Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp752034ybz; Wed, 15 Apr 2020 18:10:47 -0700 (PDT) X-Google-Smtp-Source: APiQypLr97RCrcbmLlKnq/XGuteS9owRu10T2a3ywURu04ntW6vuilXn2gLEsuZs23Jun+FDNQ/f X-Received: by 2002:a05:6402:1b0b:: with SMTP id by11mr8787294edb.269.1586999447829; Wed, 15 Apr 2020 18:10:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586999447; cv=none; d=google.com; s=arc-20160816; b=DPSpcDzaeR2SzPOznG4DDdioWBv5xrOtUHblMOGOAiN4koGmB8ysi+YhhnqTgQcEaU F7O0X8yWS0AAZhInn4drBCP1qpAnwD+1lRn2BUdALAtDzA5LuN7KRPK5REtChDHVYbFA UA/nAB6IbHMnG6KgdnCM7ByE99Brk/Ycd3vj2ZV2UhHG2eECRQ3G1Usjw8HoYgX4Aeg4 CMWnYNolcwHfPGk0MGQcPIquUEVeoBCdU8kb1bP94nuIkjukuE2dX1FF8nA2q9rb1d9G i/fehW/eInL0VTJJVyuOSL7KWlBWDMldfDYuly8mBuFPxXOd2UMOIhzO55jLwnWAEhdF PZbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=2JQSlZ1W3SrozpG9A6SDaTih4aL70//uRk39USyyu2w=; b=oM7P7sAcqo5IbdRgFW4kH0y3Fa+1ORpXMZUlOv24XaMUcqRCavxej3o5agf99ziH8K b/x+Y0PjIpGOejnKuemLpGOlN5q4RoDfOaS5SRj0mpHZIonA7B9fuVsOZ6fxCyMJDEMW 3wtMW/DSOZgYTRbHOhazs7fpGYf53654bz6AotJmAcwHOULLf2pHFRHIBoF3vL0GKnkA IuLiMnT/5TJnx8BlegLqCanCxKCu9mReACxXpk02xxClnPEY6YWsQonHdnGJZvXZI7Ju sv/7KQGuPQnooY8LfAfTD9uanCykKZdL6jeRKKQcKFrRNlitWqZIOFnmbRFGcpSN7jHH IxXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b24si6228485edy.239.2020.04.15.18.10.18; Wed, 15 Apr 2020 18:10:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392758AbgDOVH4 (ORCPT + 99 others); Wed, 15 Apr 2020 17:07:56 -0400 Received: from mga03.intel.com ([134.134.136.65]:64170 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2442239AbgDOVFw (ORCPT ); Wed, 15 Apr 2020 17:05:52 -0400 IronPort-SDR: fxBEaHaXSnz26FjfrYl4Sfd+2Hf8AOSyiOtmHozF+NWzZD/nY7oSsYhlXg8xZiU2RNhCqqGIBU algcXo2dnQBg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2020 14:05:36 -0700 IronPort-SDR: Pd5FXZ1DHtmqsTzzEGneI+AukZ0+A0Bf0LYvjbY9bf7SPzF4lD6SYpu82EIKfwIeloqliOo7Il OcGaZg3UxXyw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,388,1580803200"; d="scan'208";a="455035620" Received: from kcaccard-mobl.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.209.116.191]) by fmsmga006.fm.intel.com with ESMTP; 15 Apr 2020 14:05:34 -0700 From: Kristen Carlson Accardi To: keescook@chromium.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com Cc: arjan@linux.intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, rick.p.edgecomb@intel.com Subject: [PATCH 8/9] kallsyms: hide layout Date: Wed, 15 Apr 2020 14:04:50 -0700 Message-Id: <20200415210452.27436-9-kristen@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200415210452.27436-1-kristen@linux.intel.com> References: <20200415210452.27436-1-kristen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To support finer grained kaslr (fgkaslr), we need to hide our sorted list of symbols, since this will give away our new layout. This patch makes /proc/kallsyms only visible to priviledged users. Signed-off-by: Kristen Carlson Accardi --- kernel/kallsyms.c | 138 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 137 insertions(+), 1 deletion(-) diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c index 16c8c605f4b0..861972b6a879 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -25,6 +25,7 @@ #include #include #include +#include /* * These will be re-linked against their real values @@ -446,6 +447,11 @@ struct kallsym_iter { int show_value; }; +struct kallsyms_iter_list { + struct kallsym_iter iter; + struct list_head next; +}; + int __weak arch_get_kallsym(unsigned int symnum, unsigned long *value, char *type, char *name) { @@ -660,6 +666,121 @@ int kallsyms_show_value(void) } } +static int sorted_show(struct seq_file *m, void *p) +{ + struct list_head *list = m->private; + struct kallsyms_iter_list *iter; + int rc; + + if (list_empty(list)) + return 0; + + iter = list_first_entry(list, struct kallsyms_iter_list, next); + + m->private = iter; + rc = s_show(m, p); + m->private = list; + + list_del(&iter->next); + kfree(iter); + + return rc; +} + +static void *sorted_start(struct seq_file *m, loff_t *pos) +{ + return m->private; +} + +static void *sorted_next(struct seq_file *m, void *p, loff_t *pos) +{ + struct list_head *list = m->private; + + (*pos)++; + + if (list_empty(list)) + return NULL; + + return p; +} + +static const struct seq_operations kallsyms_sorted_op = { + .start = sorted_start, + .next = sorted_next, + .stop = s_stop, + .show = sorted_show +}; + +static int kallsyms_list_cmp(void *priv, struct list_head *a, + struct list_head *b) +{ + struct kallsyms_iter_list *iter_a, *iter_b; + + iter_a = list_entry(a, struct kallsyms_iter_list, next); + iter_b = list_entry(b, struct kallsyms_iter_list, next); + + return strcmp(iter_a->iter.name, iter_b->iter.name); +} + +int get_all_symbol_name(void *data, const char *name, struct module *mod, + unsigned long addr) +{ + unsigned long sym_pos; + struct kallsyms_iter_list *node, *last; + struct list_head *head = (struct list_head *)data; + + node = kmalloc(sizeof(*node), GFP_KERNEL); + if (!node) + return -ENOMEM; + + if (list_empty(head)) { + sym_pos = 0; + memset(node, 0, sizeof(*node)); + reset_iter(&node->iter, 0); + node->iter.show_value = kallsyms_show_value(); + } else { + last = list_first_entry(head, struct kallsyms_iter_list, next); + memcpy(node, last, sizeof(*node)); + sym_pos = last->iter.pos; + } + + INIT_LIST_HEAD(&node->next); + list_add(&node->next, head); + + /* + * update_iter returns false when at end of file + * which in this case we don't care about and can + * safely ignore. update_iter() will increment + * the value of iter->pos, for ksymbol_core. + */ + if (sym_pos >= kallsyms_num_syms) + sym_pos++; + + (void) update_iter(&node->iter, sym_pos); + + return 0; +} + +static int kallsyms_sorted_open(struct inode *inode, struct file *file) +{ + int ret; + struct list_head *list; + + list = __seq_open_private(file, &kallsyms_sorted_op, sizeof(*list)); + if (!list) + return -ENOMEM; + + INIT_LIST_HEAD(list); + + ret = kallsyms_on_each_symbol(get_all_symbol_name, list); + if (ret != 0) + return ret; + + list_sort(NULL, list, kallsyms_list_cmp); + + return 0; +} + static int kallsyms_open(struct inode *inode, struct file *file) { /* @@ -704,9 +825,24 @@ static const struct proc_ops kallsyms_proc_ops = { .proc_release = seq_release_private, }; +static const struct proc_ops kallsyms_sorted_proc_ops = { + .proc_open = kallsyms_sorted_open, + .proc_read = seq_read, + .proc_lseek = seq_lseek, + .proc_release = seq_release_private, +}; + static int __init kallsyms_init(void) { - proc_create("kallsyms", 0444, NULL, &kallsyms_proc_ops); + /* + * When fine grained kaslr is enabled, we need to + * print out the symbols sorted by name rather than by + * by address, because this reveals the randomization order. + */ + if (!IS_ENABLED(CONFIG_FG_KASLR)) + proc_create("kallsyms", 0444, NULL, &kallsyms_proc_ops); + else + proc_create("kallsyms", 0444, NULL, &kallsyms_sorted_proc_ops); return 0; } device_initcall(kallsyms_init); -- 2.20.1