Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4638070ybv; Tue, 11 Feb 2020 00:16:29 -0800 (PST) X-Google-Smtp-Source: APXvYqyGuEWSmLGDL8suuQsFaUHluzfyl0B/LryCtbwOp8KmBMQIcIzuRSVJPyabmr8qpCuBt3yJ X-Received: by 2002:a05:6830:1:: with SMTP id c1mr3991266otp.254.1581408989229; Tue, 11 Feb 2020 00:16:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581408989; cv=none; d=google.com; s=arc-20160816; b=qwPP1tGy+kejAGhuFXMNfCz89WBoJYNR7cX65fegqTS9p4KJZ/NjU0iegmUzjVuvyp 23PQbPX/qWbk8Zo4t9OmCUzmEhhWE+mRFIHmMbhmOIglLj8Idy9Gz1UceGTNIkfeMxaw FSqdO4QP6Hi89mrBZMPAygsXtYPBgYPtECtsHZAuwA68W+HCMeyLaPmte+WNVy+OVnZJ wcrYcwuvFp5Q8AqtvhTxq8lXf+nGCSDrhqahy1LXJGnS3RdzTwd6vpqhyYaywEctReso fbQT8/zlhxhtXiQLo7GE4B3mj3FQQ247+NtMoZwdk/IY9Yi1MAn3qbqo8A9Ze59pFgsj Vb4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=JYZUJREDEE9g54q7OqZkjYWU4pIAXyPMj6QVRJEVGV8=; b=fOW2rXD83qg/SZqGXI1T6MHhb/KXxy6kURnq7IpsQq7xWLAuX2y4NGKCecaWCRSalZ K5YdqBGjzKTDy0d4SIeMbe7Heq7rm/NdA2YuVXRU1kGSMrfJiUyeipQwAfQ1MP2XK5Us Uq/jdxs9YaA7BLdlROH1D0xgN+oi3P2tx+tQPku2hYnnW/ITkeR5HiOMZVfsKz9ZjCvH 7/iZipabTq+a85dJfpSvHmlO++PrWLyzIVSvrDTBNw7FHtYfAJAyxdOIgGke37H0BjV6 bddEspsXuDIjRXoMHVDZdWaY1kAiabEUyhOeHN2wgNOVHmb7b2J2UebA/stPYU9v8h0N +7KA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=E+2NdbO7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e26si1384159oii.88.2020.02.11.00.16.17; Tue, 11 Feb 2020 00:16:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=E+2NdbO7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727898AbgBKIQK (ORCPT + 99 others); Tue, 11 Feb 2020 03:16:10 -0500 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:21727 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727613AbgBKIQK (ORCPT ); Tue, 11 Feb 2020 03:16:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581408968; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JYZUJREDEE9g54q7OqZkjYWU4pIAXyPMj6QVRJEVGV8=; b=E+2NdbO7OSBaimDln9BdPyHviIZFHCrWA32wJnkqgS2OStD3uoZ00l7CssjN0MyCp+JJIO 1p1iUimTRY+d8OpcGsXahTgR8NYpzI341HKDoHbt9zW+LxPYpbk+QT7lcruDHxAFVn+dgl C5yymjL6kc1vI6cjlz8B9nZGYNrBea8= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-15-EE9Lv7rsOYqhD0rJq2PhyA-1; Tue, 11 Feb 2020 03:16:05 -0500 X-MC-Unique: EE9Lv7rsOYqhD0rJq2PhyA-1 Received: by mail-wm1-f70.google.com with SMTP id p2so732207wma.3 for ; Tue, 11 Feb 2020 00:16:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=JYZUJREDEE9g54q7OqZkjYWU4pIAXyPMj6QVRJEVGV8=; b=HhtTlpilTuIoE0FDDwCU6qi6RCCUIP4VQIRnn/wxQ9115fPkLFdwVeuDSDvRf2jEUN kmeiJCVMQh7L0mQpTDVZlxTNSE/uqBhjMqBFQV8zZmSnI513zTeY2PQjeR4yumnffQ3a izKwldcm20Fqcb19N1dKJ5y6rGK8P+2uK9aHlx3NIYixHPDyjhsD5ICaZmeFvQ/nhzUK IMuKO8Ff+tFoj8RFmJIF6B7zgwhEXyl4cllo6v7dOELh0ktTw07HnSGMY8cdJS8+JGCU ZDYvuozFxjpgbYjMPPY8vTbf7Cp0M60OJA/axi/GDhBeCQV/bVgIw8DcvPnC8PK5Kuyu AI3Q== X-Gm-Message-State: APjAAAUNBPnzNR56qdUY43CK3BYS5xThLaKSinLxXd64yOcsMf7rZQnp fKoVLTBn3Zx4eLbBUnnNeV32lAitWyXLrEOVV3DlGkasdBvKM7a7ewkuxNjvNnsHJNHCW5UzoiY sgbByK04jJEPuzibNFKZ6Kz8q X-Received: by 2002:a1c:f009:: with SMTP id a9mr4124569wmb.73.1581408963953; Tue, 11 Feb 2020 00:16:03 -0800 (PST) X-Received: by 2002:a1c:f009:: with SMTP id a9mr4124530wmb.73.1581408963664; Tue, 11 Feb 2020 00:16:03 -0800 (PST) Received: from ?IPv6:2a01:cb14:58d:8400:ecf6:58e2:9c06:a308? ([2a01:cb14:58d:8400:ecf6:58e2:9c06:a308]) by smtp.gmail.com with ESMTPSA id y8sm2681250wma.10.2020.02.11.00.16.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 11 Feb 2020 00:16:02 -0800 (PST) Subject: Re: [PATCH 3/3] objtool: Add relocation check for alternative sections To: Josh Poimboeuf , x86@kernel.org Cc: linux-kernel@vger.kernel.org, Borislav Petkov , Peter Zijlstra , Linus Torvalds References: <7b90b68d093311e4e8f6b504a9e1c758fd7e0002.1581359535.git.jpoimboe@redhat.com> From: Julien Thierry Message-ID: <1bc9dfd5-0652-c5e1-7ab2-cdd025edc01b@redhat.com> Date: Tue, 11 Feb 2020 08:16:01 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <7b90b68d093311e4e8f6b504a9e1c758fd7e0002.1581359535.git.jpoimboe@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/10/20 6:32 PM, Josh Poimboeuf wrote: > Relocations in alternative code can be dangerous, because the code is > copy/pasted to the text section after relocations have been resolved, > which can corrupt PC-relative addresses. > > However, relocations might be acceptable in some cases, depending on the > architecture. For example, the x86 alternatives code manually fixes up > the target addresses for PC-relative jumps and calls. > > So disallow relocations in alternative code, except where the x86 arch > code allows it. > > This code may need to be tweaked for other arches when objtool gets > support for them. > > Suggested-by: Linus Torvalds > Signed-off-by: Josh Poimboeuf > --- > tools/objtool/check.c | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > diff --git a/tools/objtool/check.c b/tools/objtool/check.c > index 5ea2ce7ed8a3..2d52a40e6cb9 100644 > --- a/tools/objtool/check.c > +++ b/tools/objtool/check.c > @@ -786,6 +786,27 @@ static int handle_group_alt(struct objtool_file *file, > insn->ignore = orig_insn->ignore_alts; > insn->func = orig_insn->func; > > + /* > + * Since alternative replacement code is copy/pasted by the > + * kernel after applying relocations, generally such code can't > + * have relative-address relocation references to outside the > + * .altinstr_replacement section, unless the arch's > + * alternatives code can adjust the relative offsets > + * accordingly. > + * > + * The x86 alternatives code adjusts the offsets only when it > + * encounters a branch instruction at the very beginning of the > + * replacement group. Yes, arm64 is a bit more permissive regarding this although it does disallow some patterns. I guess once we introduce other archs there should be some function: bool arch_validate_alt_insn(struct instruction *new, struct instruction *new, struct special_alt *alt); > + */ > + if ((insn->offset != special_alt->new_off || > + (insn->type != INSN_CALL && !is_static_jump(insn))) && > + find_rela_by_dest_range(insn->sec, insn->offset, insn->len)) { > + > + WARN_FUNC("unsupported relocation in alternatives section", > + insn->sec, insn->offset); > + return -1; > + } > + > if (!is_static_jump(insn)) > continue; > > Reviewed-by: Julien Thierry Cheers, -- Julien Thierry