* [PATCH] kallsyms: fix absolute addresses for kASLR
@ 2014-02-21 20:10 Kees Cook
2014-02-25 1:29 ` Rusty Russell
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2014-02-21 20:10 UTC (permalink / raw)
To: linux-kernel
Cc: Michal Marek, Andi Kleen, Rusty Russell, Fabio Estevam, Ming Lei,
Andy Honig, Andrew Morton, H. Peter Anvin, x86
From: Andy Honig <ahonig@google.com>
Currently symbols that are absolute addresses are incorrectly
displayed in /proc/kallsyms if the kernel is loaded with kASLR.
The problem was that the scripts/kallsyms.c file which generates
the array of symbol names and addresses uses an relocatable value
for all symbols, even absolute symbols. This patch fixes that.
Several kallsyms output in different boot states for comparison:
$ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.nokaslr
0000000000000000 D __per_cpu_start
0000000000014280 D __per_cpu_end
ffffffff810001c8 T _stext
$ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr1
000000001f200000 D __per_cpu_start
000000001f214280 D __per_cpu_end
ffffffffa02001c8 T _stext
$ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr2
000000000d400000 D __per_cpu_start
000000000d414280 D __per_cpu_end
ffffffff8e4001c8 T _stext
$ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr-fixed
0000000000000000 D __per_cpu_start
0000000000014280 D __per_cpu_end
ffffffffadc001c8 T _stext
Signed-off-by: Andy Honig <ahonig@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
scripts/kallsyms.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index 10085de886fe..276e84b8a8e5 100644
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -330,8 +330,7 @@ static void write_src(void)
printf("\tPTR\t_text + %#llx\n",
table[i].addr - _text);
else
- printf("\tPTR\t_text - %#llx\n",
- _text - table[i].addr);
+ printf("\tPTR\t%#llx\n", table[i].addr);
} else {
printf("\tPTR\t%#llx\n", table[i].addr);
}
--
1.7.9.5
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] kallsyms: fix absolute addresses for kASLR
2014-02-21 20:10 [PATCH] kallsyms: fix absolute addresses for kASLR Kees Cook
@ 2014-02-25 1:29 ` Rusty Russell
2014-02-26 6:15 ` Kees Cook
0 siblings, 1 reply; 3+ messages in thread
From: Rusty Russell @ 2014-02-25 1:29 UTC (permalink / raw)
To: Kees Cook, linux-kernel
Cc: Michal Marek, Andi Kleen, Fabio Estevam, Ming Lei, Andy Honig,
Andrew Morton, H. Peter Anvin, x86, Vivek Goyal
Kees Cook <keescook@chromium.org> writes:
> From: Andy Honig <ahonig@google.com>
>
> Currently symbols that are absolute addresses are incorrectly
> displayed in /proc/kallsyms if the kernel is loaded with kASLR.
>
> The problem was that the scripts/kallsyms.c file which generates
> the array of symbol names and addresses uses an relocatable value
> for all symbols, even absolute symbols. This patch fixes that.
Hi Andy, Kees,
This is not a good patch. See the commit where this was
introduced:
[PATCH] relocatable kernel: Fix kallsyms on avr32 after relocatable kernel changes
o On some platforms like avr32, section init comes before .text and
not necessarily a symbol's relative position w.r.t _text is positive.
In such cases assembler detects the overflow and emits warning. This
patch fixes it.
Did you just break avr32?
And absolute symbols are supposed to be handled in the other branch:
for (i = 0; i < table_cnt; i++) {
if (toupper(table[i].sym[0]) != 'A') {
if (_text <= table[i].addr)
printf("\tPTR\t_text + %#llx\n",
table[i].addr - _text);
else
printf("\tPTR\t_text - %#llx\n",
_text - table[i].addr);
} else {
printf("\tPTR\t%#llx\n", table[i].addr);
}
}
__per_cpu_start is not an absolute symbol anyway.
You need to fix this properly.
