Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp787859ybv; Wed, 5 Feb 2020 14:41:02 -0800 (PST) X-Google-Smtp-Source: APXvYqwAN1kkFIm+4LDC7Zktyl4nHY0LIAVbta7kOQS2X7pAsmLjckGGOA8mQgURQTqstGlZ9pE7 X-Received: by 2002:a9d:7ccd:: with SMTP id r13mr27027879otn.56.1580942461885; Wed, 05 Feb 2020 14:41:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580942461; cv=none; d=google.com; s=arc-20160816; b=rE7qUwgYP+/vhGbuts0JFSxFx+qRGLMANRI6q06oL1TaTXRDjvrNldI+7u42iMZmnP hOAa6Gb8QVYcsepVwOwwFwJJxFmSqRKOW+NfOc6O/gxDBGQ4UsWSdnAiXI2aYkaKtITv dZJJLyCrArdECz3gctJwvdm5bi8dEeuMEzwr431e4lM0yVv6Z/+B5zEI2O1yzuQAxpe5 aQcD+MdkpdKYWBe5ZoB1B6RI5Tn/3KLOt4RTNFJ5wNMyzw2+sC0KCpvB1zme8e552V6o FVozAQkRI3XC1FNP5zy+XdyAJBznNWi6EMJTn/WEKyu9UNPTDb2WjZV/ofjdUl3cn5lz 7fDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=wc6z+uYhkLbqrRgKMwzvtXhMhk0/9Xkp27YchflF7xU=; b=m92kQCVnXWwG2Y5YwE0cTpb2E6rW6H+U3uBtsSDNfzy/yA/J/6vq3xtUt06Cr6HsUG kLlkdw+6xJ4ZiuZ5aDB6ArDyHXuUQS+K6Aiq8RCFsl6TFRgsG5KhEWn7rGhSgS5CBeBM S+xrpr4lH7Eqy/zY7GxqE+czrgrw0bPr4KS2nbw491pCcTqryxtEJTGmkO4ecAO+3mi9 ABOK1j8uurQ9Vzff3P+ZeDSnQyB8I7XNnALJ/xlyz9mWxQJkxLwdU+fQX3FSCYQdMg2k OvlAf2y0C8lrXTJbF1PqEOX9LL3aJ30/sV0WovyuNRRdRvWxu7zEyiyDgSXnqEtRPE9p ZAhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f17si641233oto.85.2020.02.05.14.40.49; Wed, 05 Feb 2020 14:41:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727589AbgBEWjn (ORCPT + 99 others); Wed, 5 Feb 2020 17:39:43 -0500 Received: from mga02.intel.com ([134.134.136.20]:60116 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727538AbgBEWji (ORCPT ); Wed, 5 Feb 2020 17:39:38 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2020 14:39:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,407,1574150400"; d="scan'208";a="225092462" Received: from unknown (HELO localhost.jf.intel.com) ([10.54.75.26]) by fmsmga007.fm.intel.com with ESMTP; 05 Feb 2020 14:39:37 -0800 From: Kristen Carlson Accardi To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, arjan@linux.intel.com, keescook@chromium.org Cc: rick.p.edgecombe@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Kristen Carlson Accardi Subject: [RFC PATCH 09/11] kallsyms: hide layout and expose seed Date: Wed, 5 Feb 2020 14:39:48 -0800 Message-Id: <20200205223950.1212394-10-kristen@linux.intel.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200205223950.1212394-1-kristen@linux.intel.com> References: <20200205223950.1212394-1-kristen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To support finer grained kaslr (fgkaslr), we need to make a couple changes to kallsyms. Firstly, we need to hide our sorted list of symbols, since this will give away our new layout. Secondly, we will export the seed used for randomizing the layout so that it can be used to make a particular layout persist across boots for debug purposes. Signed-off-by: Kristen Carlson Accardi --- kernel/kallsyms.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c index 136ce049c4ad..432b13a3a033 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -698,6 +698,21 @@ const char *kdb_walk_kallsyms(loff_t *pos) } #endif /* CONFIG_KGDB_KDB */ +#ifdef CONFIG_FG_KASLR +extern const u64 fgkaslr_seed[] __weak; + +static int proc_fgkaslr_show(struct seq_file *m, void *v) +{ + seq_printf(m, "%llx\n", fgkaslr_seed[0]); + seq_printf(m, "%llx\n", fgkaslr_seed[1]); + seq_printf(m, "%llx\n", fgkaslr_seed[2]); + seq_printf(m, "%llx\n", fgkaslr_seed[3]); + return 0; +} +#else +static inline int proc_fgkaslr_show(struct seq_file *m, void *v) { return 0; } +#endif + static const struct file_operations kallsyms_operations = { .open = kallsyms_open, .read = seq_read, @@ -707,7 +722,20 @@ static const struct file_operations kallsyms_operations = { static int __init kallsyms_init(void) { - proc_create("kallsyms", 0444, NULL, &kallsyms_operations); + /* + * When fine grained kaslr is enabled, we don't want to + * print out the symbols even with zero pointers because + * this reveals the randomization order. If fg kaslr is + * enabled, make kallsyms available only to privileged + * users. + */ + if (!IS_ENABLED(CONFIG_FG_KASLR)) + proc_create("kallsyms", 0444, NULL, &kallsyms_operations); + else { + proc_create_single("fgkaslr_seed", 0400, NULL, + proc_fgkaslr_show); + proc_create("kallsyms", 0400, NULL, &kallsyms_operations); + } return 0; } device_initcall(kallsyms_init); -- 2.24.1