From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B19331869 for ; Fri, 29 Apr 2022 20:37:26 +0000 (UTC) Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-2dc7bdd666fso84438817b3.7 for ; Fri, 29 Apr 2022 13:37:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=wn6Fk0jdzmyKcWzAtklzhzbugkNpgCzrIA6neEfx0hw=; b=B0ipEFgTHkrk1DW294MGsIOmwMvWMTi7yFa5IvHBScPSSCIQ12inv8qFk9kMkQ+cWo Q10QSGBYwQsJ+1mP+2NJRTJ2NZGdpgNoGUiUQ44g1Cr5ZqLcK7SplW9ejQ+/9J/oKRmF Gc2BAu/DPl7VA2HzLqre22OeoNpvhHeWjiGMJA4K4ERKRcpd1RZMx8A7GDrxViAyVHpo /YbXW0Z+LLwNCzoEK+5FjnolHrsOyMim+pFQeE4KyVUM+oU54jxhjmnYfSZFGTzKELSY 6uw4QPhNnYwzhdxwvFQ5Yu+rG31zgQ2jWlMVVo+VQskxCMWz5snM1X1IrOKP68SgBaO2 uqYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=wn6Fk0jdzmyKcWzAtklzhzbugkNpgCzrIA6neEfx0hw=; b=kFVdw+rwB4PjxlCPrn5dXCShhAl/E/vJrq1GOPG77QqkVBkO+Bx6Ka8lNUrVB+3gSO 5KL8Q1ByU6L49WVYgYJdX/YWFzZZ0vCteg+yWXp/fRtHJya48cew85xoz+3KtU4BCW5u fTN9tH0SGZneYUHDaXsufOf3z5O7BHZxuQoa1vqhGWRl6Onc1XAQcB5XuGHXEh2Z24vd swhnfFuHmRM/LiWdesG7tsqmjv10mbxkwJhbQTuj9QvNZNrR+jkNbrZPf51O71v4PR6y 36wmrbEeIZ0dfmrx1+2922s+RHl8wx3rGnSMOmdlRDlum7SWOHQ5P13xuETym286H66a 5fFg== X-Gm-Message-State: AOAM5321VZdl9BU7lQWtuGwyk2tVfHVpwtqvCpVYw0YgqbIpsBG45oDP MG6XrLa0fDZkigIsjo8b4uCnTTjq4ILxo0+NmEg= X-Google-Smtp-Source: ABdhPJzIdF+dDHh9hmX3ACfTDHmp2X8oeUP0bceeU1/QL1FSMLv4TzO0/t9MouMPiSEZ/YrjXh5v45gGaX2itQXlRUg= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:351:bea9:f158:1021]) (user=samitolvanen job=sendgmr) by 2002:a25:7008:0:b0:648:6d04:f4ab with SMTP id l8-20020a257008000000b006486d04f4abmr1288105ybc.127.1651264645781; Fri, 29 Apr 2022 13:37:25 -0700 (PDT) Date: Fri, 29 Apr 2022 13:36:39 -0700 In-Reply-To: <20220429203644.2868448-1-samitolvanen@google.com> Message-Id: <20220429203644.2868448-17-samitolvanen@google.com> Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20220429203644.2868448-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=10066; h=from:subject; bh=5Ub68Ba6efUThwF+cCSBq2rK+XTwq+L6mbSroJ2k1gE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBibExX80UREFSoz+uKGJsMYz1mV8KXavHjkutESBeW An4NZkSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYmxMVwAKCRBMtfaEi7xW7lD+DA CQoFQ7kl9gHyGLqmu+nwdDyP/PSkHFFRg3CiJvlC0ZRJ2zLoG5Nzrh/KnIA2TmZQz+sHZTegYwvudJ n8i1eZ8VZyWzjuZhZPu/myYCfotxkoUI3gl53m2MOcD0uQYmhDgdubyUDJO9TdtCjwElVp1XY8oMOh 708PBYVRyPioCZ2nwpzUuQ5IhA+bgW16TblTFxij9BF4gxD8PFKfiBEkkasHhKCbHDcGopUVVyVgQK 1XqsebLMxBO0UnFaqkvO6MMfbFw+xYbM/h8Yg0y5Q5JTLhdTr+XSj8ZDlryGNJO6xxJr0Q6poc0yMS AxYKHb4dsc7u84x/sSBolnBK7bjMSlYRfsMKvI9pnltVYatPZ4diR0DkgbuoIpeRQr6yNT65OyPmP3 XHDtXL9jv33JBEavuzC9/Gwa8slGA9SwU/jmu1jf/fiWnTL/kWQEQOtXFSKhgu1hVkkk2/RfUvtxWw ppG6f/2balDMELLoCNfwzhU7imNi9CsYIwxKYQEOtU/Iw= X-Mailer: git-send-email 2.36.0.464.gb9c8b46e94-goog Subject: [RFC PATCH 16/21] objtool: Add support for CONFIG_CFI_CLANG From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" With -fsanitize=kcfi, the compiler injects a type identifier before each function. Teach objtool to recognize the identifier. Signed-off-by: Sami Tolvanen --- scripts/Makefile.build | 3 +- scripts/link-vmlinux.sh | 3 + tools/objtool/arch/x86/include/arch/elf.h | 2 + tools/objtool/builtin-check.c | 3 +- tools/objtool/check.c | 128 ++++++++++++++++++++-- tools/objtool/elf.c | 13 +++ tools/objtool/include/objtool/arch.h | 1 + tools/objtool/include/objtool/builtin.h | 2 +- tools/objtool/include/objtool/elf.h | 2 + 9 files changed, 145 insertions(+), 12 deletions(-) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 9717e6f6fb31..c850ac420b60 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -235,7 +235,8 @@ objtool_args = \ $(if $(CONFIG_RETPOLINE), --retpoline) \ $(if $(CONFIG_X86_SMAP), --uaccess) \ $(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount) \ - $(if $(CONFIG_SLS), --sls) + $(if $(CONFIG_SLS), --sls) \ + $(if $(CONFIG_CFI_CLANG), --kcfi) cmd_objtool = $(if $(objtool-enabled), ; $(objtool) $(objtool_args) $@) cmd_gen_objtooldep = $(if $(objtool-enabled), { echo ; echo '$@: $$(wildcard $(objtool))' ; } >> $(dot-target).cmd) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 20f44504a644..d171f8507db2 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -152,6 +152,9 @@ objtool_link() if is_enabled CONFIG_SLS; then objtoolopt="${objtoolopt} --sls" fi + if is_enabled CONFIG_CFI_CLANG; then + objtoolopt="${objtoolopt} --kcfi" + fi info OBJTOOL ${1} tools/objtool/objtool ${objtoolcmd} ${objtoolopt} ${1} fi diff --git a/tools/objtool/arch/x86/include/arch/elf.h b/tools/objtool/arch/x86/include/arch/elf.h index 69cc4264b28a..8833d989eec7 100644 --- a/tools/objtool/arch/x86/include/arch/elf.h +++ b/tools/objtool/arch/x86/include/arch/elf.h @@ -3,4 +3,6 @@ #define R_NONE R_X86_64_NONE +#define KCFI_TYPEID_LEN 6 + #endif /* _OBJTOOL_ARCH_ELF */ diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index fc6975ab8b06..8a662dcc21be 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -21,7 +21,7 @@ bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, lto, vmlinux, mcount, noinstr, backup, sls, dryrun, - ibt; + ibt, kcfi; static const char * const check_usage[] = { "objtool check [] file.o", @@ -49,6 +49,7 @@ const struct option check_options[] = { OPT_BOOLEAN('S', "sls", &sls, "validate straight-line-speculation"), OPT_BOOLEAN(0, "dry-run", &dryrun, "don't write the modifications"), OPT_BOOLEAN(0, "ibt", &ibt, "validate ENDBR placement"), + OPT_BOOLEAN('k', "kcfi", &kcfi, "detect control-flow integrity type identifiers"), OPT_END(), }; diff --git a/tools/objtool/check.c b/tools/objtool/check.c index bd0c2c828940..e6bee2f2996a 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -27,6 +27,12 @@ struct alternative { bool skip_orig; }; +struct kcfi_type { + struct section *sec; + unsigned long offset; + struct hlist_node hash; +}; + static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; static struct cfi_init_state initial_func_cfi; @@ -143,6 +149,99 @@ static bool is_sibling_call(struct instruction *insn) return (is_static_jump(insn) && insn->call_dest); } +static int kcfi_bits; +static struct hlist_head *kcfi_hash; + +static void *kcfi_alloc_hash(unsigned long size) +{ + kcfi_bits = max(10, ilog2(size)); + kcfi_hash = mmap(NULL, sizeof(struct hlist_head) << kcfi_bits, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, 0); + if (kcfi_hash == (void *)-1L) { + WARN("mmap fail kcfi_hash"); + kcfi_hash = NULL; + } else if (stats) { + printf("kcfi_bits: %d\n", kcfi_bits); + } + + return kcfi_hash; +} + +static void add_kcfi_type(struct kcfi_type *type) +{ + hlist_add_head(&type->hash, + &kcfi_hash[hash_min( + sec_offset_hash(type->sec, type->offset), + kcfi_bits)]); +} + +static bool add_kcfi_types(struct section *sec) +{ + struct reloc *reloc; + + list_for_each_entry(reloc, &sec->reloc_list, list) { + struct kcfi_type *type; + + if (reloc->sym->type != STT_SECTION) { + WARN("unexpected relocation symbol type in %s", sec->name); + return false; + } + + type = malloc(sizeof(*type)); + if (!type) { + perror("malloc"); + return false; + } + + type->sec = reloc->sym->sec; + type->offset = reloc->addend; + + add_kcfi_type(type); + } + + return true; +} + +static int read_kcfi_types(struct objtool_file *file) +{ + if (!kcfi) + return 0; + + if (!kcfi_alloc_hash(file->elf->text_size / 16)) + return -1; + + if (!for_each_section_by_name(file->elf, ".rela.kcfi_types", add_kcfi_types)) + return -1; + + return 0; +} + +static bool is_kcfi_typeid(struct elf *elf, struct instruction *insn) +{ + struct hlist_head *head; + struct kcfi_type *type; + struct reloc *reloc; + + if (!kcfi) + return false; + + /* Compiler-generated annotation in .kcfi_types. */ + head = &kcfi_hash[hash_min(sec_offset_hash(insn->sec, insn->offset), kcfi_bits)]; + + hlist_for_each_entry(type, head, hash) + if (type->sec == insn->sec && type->offset == insn->offset) + return true; + + /* Manual annotation (in assembly code). */ + reloc = find_reloc_by_dest(elf, insn->sec, insn->offset); + + if (reloc && !strncmp(reloc->sym->name, "__kcfi_typeid_", 14)) + return true; + + return false; +} + /* * This checks to see if the given function is a "noreturn" function. * @@ -388,13 +487,18 @@ static int decode_instructions(struct objtool_file *file) insn->sec = sec; insn->offset = offset; - ret = arch_decode_instruction(file, sec, offset, - sec->sh.sh_size - offset, - &insn->len, &insn->type, - &insn->immediate, - &insn->stack_ops); - if (ret) - goto err; + if (is_kcfi_typeid(file->elf, insn)) { + insn->type = INSN_KCFI_TYPEID; + insn->len = KCFI_TYPEID_LEN; + } else { + ret = arch_decode_instruction(file, sec, offset, + sec->sh.sh_size - offset, + &insn->len, &insn->type, + &insn->immediate, + &insn->stack_ops); + if (ret) + goto err; + } /* * By default, "ud2" is a dead end unless otherwise @@ -420,7 +524,8 @@ static int decode_instructions(struct objtool_file *file) } sym_for_each_insn(file, func, insn) { - insn->func = func; + if (insn->type != INSN_KCFI_TYPEID) + insn->func = func; if (insn->type == INSN_ENDBR && list_empty(&insn->call_node)) { if (insn->offset == insn->func->offset) { list_add_tail(&insn->call_node, &file->endbr_list); @@ -2219,6 +2324,10 @@ static int decode_sections(struct objtool_file *file) if (ret) return ret; + ret = read_kcfi_types(file); + if (ret) + return ret; + ret = decode_instructions(file); if (ret) return ret; @@ -3595,7 +3704,8 @@ static bool ignore_unreachable_insn(struct objtool_file *file, struct instructio int i; struct instruction *prev_insn; - if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) + if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP || + insn->type == INSN_KCFI_TYPEID) return true; /* diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index d7b99a737496..c4e277d41fd2 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -120,6 +120,19 @@ struct section *find_section_by_name(const struct elf *elf, const char *name) return NULL; } +bool for_each_section_by_name(const struct elf *elf, const char *name, + bool (*callback)(struct section *)) +{ + struct section *sec; + + elf_hash_for_each_possible(section_name, sec, name_hash, str_hash(name)) { + if (!strcmp(sec->name, name) && !callback(sec)) + return false; + } + + return true; +} + static struct section *find_section_by_index(struct elf *elf, unsigned int idx) { diff --git a/tools/objtool/include/objtool/arch.h b/tools/objtool/include/objtool/arch.h index 9b19cc304195..3db5951e7aa9 100644 --- a/tools/objtool/include/objtool/arch.h +++ b/tools/objtool/include/objtool/arch.h @@ -28,6 +28,7 @@ enum insn_type { INSN_CLD, INSN_TRAP, INSN_ENDBR, + INSN_KCFI_TYPEID, INSN_OTHER, }; diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/include/objtool/builtin.h index c39dbfaef6dc..68409070bca5 100644 --- a/tools/objtool/include/objtool/builtin.h +++ b/tools/objtool/include/objtool/builtin.h @@ -10,7 +10,7 @@ extern const struct option check_options[]; extern bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, lto, vmlinux, mcount, noinstr, backup, sls, dryrun, - ibt; + ibt, kcfi; extern int cmd_parse_options(int argc, const char **argv, const char * const usage[]); diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index 22ba7e2b816e..7fd3462ce32a 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -148,6 +148,8 @@ int elf_write(struct elf *elf); void elf_close(struct elf *elf); struct section *find_section_by_name(const struct elf *elf, const char *name); +bool for_each_section_by_name(const struct elf *elf, const char *name, + bool (*callback)(struct section *)); struct symbol *find_func_by_offset(struct section *sec, unsigned long offset); struct symbol *find_symbol_by_offset(struct section *sec, unsigned long offset); struct symbol *find_symbol_by_name(const struct elf *elf, const char *name); -- 2.36.0.464.gb9c8b46e94-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BEFC7C433EF for ; Fri, 29 Apr 2022 20:48:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=4XW21mki+qOY5VGoSfJo0AnV6p6grpYm4YtvucIiyDg=; b=jm+Io1a978CCfrhoqR+vD+YNK0 9JO1q1tsnAKoUoN+zjJHb+uGAo5SS7s8fk3vAr323Kl4DN/62Pon7x/kle0tyMhZ6tR83FEwKuzvv 4Ma7F80mDmyARe7QE5XdcFPOKzGwJfchASTZd6C9/yKBuXUB2dz+XrhtJguMd+9OhJ9LyotX+y3sl