Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp826691pxf; Thu, 18 Mar 2021 12:29:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0sV6FXwMN6LVlzRyJ1fpiV72vMP/aeIed2eqrPeItXrJz7n3UmLvVJMhAFBJJCMawzjVU X-Received: by 2002:a17:906:25c4:: with SMTP id n4mr144875ejb.359.1616095782304; Thu, 18 Mar 2021 12:29:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616095782; cv=none; d=google.com; s=arc-20160816; b=RrF1t1eSxWR1kKgVGxLnIreCcjkfMByTvBMaO3Wk/vBdJiA2m5/Hvn+GfUUTOIW4DK 6wrPeyFsPIxWEtPWkBDBD75QK6Ab60TGfXujflhub7zfcAo7E/CtTokYQf0V3ovU04PO xn3Np8EkYbUJqpmIMYaPYyQ/RqQdLd7zjDTZnDNU4CezNxQw9CZZVwdGQH1KGZjaVzts 0q0sU+Kw4aWDzghqnOGfr3lPvYHPNBNPRShXfarOu0nd/wHJEXJWibCOYalWCnDeunMk k4lHyaVZvkL0aojaptGhr5jsPTjkV/OBZ/0mRg2iK+PlRoTo37nwRFCf3Pj5mb6RIFpy zuCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=fspya4XBtFR7Kjia5AOXCu2vMjqacQ/eg21hgvTyIiA=; b=B913U3UAPtP3TpWV5pBHJ0cPKtZvDOqtVYQIHBtCxMryni9NPy5QkVSxVBZ3Rm+qsq xrHseNGq9WOKTUp24rrod3L/SQ1r97fNUreZc2cGOEMQWQ4WYFKVHyHFwMce8BKAiskc xbFAgHjEPqXJpBoHW3zZJxjJIJg2+zT5C6x1v3zauyBHbk+JG6ScsTv4YnVnE80UUAU/ lycmv+7i1FOE9m+w+wYKT+tMk3vnO6aBnIkBUQxJprjEizgUEfihWhoBuZ89MuQjYFuL NFDusVVP5xEiGJt55wZBtT7ju/dMbujKz04oGN1WEle1jpkxGmg0Yy1w+xsF9t5ixm1S 5CVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=V0zGJmtj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f12si2195490ejx.75.2021.03.18.12.29.18; Thu, 18 Mar 2021 12:29:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=V0zGJmtj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232674AbhCRT2X (ORCPT + 99 others); Thu, 18 Mar 2021 15:28:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229958AbhCRT15 (ORCPT ); Thu, 18 Mar 2021 15:27:57 -0400 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B280C06174A for ; Thu, 18 Mar 2021 12:27:56 -0700 (PDT) Received: by mail-lf1-x131.google.com with SMTP id w37so6356505lfu.13 for ; Thu, 18 Mar 2021 12:27:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fspya4XBtFR7Kjia5AOXCu2vMjqacQ/eg21hgvTyIiA=; b=V0zGJmtjfeUxAzYW2JbBAD59Y6NFskvJjGprJjF5sRu1F7yND0V/Ocx2wCviLvTJqS 2iwD++kbQJ8uatls/4I4kAMuA5pliKsV0PGcuKvjtjimeorSf7fD/SyrkWSG6LaU9kFp uOqEA6rQcj02QEEz565bO3ofLdjyfKvBy6chVF2qpDpm9ctaVp5XaZJt2kCHru35NhPC 6t0Wk+Kp6RuXDHNUr/Xdfi4KhAr334sWMxO7Ci4gVb01vkBuSI20u0lzzrm8VOgYkNh3 bPG/VCgWtabQQ1lP/K4RMFSESYslBiEH2U243vQuv7EPAAG9aCWRBl8QnhlceiFUwWoK MIag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fspya4XBtFR7Kjia5AOXCu2vMjqacQ/eg21hgvTyIiA=; b=bVorFDKI+oaFrvXsNzVzP+kUE0dnrU2CiYzcF0A1czVEdcKuRppywYhhPOn5LMK8FN 0ZpRnlw1IL/Ig6ne2+edSYxqgR8DUVsuE67sN2Y4q3AScg2GMnMrO6e5F1gjoi7tjGsz U8ssnxD0W5Js0iRGkzFHWmF38x1jSRE+hv4Jo9dGbJwQu2HZH50VA5RNmod+m5xupBku G7dwyUbvXbDAxmSUZAfIkzc0uoe6KQTT6chQX5kzc1JVq2bxKKm4kd2UvxkPo0nan2f4 dyMiOrJ5yu1UooFxRkHB1+J6zod+wl9Tk4PgfRaSP3Bn/DOS0UjbLN21tPovIJWxZJQv Jdtw== X-Gm-Message-State: AOAM530wHx5IEvr+iBE96NQPrJ3wU2zDs6NRTn9UKOoPeKF6eGlOsjdZ HXj1FNCoUdsbyXvjI2RgdOhgNgZIv2ROWO5G5x1pdw== X-Received: by 2002:a05:6512:94d:: with SMTP id u13mr4465444lft.368.1616095674888; Thu, 18 Mar 2021 12:27:54 -0700 (PDT) MIME-Version: 1.0 References: <20210318171111.706303-1-samitolvanen@google.com> <20210318171111.706303-5-samitolvanen@google.com> In-Reply-To: <20210318171111.706303-5-samitolvanen@google.com> From: Nick Desaulniers Date: Thu, 18 Mar 2021 12:27:43 -0700 Message-ID: Subject: Re: [PATCH v2 04/17] module: ensure __cfi_check alignment To: Sami Tolvanen Cc: Kees Cook , Nathan Chancellor , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , "Paul E. McKenney" , Christoph Hellwig , bpf , linux-hardening@vger.kernel.org, linux-arch , Linux ARM , Linux Kbuild mailing list , PCI , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 18, 2021 at 10:11 AM Sami Tolvanen wrote: > > CONFIG_CFI_CLANG_SHADOW assumes the __cfi_check() function is page > aligned and at the beginning of the .text section. While Clang would > normally align the function correctly, it fails to do so for modules > with no executable code. > > This change ensures the correct __cfi_check() location and > alignment. It also discards the .eh_frame section, which Clang can > generate with certain sanitizers, such as CFI. > > Link: https://bugs.llvm.org/show_bug.cgi?id=46293 > Signed-off-by: Sami Tolvanen > --- > scripts/module.lds.S | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > > diff --git a/scripts/module.lds.S b/scripts/module.lds.S > index 168cd27e6122..93518579cf5d 100644 > --- a/scripts/module.lds.S > +++ b/scripts/module.lds.S > @@ -3,10 +3,19 @@ > * Archs are free to supply their own linker scripts. ld will > * combine them automatically. > */ > +#include > + > +#ifdef CONFIG_CFI_CLANG > +# define ALIGN_CFI ALIGN(PAGE_SIZE) > +#else > +# define ALIGN_CFI > +#endif > + > SECTIONS { > /DISCARD/ : { > *(.discard) > *(.discard.*) > + *(.eh_frame) Do we want to unconditionally discard this section from modules for all arches/configs? I like how we conditionally do so on SANITIZER_DISCARDS in include/asm-generic/vmlinux.lds.h for example. > } > > __ksymtab 0 : { *(SORT(___ksymtab+*)) } > @@ -40,7 +49,14 @@ SECTIONS { > *(.rodata..L*) > } > > - .text : { *(.text .text.[0-9a-zA-Z_]*) } > + /* > + * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning > + * of the .text section, and is aligned to PAGE_SIZE. > + */ > + .text : ALIGN_CFI { > + *(.text.__cfi_check) > + *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) > + } > } > > /* bring in arch-specific sections */ > -- > 2.31.0.291.g576ba9dcdaf-goog > -- Thanks, ~Nick Desaulniers