Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3712308pxb; Wed, 13 Oct 2021 11:19:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsnkjnhrAkirO7stW07D7ycIDhs6Bh2XzM+pt3QLwqslMH7VInL20Cfwd+AV2SAQDrh/Iw X-Received: by 2002:a17:906:c7d0:: with SMTP id dc16mr866355ejb.555.1634149191107; Wed, 13 Oct 2021 11:19:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634149191; cv=none; d=google.com; s=arc-20160816; b=RwsTfLcKA5tGr1AbX23riCK0E3m+APPNc7fMMEupmHzMYGCO0HgUmBJdV/XFKYlSzU 6/c1K/1Xq3/SoLcvux4k5BRZqDHVzjs5z13X4g4RmIyCrNro6KNvY6p62WXR+eHknNJQ Z7wtA4LeVg4gJpv2hRmqICogK1zaX+QKKh3cITlqv/ls1praNTryN5HqaP88olQaqZVZ /J7defY1+39N+gTJYIMkM6TDuyL423X/PtU4SywtnERH85IEUFAPvDzq8ngxBlOQHxTz nHnESezWbOzaHAhgvVKNs+CVUcu8Sp0fjC8vS+AMsXMalpG90ntbqa4vTewM1ncaq+pk vDHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=W4bH1nkK7xzfrNNZ5lkRiMFsqG6a9dKc6f+FT90kTO0=; b=NhA2b5CYj/57l1bvwN5Y7nCTepccqq7eidzcQxEzdJltHfzXa2jYdMbiu92tNdRSHp cRTUS2n3bwUaOYoMyaHyev9M21eWxBLtK/ShvYLn4uzO05XsjC3kH7CpKkzyK+ElMDhK t9xIf7+7UOII5KRK1pRt0+ZM57zYm5YgTW0MSf1P+EzeG8CehKUbwukFM5hQxSD6kmA+ d530FyvaQWLk30chxEKvWC7BFf/PhWkwEtmwkY3smtBcefsZ3B0H88e2uo9KVf7FDGBy zS86YDU+u5CuTMluw7BgA4RtKtzULjHRmftmv5WRFH2GU70LQdgfyc2A4QjpKqyCZQC6 GjQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=IaPCRVxH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f22si286692edj.372.2021.10.13.11.19.19; Wed, 13 Oct 2021 11:19:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=IaPCRVxH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238454AbhJMSTN (ORCPT + 99 others); Wed, 13 Oct 2021 14:19:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237855AbhJMSTI (ORCPT ); Wed, 13 Oct 2021 14:19:08 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E1F3C061746 for ; Wed, 13 Oct 2021 11:17:04 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id t7-20020a258387000000b005b6d7220c79so4031085ybk.16 for ; Wed, 13 Oct 2021 11:17:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=W4bH1nkK7xzfrNNZ5lkRiMFsqG6a9dKc6f+FT90kTO0=; b=IaPCRVxH8jSdM1KTJzGlkrf0BikrM8BSY47HGIKs47ISWmOChWglr13ne6iqKrKa3C cyRa3frcyeH5LLncdUVqGwzlbSJF0VpeLAHETBhaLoXUofjnfn0jzqzxF+8XMF6Oba3b GXy0X7Ho7CIteGeYIjUAmX9sEC5SOIqhXMaWnFYy3GB8TUOwobBU3UKF+aPUydw03EYj Sf7cSCImsdCR5Ca7K450ltTU6TsmqXtR9GHk/CFZZdmjcc8powrhgZwonYV9ls77LBTB ld4emmCDXM8azjga8aR3AePMWfQ/+PT7NQns+hPlhIlwNqNRtvJcVgfOf4q02VrXRh7R WORA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=W4bH1nkK7xzfrNNZ5lkRiMFsqG6a9dKc6f+FT90kTO0=; b=t8X9V/U87JFo8gilApklay8FGygwVHlIBbaQlOyOVe3HnGKEPWcXttQ040d5jM/C4v LN0MQY2GdWDieGN9qHVglM0BMlJGZbqHZcD96PHQiXA8lBleGlYPEdojAe7LDhzMUZGI 0l/e+9PrgbIuU6s2eWVXjC9sRRFjtZAhDxnuY1DYd8kFjfogR01CfqcCohiSKUpu8DPm WoaHWn6CCDKI8wSt2KsYorYZmc0WFUBDkZ3ioKIutkSNqOMbKWovjRMrJfwjaOmQo6M9 52TDgHhDXCwEadQHIEiCzGyNR9uJDnqM5oX7BinBZNOitt7k75nvEF01/4FXtItdVmHh gGbg== X-Gm-Message-State: AOAM530xR2SQ/YOcx7APIFU7G6OOwnvu4oiMnANSyqxafodzqn2RS3DW UIrAojzJs2CXOS/0sdqkf1mSBshaFV0F7ayyesg= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:dac8:: with SMTP id n191mr990701ybf.390.1634149023837; Wed, 13 Oct 2021 11:17:03 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:44 