Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3743617pxb; Wed, 13 Oct 2021 12:02:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyWbLHsUKJ+lbITOr4plbVANqGPbqrObAt7wvltRzTmD4TzKvXSFI9gd/aoxwv2RCm3QbL X-Received: by 2002:a17:907:9870:: with SMTP id ko16mr1188560ejc.99.1634151754508; Wed, 13 Oct 2021 12:02:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634151754; cv=none; d=google.com; s=arc-20160816; b=pEDDFX31RYmKkLNvYE9z9goKkr6X97/nE7CudTn/S4S9pxt9WdeIz0hcucA1b+6Bz6 wzzQFIV7jzbEV6CtRK0Ciub7LJQr4qaTwjsMPIlyJRqZ77E8743yf+0GKFPLsG8uKDju JcDgxid4xrrv6/Sc6Mln29dGTKbsTs1Cdzhy9kxvgFJBixeumj1S/RrTMtWZDPCpLv5h n0XsSfVKdD0FMBml2/U6Jioy0V2BIN+7GHr2tWXkHsHAoqWo/gAjMbwY/CClusumIASC nkoGmcuIEwmzMsB0M8OfmO08/wodtJ/yzThGMRcGssQb/FmDj3YCjsViedJCifwYy09T lq2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qj4yoXj84IRKk7/nf4e2eKvIgvpjVM9Pr9U6MnkUbTk=; b=wdtcPtlMWvZ2z7cI4h3nAQlcEdY9Dvn5cU4GKVRi79dekmLkJLW8hLGR+x3Y+Ainfd dW4gEt4UcOo6RM7W+fdB8TLNlMc7dYoOR9swifN3itlXDj7lG8XA7BsfsaygODrIGskW DsnIchfWbO2PqyoZnhC5cYup9Y9ggR5MRxYS47ize9CkWj9zm/CrwA2gOjxe97mVaU91 hF7mzCOtRj66p0mybgCIl3s6m7TMdufHvbig8w0PcFMnltXyh3jgFalmIwi9INnMZQ4j sI0n4cUkTzGoktU9joca3Mw0wO/JzB55j4gAbQi+BmoTSzWdSMMUgiT/NwupsFELj7GC 43eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ROMAFyAi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i1si815895ejw.372.2021.10.13.12.02.05; Wed, 13 Oct 2021 12:02:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ROMAFyAi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238854AbhJMTBn (ORCPT + 99 others); Wed, 13 Oct 2021 15:01:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230415AbhJMTBm (ORCPT ); Wed, 13 Oct 2021 15:01:42 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BB54C061746 for ; Wed, 13 Oct 2021 11:59:39 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id ls14-20020a17090b350e00b001a00e2251c8so2983202pjb.4 for ; Wed, 13 Oct 2021 11:59:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=qj4yoXj84IRKk7/nf4e2eKvIgvpjVM9Pr9U6MnkUbTk=; b=ROMAFyAiaegRPNxvn6lw08bPhdK2CC2YyiL4itwXKf1zAqtQTgRl9xTD7VjhsWyTcs n7Ee+kFsNrVfz120Blb6FxF1EhXFHmr4bQBnPO3xpGEAx4KUtW1ziFZ0qb8dqlPcwBWf d7yu1MZtw707DrgY8W44E6sSjxm4Tn09kjoyw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=qj4yoXj84IRKk7/nf4e2eKvIgvpjVM9Pr9U6MnkUbTk=; b=cUidPIVYqQDv3AmtYbJdrpWuQIt9jzA9qWmNkf915c5wOoQKUf/r3l4YI2OzdLz4dV HNas/lnDS1votg3ZIdrqKePzlMXXfTbfPcr/c5ktb+z7ib2hWOqAx/GSMUQ3pldUk9X6 5wEbYUwDdR3Ce7c54vE9um4hKG6YctipQQLZiPDNb2n/BBMUC2Q0XEZFmunwELaQEmZX /CTdO/+krNQfX1Lu3SgLKDIaffOKYKSjJHkmMUkFYI/5vYaDpKyOF7Ix4uiosBE3/DAJ zMwZbG+xOEx4Ls3LixjPbmtgK6LA1zFKf1kmhdu+iujYYmJMJo5ZoCOtcmUqRmEY7Kpq k67g== X-Gm-Message-State: AOAM531T5ycfR9u9IWfcc+NkWURGqpgxW5nuxY6/owRkymIJgD3v48FX gEgegvPhwx2mqWEpPVyvkLTDeQ== X-Received: by 2002:a17:902:d485:b0:13f:2212:d631 with SMTP id c5-20020a170902d48500b0013f2212d631mr913262plg.44.1634151578699; Wed, 13 Oct 2021 11:59:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id pi9sm252945pjb.31.2021.10.13.11.59.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Oct 2021 11:59:38 -0700 (PDT) Date: Wed, 13 Oct 2021 11:59:37 -0700 From: Kees Cook To: Sami Tolvanen Cc: x86@kernel.org, Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH v5 01/15] objtool: Add CONFIG_CFI_CLANG support Message-ID: <202110131159.DA32533@keescook> References: <20211013181658.1020262-1-samitolvanen@google.com> <20211013181658.1020262-2-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211013181658.1020262-2-samitolvanen@google.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 13, 2021 at 11:16:44AM -0700, Sami Tolvanen wrote: > The upcoming CONFIG_CFI_CLANG support uses -fsanitize=cfi, the > non-canonical version of which hijacks function entry by changing > function relocation references to point to an intermediary jump table. > > For example: > > Relocation section '.rela.discard.func_stack_frame_non_standard' at offset 0x37e018 contains 6 entries: > Offset Info Type Symbol's Value Symbol's Name + Addend > 0000000000000000 0002944700000002 R_X86_64_PC32 00000000000023f0 do_suspend_lowlevel + 0 > 0000000000000008 0003c11900000001 R_X86_64_64 0000000000000008 xen_cpuid$e69bc59f4fade3b6f2b579b3934137df.cfi_jt + 0 > 0000000000000010 0003980900000001 R_X86_64_64 0000000000000060 machine_real_restart.cfi_jt + 0 > 0000000000000018 0003962b00000001 R_X86_64_64 0000000000000e18 kretprobe_trampoline.cfi_jt + 0 > 0000000000000020 000028f300000001 R_X86_64_64 0000000000000000 .rodata + 12 > 0000000000000028 000349f400000001 R_X86_64_64 0000000000000018 __crash_kexec.cfi_jt + 0 > > 0000000000000060 : > 60: e9 00 00 00 00 jmpq 65 > 61: R_X86_64_PLT32 machine_real_restart-0x4 > 65: cc int3 > 66: cc int3 > 67: cc int3 > > This breaks objtool vmlinux validation in many ways, including static > call site detection and the STACK_FRAME_NON_STANDARD() macro. > > Fix it by converting those relocations' symbol references back to their > original non-jump-table versions. Note this doesn't change the actual > relocations in the object itself, it just changes objtool's view of > them. This change is based on Josh's initial patch: > > https://lore.kernel.org/r/d743f4b36e120c06506567a9f87a062ae03da47f.1611263462.git.jpoimboe@redhat.com/ > > Reported-by: Sedat Dilek > Suggested-by: Josh Poimboeuf > Signed-off-by: Sami Tolvanen This looks really clean. Thanks! Reviewed-by: Kees Cook -- Kees Cook