From patchwork Thu Apr 1 23:32:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12179979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B227AC433B4 for ; Thu, 1 Apr 2021 23:35:10 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5399361105 for ; Thu, 1 Apr 2021 23:35:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5399361105 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:From:Subject:References:Mime-Version: Message-Id:In-Reply-To:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kIEANylZq4B8D1fP4Ek8xUpnvtOycCBoAbUpgeBng4c=; b=J5cVZYOlT5mTbj 3WazvoOLrhKbO2ce6Y1mG165u7yUcEb5wloh0IKkEeV8vllqxRKLyeKzi56PQ4XWiatB5+nJWtheL wyUhplg1sYQ3oGJfBvH5ku+3QdRs0TwSBiTYPuvW1a1ge4cCeyFOyJvpHvvonPCO/sWEquhN9pIpd 7BbnvnhZZ2g+bp4AtAFfxffdDXmKI/d+49t9IpmrkvvU//J91TuRF6C8CC2O51GqjbWJYzdDeX951 5R5bb7jLU36nqOFkXozX61F9O4lH6ZdzYjgZGSu+4i5ESeKNKyDzxLOI4TPcEt4F21kF3pAEu1jhj fY+Io6O5kHQLF8Si00xg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lS6oZ-00BMHy-VJ; Thu, 01 Apr 2021 23:33:30 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lS6nd-00BLyE-41 for linux-arm-kernel@lists.infradead.org; Thu, 01 Apr 2021 23:32:32 +0000 Received: by mail-yb1-xb49.google.com with SMTP id f75so7409921yba.8 for ; Thu, 01 Apr 2021 16:32:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=X7pKNQoykGsVEBpcKZlriYQJ1U+ZvEkb/I/sJpCEmoM=; b=BjeqB6czPiyblykb6PBqbuo0xYMJRyLf/oeNx84DE4R1fttODxk2bFz8ZBL75Fuvgw 6F/tOm2Du9GhJn2mmq+CkjLQeGoCDGcqzKXhnGnQJQtJAyZ0HZhS6MkmhStYDbWSofMA 68PW7Ihe35F8GXNvpgR24UJGY5/BeWu5RHMSwgkH8ITuRBjDaoNZjNQSTirk5hAXUmTp ZPjj5XXJCkZx73K1M8xMs4EZ67o5T3/A9AenBMN46C4kl1tYZt3s49w2u2H03hLXhD7j BsR61PVQf5F2iEv11ANBBbHx3c7rBoBvCxGY1fhbGX98hjjeSXxMbBi79tgKpmDn/EHg EaEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=X7pKNQoykGsVEBpcKZlriYQJ1U+ZvEkb/I/sJpCEmoM=; b=lsSVDVCYp+E9YOo6vaNbhNnJCWRpJ6MFKP/Jhco4qjMk8Dp88+QAyM+PaiEHrJw1PS bHMpXqKCGwFiTUQlAMmoGPM/HHHu5ty9xEeVEP1L+jM0aZVIRcE0jXVybmRoqeJobDYH U5Qzjny+7/pWWK7lmWwF1Y94i3Uclw+c5iPt6RcYlXT7FO5KFLqg4y1Su5aLl916QDsb KewD/G88nUVfOznSkX9An2CrFgmEm9jzJODh4GI8uONdkw2pbALdyNG1vn0Uat3FKQQ4 3z3VVzPatMSgBYjyw+foWfPNd3fOBGu4Cy4Ou+Bepz9K0FiXiRFpXMvBM2WQkbHKugRg l2QQ== X-Gm-Message-State: AOAM533HX8kHIWEy3isu3t4UJFJq5cqc3NSZomgwYo5kZGOyYdoO/xXz yM7Ks9hHNMI0HqZ+ooJh/zMmXFrGLY4Y7hmJGaA= X-Google-Smtp-Source: ABdhPJzdtiwlIR4zsNDFW5ioAx+wS4lt7L2o01q4Wrd2ySGr3BrZwRNBVOL+/rsGqUne1kRNRcwwzZrITvNNBaKI1jg= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:4cd1:da86:e91b:70b4]) (user=samitolvanen job=sendgmr) by 2002:a25:25d7:: with SMTP id l206mr15429911ybl.43.1617319946420; Thu, 01 Apr 2021 16:32:26 -0700 (PDT) Date: Thu, 1 Apr 2021 16:32:02 -0700 In-Reply-To: <20210401233216.2540591-1-samitolvanen@google.com> Message-Id: <20210401233216.2540591-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20210401233216.2540591-1-samitolvanen@google.com> X-Mailer: git-send-email 2.31.0.208.g409f899ff0-goog Subject: [PATCH v5 04/18] module: ensure __cfi_check alignment From: Sami Tolvanen To: Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , "Paul E. McKenney" , Christoph Hellwig , Peter Zijlstra , Sedat Dilek , Mark Rutland , Catalin Marinas , bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210402_003229_618485_DEE63446 X-CRM114-Status: GOOD ( 13.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org CONFIG_CFI_CLANG_SHADOW assumes the __cfi_check() function is page aligned and at the beginning of the .text section. While Clang would normally align the function correctly, it fails to do so for modules with no executable code. This change ensures the correct __cfi_check() location and alignment. It also discards the .eh_frame section, which Clang can generate with certain sanitizers, such as CFI. Link: https://bugs.llvm.org/show_bug.cgi?id=46293 Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Acked-by: Jessica Yu --- scripts/module.lds.S | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 168cd27e6122..f8022b34e388 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,10 +3,20 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ +#ifdef CONFIG_CFI_CLANG +# include +# define ALIGN_CFI ALIGN(PAGE_SIZE) +# define SANITIZER_DISCARDS *(.eh_frame) +#else +# define ALIGN_CFI +# define SANITIZER_DISCARDS +#endif + SECTIONS { /DISCARD/ : { *(.discard) *(.discard.*) + SANITIZER_DISCARDS } __ksymtab 0 : { *(SORT(___ksymtab+*)) } @@ -40,7 +50,14 @@ SECTIONS { *(.rodata..L*) } - .text : { *(.text .text.[0-9a-zA-Z_]*) } + /* + * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning + * of the .text section, and is aligned to PAGE_SIZE. + */ + .text : ALIGN_CFI { + *(.text.__cfi_check) + *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) + } } /* bring in arch-specific sections */