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-2-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=6627; h=from:subject; bh=bmZVkzx+ryW/5L9gcOwk+Z2yP2VdUVZdeuK33/2Ghq4=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKYozW2J45q3Q+18UIrvjTazkUOsSABNi6EDNmH cqIPVhSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimAAKCRBMtfaEi7xW7l6+C/ kBa9QiaYhKQ2z/S2OgLLJIKYQVMtoontRw3OK5R2pduUmBxRibSFgpA6ClkOrVCZaLzglceSKD5BLn kr9tp+b7yII73ZMp1ElTiM79mEeffO9CuwF1uwG2mrIJ4OjuglvzhnLWXcwfVisPSCTF5G9gPcuo1Y O/HhYUFzwDZ6hGCpezRadwZewoyBRLU/rF44JitK8v+7HD/Zr4NFJ6zAZiw3b26xq72fikg79Mx/FY pyp10RZQj3vc4exfV5BSyfhCezKdFKrV/bY1OubmgGuy27O9YXnTS/cTeEnAb3YLmSSH9epHebbAno sq7eyo4fGWrCPiyhOBTM/MgqqIim/j7zMgtNo5mH7ffHO8X5LJNInGLh3jwSIRdOe/OjQVvKBdrRTR E3XueRIRXL/uXpqHHWKij92qwjDC5wb44n61acb+sX2pBpMsgWxmfTVf3IAgcJe9+RA75l1slVokgO KoJosryVs3DgEX5wbU6ZdE+/vVqQw0LslUHb1uaIHbxgE= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 01/15] objtool: Add CONFIG_CFI_CLANG support From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The upcoming CONFIG_CFI_CLANG support uses -fsanitize=cfi, the non-canonical version of which hijacks function entry by changing function relocation references to point to an intermediary jump table. For example: Relocation section '.rela.discard.func_stack_frame_non_standard' at offset 0x37e018 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000000 0002944700000002 R_X86_64_PC32 00000000000023f0 do_suspend_lowlevel + 0 0000000000000008 0003c11900000001 R_X86_64_64 0000000000000008 xen_cpuid$e69bc59f4fade3b6f2b579b3934137df.cfi_jt + 0 0000000000000010 0003980900000001 R_X86_64_64 0000000000000060 machine_real_restart.cfi_jt + 0 0000000000000018 0003962b00000001 R_X86_64_64 0000000000000e18 kretprobe_trampoline.cfi_jt + 0 0000000000000020 000028f300000001 R_X86_64_64 0000000000000000 .rodata + 12 0000000000000028 000349f400000001 R_X86_64_64 0000000000000018 __crash_kexec.cfi_jt + 0 0000000000000060 : 60: e9 00 00 00 00 jmpq 65 61: R_X86_64_PLT32 machine_real_restart-0x4 65: cc int3 66: cc int3 67: cc int3 This breaks objtool vmlinux validation in many ways, including static call site detection and the STACK_FRAME_NON_STANDARD() macro. Fix it by converting those relocations' symbol references back to their original non-jump-table versions. Note this doesn't change the actual relocations in the object itself, it just changes objtool's view of them. This change is based on Josh's initial patch: https://lore.kernel.org/r/d743f4b36e120c06506567a9f87a062ae03da47f.1611263462.git.jpoimboe@redhat.com/ Reported-by: Sedat Dilek Suggested-by: Josh Poimboeuf Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- tools/objtool/arch/x86/decode.c | 17 ++++++++++ tools/objtool/elf.c | 51 ++++++++++++++++++++++++++++ tools/objtool/include/objtool/arch.h | 3 ++ tools/objtool/include/objtool/elf.h | 2 +- 4 files changed, 72 insertions(+), 1 deletion(-) diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c index 1f2ae708b223..5fe31523e51f 100644 --- a/tools/objtool/arch/x86/decode.c +++ b/tools/objtool/arch/x86/decode.c @@ -63,6 +63,23 @@ bool arch_callee_saved_reg(unsigned char reg) } } +unsigned long arch_cfi_section_reloc_offset(struct reloc *reloc) +{ + if (!reloc->addend) + return 0; + + if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) + return reloc->addend + 4; + + return reloc->addend; +} + +unsigned long arch_cfi_jump_reloc_offset(unsigned long offset) +{ + /* offset to the relocation in a jmp instruction */ + return offset + 1; +} + unsigned long arch_dest_reloc_offset(int addend) { return addend + 4; diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index b18f0055b50b..cd09c93c34fb 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -18,6 +18,7 @@ #include #include +#include #include #include @@ -290,6 +291,10 @@ static int read_sections(struct elf *elf) if (sec->sh.sh_flags & SHF_EXECINSTR) elf->text_size += sec->sh.sh_size; + /* Detect -fsanitize=cfi jump table sections */ + if (!strncmp(sec->name, ".text..L.cfi.jumptable", 22)) + sec->cfi_jt = true; + list_add_tail(&sec->list, &elf->sections); elf_hash_add(section, &sec->hash, sec->idx); elf_hash_add(section_name, &sec->name_hash, str_hash(sec->name)); @@ -575,6 +580,49 @@ static int read_rela_reloc(struct section *sec, int i, struct reloc *reloc, unsi return 0; } +/* + * CONFIG_CFI_CLANG replaces function relocations to refer to an intermediate + * jump table. Undo the conversion so objtool can make sense of things. + */ +static int fix_cfi_relocs(const struct elf *elf) +{ + struct section *sec; + struct reloc *reloc; + + list_for_each_entry(sec, &elf->sections, list) { + list_for_each_entry(reloc, &sec->reloc_list, list) { + struct reloc *cfi_reloc; + unsigned long offset; + + if (!reloc->sym->sec->cfi_jt) + continue; + + if (reloc->sym->type == STT_SECTION) + offset = arch_cfi_section_reloc_offset(reloc); + else + offset = reloc->sym->offset; + + /* + * The jump table immediately jumps to the actual function, + * so look up the relocation there. + */ + offset = arch_cfi_jump_reloc_offset(offset); + cfi_reloc = find_reloc_by_dest(elf, reloc->sym->sec, offset); + + if (!cfi_reloc || !cfi_reloc->sym) { + WARN("can't find a CFI jump table relocation at %s+0x%lx", + reloc->sym->sec->name, offset); + return -1; + } + + reloc->sym = cfi_reloc->sym; + reloc->addend = 0; + } + } + + return 0; +} + static int read_relocs(struct elf *elf) { struct section *sec; @@ -638,6 +686,9 @@ static int read_relocs(struct elf *elf) tot_reloc += nr_reloc; } + if (fix_cfi_relocs(elf)) + return -1; + if (stats) { printf("max_reloc: %lu\n", max_reloc); printf("tot_reloc: %lu\n", tot_reloc); diff --git a/tools/objtool/include/objtool/arch.h b/tools/objtool/include/objtool/arch.h index 589ff58426ab..93bde8aaf2e3 100644 --- a/tools/objtool/include/objtool/arch.h +++ b/tools/objtool/include/objtool/arch.h @@ -81,6 +81,9 @@ unsigned long arch_jump_destination(struct instruction *insn); unsigned long arch_dest_reloc_offset(int addend); +unsigned long arch_cfi_section_reloc_offset(struct reloc *reloc); +unsigned long arch_cfi_jump_reloc_offset(unsigned long offset); + const char *arch_nop_insn(int len); const char *arch_ret_insn(int len); diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index c48c1067797d..e9432be2a0b0 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -38,7 +38,7 @@ struct section { Elf_Data *data; char *name; int idx; - bool changed, text, rodata, noinstr; + bool changed, text, rodata, noinstr, cfi_jt; }; struct symbol { -- 2.33.0.1079.g6e70778dc9-goog