From: Alexander Lobakin <alexandr.lobakin@intel.com>
To: linux-hardening@vger.kernel.org, x86@kernel.org
Cc: Alexander Lobakin <alexandr.lobakin@intel.com>,
Jesse Brandeburg <jesse.brandeburg@intel.com>,
Kristen Carlson Accardi <kristen@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Ard Biesheuvel <ardb@kernel.org>, Tony Luck <tony.luck@intel.com>,
Bruce Schlobohm <bruce.schlobohm@intel.com>,
Jessica Yu <jeyu@kernel.org>, kernel test robot <lkp@intel.com>,
Miroslav Benes <mbenes@suse.cz>,
Evgenii Shatokhin <eshatokhin@virtuozzo.com>,
Jonathan Corbet <corbet@lwn.net>,
Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
Nick Desaulniers <ndesaulniers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Nathan Chancellor <nathan@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Marios Pomonis <pomonis@google.com>,
Sami Tolvanen <samitolvanen@google.com>,
linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-arch@vger.kernel.org, live-patching@vger.kernel.org,
llvm@lists.linux.dev
Subject: [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR
Date: Thu, 2 Dec 2021 23:32:08 +0100 [thread overview]
Message-ID: <20211202223214.72888-9-alexandr.lobakin@intel.com> (raw)
In-Reply-To: <20211202223214.72888-1-alexandr.lobakin@intel.com>
If any type of function granular randomization is enabled, the sympos
algorithm will fail, as it will be impossible to resolve symbols when
there are duplicates using the previous symbol position.
We could override sympos to 0, but make it more clear to the user
and bail out if the symbol is not unique.
Suggested-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
---
kernel/livepatch/core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 335d988bd811..10ea75111057 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -169,6 +169,17 @@ static int klp_find_object_symbol(const char *objname, const char *name,
else
kallsyms_on_each_symbol(klp_find_callback, &args);
+ /*
+ * If function granular randomization is enabled, it is impossible
+ * to resolve symbols when there are duplicates using the previous
+ * symbol position (i.e. sympos != 0).
+ */
+ if (IS_ENABLED(CONFIG_FG_KASLR) && sympos) {
+ pr_err("FG-KASLR is enabled, specifying symbol position %lu for symbol '%s' in object '%s' does not work\n",
+ sympos, name, objname ? objname : "vmlinux");
+ goto out_err;
+ }
+
/*
* Ensure an address was found. If sympos is 0, ensure symbol is unique;
* otherwise ensure the symbol position count matches sympos.
@@ -186,6 +197,7 @@ static int klp_find_object_symbol(const char *objname, const char *name,
return 0;
}
+out_err:
*addr = 0;
return -EINVAL;
}
--
2.33.1
next prev parent reply other threads:[~2021-12-02 22:33 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-02 22:32 [PATCH v8 00/14] Function Granular KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 01/14] x86: Makefile: Add build and config option for CONFIG_FG_KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 02/14] x86/tools: Add relative relocs for randomized functions Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 03/14] x86: Add support for function granular KASLR Alexander Lobakin
2021-12-03 9:18 ` Peter Zijlstra
2021-12-03 13:57 ` Alexander Lobakin
2021-12-03 10:34 ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 04/14] linkage: add macros for putting ASM functions into own sections Alexander Lobakin
2021-12-03 9:31 ` Peter Zijlstra
2021-12-03 14:08 ` Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 05/14] x86: conditionally place regular ASM functions into separate sections Alexander Lobakin
2021-12-03 9:44 ` Peter Zijlstra
2021-12-03 14:10 ` Alexander Lobakin
2021-12-03 16:34 ` Peter Zijlstra
2021-12-03 16:51 ` H.J. Lu
2021-12-03 19:46 ` Nicolas Pitre
2021-12-04 8:31 ` Ard Biesheuvel
2021-12-04 8:55 ` Peter Zijlstra
2021-12-10 11:01 ` Alexander Lobakin
2021-12-10 13:20 ` Nicolas Pitre
2021-12-02 22:32 ` [PATCH v8 06/14] FG-KASLR: use a scripted approach to handle .text.* sections Alexander Lobakin
2021-12-03 9:54 ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 07/14] kallsyms: Hide layout Alexander Lobakin
2021-12-03 10:00 ` Peter Zijlstra
2021-12-03 10:03 ` Ard Biesheuvel
2021-12-07 5:31 ` Josh Poimboeuf
2021-12-02 22:32 ` Alexander Lobakin [this message]
2021-12-03 10:05 ` [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR Peter Zijlstra
2021-12-03 14:14 ` Alexander Lobakin
2021-12-06 6:03 ` Josh Poimboeuf
2021-12-02 22:32 ` [PATCH v8 09/14] x86/boot: allow FG-KASLR to be selected Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 10/14] arm64/crypto: conditionally place ASM functions into separate sections Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 11/14] module: Reorder functions Alexander Lobakin
2021-12-03 10:23 ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 12/14] module: use a scripted approach for FG-KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 13/14] Documentation: add documentation " Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 14/14] maintainers: add MAINTAINERS entry " Alexander Lobakin
2021-12-03 10:38 ` [PATCH v8 00/14] Function Granular KASLR Peter Zijlstra
2021-12-03 14:41 ` Alexander Lobakin
2021-12-03 16:32 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211202223214.72888-9-alexandr.lobakin@intel.com \
--to=alexandr.lobakin@intel.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bruce.schlobohm@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=eshatokhin@virtuozzo.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jesse.brandeburg@intel.com \
--cc=jeyu@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kristen@linux.intel.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=masahiroy@kernel.org \
--cc=mbenes@suse.cz \
--cc=mhiramat@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=miklos@szeredi.hu \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=pomonis@google.com \
--cc=samitolvanen@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.