From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E693EC433E0 for ; Fri, 12 Mar 2021 02:41:17 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7673964F64 for ; Fri, 12 Mar 2021 02:41:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7673964F64 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=cImhZfPAXQ4Sdy60Tvx78Plwx5TQZdF4xpy+H7qkJT8=; b=Ek/6dmKnX0zf6XVwG+FexUcno K8Ow7aVygLqhcfrHI1/yaaA6+ifcVyXha8D9jVyiGKAV7GqpBnkxK535IWRH+XLQ4jfD/bY0V+eAq v7pSTlTT4kq9UvTmN5QRQXYWf12m6pOVf8J7yoMoi1jI6kFwaQtjPeFiqNei/6y5HAIj+6YjMc/I3 Las8z+S9na2s4NQ3b4VWz/2Fp15k1kYY15TadMlM3Q1AttdyyxXQ6nbZ8GbTKk4yOvcSvILf5+D1l hX3dNBj7O/EjuMaCmM9hZSSx2tGjUw3ymX+ATSVid2xZ9n7wLH+/E5m8w8euOQml3MRUPnm+62VGC V/qa0qiAA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKXiA-00AU3U-BU; Fri, 12 Mar 2021 02:39:34 +0000 Received: from mail-pl1-x62f.google.com ([2607:f8b0:4864:20::62f]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lKXi4-00AU3C-Og for linux-arm-kernel@lists.infradead.org; Fri, 12 Mar 2021 02:39:32 +0000 Received: by mail-pl1-x62f.google.com with SMTP id 30so6658553ple.4 for ; Thu, 11 Mar 2021 18:39:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=djQZd3ysyoSutQHrswnBnuimUYSb59dZwog3T2MV0T0=; b=mLI4wibQX2QDrTDp0g3oVwAnp8g8JH2ZHX3coY+tloIS7hQDHaHg7O3U0tqNyPkaXm 8rDqn7xBBo4XHsB+a2U3CBHCbqJ61M0ldpB/4IwR6Z3ug6eLs539FiVfed3DGaRV2ZTJ k+65bJQ0eM8Sc9pNW/ZbuOFd1znR6iQPephC8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=djQZd3ysyoSutQHrswnBnuimUYSb59dZwog3T2MV0T0=; b=pCZYFmdTZ1ed1K3/tTdTsRqNEUQe7pq0CrqKWjNSdCwdNoYa9S0+vSTJEikTieSFge Ytrgdenm+GgVzBqkL+n2DDkRTBhqJ9KG8NY+fmuRyeSo87D30dnJr0LA28at2yrOn+n8 Rrev+E3NiUkz1Mngn1UTyt+agznsZ+NGGTGlxZPmwIKNiVCye8dH0jqvUCsfagXSllL2 pCJQ5qW4cEi+8hJbGNlfD4VEjGFsGISG/FNqZkQBG3W+blTj5vQBdU338DNpgeVLmTVA qqu+q9Z3tj3sRgoWz8ip7vo9X1aAm6o08a05vgBU3c0pn9Uel9xnIWKUZQ1GRNYPOkgC BY/g== X-Gm-Message-State: AOAM530b8lXnvOeNPy2wGgVXCsWYFGxEqKMUThg9bB6lJbYlxpagPE5P zw1Vda4ALYhS+N52qeidIxtu/w== X-Google-Smtp-Source: ABdhPJyXid/WhlRRi3IuEn/gj018RDIJnIysnt+MQKHLqWW7jwLJATluPmfQx4YLScgrHSTI05ABow== X-Received: by 2002:a17:902:344:b029:e4:a7ab:2e55 with SMTP id 62-20020a1709020344b02900e4a7ab2e55mr11594605pld.63.1615516765493; Thu, 11 Mar 2021 18:39:25 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id k127sm3858828pfd.63.2021.03.11.18.39.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Mar 2021 18:39:24 -0800 (PST) Date: Thu, 11 Mar 2021 18:39:23 -0800 From: Kees Cook To: Sami Tolvanen Cc: Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 04/17] module: cfi: ensure __cfi_check alignment Message-ID: <202103111837.813997B4@keescook> References: <20210312004919.669614-1-samitolvanen@google.com> <20210312004919.669614-5-samitolvanen@google.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210312004919.669614-5-samitolvanen@google.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210312_023930_210964_05CBCA25 X-CRM114-Status: GOOD ( 23.56 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Mar 11, 2021 at 04:49:06PM -0800, Sami Tolvanen wrote: > CONFIG_CFI_CLANG_SHADOW assumes the __cfi_check() function is page > aligned and at the beginning of the .text section. While Clang would > normally align the function correctly, it fails to do so for modules > with no executable code. > > This change ensures the correct __cfi_check() location and > alignment. It also discards the .eh_frame section, which Clang can > generate with certain sanitizers, such as CFI. > > Link: https://bugs.llvm.org/show_bug.cgi?id=46293 > Signed-off-by: Sami Tolvanen > --- > scripts/module.lds.S | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/scripts/module.lds.S b/scripts/module.lds.S > index 168cd27e6122..552ddb084f76 100644 > --- a/scripts/module.lds.S > +++ b/scripts/module.lds.S > @@ -3,10 +3,13 @@ > * Archs are free to supply their own linker scripts. ld will > * combine them automatically. > */ > +#include > + > SECTIONS { > /DISCARD/ : { > *(.discard) > *(.discard.*) > + *(.eh_frame) > } > > __ksymtab 0 : { *(SORT(___ksymtab+*)) } > @@ -40,7 +43,16 @@ SECTIONS { > *(.rodata..L*) > } > > - .text : { *(.text .text.[0-9a-zA-Z_]*) } > +#ifdef CONFIG_CFI_CLANG > + /* > + * With CFI_CLANG, ensure __cfi_check is at the beginning of the > + * .text section, and that the section is aligned to page size. > + */ > + .text : ALIGN(PAGE_SIZE) { > + *(.text.__cfi_check) > + *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) > + } > +#endif Whoops, I think this reverts to the default .text declaration when CONFIG_CFI_CLANG is unset. I think the only thing that needs the ifdef is the ALIGN, yes? Perhaps something like this? #ifdef CONFIG_CFI_CLANG # define ALIGN_CFI ALIGN(PAGE_SIZE) #else # define ALIGN_CFI #endif .text : ALIGN_CFI { *(.text.__cfi_check) *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) } -Kees > } > > /* bring in arch-specific sections */ > -- > 2.31.0.rc2.261.g7f71774620-goog > -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel