
-#if defined(CONFIG_CFI_CLANG) && defined(CONFIG_LTO_CLANG_THIN)
-/*
- * LLVM appends a hash to static function names when ThinLTO and CFI are
- * both enabled, i.e. foo() becomes foo$707af9a22804d33c81801f27dcfe489b.
- * This causes confusion and potentially breaks user space tools, so we
- * strip the suffix from expanded symbol names.
- */
-static inline bool cleanup_symbol_name(char *s)
+static bool cleanup_symbol_name(char *s)
 {
 	char *res;
 
+	/*
+	 * LLVM appends a suffix for local variables that must be promoted to
+	 * global scope as part of ThinLTO. foo() becomes
+	 * foo.llvm.974640843467629774. This can break hooking of static
+	 * functions with kprobes.
+	 */
+	if (!IS_ENABLED(CONFIG_LTO_CLANG_THIN))
+		return false;
+
+	res = strstr(s, ".llvm.");
+	if (res) {
+		*res = '\0';
+		return true;
+	}
+
+	/*
+	 * LLVM appends a hash to static function names when ThinLTO and CFI
+	 * are both enabled, i.e. foo() becomes
+	 * foo$707af9a22804d33c81801f27dcfe489b. This causes confusion and
+	 * potentially breaks user space tools, so we strip the suffix from
+	 * expanded symbol names.
+	 */
+	if (!IS_ENABLED(CONFIG_CFI_CLANG))
+		return false;
+
 	res = strrchr(s, '$');
-	if (res)
+	if (res) {
 		*res = '\0';
+		return true;
+	}
 
-	return res != NULL;
+	return false;
 }
-#else
-static inline bool cleanup_symbol_name(char *s) { return false; }
-#endif
 
 /* Lookup the address for this symbol. Returns 0 if not found. */
 unsigned long kallsyms_lookup_name(const char *name)
-- 
2.32.0.93.g670b81a890-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