Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp2085530rbb; Tue, 27 Feb 2024 10:06:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWSuidLrdSAAgEM/KKXWgl4VJvPD8KH52ukpDYpzo0/5i3asjEhC70JfreNlKYDtGfOTWn3AmqtW3hzYHOzORRS7WK8e/ovZLohMFH6Rw== X-Google-Smtp-Source: AGHT+IFIr7UNjxVJ7tPzlHMsfjh01BFqKwspe5wnkLsi8TMqgAfjq0R75+vkfuv04PecsJ4K312j X-Received: by 2002:a17:907:7248:b0:a3e:5ebf:345c with SMTP id ds8-20020a170907724800b00a3e5ebf345cmr98978ejc.21.1709057209234; Tue, 27 Feb 2024 10:06:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709057209; cv=pass; d=google.com; s=arc-20160816; b=GkDrocQ+MdeL8VzA8BJ+K6sC2quEVRxKwFqybm8bozwONGjMscDVBDv9g83CdXvAd8 ChsrmZ/Ypzp83J+TqyFRoUTqAOiYM/eTYT4ciQYRei2QqHKCntxe38da0T721xmcAZ+P k0T/FL/iWFbKN6ZrIBLWb+r+HetafwRpoM2gn589uKEyoYgXZidXOo9DcHvDyTQYeTe3 5zIdNLy8eQcm+UZW9LDO2XZSXbAcJf3h/qv3lZLXGsG07akEMCSSjY22WIL+jPQf3fzb UCBFqtmqRgdTNydg5DJ43jQkrXKJ0d5geejmXbvM6LTqnEZHj8Dtw32NKHkq4Rmb+aJQ XuIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=kC2wEvtOaFP3h4cQZlxM1jPUFNWCk373B+A/I3NBDq4=; fh=rJofz6qaSZqC/dOKfvQuN0TvtQ6kqY4gnee/J+1ggXM=; b=CuYLlfnJnRzZ2mTF5yN60No8XO0fysMh/8dhDFanf/D1SYba1TkPwwXFQBEK+L1Ses KwdyR1AiEn3pjmJmQpF3NPr2DCIlzATz0XcBQcKQO4QUcuLRDzYlYniaxlJP3Deu7Wcm B/PpFtjMUO1UTcRVftsaMZHDrwRBn+RoVVKPfIkFpgjDbJnyi2Te4iZLEEAKu4Oenrya U+ivdpVsvdlViUrf7Iq8P+gVu0rgObqfDsv4aGtyVZ5baAxetT1zWlNWd/fpt5257spU 67dZUC+zzVbHHgiouks8T6CHAbnxIO5GEgVos9pPLMgiRDkNbj912bVWZYA+j82IXa/a 3ZiA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iI0HGOXU; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-83787-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83787-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id kg4-20020a17090776e400b00a3eba62753bsi932176ejc.962.2024.02.27.10.06.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 10:06:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-83787-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iI0HGOXU; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-83787-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83787-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8CE981F2A589 for ; Tue, 27 Feb 2024 17:58:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E99A94F215; Tue, 27 Feb 2024 17:58:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="iI0HGOXU" Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F39664EB42 for ; Tue, 27 Feb 2024 17:57:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709056682; cv=none; b=NC02jJ2O2yAAUsfFwAfxWjHX2IYPNHne/nRXgxqDvaARjLgkftsjPIqjvPrfQSkq/8gnd0Y/eAr+DsPcvt+5aPH9fqhjuwYIIVuQPIxYJxqliFLqjJWCNlSseMDKDSBtIHdKYLAD+qhLCUyP6j8lWZp6/RbMm0C5dS933qV/y+Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709056682; c=relaxed/simple; bh=+0OPAWAs3sfMdgF2nC2ThcDNMyrAtbB6XPH0ctrI4rY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=La1rwQETzNQEK7tKBOq5xcEhNAj53rncFvCnia254nZB8R6YU6xqvZlrjgGdKc4ASxB6ww4gL5TfLxkFCZ6zNMLQBKcdRq8itf1ZN5PN0YHyc49RtSLsmA8bKouHeMwdr7qAcvoYPVKq9RkvJ30DL2fbXRmOF6jzLtkFDZYfABc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=iI0HGOXU; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1d95d67ff45so30418715ad.2 for ; Tue, 27 Feb 2024 09:57:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1709056679; x=1709661479; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kC2wEvtOaFP3h4cQZlxM1jPUFNWCk373B+A/I3NBDq4=; b=iI0HGOXU2IUzl9PCOIWsRp89rrH1tp5b9Ud7dp2+6OsbmRSAzfdEeTwj99+qjl37w5 VTnggMVM2q0obOBFcJDtNcK8q/Fsrah3G+nNT6KmbNf0i3PislmCdqEr7DsHHhgCLzth 9F6G/t8UO4MqlrrWH/V6dpaGr2NFDXaQXp9+U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709056679; x=1709661479; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kC2wEvtOaFP3h4cQZlxM1jPUFNWCk373B+A/I3NBDq4=; b=vsglrR+rUrnCH9o7zKlpcVuzU/33e+AcDn+Sp6iiCo/zq61rU/5J9DefjUNzyXslX2 