Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp732285pxf; Thu, 8 Apr 2021 11:30:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyU8He1a8ty/wyQ/sy4gcrkOS3gBQOChgS+muaV05AtytivFjgbFpLy9bzL1ntOvarpP+38 X-Received: by 2002:a17:90b:300c:: with SMTP id hg12mr9485014pjb.165.1617906612344; Thu, 08 Apr 2021 11:30:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617906612; cv=none; d=google.com; s=arc-20160816; b=arZSIklfG8o5ntSSTzaSbaWOzEg6V48zgSuR+AzH0oyCFT3Vz6xPnNsPixSbRmou1c CVPLtZc2at7VgbrIyMCQPMhZOjFPBzKtMCQR1WimC7NIEQ70EUNg/vWfWDp/u38lFcMs K4Fd8SEU9itXZjv66Gt+m9C1+/zfD3MWNH1lxeiqO+zr/20im+1dCyusilJDWw2i56n+ H/4z9Yh0L1R7KB7H4pZee4umaV+shfa8UixkqsU2RRcrgn8itZxHCsammG0e0q29+sqe mKIF4LVSmt4dfQZjigEU92C2tSy5pXDfn9tP5AoFwk0OGnJEq1dQWCihOWnQxuxT30vg 4YTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=eRIdrbJ2jhHVLL9Tut/j9YYL8eIOqR89a+xPlg5BO0U=; b=01g2KU280Aq5nE0i7BnOScDnhE7QWs+C4j8bdRUrxIrU4zRsyqGvlBkNPe/rhpd8fF xKtAiI56/8fjtRrMWGDr4RACyNpNh5nvtjCBNvX11Ifor2IikMZuAl/5klCtal1vghxx bfrvt+X7tdIYcZY1Vu6iIsb1Mpo6r5U6c/jCeJRt8InqJkvw5ZfMmiS0uGHSuyKIDEEm eAgCea0fiRKcQkVASFU4rcxSFaw1lmhfMM0B9hgAvxI2cTUjaO1WzNrvKJJ9+G0RDWNt kVi13Tz0td0cTnctt7nI3hiMVnPjjOkhHO/HsftvoApxrSh3QjijZHu2qb+PHHn4rF5g eOIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nmyke+h8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o8si211pgc.449.2021.04.08.11.29.59; Thu, 08 Apr 2021 11:30:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nmyke+h8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232885AbhDHS3X (ORCPT + 99 others); Thu, 8 Apr 2021 14:29:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48684 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232883AbhDHS3I (ORCPT ); Thu, 8 Apr 2021 14:29:08 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 236A0C061765 for ; Thu, 8 Apr 2021 11:28:54 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id n67so2872885ybf.11 for ; Thu, 08 Apr 2021 11:28:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=eRIdrbJ2jhHVLL9Tut/j9YYL8eIOqR89a+xPlg5BO0U=; b=nmyke+h8npDMiaqZwmNe2cMGG5hnU/u86z+9PT3d46wvKA7EcCFmI0rQdqzR05Y94d x+FoWT2ztku/VLu13xl6nOzxWcgAQBZNzaVQoRT/BZKY/QCn5viNJODflkqOHL2h8bIc aXPxyU21LsZKarOM3mV+jnfOkvN12Im/BNNAstmefU7NUVKXda8sDV56EdzQGZkRH6HI Ge28ESdL5igzDlIGSLdtjCKbzqfFWKAA99mnu1WYMj3ofZprEP9yhJ6F5n03KpOYXGRd 9RB68j79aY/kCAHYgMOUSzHniKYM03/nbKN1xwcZ+T/TTnJ7hc/Hh/o5UhWr0z4dfbls JpkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=eRIdrbJ2jhHVLL9Tut/j9YYL8eIOqR89a+xPlg5BO0U=; b=Mr8sOsoHzQag/OY42QwPTxjw5ETF5Fj0nWxckSGErysiS7exThmN1skncbV4tPj/Xw MSGClYdYvtxNIJtuUYngnaDCy6riuHBKSEGWSRfH5MsCuG6Wf+WhFQ1vOcjOkgwcPrp4 NkQafJEoCoAH8s/ag8/AZqP2SeTSDJ7BeqynRp11neQQB8s+8Jd3+9GOt3sJQeevFv+s TuPNqxk/VHcVMfcPyYirSBG+gZARfgHApfQvn2LLuEeEvIIrzJsXAW2KTrhxwZHeMZNv 1CEJtYYPyIimUfJyT3MDchldYc4L26ZsnGRIhwqP2g0yublc9SmiqL+vxbZGK8QCF5kh jt6Q== X-Gm-Message-State: AOAM533gb9HRyeEVNPPNXzpvu+g28LXpqlD9KEJUZxu2BRB1JFHEEiTf woai7mpJ421EE5ZD5WWZCcVUbUIMU7N+PjN40TQ= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:3560:8505:40a2:e021]) (user=samitolvanen job=sendgmr) by 2002:a25:3c9:: with SMTP id 192mr14007073ybd.319.1617906533406; Thu, 08 Apr 2021 11:28:53 -0700 (PDT) Date: Thu, 8 Apr 2021 11:28:29 -0700 In-Reply-To: <20210408182843.1754385-1-samitolvanen@google.com> Message-Id: <20210408182843.1754385-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20210408182843.1754385-1-samitolvanen@google.com> X-Mailer: git-send-email 2.31.1.295.g9ea45b61b8-goog Subject: [PATCH v6 04/18] module: ensure __cfi_check alignment From: Sami Tolvanen To: Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , "Paul E. McKenney" , Christoph Hellwig , Peter Zijlstra , Sedat Dilek , Mark Rutland , Catalin Marinas , bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CONFIG_CFI_CLANG_SHADOW assumes the __cfi_check() function is page aligned and at the beginning of the .text section. While Clang would normally align the function correctly, it fails to do so for modules with no executable code. This change ensures the correct __cfi_check() location and alignment. It also discards the .eh_frame section, which Clang can generate with certain sanitizers, such as CFI. Link: https://bugs.llvm.org/show_bug.cgi?id=46293 Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Acked-by: Jessica Yu Tested-by: Nathan Chancellor --- scripts/module.lds.S | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 2c52535f9b56..04c5685c25cf 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,10 +3,20 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ +#ifdef CONFIG_CFI_CLANG +# include +# define ALIGN_CFI ALIGN(PAGE_SIZE) +# define SANITIZER_DISCARDS *(.eh_frame) +#else +# define ALIGN_CFI +# define SANITIZER_DISCARDS +#endif + SECTIONS { /DISCARD/ : { *(.discard) *(.discard.*) + SANITIZER_DISCARDS } __ksymtab 0 : { *(SORT(___ksymtab+*)) } @@ -41,7 +51,14 @@ SECTIONS { *(.rodata..L*) } - .text : { *(.text .text.[0-9a-zA-Z_]*) } + /* + * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning + * of the .text section, and is aligned to PAGE_SIZE. + */ + .text : ALIGN_CFI { + *(.text.__cfi_check) + *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) + } #endif } -- 2.31.1.295.g9ea45b61b8-goog