Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2526675lqp; Mon, 25 Mar 2024 01:10:46 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXBzFPRMbZOTl94qUqu6qemyBHdtpiOVeOdoSb1XZASYUPfZCaVKi5UDE0xfKRcULU2XWsK/eNoNLAnvjSf8LHb/s3rRcwaQg9iJgwmVQ== X-Google-Smtp-Source: AGHT+IHgHhktWn1TiczNV/C4WSLy8pthKkXWzwqnJZ4g1Gy+U+lZogKTEqbXGRQfeAOcY52/GdLp X-Received: by 2002:a17:907:7d92:b0:a47:5248:68d5 with SMTP id oz18-20020a1709077d9200b00a47524868d5mr2687283ejc.60.1711354246597; Mon, 25 Mar 2024 01:10:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711354246; cv=pass; d=google.com; s=arc-20160816; b=QB2C81G6P5OlmpKaJ8d+KpcO7tKDnCHmoI1YEU1Ox4nIv1Mo5YkrfhRe9k0Mnb9FAd gKmogKIL9gvuR+6fbzpb0Ifmhmf9ZKu8Y65Qi3iy9uefCWcTm4+zkp3GHc+XiGgTmclE xXNuq9TndxjVqMXhpvyJxtAZZuV5PlKbm2UZDpia1vOU8vif6QxPN/uOnHrblelZ+KgZ ScraOyE/FR3Ouu6hqM9n49861G9REXeS1QrA2H+iA/9nyS0/zZtMi4R+15mf+ELA2Y9z uofSR7d0FfgeBRs17be1UmY1lGuONH7r5UxuQYU8dYAtzpLsEK7k8NahysvXrLfvSk0C p8sA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=IejTJ8+IddL0jeeALGSgcaHRpW83u7T/BjYtdKQd5m4=; fh=z7hWJI1M5nuVMmhbGg+PbdS3I2mFF0VjuBQ91Kwl3Iw=; b=a388fgDkOHVYrMSoguMUoZ1AuGApXd92NFuyqReVkpPB6IERzfzWPK5Beu9xHbvevl hKCupyP+f7ixDOmHi0i5sp7xh6rGZjn4LZX98ImgtGgHbQXdZ9XEAppsHu0P7rYsNeGJ ooMP2ogJO3rPkcCCBa4T3v18zvNr2g4SkWs8NQ1xtKsGq+06daknfAUJs7T0tUrXu2oT r0taUCqLwyQERAsdJD4NYIsXNTYm0WdWdZGa4kbiEPfpmxjkG7R9DRorGAz/6X/yzms9 2Zz4V5MHE9uMNbwpXBSOn6C4g3eO0PMcYU/HBtBit05U2ekfjU1TLN3dMvK/XQIRkmSq CQ/A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ujx3ucZw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115911-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115911-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id m15-20020a1709062acf00b00a466478c797si2199533eje.886.2024.03.25.01.10.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:10:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-115911-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ujx3ucZw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115911-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115911-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 1B7211F30829 for ; Mon, 25 Mar 2024 08:10:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4B3093891AD; Mon, 25 Mar 2024 03:03:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ujx3ucZw" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 500F41487D3; Sun, 24 Mar 2024 23:15:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322111; cv=none; b=QXB7y0/JtTHbeBSVtxHCvwtQIgrIsUf0x7PnBlxyYxPbXLYxHpoy17JrdkZMSw8Fy2uo7v9MG/DVv5f7cavgeK4uM86UJ+qETCXZuTJTCs4RWrDWYW587+wFOGILAD5QgRbubfxgeOkV+dVzbDP8wq+bmAErTyM3szoz2kuSWcM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322111; c=relaxed/simple; bh=LtomxvTbkuJMqcMhjCYFUcOFgg5TJNgDVGGS6PHtBKU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=icZvDnd9h2fNCC3UCTq8iibAX6F4QMZDQFt6qDCeOOCfTFe0RJR3trhpH4lZqb2v1TaWZKZ7r+u9cz39NvrIyW01FmPw4lcct6VahReHuNcQfBNVx/3lx4KZ6M+SXFSuysWqdnJZUn44weyIUkY1oENVJZWbV9RZuEAFHCafxS4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ujx3ucZw; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75F63C433F1; Sun, 24 Mar 2024 23:15:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711322110; bh=LtomxvTbkuJMqcMhjCYFUcOFgg5TJNgDVGGS6PHtBKU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ujx3ucZwzOEx8xv6u+dLc7ZBkFJaWP2Osu1juxgSj/LRwGRMVsiLB4XONU2an9ANx 2dFakzvttHbNzZg84Qy2LQp/Q24JZu0VT18hASHbV7uNPP0NzCK9yuIJn/OJS0NLce 6t96TloiuCgwZlMqHA27HnfQqUPWl9udKKrPBWUZINaz8srNmoIXkoQyK3uJxwxUWO lzcVMiajFyoWr6wIbnmtLS4EpoPtoR5BL2HDSTlWwCSSf+k0AcrGZe1976vNaP5+wk ET5RgzU1btRIOFDWxBA8bL8UXAr19TsfZ0IdU7+vnoXgY42HxHbFwzICfnqxhn5A/1 KPN1boKmjgm9Q== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Kees Cook , Guixiong Wei , Juergen Gross , Sasha Levin Subject: [PATCH 6.1 185/451] x86, relocs: Ignore relocations in .notes section Date: Sun, 24 Mar 2024 19:07:41 -0400 Message-ID: <20240324231207.1351418-186-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org> References: <20240324231207.1351418-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Kees Cook [ Upstream commit aaa8736370db1a78f0e8434344a484f9fd20be3b ] When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map. Reported-by: Guixiong Wei Closes: https://lore.kernel.org/all/20240218073501.54555-1-guixiongwei@gmail.com/ Fixes: 5ead97c84fa7 ("xen: Core Xen implementation") Fixes: da1a679cde9b ("Add /sys/kernel/notes") Reviewed-by: Juergen Gross Signed-off-by: Kees Cook Signed-off-by: Sasha Levin --- arch/x86/tools/relocs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 2925074b9a588..9a5b101c45023 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -653,6 +653,14 @@ static void print_absolute_relocs(void) if (!(sec_applies->shdr.sh_flags & SHF_ALLOC)) { continue; } + /* + * Do not perform relocations in .notes section; any + * values there are meant for pre-boot consumption (e.g. + * startup_xen). + */ + if (sec_applies->shdr.sh_type == SHT_NOTE) { + continue; + } sh_symtab = sec_symtab->symtab; sym_strtab = sec_symtab->link->strtab; for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) { -- 2.43.0