lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250429-vdso-absolute-reloc-v1-2-987a0afd10b5@linutronix.de>
Date: Tue, 29 Apr 2025 14:55:37 +0200
From: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
To: Catalin Marinas <catalin.marinas@....com>, 
 Will Deacon <will@...nel.org>, Nam Cao <namcao@...utronix.de>, 
 Anna-Maria Behnsen <anna-maria@...utronix.de>, 
 Thomas Gleixner <tglx@...utronix.de>, Andy Lutomirski <luto@...nel.org>, 
 Vincenzo Frascino <vincenzo.frascino@....com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, 
 Jan Stancek <jstancek@...hat.com>, 
 Thomas Weißschuh <thomas.weissschuh@...utronix.de>
Subject: [PATCH 2/2] vdso: Reject absolute relocations during build

All vDSO code needs to be completely position independent.
Symbol references are marked as hidden so the compiler is forced to emit
PC-relative relocations.
If the compiler does however emit an absolute relocation this will be
resolved by the linker and break at runtime.

Introduce a build-time check for absolute relocations.
The check is done on the object files as the relocations will not exist
anymore in the final DSO. As there is no extension point for the
compilation of each object file perform the validation in vdso_check.

Link: https://lore.kernel.org/lkml/aApGPAoctq_eoE2g@t14ultra/
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
---
 lib/vdso/Makefile.include | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/vdso/Makefile.include b/lib/vdso/Makefile.include
index cedbf15f80874d4bb27c097244bc5b11272f261c..18fcc94e4d6bf7abf374c7a953349e7ad75f8a18 100644
--- a/lib/vdso/Makefile.include
+++ b/lib/vdso/Makefile.include
@@ -12,7 +12,12 @@ c-getrandom-$(CONFIG_VDSO_GETRANDOM) := $(addprefix $(GENERIC_VDSO_DIR), getrand
 #
 # As a workaround for some GNU ld ports which produce unneeded R_*_NONE
 # dynamic relocations, ignore R_*_NONE.
+#
+# Also validate that no absolute relocations are present in the object files themselves.
 quiet_cmd_vdso_check = VDSOCHK $@
       cmd_vdso_check = if $(READELF) -rW $@ | grep -v _NONE | grep -q " R_\w*_"; \
 		       then (echo >&2 "$@: dynamic relocations are not supported"; \
+			     rm -f $@; /bin/false); fi && \
+		       if $(READELF) -rW $(filter %.o, $(real-prereqs)) | grep -q " R_\w*_ABS"; \
+		       then (echo >&2 "$@: absolute relocations are not supported"; \
 			     rm -f $@; /bin/false); fi

-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