Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp723743pxf; Wed, 31 Mar 2021 14:36:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKlDxm4G4+DF4HJzpxO+CU93rjxgszkqN5jEx043Y5NOiYRShdmecQfOLcgicyGkXB1xyQ X-Received: by 2002:a17:906:fcd2:: with SMTP id qx18mr5657932ejb.327.1617226579506; Wed, 31 Mar 2021 14:36:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617226579; cv=none; d=google.com; s=arc-20160816; b=vFeqe41zsks0Zg5vgu1skMuVoPALkJji5BYJ2ipW/KapuC4btWokPvTbz5wA9R9AyE u6e3UmSsswNzpW+nRtMJyRMGh93YPEOQzg7ooh0TKaEkIz+chVVqp9tBYNDRBpJMfFD4 mTBm03ww2zs5aauTDWUZfs97WLUCcc6ka7WjvPfXqXxja1gLZoVcGVAzujDpuCIlxcri CJ1gYYMwyWX0OMLL1boUiZHAU/5evz2UpVPeBmPLY9UPe3TLKTJtIMG1KBZ//nh/836o O2mYmPLetsRVZ1ryY6oKAD3Qd8wjddniqurdpbj9AZCFM6x6vCIYa2vqvv/YqltUVoSM 0SBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=lJzARyoTFHSeDeqATvX4eu9oF56GjO0aovkcTYMeCXE=; b=bi54S6Dr3Mibpb106XP6FODmm76QFTGBAMlrfeA0fsnQTdbv3NAJTFtwiB1h6LM+7l bmZyl2dRaBLyVsrjSs4AVR9Lol93lCkHcNzd+rAl1ACABa1YY9vKGLHtAhjM0NqgQA5g h0AWGqjQhZxJLfYakXsTqj0qJcZKQfd7z7MHRYkUowt/DN7Ms9p8w1mdfd7iaiCQtYTt YnQk9UCn1jtA34EvSMGqsPZPfCnkk+BIYJa2xWhtQtwNHQaecerS7oii9c9NWLWhGZkG lYDK5N8wsnEg/fckf4k54zthpeuK63Fke4K/2eS/fKebuDOuI/Jsxno74A+oKKDB+CCn 6/0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EkwKQyMZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h20si2808190edq.97.2021.03.31.14.35.56; Wed, 31 Mar 2021 14:36:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EkwKQyMZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232109AbhCaV2g (ORCPT + 99 others); Wed, 31 Mar 2021 17:28:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232103AbhCaV1f (ORCPT ); Wed, 31 Mar 2021 17:27:35 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BD8AC0613DA for ; Wed, 31 Mar 2021 14:27:32 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id i6so3683502ybk.2 for ; Wed, 31 Mar 2021 14:27:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=lJzARyoTFHSeDeqATvX4eu9oF56GjO0aovkcTYMeCXE=; b=EkwKQyMZdT5HfDUmkAZVrW7DWLH3qdU+R/FHZTPqq5IKj3NSExJ7rO5G826Zfp25Du 4SeLWwQdtvXJZTK7h4ZZ28yesbAdVRYaYD0+nkzkzzHCLmsSAl5G+DxlpNEm8A2HbV14 tjDJKbgnnBAN8zUjWqqu5EfJrrMMTPcc3Vp3MbyGSfKz3w+5QkjRKPTYJiaUHVyIfGAH Uw2KSLbyUziDQJrTtbRd5qayoZXfFGV/ul1u7MZ+aVnD/YxBbkoVM8AG04ixf/ZBdxFM lnSgkOrXFZ4W6piai3EFaSnpzVwD5YS8KMAEeWGT9UwcCv3eo8BVkIjR90//1hltbdO1 WtJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=lJzARyoTFHSeDeqATvX4eu9oF56GjO0aovkcTYMeCXE=; b=aENOFoPn0n7jpyVB2GoxC5/turMy2vCwsnlRco8+kqEBVxpge0ebtn9PsdhOHrF0LN Nkb5htWjSdKCx1hwUKBnttJ4fAhu+gDfoXQ99x6XzRSt7A0LHJZFAKpFyvfXNt7xj+sv A5nbwgShdlOTaZpKh4lLUeOrL+qR8++3rWmrLKJZuj8otW3X1ZzRtVAP7OkSDroSV5KX uht923sFLnHLj19ijCsNPx9GH5uhiRtPwTR/p1MjSEOMs1gNpIt5AlvbQn1yzn97xxGj J2V5MiOJUMrQM9LqNd715k05MCQNQ/RwEhLB+AacaK8aklOzkNtL/ZaRC5CuV2bqgsgZ nR1A== X-Gm-Message-State: AOAM531C+UxhfajBbhEmQkwD0ut4cVwbwlphNAVYbgjwgnWoNpy4PAc9 2SSzMJ9L47IYziYtfKwRx5BVXTK0q3SuwQi07uE= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:7933:7015:a5d5:3835]) (user=samitolvanen job=sendgmr) by 2002:a25:5006:: with SMTP id e6mr7725488ybb.109.1617226051633; Wed, 31 Mar 2021 14:27:31 -0700 (PDT) Date: Wed, 31 Mar 2021 14:27:08 -0700 In-Reply-To: <20210331212722.2746212-1-samitolvanen@google.com> Message-Id: <20210331212722.2746212-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20210331212722.2746212-1-samitolvanen@google.com> X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [PATCH v4 04/17] module: ensure __cfi_check alignment From: Sami Tolvanen To: Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , "Paul E. McKenney" , Christoph Hellwig , Peter Zijlstra , Sedat Dilek , bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CONFIG_CFI_CLANG_SHADOW assumes the __cfi_check() function is page aligned and at the beginning of the .text section. While Clang would normally align the function correctly, it fails to do so for modules with no executable code. This change ensures the correct __cfi_check() location and alignment. It also discards the .eh_frame section, which Clang can generate with certain sanitizers, such as CFI. Link: https://bugs.llvm.org/show_bug.cgi?id=46293 Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Acked-by: Jessica Yu --- scripts/module.lds.S | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 168cd27e6122..2ba9e5ce71df 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,10 +3,21 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ +#include + +#ifdef CONFIG_CFI_CLANG +# define ALIGN_CFI ALIGN(PAGE_SIZE) +# define SANITIZER_DISCARDS *(.eh_frame) +#else +# define ALIGN_CFI +# define SANITIZER_DISCARDS +#endif + SECTIONS { /DISCARD/ : { *(.discard) *(.discard.*) + SANITIZER_DISCARDS } __ksymtab 0 : { *(SORT(___ksymtab+*)) } @@ -40,7 +51,14 @@ SECTIONS { *(.rodata..L*) } - .text : { *(.text .text.[0-9a-zA-Z_]*) } + /* + * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning + * of the .text section, and is aligned to PAGE_SIZE. + */ + .text : ALIGN_CFI { + *(.text.__cfi_check) + *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) + } } /* bring in arch-specific sections */ -- 2.31.0.291.g576ba9dcdaf-goog