From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F11248F67 for ; Thu, 12 Jan 2023 22:52:05 +0000 (UTC) Received: by mail-pf1-f178.google.com with SMTP id c85so11619111pfc.8 for ; Thu, 12 Jan 2023 14:52:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=qGzpVXVZJBxVSuxadEWvg4MKTBZjxKJs39rQcy5lmFE=; b=eLd66psaJyTY0o+SECDvDCAxyeNot+3ySDB7Alqd8a04alesaBk8MayBs84vmKFoD8 wj383NdhMCeiYqbt8lkBNYeT3OkHqtI1Zo7FgIwLSlX186/R3HJu3krovcjPMZXp7Ppj kf3CurVCnKQLLPN65Ac1+gMDsOur7cB/aLd50= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=qGzpVXVZJBxVSuxadEWvg4MKTBZjxKJs39rQcy5lmFE=; b=EFbVa6gvP64N8JDE8ffPaQ39AVVfXXQbA/mRPRkALlhznpQsuZT3FqINfn+1S0PRRP y+Dz0OjPmvu71BS1w978R7sZkbybiDWp51z3dTqvymTTc15s3/xqG13CEk5FMXIhYtVs EagVX37yaCDK5AtqSw9ZHT98lf0LMb20CcoQ6s4c7VOp2EmRs5khbvZGxwjo9pFP1ytS +INn1OQMqaEp5FwnHPvBDkQaqJHubdWsD52EnSuaTgnZlb2E8CBLJMv+8TPn1gPeaipC 2XmLxfYdTI64M03Zj4r6V2t9yQjGWiGkhTm0sADnq/066h+jKZ77xlNXamfDNqizdTpb zl3A== X-Gm-Message-State: AFqh2kqYeY07kXWAot/ZAIhNynvzO1xiapTLHdlVahl5XmKjP8lyHIQ/ Hg1hRU8nn/7PdHyskgr5n1d5TQ== X-Google-Smtp-Source: AMrXdXuWd2HxZyhxrIMvDN1rPCXs/6VU64zWjlLR8SRcj00i6cU2LoAPOuaAGdX5kvalG6Tq6nMWkA== X-Received: by 2002:a62:61c3:0:b0:581:2a6:f04c with SMTP id v186-20020a6261c3000000b0058102a6f04cmr7649731pfb.30.1673563925402; Thu, 12 Jan 2023 14:52:05 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b7-20020a62cf07000000b0058af0b6dc7csm5442653pfg.75.2023.01.12.14.52.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 14:52:05 -0800 (PST) Date: Thu, 12 Jan 2023 14:52:04 -0800 From: Kees Cook To: Sami Tolvanen Cc: "Peter Zijlstra (Intel)" , Masahiro Yamada , Nathan Chancellor , Nick Desaulniers , linux-kbuild@vger.kernel.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] kbuild: Fix CFI hash randomization with KASAN Message-ID: <202301121452.37FE29F29B@keescook> References: <20230112224948.1479453-1-samitolvanen@google.com> <20230112224948.1479453-2-samitolvanen@google.com> Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230112224948.1479453-2-samitolvanen@google.com> On Thu, Jan 12, 2023 at 10:49:48PM +0000, Sami Tolvanen wrote: > Clang emits a asan.module_ctor constructor to each object file > when KASAN is enabled, and these functions are indirectly called > in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI > type hash before each address-taken global function so they can > pass indirect call checks. > > However, in commit 0c3e806ec0f9 ("x86/cfi: Add boot time hash > randomization"), x86 implemented boot time hash randomization, > which relies on the .cfi_sites section generated by objtool. As > objtool is run against vmlinux.o instead of individual object > files with X86_KERNEL_IBT (enabled by default), CFI types in > object files that are not part of vmlinux.o end up not being > included in .cfi_sites, and thus won't get randomized and trip > CFI when called. > > Only .vmlinux.export.o and init/version-timestamp.o are linked > into vmlinux separately from vmlinux.o. As these files don't > contain any functions, disable KASAN for both of them to avoid > breaking hash randomization. > > Link: https://github.com/ClangBuiltLinux/linux/issues/1742 > Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook -- Kees Cook