From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752595AbcFZLCj (ORCPT <rfc822;w@1wt.eu>);
	Sun, 26 Jun 2016 07:02:39 -0400
Received: from terminus.zytor.com ([198.137.202.10]:51608 "EHLO
	terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752399AbcFZLCg (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 26 Jun 2016 07:02:36 -0400
Date: Sun, 26 Jun 2016 04:01:43 -0700
From: tip-bot for Kees Cook <tipbot@zytor.com>
Message-ID: <tip-98f78525371b55ccd1c480207ce10296c72fa340@git.kernel.org>
Cc: torvalds@linux-foundation.org, tglx@linutronix.de, mingo@kernel.org,
        linux-kernel@vger.kernel.org, keescook@chromium.org,
        aryabinin@virtuozzo.com, hjl.tools@gmail.com, dvyukov@google.com,
        hpa@zytor.com, brgerst@gmail.com, bp@alien8.de,
        akpm@linux-foundation.org, bhe@redhat.com, luto@kernel.org,
        yinghai@kernel.org, peterz@infradead.org, jpoimboe@redhat.com,
        dvlasenk@redhat.com
Reply-To: mingo@kernel.org, linux-kernel@vger.kernel.org,
        keescook@chromium.org, aryabinin@virtuozzo.com,
        torvalds@linux-foundation.org, tglx@linutronix.de, bp@alien8.de,
        akpm@linux-foundation.org, yinghai@kernel.org, luto@kernel.org,
        bhe@redhat.com, dvlasenk@redhat.com, jpoimboe@redhat.com,
        peterz@infradead.org, hjl.tools@gmail.com, dvyukov@google.com,
        brgerst@gmail.com, hpa@zytor.com
In-Reply-To: <1464216334-17200-2-git-send-email-keescook@chromium.org>
References: <1464216334-17200-2-git-send-email-keescook@chromium.org>
To: linux-tip-commits@vger.kernel.org
Subject: [tip:x86/boot] x86/boot: Refuse to build with data relocations
Git-Commit-ID: 98f78525371b55ccd1c480207ce10296c72fa340
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot.git.kernel.org>
Robot-Unsubscribe: Contact <mailto:hpa@kernel.org> to get blacklisted from
 these emails
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Commit-ID:  98f78525371b55ccd1c480207ce10296c72fa340
Gitweb:     http://git.kernel.org/tip/98f78525371b55ccd1c480207ce10296c72fa340
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Wed, 25 May 2016 15:45:30 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Sun, 26 Jun 2016 12:32:03 +0200

x86/boot: Refuse to build with data relocations

The compressed kernel is built with -fPIC/-fPIE so that it can run in any
location a bootloader happens to put it. However, since ELF relocation
processing is not happening (and all the relocation information has
already been stripped at link time), none of the code can use data
relocations (e.g. static assignments of pointers). This is already noted
in a warning comment at the top of misc.c, but this adds an explicit
check for the condition during the linking stage to block any such bugs
from appearing.

If this was in place with the earlier bug in pagetable.c, the build
would fail like this:

  ...
    CC      arch/x86/boot/compressed/pagetable.o
    DATAREL arch/x86/boot/compressed/vmlinux
  error: arch/x86/boot/compressed/pagetable.o has data relocations!
  make[2]: *** [arch/x86/boot/compressed/vmlinux] Error 1
  ...

A clean build shows:

  ...
    CC      arch/x86/boot/compressed/pagetable.o
    DATAREL arch/x86/boot/compressed/vmlinux
    LD      arch/x86/boot/compressed/vmlinux
  ...

Suggested-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: H.J. Lu <hjl.tools@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Link: http://lkml.kernel.org/r/1464216334-17200-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/boot/compressed/Makefile | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index f135688..536ccfc 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -85,7 +85,25 @@ vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \
 	$(objtree)/drivers/firmware/efi/libstub/lib.a
 vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
 
+# The compressed kernel is built with -fPIC/-fPIE so that a boot loader
+# can place it anywhere in memory and it will still run. However, since
+# it is executed as-is without any ELF relocation processing performed
+# (and has already had all relocation sections stripped from the binary),
+# none of the code can use data relocations (e.g. static assignments of
+# pointer values), since they will be meaningless at runtime. This check
+# will refuse to link the vmlinux if any of these relocations are found.
+quiet_cmd_check_data_rel = DATAREL $@
+define cmd_check_data_rel
+	for obj in $(filter %.o,$^); do \
+		readelf -S $$obj | grep -qF .rel.local && { \
+			echo "error: $$obj has data relocations!" >&2; \
+			exit 1; \
+		} || true; \
+	done
+endef
+
 $(obj)/vmlinux: $(vmlinux-objs-y) FORCE
+	$(call if_changed,check_data_rel)
 	$(call if_changed,ld)
 
 OBJCOPYFLAGS_vmlinux.bin :=  -R .comment -S