| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jan 2024 19:05:13 +0100
From: Ard Biesheuvel <ardb+git@...gle.com>
To: linux-kernel@...r.kernel.org
Cc: Ard Biesheuvel <ardb@...nel.org>, Kevin Loughlin <kevinloughlin@...gle.com>,
Tom Lendacky <thomas.lendacky@....com>, Dionna Glaze <dionnaglaze@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>,
Arnd Bergmann <arnd@...db.de>, Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>, Justin Stitt <justinstitt@...gle.com>,
Kees Cook <keescook@...omium.org>, Brian Gerst <brgerst@...il.com>, linux-arch@...r.kernel.org,
llvm@...ts.linux.dev
Subject: [PATCH v3 10/19] asm-generic: Add special .pi.text section for
position independent code
From: Ard Biesheuvel <ardb@...nel.org>
Add a special .pi.text section that architectures will use to carry code
that can be called while the kernel is executing from a different
virtual address than its link time address. This is typically needed by
very early boot code that executes from a 1:1 mapping, and may need to
call into other code to perform preparatory tasks that must be completed
before switching to the kernel's ordinary virtual mapping.
Note that this implies that the code in question cannot generally be
instrumented safely, and so the contents are combined with the existing
noinstr.text section, making .pi.text a proper subset of the former.
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
---
include/asm-generic/vmlinux.lds.h | 3 +++
include/linux/init.h | 12 +++++++++
scripts/mod/modpost.c | 5 +++-
tools/objtool/check.c | 26 ++++++++------------
4 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 5dd3a61d673d..70c9767cac5a 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -553,6 +553,9 @@
__cpuidle_text_start = .; \
*(.cpuidle.text) \
__cpuidle_text_end = .; \
+ __pi_text_start = .; \
+ *(.pi.text) \
+ __pi_text_end = .; \
__noinstr_text_end = .;
/*
diff --git a/include/linux/init.h b/include/linux/init.h
index 3fa3f6241350..85bb701b664c 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -55,6 +55,17 @@
#define __exitdata __section(".exit.data")
#define __exit_call __used __section(".exitcall.exit")
+/*
+ * __pitext should be used to mark code that can execute correctly from a
+ * different virtual offset than the kernel was linked at. This is used for
+ * code that is called extremely early during boot.
+ *
+ * Note that this is incompatible with KAsan, which applies an affine
+ * translation to the virtual address to obtain the shadow address which is
+ * strictly tied to the kernel's virtual address space.
+ */
+#define __pitext __section(".pi.text") __no_sanitize_address notrace
+
/*
* modpost check for section mismatches during the kernel build.
* A section mismatch happens when there are references from a
@@ -92,6 +103,7 @@
/* For assembly routines */
#define __HEAD .section ".head.text","ax"
+#define __PITEXT .section ".pi.text","ax"
#define __INIT .section ".init.text","ax"
#define __FINIT .previous
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 795b21154446..962d00df47ab 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -813,9 +813,12 @@ static void check_section(const char *modname, struct elf_info *elf,
#define INIT_SECTIONS ".init.*"
-#define ALL_TEXT_SECTIONS ".init.text", ".meminit.text", ".exit.text", \
+#define ALL_PI_TEXT_SECTIONS ".pi.text", ".pi.text.*"
+#define ALL_NON_PI_TEXT_SECTIONS ".init.text", ".meminit.text", ".exit.text", \
TEXT_SECTIONS, OTHER_TEXT_SECTIONS
+#define ALL_TEXT_SECTIONS ALL_NON_PI_TEXT_SECTIONS, ALL_PI_TEXT_SECTIONS
+
enum mismatch {
TEXTDATA_TO_ANY_INIT_EXIT,
XXXINIT_TO_SOME_INIT,
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 548ec3cd7c00..af8f23a96037 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -389,6 +389,7 @@ static int decode_instructions(struct objtool_file *file)
if (!strcmp(sec->name, ".noinstr.text") ||
!strcmp(sec->name, ".entry.text") ||
!strcmp(sec->name, ".cpuidle.text") ||
+ !strncmp(sec->name, ".pi.text", 8) ||
!strncmp(sec->name, ".text..__x86.", 13))
sec->noinstr = true;
@@ -4234,23 +4235,16 @@ static int validate_noinstr_sections(struct objtool_file *file)
{
struct section *sec;
int warnings = 0;
+ static char const *noinstr_sections[] = {
+ ".noinstr.text", ".entry.text", ".cpuidle.text", ".pi.text",
+ };
- sec = find_section_by_name(file->elf, ".noinstr.text");
- if (sec) {
- warnings += validate_section(file, sec);
- warnings += validate_unwind_hints(file, sec);
- }
-
- sec = find_section_by_name(file->elf, ".entry.text");
- if (sec) {
- warnings += validate_section(file, sec);
- warnings += validate_unwind_hints(file, sec);
- }
-
- sec = find_section_by_name(file->elf, ".cpuidle.text");
- if (sec) {
- warnings += validate_section(file, sec);
- warnings += validate_unwind_hints(file, sec);
+ for (int i = 0; i < ARRAY_SIZE(noinstr_sections); i++) {
+ sec = find_section_by_name(file->elf, noinstr_sections[i]);
+ if (sec) {
+ warnings += validate_section(file, sec);
+ warnings += validate_unwind_hints(file, sec);
+ }
}
return warnings;
--
2.43.0.429.g432eaa2c6b-goog
Powered by blists - more mailing lists