Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp2031877rbb; Tue, 27 Feb 2024 08:34:45 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXkE3H53QdHCjR6wzjG3gfLbmpkf5o6675chhhcA8OX7D3zdgn7+90B5rRV4slm8dACaRc315R51TKcZo5AdJrKCafHV8AFoC28IBlvgg== X-Google-Smtp-Source: AGHT+IF41VtBru6LvLT0EuQDsUGNo4t4+jRnuHDzBPguzJkKvDia+JJD0kygxArjLogJUghj583s X-Received: by 2002:a17:906:54d:b0:a3e:fd31:86cc with SMTP id k13-20020a170906054d00b00a3efd3186ccmr7116921eja.47.1709051685307; Tue, 27 Feb 2024 08:34:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709051685; cv=pass; d=google.com; s=arc-20160816; b=V+gRLF+/EiL2qLATsWARwYYBCFlX8lMllegDq9gjltJdwwq6NKoL7iou7igKn0XyhX lkpnbODA1W0JVf/HzepFDXi7UVxQckcCFOhC76GlQxx7S0S/KIEQ8S/n6xpN+Atb3/qF AA7id0j0t+TYaQMdW0o3XUHYLCgaK9OeUnzbU/QnqeuLLocwyL5XotWcgUgICyUwziPy 2xH90IEFSWSZ3up2p6a/UeFolFjHh+wTJ2Myy8J4pB8H4AAnqBCARYoLg0jw4iq5n0xC OrRTP18CV7KT6m48/3VytWUjv0lgtvR4BGVS3mgj8nVCwyTTXv5/BocGihHOZ6KF6tOc j9TQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:references:in-reply-to :user-agent:subject:cc:to:from:date:dkim-signature:dkim-filter; bh=HZEOIHwb3V/1D7cUZ0XGo95NAMXuauNS76pNRRQm74s=; fh=X0OKecIGCUBFTVFrwzQ5MJKeFF8dMrwr+6EodrajaIk=; b=gWZfNSh5rP6BNeU57uKw6tNJGdvBUdj4aSIuGfmZ4WCzGuMV7BggDlm8bAYQwdiYkk Dner8docKgsbRUxq7yOz1nxssIx5K95ym+WAWR7wX4c0EHm8O1bFrirZ3Sfr6bKuG/BN kStVVrznWBIMX+UAWPslzVuRKSmVMpADc64i/UqlIKc1GsZFu6m0XXTUqZywARRhA5AW ctohyGg8UDYc6yby0NMaNP8zlbCyh2C0xpo5dTiKRmDjGcdRbrltEbCJR8IAnuDDpPnX gaMjYv/sEkmfqh5rdxD67rYAWax0zvNwXBgsXXmbgFM7ec/RXCt45hfKcsTt6q2iENoF KwZA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b=bQi6gSNI; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-83611-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83611-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id ca23-20020a170906a3d700b00a3efe50f1fcsi879552ejb.319.2024.02.27.08.34.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 08:34:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-83611-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b=bQi6gSNI; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-83611-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83611-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D79561F24471 for ; Tue, 27 Feb 2024 16:34:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 086381F947; Tue, 27 Feb 2024 16:34:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="bQi6gSNI" Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30EB71CD3E; Tue, 27 Feb 2024 16:34:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709051675; cv=none; b=rBExxNvBihiN68w6LWyXgf5YBGnLfDoC1qSvcFiZBGfPusEjckB5NN6ykMkK/DPbyhZa6JNA8qNZR6x34J9mT/YPY7x8gmgimkxQVkMsZhJQNMFtpo0Z020TBPU9WaUo5rgHbwWr15Y7r+rjyKhss0dGnFZKkHe1zMx546PEQaM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709051675; c=relaxed/simple; bh=qEBzGDkMgdmuVcguzq0GaV4UtJ8S4emKApf0/ZnZ10I=; h=Date:From:To:CC:Subject:In-Reply-To:References:Message-ID: MIME-Version:Content-Type; b=EfWE56UKDs2Bt3SNTN9VeC7/I4tZzRhd3scjpc8SAU57BHkvCJOlEkWhogRvskxF4RB1SvdOZrD8gYvLWHZIUAAhmRGZDvVIWnM4uOG6fzsW1ZfagGW87SxRcv4ki20EDtSfU6JcLIXBOImtr32owY46hh4FSxjFr/Y/ubWz+wY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=bQi6gSNI; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Received: from [IPv6:::1] ([172.56.208.254]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 41RGX2Fr2314875 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 27 Feb 2024 08:33:04 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 41RGX2Fr2314875 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024021201; t=1709051587; bh=HZEOIHwb3V/1D7cUZ0XGo95NAMXuauNS76pNRRQm74s=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=bQi6gSNI2dHkBGn7f/jCZgoUd4XQubS6qAYN6gV9F9dgEAW/vnJQMK0sB22MR4D8w ScGNcWkjsOxumSmuy3xxyDRZ0ZHbaF/XHuVneV1M4suypKmwYm7C/SrD2gl79S+c20 827pMMF9fa5pP1BMp1E0zQbKK7reyiUikwP+Iqd82hsIC7Z1h73P+JdYyOf4cNikSX rOGg7erwmnmmHmQ2soL8cL0zQj6Y6eJ8oMY7mX1uNS1Xx8h5RDAwa2mxhKqnIbwkij Sc+knQnBy89soQHa2e5NMYPLek/KdPTlQo+/NjBwjOMDhOGSrnj64UuI12rLNM9/kv k3WRmf5HPf9hA== Date: Tue, 27 Feb 2024 08:32:51 -0800 From: "H. Peter Anvin" To: =?ISO-8859-1?Q?J=FCrgen_Gro=DF?= , Kees Cook , Borislav Petkov CC: Guixiong Wei , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "Peter Zijlstra (Intel)" , Greg Kroah-Hartman , Tony Luck , Kristen Carlson Accardi , Boris Ostrovsky , Stefano Stabellini , Oleksandr Tyshchenko , Guixiong Wei , Jann Horn , Andrew Morton , Alexey Dobriyan , Chris Wright , Jeremy Fitzhardinge , Roland McGrath , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] x86, relocs: Ignore relocations in .notes section User-Agent: K-9 Mail for Android In-Reply-To: <0443c7c2-1c3f-4cf8-940d-88306956832a@suse.com> References: <20240222171840.work.027-kees@kernel.org> <0443c7c2-1c3f-4cf8-940d-88306956832a@suse.com> Message-ID: <18FD83CD-CCD3-44DE-A086-2317739BB488@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On February 27, 2024 8:13:35 AM PST, "J=C3=BCrgen Gro=C3=9F" wrote: >On 22=2E02=2E24 18:18, Kees Cook wrote: >> When building with CONFIG_XEN_PV=3Dy, =2Etext symbols are emitted into = the >> =2Enotes section so that Xen can find the "startup_xen" entry point=2E = This >> information is used prior to booting the kernel, so relocations are not >> useful=2E In fact, performing relocations against the =2Enotes section = means >> that the KASLR base is exposed since /sys/kernel/notes is world-readabl= e=2E >>=20 >> To avoid leaking the KASLR base without breaking unprivileged tools tha= t >> are expecting to read /sys/kernel/notes, skip performing relocations in >> the =2Enotes section=2E The values readable in =2Enotes are then identi= cal to >> those found in System=2Emap=2E >>=20 >> Reported-by: Guixiong Wei >> Closes: https://lore=2Ekernel=2Eorg/all/20240218073501=2E54555-1-guixio= ngwei@gmail=2Ecom/ >> Fixes: 5ead97c84fa7 ("xen: Core Xen implementation") >> Fixes: da1a679cde9b ("Add /sys/kernel/notes") >> Signed-off-by: Kees Cook >> --- >> Cc: Borislav Petkov >> Cc: Thomas Gleixner >> Cc: Ingo Molnar >> Cc: Dave Hansen >> Cc: x86@kernel=2Eorg >> Cc: "H=2E Peter Anvin" >> Cc: "Peter Zijlstra (Intel)" >> Cc: Greg Kroah-Hartman >> Cc: Tony Luck >> Cc: Kristen Carlson Accardi >> Cc: "J=C3=BCrgen Gro=C3=9F" >> Cc: Boris Ostrovsky >> Cc: Stefano Stabellini >> Cc: Oleksandr Tyshchenko >> Cc: Guixiong Wei >> Cc: Jann Horn >> --- >> arch/x86/tools/relocs=2Ec | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >>=20 >> diff --git a/arch/x86/tools/relocs=2Ec b/arch/x86/tools/relocs=2Ec >> index a3bae2b24626=2E=2E0811fff23b9c 100644 >> --- a/arch/x86/tools/relocs=2Ec >> +++ b/arch/x86/tools/relocs=2Ec >> @@ -733,6 +733,16 @@ static void walk_relocs(int (*process)(struct sect= ion *sec, Elf_Rel *rel, >> if (sec->shdr=2Esh_type !=3D SHT_REL_TYPE) { >> continue; >> } >> + >> + /* >> + * Do not perform relocations in =2Enotes section; any >> + * values there are meant for pre-boot consumption (e=2Eg=2E >> + * startup_xen)=2E >> + */ >> + if (strcmp(sec_name(sec->shdr=2Esh_info), "=2Enotes") =3D=3D 0) { > >Instead of a strcmp(), wouldnt't =2E=2E=2E > >> + continue; >> + } >> + >> sec_symtab =3D sec->link; >> sec_applies =3D &secs[sec->shdr=2Esh_info]; >> if (!(sec_applies->shdr=2Esh_flags & SHF_ALLOC)) { > >=2E=2E=2E a test of "sec_applies->shdr=2Esh_type =3D=3D SHT_NOTE" work as= well? > >In the end I'm fine with both variants, so: > >Reviewed-by: Juergen Gross > > >Juergen A type check would probably be better=2E=2E=2E