y37ytHq4x3EgGS7UFHBmmYfJO67Hf+b1rNMFQUCd7cN58Dk1axWSPBBEW91xZM+JNPKC QJ2itaZos9y0nfP2n42J+sXptrchYhvKmbFkpIZpls2wwVqTGE7wc0qYRjzni7xv0djy e/eNvSx2Ub3jLyHpsjRYEnCuHz/UR1V0ZH7AvItAYPKIyE1jfCDuFnB0MeA+7pPH9xzQ fiMBRbHWA7n2cTZsG7xcz5EU/Ks6X5m3iLAbIfquxuS6AryvWi4aMIqo1lNvefo/1BSn z8Rg== X-Forwarded-Encrypted: i=1; AJvYcCVh8VOp3AKMODHjB6AN5kdwR19r7bZB2Y86Yn3PFKtz1zN/HokTyr2uM+huIZJht06wDvgkSHNBWyGqaH+rWneAdpSqCA2Yo1gsNRd2 X-Gm-Message-State: AOJu0YyWwc6Cd14XhV4rDPFSvkCcaOKQPB32ki4MBgb/1q+L1V3DLI33 HviKDI3AIe+4NjvO+D7Ro9FVGh7wlb1sVS6Z7Zx4nUy6Qp3MJ0POwI0d621Cdg== X-Received: by 2002:a17:903:1111:b0:1dc:139:8488 with SMTP id n17-20020a170903111100b001dc01398488mr10689811plh.5.1709056679376; Tue, 27 Feb 2024 09:57:59 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id o24-20020a170902779800b001dcc138d4afsm977717pll.34.2024.02.27.09.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 09:57:58 -0800 (PST) From: Kees Cook To: Thomas Gleixner Cc: Kees Cook , Guixiong Wei , Juergen Gross , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , "Peter Zijlstra (Intel)" , Greg Kroah-Hartman , Tony Luck , Kristen Carlson Accardi , Andrew Morton , Alexey Dobriyan , Jeremy Fitzhardinge , Chris Wright , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2] x86, relocs: Ignore relocations in .notes section Date: Tue, 27 Feb 2024 09:57:54 -0800 Message-Id: <20240227175746.it.649-kees@kernel.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2252; i=keescook@chromium.org; h=from:subject:message-id; bh=+0OPAWAs3sfMdgF2nC2ThcDNMyrAtbB6XPH0ctrI4rY=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBl3iKiWcoAm/pK9IhJJhi0v/ve2Z+RTlBNhV4/B 7Jqo6TYkDqJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZd4iogAKCRCJcvTf3G3A JgcrEACDAm+AhGqv9vV78y0ouPqZt08aHzKCsCeWI6lwhfwGgZe8ijuaongDeSFNCgnZ18wqT/E Hh+z5QHgRKGysxtXWrTlNMPKTc0wUGMaRLOYF/M17JOawinba/Diinu5X9VHxZN60b+3hyNCmg7 2GAsfefI+xOZUgdvpb/37o+UmF+B7IrR3RrOvMRWh5er9F+dQVKunxeaEjjwYqnCSRNNwf+PS6E MXguEh49RMJjJ8C+2djWZg5x8eXSZXZldVsNHWqf216b0Hy1jFrTXru6ZJKztcxA8royqgN51YQ bZjyr3I1yqM8WhfCIZ6czF2pNRwCBuyw/2zw4K2rCVgWeqqAxlKpgrXttfYzkihUWjql3iI8D5g rnTZNwlpiq9UqP79/c6WJut4Ms746KGUpOeRh/8tarJ/m9XFXAsrAt6sSW9zPQzpsMeHRK/B1S2 UW55C8CLV5YcXV8D5271zrHoqlO7TBuaeqbEwkJNLkot9HZSGpzFnNZJs9CljTut5phGq6JLV29 FSJtFUmIwdj1hCu0+FjeDVlsgLqE/FwI1X94pFfNhyExNpqcpwdGm0vuy77wwYZCjaNzplrk/FY HAdgO3sH/FJ+bLOo1DwDPotHjYNDLJPfkRD62xD9vkhzVhyE3nf7HRBeWBGRDqs7oBENd45BHLS rWx8L8J AtZrqrQg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map. Reported-by: Guixiong Wei Closes: https://lore.kernel.org/all/20240218073501.54555-1-guixiongwei@gmail.com/ Fixes: 5ead97c84fa7 ("xen: Core Xen implementation") Fixes: da1a679cde9b ("Add /sys/kernel/notes") Reviewed-by: Juergen Gross Signed-off-by: Kees Cook --- Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: x86@kernel.org Cc: "H. Peter Anvin" Cc: "Peter Zijlstra (Intel)" Cc: Greg Kroah-Hartman Cc: Tony Luck Cc: Kristen Carlson Accardi v2: switch to a SHT_NOTE check (jgross) v1: https://lore.kernel.org/all/20240222171840.work.027-kees@kernel.org/ --- arch/x86/tools/relocs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index a3bae2b24626..b029fb81ebee 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -653,6 +653,14 @@ static void print_absolute_relocs(void) if (!(sec_applies->shdr.sh_flags & SHF_ALLOC)) { continue; } + /* + * Do not perform relocations in .notes section; any + * values there are meant for pre-boot consumption (e.g. + * startup_xen). + */ + if (sec_applies->shdr.sh_type == SHT_NOTE) { + continue; + } sh_symtab = sec_symtab->symtab; sym_strtab = sec_symtab->link->strtab; for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) { -- 2.34.1