From: Kees Cook <keescook@chromium.org>
To: Kristen Carlson Accardi <kristen@linux.intel.com>
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
arjan@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com, rick.p.edgecombe@intel.com
Subject: Re: [PATCH v3 00/10] Function Granular KASLR
Date: Wed, 24 Jun 2020 00:40:29 -0700 [thread overview]
Message-ID: <202006240030.60C3490@keescook> (raw)
In-Reply-To: <20200623172327.5701-1-kristen@linux.intel.com>
On Tue, Jun 23, 2020 at 10:23:17AM -0700, Kristen Carlson Accardi wrote:
> Function Granular Kernel Address Space Layout Randomization (fgkaslr)
I've built and booted this successfully with both GCC/bfd and Clang/lld:
gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0
GNU ld (GNU Binutils for Ubuntu) 2.34
clang version 11.0.0 (https://github.com/llvm/llvm-project.git c32d695b099109118dbd50dd697fffe23cd9a529)
LLD 11.0.0 (https://github.com/llvm/llvm-project.git c32d695b099109118dbd50dd697fffe23cd9a529)
Tested-by: Kees Cook <keescook@chromium.org>
Clang + objtool is a bit noisy, but I haven't investigated why:
kernel/panic.o: warning: objtool: .text.nmi_panic: unexpected end of section
kernel/panic.o: warning: objtool: .text.__warn_printk: unexpected end of section
kernel/cred.o: warning: objtool: .text.exit_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.get_task_cred: unexpected end of section
kernel/cred.o: warning: objtool: .text.cred_alloc_blank: unexpected end of section
kernel/cred.o: warning: objtool: .text.abort_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.prepare_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.copy_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.override_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.revert_creds: unexpected end of section
kernel/cred.o: warning: objtool: .text.prepare_kernel_cred: unexpected end of section
And when interacting with my orphan-section series[1], this patch is
needed to keep from getting A LOT of warnings. ;)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index af3d004d9a7e..de687ffa4966 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -57,9 +57,14 @@ ifndef CONFIG_FG_KASLR
endif
endif
+ifndef CONFIG_FG_KASLR
# We never want expected sections to be placed heuristically by the
# linker. All sections should be explicitly named in the linker script.
+# However, without a way to provide a wildcard mapping from input
+# sections named .text.* to identically named output sections, this
+# can only be used with FGKASLR is disabled.
LDFLAGS_vmlinux += --orphan-handling=warn
+endif
#
# Prevent GCC from generating any FP code by mistake.
[1] https://lore.kernel.org/lkml/20200624014940.1204448-1-keescook@chromium.org/
--
Kees Cook
prev parent reply other threads:[~2020-06-24 7:40 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 17:23 [PATCH v3 00/10] Function Granular KASLR Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 01/10] objtool: Do not assume order of parent/child functions Kristen Carlson Accardi
2020-06-24 3:08 ` Josh Poimboeuf
2020-06-23 17:23 ` [PATCH v3 02/10] x86: tools/relocs: Support >64K section headers Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 03/10] x86/boot: Allow a "silent" kaslr random byte fetch Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 04/10] x86: Makefile: Add build and config option for CONFIG_FG_KASLR Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 05/10] x86: Make sure _etext includes function sections Kristen Carlson Accardi
2020-06-24 4:52 ` Kees Cook
2020-06-23 17:23 ` [PATCH v3 06/10] x86/tools: Add relative relocs for randomized functions Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 07/10] x86/boot/compressed: change definition of STATIC Kristen Carlson Accardi
2020-06-24 6:54 ` Kees Cook
2020-06-23 17:23 ` [PATCH v3 08/10] x86: Add support for function granular KASLR Kristen Carlson Accardi
2020-06-24 7:11 ` Kees Cook
2020-06-23 17:23 ` [PATCH v3 09/10] kallsyms: Hide layout Kristen Carlson Accardi
2020-06-24 7:20 ` Kees Cook
2020-06-24 7:25 ` Kees Cook
2020-06-24 10:21 ` Jann Horn
2020-06-24 15:18 ` Kees Cook
2020-06-25 16:19 ` Kristen Carlson Accardi
2020-07-07 22:58 ` Kristen Carlson Accardi
2020-07-07 23:16 ` Luck, Tony
2020-07-08 16:47 ` Kristen Carlson Accardi
2020-06-23 17:23 ` [PATCH v3 10/10] module: Reorder functions Kristen Carlson Accardi
2020-06-24 7:40 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006240030.60C3490@keescook \
--to=keescook@chromium.org \
--cc=arjan@linux.intel.com \
--cc=bp@alien8.de \
--cc=kernel-hardening@lists.openwall.com \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.