ITzgeaqCqsF4eQYScBYNU44Yj1u+ri2/qlBDgTjaLYkQdMWDLDuw3rt9mJrCRdVNUx/nYufKBKKYm 5SJqbKx4EW5JzG2s3gHClj+up8ib8s0JAYcoBUO9SCD9INTpMbTsi6S4NQwdssuiUzKMUs0nAlnsz r2KKn24w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkXWR-00Cb65-6O; Fri, 29 Apr 2022 20:47:27 +0000 Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkXMl-00CXNc-GW for linux-arm-kernel@lists.infradead.org; Fri, 29 Apr 2022 20:37:31 +0000 Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2f7c5767f0fso84624527b3.4 for ; Fri, 29 Apr 2022 13:37:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=wn6Fk0jdzmyKcWzAtklzhzbugkNpgCzrIA6neEfx0hw=; b=B0ipEFgTHkrk1DW294MGsIOmwMvWMTi7yFa5IvHBScPSSCIQ12inv8qFk9kMkQ+cWo Q10QSGBYwQsJ+1mP+2NJRTJ2NZGdpgNoGUiUQ44g1Cr5ZqLcK7SplW9ejQ+/9J/oKRmF Gc2BAu/DPl7VA2HzLqre22OeoNpvhHeWjiGMJA4K4ERKRcpd1RZMx8A7GDrxViAyVHpo /YbXW0Z+LLwNCzoEK+5FjnolHrsOyMim+pFQeE4KyVUM+oU54jxhjmnYfSZFGTzKELSY 6uw4QPhNnYwzhdxwvFQ5Yu+rG31zgQ2jWlMVVo+VQskxCMWz5snM1X1IrOKP68SgBaO2 uqYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=wn6Fk0jdzmyKcWzAtklzhzbugkNpgCzrIA6neEfx0hw=; b=vuo9MsuxuBJAk/FsEj0jxplLWAX1T1yEXLjRa50VxCnlmBADAfeGDp6Ls4Z1VED4om UaTe+BsK5AnkPTfB0G22y2OKVevlLud/spwraduDhch+TYy0HW17v1H7mo/q8ukZskEx AJvPM9g58VH61lN8/h5jWw3XGOYX93reQrVDxZ5aIbHR3/jLVAPM0bVyXTVHuzof1R/P 7NPat9wqntH+O3j2lbXyPFsmANDyimJ82CW181E5eWMEynlElW1tXoNpv78JCvxnzcTa BgOONmRPnzZP9/R2LujrKcHd1nv8p1JKZ9nPvlmuDey+gu6Ognl/VVrTRi1sjBXsefne x3bw== X-Gm-Message-State: AOAM532bUMymW55BCHs/qkn8JRN4mRXQVG6nwMuFYIGJ+/IyGD1mclG4 aI76jqchR+GsDJtw+wkIWQj3OsflqTlCq0pCcPw= X-Google-Smtp-Source: ABdhPJzIdF+dDHh9hmX3ACfTDHmp2X8oeUP0bceeU1/QL1FSMLv4TzO0/t9MouMPiSEZ/YrjXh5v45gGaX2itQXlRUg= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:351:bea9:f158:1021]) (user=samitolvanen job=sendgmr) by 2002:a25:7008:0:b0:648:6d04:f4ab with SMTP id l8-20020a257008000000b006486d04f4abmr1288105ybc.127.1651264645781; Fri, 29 Apr 2022 13:37:25 -0700 (PDT) Date: Fri, 29 Apr 2022 13:36:39 -0700 In-Reply-To: <20220429203644.2868448-1-samitolvanen@google.com> Message-Id: <20220429203644.2868448-17-samitolvanen@google.com> Mime-Version: 1.0 References: <20220429203644.2868448-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=10066; h=from:subject; bh=5Ub68Ba6efUThwF+cCSBq2rK+XTwq+L6mbSroJ2k1gE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBibExX80UREFSoz+uKGJsMYz1mV8KXavHjkutESBeW An4NZkSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYmxMVwAKCRBMtfaEi7xW7lD+DA CQoFQ7kl9gHyGLqmu+nwdDyP/PSkHFFRg3CiJvlC0ZRJ2zLoG5Nzrh/KnIA2TmZQz+sHZTegYwvudJ n8i1eZ8VZyWzjuZhZPu/myYCfotxkoUI3gl53m2MOcD0uQYmhDgdubyUDJO9TdtCjwElVp1XY8oMOh 708PBYVRyPioCZ2nwpzUuQ5IhA+bgW16TblTFxij9BF4gxD8PFKfiBEkkasHhKCbHDcGopUVVyVgQK 1XqsebLMxBO0UnFaqkvO6MMfbFw+xYbM/h8Yg0y5Q5JTLhdTr+XSj8ZDlryGNJO6xxJr0Q6poc0yMS AxYKHb4dsc7u84x/sSBolnBK7bjMSlYRfsMKvI9pnltVYatPZ4diR0DkgbuoIpeRQr6yNT65OyPmP3 XHDtXL9jv33JBEavuzC9/Gwa8slGA9SwU/jmu1jf/fiWnTL/kWQEQOtXFSKhgu1hVkkk2/RfUvtxWw ppG6f/2balDMELLoCNfwzhU7imNi9CsYIwxKYQEOtU/Iw= X-Mailer: git-send-email 2.36.0.464.gb9c8b46e94-goog Subject: [RFC PATCH 16/21] objtool: Add support for CONFIG_CFI_CLANG From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220429_133727_632393_05EBEB1C X-CRM114-Status: GOOD ( 23.