Rusty.
> Several kallsyms output in different boot states for comparison:
>
> $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.nokaslr
> 0000000000000000 D __per_cpu_start
> 0000000000014280 D __per_cpu_end
> ffffffff810001c8 T _stext
> $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr1
> 000000001f200000 D __per_cpu_start
> 000000001f214280 D __per_cpu_end
> ffffffffa02001c8 T _stext
> $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr2
> 000000000d400000 D __per_cpu_start
> 000000000d414280 D __per_cpu_end
> ffffffff8e4001c8 T _stext
> $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr-fixed
> 0000000000000000 D __per_cpu_start
> 0000000000014280 D __per_cpu_end
> ffffffffadc001c8 T _stext
>
> Signed-off-by: Andy Honig <ahonig@google.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> scripts/kallsyms.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
> index 10085de886fe..276e84b8a8e5 100644
> --- a/scripts/kallsyms.c
> +++ b/scripts/kallsyms.c
> @@ -330,8 +330,7 @@ static void write_src(void)
> printf("\tPTR\t_text + %#llx\n",
> table[i].addr - _text);
> else
> - printf("\tPTR\t_text - %#llx\n",
> - _text - table[i].addr);
> + printf("\tPTR\t%#llx\n", table[i].addr);
> } else {
> printf("\tPTR\t%#llx\n", table[i].addr);
> }
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] kallsyms: fix absolute addresses for kASLR
2014-02-25 1:29 ` Rusty Russell
@ 2014-02-26 6:15 ` Kees Cook
0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2014-02-26 6:15 UTC (permalink / raw)
To: Rusty Russell
Cc: LKML, Michal Marek, Andi Kleen, Fabio Estevam, Ming Lei,
Andy Honig, Andrew Morton, H. Peter Anvin, x86@kernel.org,
Vivek Goyal
On Mon, Feb 24, 2014 at 5:29 PM, Rusty Russell <rusty@rustcorp.com.au> wrote:
> Kees Cook <keescook@chromium.org> writes:
>> From: Andy Honig <ahonig@google.com>
>>
>> Currently symbols that are absolute addresses are incorrectly
>> displayed in /proc/kallsyms if the kernel is loaded with kASLR.
>>
>> The problem was that the scripts/kallsyms.c file which generates
>> the array of symbol names and addresses uses an relocatable value
>> for all symbols, even absolute symbols. This patch fixes that.
>
> Hi Andy, Kees,
>
> This is not a good patch. See the commit where this was
> introduced:
>
> [PATCH] relocatable kernel: Fix kallsyms on avr32 after relocatable kernel changes
>
> o On some platforms like avr32, section init comes before .text and
> not necessarily a symbol's relative position w.r.t _text is positive.
> In such cases assembler detects the overflow and emits warning. This
> patch fixes it.
>
> Did you just break avr32?
>
> And absolute symbols are supposed to be handled in the other branch:
>
> for (i = 0; i < table_cnt; i++) {
> if (toupper(table[i].sym[0]) != 'A') {
> if (_text <= table[i].addr)
> printf("\tPTR\t_text + %#llx\n",
> table[i].addr - _text);
> else
> printf("\tPTR\t_text - %#llx\n",
> _text - table[i].addr);
> } else {
> printf("\tPTR\t%#llx\n", table[i].addr);
> }
> }
>
> __per_cpu_start is not an absolute symbol anyway.
>
> You need to fix this properly.
> Rusty.
Hm, yeah, it seems we need another class of variable. The per_cpu
stuff is technically relative, but it's not relocated, since it's not
relative to the text location. We'll see how to do this more sanely.
Thanks!
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-02-26 6:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-21 20:10 [PATCH] kallsyms: fix absolute addresses for kASLR Kees Cook
2014-02-25 1:29 ` Rusty Russell
2014-02-26 6:15 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox