From: Alexander Lobakin <alexandr.lobakin@intel.com>
To: linux-hardening@vger.kernel.org, x86@kernel.org
Cc: Alexander Lobakin <alexandr.lobakin@intel.com>,
Borislav Petkov <bp@alien8.de>,
Jesse Brandeburg <jesse.brandeburg@intel.com>,
Kristen Carlson Accardi <kristen@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Ard Biesheuvel <ardb@kernel.org>, Tony Luck <tony.luck@intel.com>,
Bruce Schlobohm <bruce.schlobohm@intel.com>,
Jessica Yu <jeyu@kernel.org>, kernel test robot <lkp@intel.com>,
Miroslav Benes <mbenes@suse.cz>,
Evgenii Shatokhin <eshatokhin@virtuozzo.com>,
Jonathan Corbet <corbet@lwn.net>,
Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
Nick Desaulniers <ndesaulniers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Christoph Hellwig <hch@lst.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Nathan Chancellor <nathan@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Marios Pomonis <pomonis@google.com>,
Sami Tolvanen <samitolvanen@google.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Nicolas Pitre <nico@fluxnic.net>,
linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-arch@vger.kernel.org, live-patching@vger.kernel.org,
llvm@lists.linux.dev
Subject: [PATCH v10 02/15] livepatch: avoid position-based search if `-z unique-symbol` is available
Date: Wed, 9 Feb 2022 19:57:39 +0100 [thread overview]
Message-ID: <20220209185752.1226407-3-alexandr.lobakin@intel.com> (raw)
In-Reply-To: <20220209185752.1226407-1-alexandr.lobakin@intel.com>
Position-based search, which means that if there are several symbols
with the same name, the user needs to additionally provide the
"index" of a desired symbol, is fragile. For example, it breaks
when two symbols with the same name are located in different
sections.
Since a while, LD has a flag `-z unique-symbol` which appends
numeric suffixes to the functions with the same name (in symtab
and strtab). It can be used to effectively prevent from having
any ambiguity when referring to a symbol by its name.
Check for its availability and always prefer when the livepatching
is on. It can be used unconditionally later on after broader testing
on a wide variety of machines, but for now let's stick to the actual
CONFIG_LIVEPATCH=y case, which is true for most of distro configs
anyways.
This needs a little adjustment to the modpost to make it strip
suffixes before adding exports. depmod needs some treatment as well,
tho its false-positive warnings about unknown symbols are harmless
and don't alter the return code.
There is probably a bunch more livepatch code to optimize-out after
introducing this, leave it for later as well.
Suggested-by: H.J. Lu <hjl.tools@gmail.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Suggested-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
---
Makefile | 6 ++++++
init/Kconfig | 3 +++
kernel/livepatch/core.c | 17 +++++++++++++----
scripts/mod/modpost.c | 42 ++++++++++++++++++++++-------------------
4 files changed, 45 insertions(+), 23 deletions(-)
diff --git a/Makefile b/Makefile
index ceb987e5c87b..fa9f947c9839 100644
--- a/Makefile
+++ b/Makefile
@@ -871,6 +871,12 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
KBUILD_CFLAGS += -fno-inline-functions-called-once
endif
+# Prefer linking with the `-z unique-symbol` if available, this eliminates
+# position-based search
+ifeq ($(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL)$(CONFIG_LIVEPATCH),yy)
+KBUILD_LDFLAGS += -z unique-symbol
+endif
+
ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections
LDFLAGS_vmlinux += --gc-sections
diff --git a/init/Kconfig b/init/Kconfig
index e9119bf54b1f..8e900d17d42b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -86,6 +86,9 @@ config CC_HAS_ASM_INLINE
config CC_HAS_NO_PROFILE_FN_ATTR
def_bool $(success,echo '__attribute__((no_profile_instrument_function)) int x();' | $(CC) -x c - -c -o /dev/null -Werror)
+config LD_HAS_Z_UNIQUE_SYMBOL
+ def_bool $(ld-option,-z unique-symbol)
+
config CONSTRUCTORS
bool
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 585494ec464f..7a330465a8c7 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -143,11 +143,13 @@ static int klp_find_callback(void *data, const char *name,
args->count++;
/*
- * Finish the search when the symbol is found for the desired position
- * or the position is not defined for a non-unique symbol.
+ * Finish the search when unique symbol names are enabled
+ * or the symbol is found for the desired position or the
+ * position is not defined for a non-unique symbol.
*/
- if ((args->pos && (args->count == args->pos)) ||
- (!args->pos && (args->count > 1)))
+ if (IS_ENABLED(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL) ||
+ (args->pos && args->count == args->pos) ||
+ (!args->pos && args->count > 1))
return 1;
return 0;
@@ -169,6 +171,13 @@ static int klp_find_object_symbol(const char *objname, const char *name,
else
kallsyms_on_each_symbol(klp_find_callback, &args);
+ /*
+ * If the LD's `-z unique-symbol` flag is available and enabled,
+ * sympos checks are not relevant.
+ */
+ if (IS_ENABLED(CONFIG_LD_HAS_Z_UNIQUE_SYMBOL))
+ sympos = 0;
+
/*
* Ensure an address was found. If sympos is 0, ensure symbol is unique;
* otherwise ensure the symbol position count matches sympos.
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 4648b7afe5cc..ec521ccebea6 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -689,11 +689,28 @@ static void handle_modversion(const struct module *mod,
sym_set_crc(symname, crc);
}
+static char *remove_dot(char *s)
+{
+ size_t n = strcspn(s, ".");
+
+ if (n && s[n]) {
+ size_t m = strspn(s + n + 1, "0123456789");
+
+ if (m && (s[n + m + 1] == '.' || s[n + m + 1] == 0))
+ s[n] = 0;
+
+ /* strip trailing .lto */
+ if (strends(s, ".lto"))
+ s[strlen(s) - 4] = '\0';
+ }
+
+ return s;
+}
+
static void handle_symbol(struct module *mod, struct elf_info *info,
const Elf_Sym *sym, const char *symname)
{
enum export export;
- const char *name;
if (strstarts(symname, "__ksymtab"))
export = export_from_secname(info, get_secindex(info, sym));
@@ -734,8 +751,11 @@ static void handle_symbol(struct module *mod, struct elf_info *info,
default:
/* All exported symbols */
if (strstarts(symname, "__ksymtab_")) {
- name = symname + strlen("__ksymtab_");
- sym_add_exported(name, mod, export);
+ char *name;
+
+ name = NOFAIL(strdup(symname + strlen("__ksymtab_")));
+ sym_add_exported(remove_dot(name), mod, export);
+ free(name);
}
if (strcmp(symname, "init_module") == 0)
mod->has_init = 1;
@@ -1980,22 +2000,6 @@ static void check_sec_ref(struct module *mod, const char *modname,
}
}
-static char *remove_dot(char *s)
-{
- size_t n = strcspn(s, ".");
-
- if (n && s[n]) {
- size_t m = strspn(s + n + 1, "0123456789");
- if (m && (s[n + m + 1] == '.' || s[n + m + 1] == 0))
- s[n] = 0;
-
- /* strip trailing .lto */
- if (strends(s, ".lto"))
- s[strlen(s) - 4] = '\0';
- }
- return s;
-}
-
static void read_symbols(const char *modname)
{
const char *symname;
--
2.34.1
next prev parent reply other threads:[~2022-02-09 19:02 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-09 18:57 [PATCH v10 00/15] Function Granular KASLR Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 01/15] modpost: fix removing numeric suffixes Alexander Lobakin
2022-05-03 0:57 ` Masahiro Yamada
2022-05-03 7:31 ` Petr Mladek
2022-05-23 18:04 ` Masahiro Yamada
2022-05-24 11:33 ` Alexander Lobakin
2022-05-24 13:40 ` Masahiro Yamada
2022-02-09 18:57 ` Alexander Lobakin [this message]
2022-02-11 17:41 ` [PATCH v10 02/15] livepatch: avoid position-based search if `-z unique-symbol` is available Josh Poimboeuf
2022-02-11 18:05 ` Fāng-ruì Sòng
2022-02-11 18:35 ` Josh Poimboeuf
2022-02-14 12:24 ` Alexander Lobakin
2022-02-14 18:10 ` Josh Poimboeuf
2022-02-16 20:32 ` Joe Lawrence
2022-02-16 22:13 ` Josh Poimboeuf
2022-02-16 15:15 ` Miroslav Benes
2022-02-16 20:01 ` Josh Poimboeuf
2022-02-18 16:31 ` Alexander Lobakin
2022-02-18 20:08 ` Josh Poimboeuf
2022-02-14 12:14 ` Alexander Lobakin
2022-02-14 18:57 ` Josh Poimboeuf
2022-02-16 15:06 ` Miroslav Benes
2022-02-16 19:57 ` Josh Poimboeuf
2022-02-17 7:45 ` Miroslav Benes
2022-02-09 18:57 ` [PATCH v10 03/15] kallsyms: randomize /proc/kallsyms output order Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 04/15] arch: introduce asm function sections Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 05/15] x86: support " Alexander Lobakin
2022-02-11 15:45 ` Peter Zijlstra
2022-02-14 11:49 ` Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 06/15] x86: decouple ORC table sorting into a separate file Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 07/15] Makefile: add config options and build scripts for FG-KASLR Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 08/15] x86/tools: Add relative relocs for randomized functions Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 09/15] x86: Add support for function granular KASLR Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 10/15] FG-KASLR: use a scripted approach to handle .text.* sections Alexander Lobakin
2022-02-11 15:37 ` Peter Zijlstra
2022-02-14 11:34 ` Alexander Lobakin
2022-02-14 11:59 ` Peter Zijlstra
2022-02-14 12:30 ` Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 11/15] x86/boot: allow FG-KASLR to be selected Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 12/15] module: add arch-indep FG-KASLR for randomizing function layout Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 13/15] module: use a scripted approach for FG-KASLR Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 14/15] Documentation: add documentation " Alexander Lobakin
2022-02-09 18:57 ` [PATCH v10 15/15] maintainers: add MAINTAINERS entry " Alexander Lobakin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220209185752.1226407-3-alexandr.lobakin@intel.com \
--to=alexandr.lobakin@intel.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bruce.schlobohm@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=eshatokhin@virtuozzo.com \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jesse.brandeburg@intel.com \
--cc=jeyu@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kristen@linux.intel.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=masahiroy@kernel.org \
--cc=mbenes@suse.cz \
--cc=mhiramat@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=miklos@szeredi.hu \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nico@fluxnic.net \
--cc=peterz@infradead.org \
--cc=pomonis@google.com \
--cc=samitolvanen@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).