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With -fsanitize=kcfi, the compiler injects a type identifier before each function. Teach objtool to recognize the identifier. Signed-off-by: Sami Tolvanen --- scripts/Makefile.build | 3 +- scripts/link-vmlinux.sh | 3 + tools/objtool/arch/x86/include/arch/elf.h | 2 + tools/objtool/builtin-check.c | 3 +- tools/objtool/check.c | 128 ++++++++++++++++++++-- tools/objtool/elf.c | 13 +++ tools/objtool/include/objtool/arch.h | 1 + tools/objtool/include/objtool/builtin.h | 2 +- tools/objtool/include/objtool/elf.h | 2 + 9 files changed, 145 insertions(+), 12 deletions(-) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 9717e6f6fb31..c850ac420b60 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -235,7 +235,8 @@ objtool_args = \ $(if $(CONFIG_RETPOLINE), --retpoline) \ $(if $(CONFIG_X86_SMAP), --uaccess) \ $(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount) \ - $(if $(CONFIG_SLS), --sls) + $(if $(CONFIG_SLS), --sls) \ + $(if $(CONFIG_CFI_CLANG), --kcfi) cmd_objtool = $(if $(objtool-enabled), ; $(objtool) $(objtool_args) $@) cmd_gen_objtooldep = $(if $(objtool-enabled), { echo ; echo '$@: $$(wildcard $(objtool))' ; } >> $(dot-target).cmd) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 20f44504a644..d171f8507db2 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -152,6 +152,9 @@ objtool_link() if is_enabled CONFIG_SLS; then objtoolopt="${objtoolopt} --sls" fi + if is_enabled CONFIG_CFI_CLANG; then + objtoolopt="${objtoolopt} --kcfi" + fi info OBJTOOL ${1} tools/objtool/objtool ${objtoolcmd} ${objtoolopt} ${1} fi diff --git a/tools/objtool/arch/x86/include/arch/elf.h b/tools/objtool/arch/x86/include/arch/elf.h index 69cc4264b28a..8833d989eec7 100644 --- a/tools/objtool/arch/x86/include/arch/elf.h +++ b/tools/objtool/arch/x86/include/arch/elf.h @@ -3,4 +3,6 @@ #define R_NONE R_X86_64_NONE +#define KCFI_TYPEID_LEN 6 + #endif /* _OBJTOOL_ARCH_ELF */ diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index fc6975ab8b06..8a662dcc21be 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -21,7 +21,7 @@ bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, lto, vmlinux, mcount, noinstr, backup, sls, dryrun, - ibt; + ibt, kcfi; static const char * const check_usage[] = { "objtool check [] file.o", @@ -49,6 +49,7 @@ const struct option check_options[] = { OPT_BOOLEAN('S', "sls", &sls, "validate straight-line-speculation"), OPT_BOOLEAN(0, "dry-run", &dryrun, "don't write the modifications"), OPT_BOOLEAN(0, "ibt", &ibt, "validate ENDBR placement"), + OPT_BOOLEAN('k', "kcfi", &kcfi, "detect control-flow integrity type identifiers"), OPT_END(), }; diff --git a/tools/objtool/check.c b/tools/objtool/check.c index bd0c2c828940..e6bee2f2996a 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -27,6 +27,12 @@ struct alternative { bool skip_orig; }; +struct kcfi_type { + struct section *sec; + unsigned long