| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXFFo6Y=p63N41DrN4wLzMNVdtD-hp6gBVQwNqrzt7oqwQ@mail.gmail.com>
Date: Sun, 30 Apr 2023 16:23:56 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Hou Wenlong <houwenlong.hwl@...group.com>
Cc: linux-kernel@...r.kernel.org,
Thomas Garnier <thgarnie@...omium.org>,
Lai Jiangshan <jiangshan.ljs@...group.com>,
Kees Cook <keescook@...omium.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Arnd Bergmann <arnd@...db.de>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Juergen Gross <jgross@...e.com>,
Brian Gerst <brgerst@...il.com>, linux-arch@...r.kernel.org
Subject: Re: [PATCH RFC 25/43] x86/mm: Make the x86 GOT read-only
On Fri, 28 Apr 2023 at 11:55, Hou Wenlong <houwenlong.hwl@...group.com> wrote:
>
> From: Thomas Garnier <thgarnie@...omium.org>
>
> From: Thomas Garnier <thgarnie@...omium.org>
>
> The GOT is changed during early boot when relocations are applied. Make
> it read-only directly. This table exists only for PIE binary. Since weak
> symbol reference would always be GOT reference, there are 8 entries in
> GOT, but only one entry for __fentry__() is in use. Other GOT
> references have been optimized by linker.
>
> [Hou Wenlong: Change commit message and skip GOT size check]
>
> Signed-off-by: Thomas Garnier <thgarnie@...omium.org>
> Signed-off-by: Hou Wenlong <houwenlong.hwl@...group.com>
> Cc: Lai Jiangshan <jiangshan.ljs@...group.com>
> Cc: Kees Cook <keescook@...omium.org>
> ---
> arch/x86/kernel/vmlinux.lds.S | 2 ++
> include/asm-generic/vmlinux.lds.h | 12 ++++++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
> index f02dcde9f8a8..fa4c6582663f 100644
> --- a/arch/x86/kernel/vmlinux.lds.S
> +++ b/arch/x86/kernel/vmlinux.lds.S
> @@ -462,6 +462,7 @@ SECTIONS
> #endif
> "Unexpected GOT/PLT entries detected!")
>
> +#ifndef CONFIG_X86_PIE
> /*
> * Sections that should stay zero sized, which is safer to
> * explicitly check instead of blindly discarding.
> @@ -470,6 +471,7 @@ SECTIONS
> *(.got) *(.igot.*)
> }
> ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
> +#endif
>
> .plt : {
> *(.plt) *(.plt.*) *(.iplt)
> diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> index d1f57e4868ed..438ed8b39896 100644
> --- a/include/asm-generic/vmlinux.lds.h
> +++ b/include/asm-generic/vmlinux.lds.h
> @@ -441,6 +441,17 @@
> __end_ro_after_init = .;
> #endif
>
> +#ifdef CONFIG_X86_PIE
> +#define RO_GOT_X86
Please don't put X86 specific stuff in generic code.
> + .got : AT(ADDR(.got) - LOAD_OFFSET) { \
> + __start_got = .; \
> + *(.got) *(.igot.*); \
> + __end_got = .; \
> + }
> +#else
> +#define RO_GOT_X86
> +#endif
> +
I don't think it makes sense for this definition to be conditional.
You can include it conditionally from the x86 code, but even that
seems unnecessary, given that it will be empty otherwise.
> /*
> * .kcfi_traps contains a list KCFI trap locations.
> */
> @@ -486,6 +497,7 @@
> BOUNDED_SECTION_PRE_LABEL(.pci_fixup_suspend_late, _pci_fixups_suspend_late, __start, __end) \
> } \
> \
> + RO_GOT_X86 \
> FW_LOADER_BUILT_IN_DATA \
> TRACEDATA \
> \
> --
> 2.31.1
>
Powered by blists - more mailing lists