Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2379782lqp; Sun, 24 Mar 2024 16:49:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVcLjfI6ptx9qwSCiz1UH9QQirLKOnmrjAwSuVF2XzGJFF/+3ORt68T8Rx+cRHZrFUbhUCRk3+RwUr2MsOsQwL3e6YjcB/R0gVDW3uARQ== X-Google-Smtp-Source: AGHT+IGIjwgTBgBUs1p5wBDQCfJzvi6JpcbqR4OJPFAEYauy/nBMX66GfQS5h8qAAfkeHmXQ6fN1 X-Received: by 2002:a05:6a20:748e:b0:1a3:c4f7:3367 with SMTP id p14-20020a056a20748e00b001a3c4f73367mr3147423pzd.15.1711324151001; Sun, 24 Mar 2024 16:49:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711324150; cv=pass; d=google.com; s=arc-20160816; b=wJ13jpC24XpUyIM6v32uOfn3YBG74PCOYW31byO+3lMYLjp4lmduEKcUFPBrmfNGid 3KI9kwB31w3r5t115i8CREgFHTNpr3s/Z9sHf20J6yXFG1cAxsFxKc7RjZdT1Z6kjAh9 6JPYMl2uj0o60nndhTX+RLoS/AqGuQ+LAc49GZ0UfYavJ6N8wD8NJncicdynTRt9d0uS nC7f0bx8WzsvIec9kHgwq2Hx8QH3ZBrwT2P7YQILmlVyKjTRR2lnFovxho6l5G+lBnRa jXJvP9v5nTyfCYGQV/vXI7JVc96ILGtwn+HtgPUsF4VitSQMxw/SQObm2I+Ak53yb6af 6r8A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=PRbfOeU98YJJO5AwCG8gxji+0pXWSWsjjXdvr0lPw2c=; fh=z7hWJI1M5nuVMmhbGg+PbdS3I2mFF0VjuBQ91Kwl3Iw=; b=EM/+qQFwVJUxH30pMp/NgQcu/SbIOUW9K6thoe+Ku8O5uh6UX1D2dXh7L3KkaZrBjc JWFp3C9l9QqDEL5Q43A127v+QAGTuADFpxRgSLyIIgkR21SupsjZMvVQVtR4W+36UuRu sg96mgu6n3FDHBjQS/WjYmklTIXTvYtrrLEnCN0FhwEbFUBg3pMkbfJvJ05H/9n7fVUw K9OHKfcH4fmL2S5OhBc7WAfNcmhllOg2YLMlrXnji1L6p4DTXDPjt3TciHY4IB5Q6piX O9etL9VRhF9r2E1eF8UPlIOlFJcowsxJeMnfvTT3ayHyXVfABCihR5wEt6J5wFtQRpBa pGDw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I2eTgha1; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113170-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113170-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id n63-20020a632742000000b005ce030a6460si6343390pgn.71.2024.03.24.16.49.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:49:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113170-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I2eTgha1; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113170-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113170-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E9134B21905 for ; Sun, 24 Mar 2024 23:35:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A6A8A175543; Sun, 24 Mar 2024 22:39:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="I2eTgha1" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3DF3174EF9; Sun, 24 Mar 2024 22:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319972; cv=none; b=NgL4D/4hEUqBSvEF8bduFIIz3kQluCOMHxunFpiIb4nMaeWrKh/0Wx3N/w2JNxXKAKV1Zorgr5qqZaAo/6dHKu9kLSLoUg6RNC08CDkZyHd+5m/EkrT0PA+vRJp2DuaIlmCIcKEAP121NcnQHd76IOIuykI3WHx+BtTjvw9nlb0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319972; c=relaxed/simple; bh=sgMet8Ys7vXbgoPCUJNEgcAJoQloFmo0UIL3Zyz8JnI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fczVpc9c/Bh4g3eZDMx03TpexsoTjEvUgUrY3Zm37xTydb3huVPILdiMR7HXqUmOQYKeM+2iiKZGMHq1t1OD+ncvi6nI0gF/f+RXZae3TzVMjZez21kP7Bh4MBGfnKWyRKdNHOnUlimogGzL76lpQDsJo5AiLEPANgMagAdppHg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=I2eTgha1; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A1CD3C43394; Sun, 24 Mar 2024 22:39:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711319972; bh=sgMet8Ys7vXbgoPCUJNEgcAJoQloFmo0UIL3Zyz8JnI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I2eTgha1CeQNvzO6CVDujF+yXB9dVo+eK1Uug8ewZEaZEVEGlR5o5Aw6bzBV3qhz3 DxJkOysOT+Nn2OCu33VC3wTt/AQCQ8UQJNh2ooPc5a59JITdZhhAa8mUPMShI6s8E7 fsY3Q0MN+0rM9jQBDNZ9UVGMh7kNnDWSAzlAxFHoWaiR5ECnd5+TZ2YlQ1FW/7LzBp NUke9sbrOSNVUTBS6LxsythoK9eYHtVRHDTskxg7fvf/4IIOgpxpYIRHhokKjks55h kvJBsesIEJw40PkzTBfAN/8DhkoV72sMFCWzAEGF5n+ImjeF0sM3CpLtaWjBI1Y62k +R9tVXiqdoFHw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Kees Cook , Guixiong Wei , Juergen Gross , Sasha Levin Subject: [PATCH 6.8 279/715] x86, relocs: Ignore relocations in .notes section Date: Sun, 24 Mar 2024 18:27:38 -0400 Message-ID: <20240324223455.1342824-280-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Kees Cook [ Upstream commit aaa8736370db1a78f0e8434344a484f9fd20be3b ] When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map. Reported-by: Guixiong Wei Closes: https://lore.kernel.org/all/20240218073501.54555-1-guixiongwei@gmail.com/ Fixes: 5ead97c84fa7 ("xen: Core Xen implementation") Fixes: da1a679cde9b ("Add /sys/kernel/notes") Reviewed-by: Juergen Gross Signed-off-by: Kees Cook Signed-off-by: Sasha Levin --- arch/x86/tools/relocs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index a3bae2b24626b..b029fb81ebeee 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -653,6 +653,14 @@ static void print_absolute_relocs(void) if (!(sec_applies->shdr.sh_flags & SHF_ALLOC)) { continue; } + /* + * Do not perform relocations in .notes section; any + * values there are meant for pre-boot consumption (e.g. + * startup_xen). + */ + if (sec_applies->shdr.sh_type == SHT_NOTE) { + continue; + } sh_symtab = sec_symtab->symtab; sym_strtab = sec_symtab->link->strtab; for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) { -- 2.43.0