lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <173693267219.31546.15758183573184177131.tip-bot2@tip-bot2>
Date: Wed, 15 Jan 2025 09:17:52 -0000
From: "tip-bot2 for David Woodhouse" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Nathan Chancellor <nathan@...nel.org>, David Woodhouse <dwmw@...zon.co.uk>,
 "Borislav Petkov (AMD)" <bp@...en8.de>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Subject: [tip: x86/boot] x86/kexec: Mark machine_kexec() with __nocfi

The following commit has been merged into the x86/boot branch of tip:

Commit-ID:     2114796ca041f0d3e79e5dd165219b940b23c540
Gitweb:        https://git.kernel.org/tip/2114796ca041f0d3e79e5dd165219b940b23c540
Author:        David Woodhouse <dwmw@...zon.co.uk>
AuthorDate:    Thu, 09 Jan 2025 14:04:18 
Committer:     Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Tue, 14 Jan 2025 13:02:40 +01:00

x86/kexec: Mark machine_kexec() with __nocfi

A recent commit caused the relocate_kernel() function to be invoked through
a function pointer, but it does not have CFI information. The resulting trap
occurs after the IDT and GDT have been invalidated, leading to a triple-fault
if CONFIG_CFI_CLANG is enabled.

Using SYM_TYPED_FUNC_START() to provide the CFI information looks like it will
require a prolonged battle with objtool. And is fairly pointless anyway, as
the actual signature comes from a __kcfi_typeid_… symbol emitted from the
C code based on the function prototype it thinks that relocate_kernel has,
rendering the check somewhat tautological.

The simple fix is just to mark machine_kexec() with __nocfi.

Fixes: eeebbde57113 ("x86/kexec: Invoke copy of relocate_kernel() instead of the original")
Reported-by: Nathan Chancellor <nathan@...nel.org>
Suggested-by: Nathan Chancellor <nathan@...nel.org>
Signed-off-by: David Woodhouse <dwmw@...zon.co.uk>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Link: https://lore.kernel.org/r/20250109140757.2841269-7-dwmw2@infradead.org
---
 arch/x86/kernel/machine_kexec_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 9232ad1..1440f79 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -342,7 +342,7 @@ void machine_kexec_cleanup(struct kimage *image)
  * Do not allocate memory (or fail in any way) in machine_kexec().
  * We are past the point of no return, committed to rebooting now.
  */
-void machine_kexec(struct kimage *image)
+void __nocfi machine_kexec(struct kimage *image)
 {
 	unsigned long (*relocate_kernel_ptr)(unsigned long indirection_page,
 					     unsigned long pa_control_page,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