offset; + struct hlist_node hash; +}; + static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; static struct cfi_init_state initial_func_cfi; @@ -143,6 +149,99 @@ static bool is_sibling_call(struct instruction *insn) return (is_static_jump(insn) && insn->call_dest); } +static int kcfi_bits; +static struct hlist_head *kcfi_hash; + +static void *kcfi_alloc_hash(unsigned long size) +{ + kcfi_bits = max(10, ilog2(size)); + kcfi_hash = mmap(NULL, sizeof(struct hlist_head) << kcfi_bits, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, 0); + if (kcfi_hash == (void *)-1L) { + WARN("mmap fail kcfi_hash"); + kcfi_hash = NULL; + } else if (stats) { + printf("kcfi_bits: %d\n", kcfi_bits); + } + + return kcfi_hash; +} + +static void add_kcfi_type(struct kcfi_type *type) +{ + hlist_add_head(&type->hash, + &kcfi_hash[hash_min( + sec_offset_hash(type->sec, type->offset), + kcfi_bits)]); +} + +static bool add_kcfi_types(struct section *sec) +{ + struct reloc *reloc; + + list_for_each_entry(reloc, &sec->reloc_list, list) { + struct kcfi_type *type; + + if (reloc->sym->type != STT_SECTION) { + WARN("unexpected relocation symbol type in %s", sec->name); + return false; + } + + type = malloc(sizeof(*type)); + if (!type) { + perror("malloc"); + return false; + } + + type->sec = reloc->sym->sec; + type->offset = reloc->addend; + + add_kcfi_type(type); + } + + return true; +} + +static int read_kcfi_types(struct objtool_file *file) +{ + if (!kcfi) + return 0; + + if (!kcfi_alloc_hash(file->elf->text_size / 16)) + return -1; + + if (!for_each_section_by_name(file->elf, ".rela.kcfi_types", add_kcfi_types)) + return -1; + + return 0; +} + +static bool is_kcfi_typeid(struct elf *elf, struct instruction *insn) +{ + struct hlist_head *head; + struct kcfi_type *type; + struct reloc *reloc; + + if (!kcfi) + return false; + + /* Compiler-generated annotation in .kcfi_types. */ + head = &kcfi_hash[hash_min(sec_offset_hash(insn->sec, insn->offset), kcfi_bits)]; + + hlist_for_each_entry(type, head, hash) + if (type->sec == insn->sec && type->offset == insn->offset) + return true; + + /* Manual annotation (in assembly code). */ + reloc = find_reloc_by_dest(elf, insn->sec, insn->offset); + + if (reloc && !strncmp(reloc->sym->name, "__kcfi_typeid_", 14)) + return true; + + return false; +} + /* * This checks to see if the given function is a "noreturn" function. * @@ -388,13 +487,18 @@ static int decode_instructions(struct objtool_file *file) insn->sec = sec; insn->offset = offset; - ret = arch_decode_instruction(file, sec, offset, - sec->sh.sh_size - offset, - &insn->len, &insn->type, - &insn->immediate, - &insn->stack_ops); - if (ret) - goto err; + if (is_kcfi_typeid(file->elf, insn)) { + insn->type = INSN_KCFI_TYPEID; + insn->len = KCFI_TYPEID_LEN; + } else { + ret = arch_decode_instruction(file, sec, offset, + sec->sh.sh_size - offset, + &insn->len, &insn->type, + &insn->immediate, + &insn->stack_ops); + if (ret) + goto err; + } /* * By default, "ud2" is a dead end unless otherwise @@ -420,7 +524,8 @@ static int decode_instructions(struct objtool_file *file) } sym_for_each_insn(file, func, insn) { - insn->func = func; + if (insn->type != INSN_KCFI_TYPEID) + insn->func = func; if (insn->type == INSN_ENDBR && list_empty(&insn->call_node)) { if (insn->offset == insn->func->offset) { list_add_tail(&insn->call_node, &file->endbr_list); @@ -2219,6 +2324,10 @@ static int decode_sections(struct objtool_file *file) if (ret) return ret; + ret = read_kcfi_types(file); + if (ret) + return ret; + ret = decode_instructions(file); if (ret) return ret; @@ -3595,7 +3704,8 @@ static bool ignore_unreachable_insn(struct objtool_file *file, struct instructio int i; struct instruction *prev_insn; - if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) + if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP || + insn->type == INSN_KCFI_TYPEID) return true; /* diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index d7b99a737496..c4e277d41fd2 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -120,6 +120,19 @@ struct section *find_section_by_name(const struct elf *elf, const char *name) return NULL; } +bool for_each_section_by_name(const struct elf *elf, const char *name, + bool (*callback)(struct section *)) +{ + struct section *sec; + + elf_hash_for_each_possible(section_name, sec, name_hash, str_hash(name)) { + if (!strcmp(sec->name, name) && !callback(sec)) + return false; + } + + return true; +} + static struct section *find_section_by_index(struct elf *elf, unsigned int idx) { diff --git a/tools/objtool/include/objtool/arch.h b/tools/objtool/include/objtool/arch.h index 9b19cc304195..3db5951e7aa9 100644 --- a/tools/objtool/include/objtool/arch.h +++ b/tools/objtool/include/objtool/arch.h @@ -28,6 +28,7 @@ enum insn_type { INSN_CLD, INSN_TRAP, INSN_ENDBR, + INSN_KCFI_TYPEID, INSN_OTHER, }; diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/include/objtool/builtin.h index c39dbfaef6dc..68409070bca5 100644 --- a/tools/objtool/include/objtool/builtin.h +++ b/tools/objtool/include/objtool/builtin.h @@ -10,7 +10,7 @@ extern const struct option check_options[]; extern bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, lto, vmlinux, mcount, noinstr, backup, sls, dryrun, - ibt; + ibt, kcfi; extern int cmd_parse_options(int argc, const char **argv, const char * const usage[]); diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index 22ba7e2b816e..7fd3462ce32a 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -148,6 +148,8 @@ int elf_write(struct elf *elf); void elf_close(struct elf *elf); struct section *find_section_by_name(const struct elf *elf, const char *name); +bool for_each_section_by_name(const struct elf *elf, const char *name, + bool (*callback)(struct section *)); struct symbol *find_func_by_offset(struct section *sec, unsigned long offset); struct symbol *find_symbol_by_offset(struct section *sec, unsigned long offset); struct symbol *find_symbol_by_name(const struct elf *elf, const char *name); -- 2.36.0.464.gb9c8b46e94-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel