* [PATCH 0/1] Fix CFI hash randomization with KASAN
@ 2023-01-12 22:49 Sami Tolvanen
2023-01-12 22:49 ` [PATCH 1/1] kbuild: " Sami Tolvanen
2023-01-13 23:15 ` [PATCH 0/1] " Kees Cook
0 siblings, 2 replies; 5+ messages in thread
From: Sami Tolvanen @ 2023-01-12 22:49 UTC (permalink / raw)
To: Peter Zijlstra (Intel), Masahiro Yamada
Cc: Nathan Chancellor, Nick Desaulniers, Kees Cook, linux-kbuild,
llvm, linux-kernel, Sami Tolvanen
Peter, Masahiro,
I noticed that KASAN+CFI fails to boot on x86_64 without
cfi=norand. The randomization code is missing a couple of KASAN
constructors in object files that are not part of vmlinux.o. This
happens because we don't run objtool for the files, which means
the type hashes are not included in the .cfi_sites section.
This patch simply disables KASAN for these files, which seems
reasonable to me and fixes the boot issue, but perhaps you have
better ideas?
Sami
Sami Tolvanen (1):
kbuild: Fix CFI hash randomization with KASAN
init/Makefile | 1 +
scripts/Makefile.vmlinux | 1 +
2 files changed, 2 insertions(+)
base-commit: c757fc92a3f73734872c7793b97f06434773d65d
--
2.39.0.314.g84b9a713c41-goog
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/1] kbuild: Fix CFI hash randomization with KASAN
2023-01-12 22:49 [PATCH 0/1] Fix CFI hash randomization with KASAN Sami Tolvanen
@ 2023-01-12 22:49 ` Sami Tolvanen
2023-01-12 22:52 ` Kees Cook
2023-01-13 9:27 ` Peter Zijlstra
2023-01-13 23:15 ` [PATCH 0/1] " Kees Cook
1 sibling, 2 replies; 5+ messages in thread
From: Sami Tolvanen @ 2023-01-12 22:49 UTC (permalink / raw)
To: Peter Zijlstra (Intel), Masahiro Yamada
Cc: Nathan Chancellor, Nick Desaulniers, Kees Cook, linux-kbuild,
llvm, linux-kernel, Sami Tolvanen
Clang emits a asan.module_ctor constructor to each object file
when KASAN is enabled, and these functions are indirectly called
in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI
type hash before each address-taken global function so they can
pass indirect call checks.
However, in commit 0c3e806ec0f9 ("x86/cfi: Add boot time hash
randomization"), x86 implemented boot time hash randomization,
which relies on the .cfi_sites section generated by objtool. As
objtool is run against vmlinux.o instead of individual object
files with X86_KERNEL_IBT (enabled by default), CFI types in
object files that are not part of vmlinux.o end up not being
included in .cfi_sites, and thus won't get randomized and trip
CFI when called.
Only .vmlinux.export.o and init/version-timestamp.o are linked
into vmlinux separately from vmlinux.o. As these files don't
contain any functions, disable KASAN for both of them to avoid
breaking hash randomization.
Link: https://github.com/ClangBuiltLinux/linux/issues/1742
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
---
init/Makefile | 1 +
scripts/Makefile.vmlinux | 1 +
2 files changed, 2 insertions(+)
diff --git a/init/Makefile b/init/Makefile
index 8316c23bead2..26de459006c4 100644
--- a/init/Makefile
+++ b/init/Makefile
@@ -59,3 +59,4 @@ include/generated/utsversion.h: FORCE
$(obj)/version-timestamp.o: include/generated/utsversion.h
CFLAGS_version-timestamp.o := -include include/generated/utsversion.h
+KASAN_SANITIZE_version-timestamp.o := n
diff --git a/scripts/Makefile.vmlinux b/scripts/Makefile.vmlinux
index 49946cb96844..10176dec97ea 100644
--- a/scripts/Makefile.vmlinux
+++ b/scripts/Makefile.vmlinux
@@ -18,6 +18,7 @@ quiet_cmd_cc_o_c = CC $@
$(call if_changed_dep,cc_o_c)
ifdef CONFIG_MODULES
+KASAN_SANITIZE_.vmlinux.export.o := n
targets += .vmlinux.export.o
vmlinux: .vmlinux.export.o
endif
--
2.39.0.314.g84b9a713c41-goog
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] kbuild: Fix CFI hash randomization with KASAN
2023-01-12 22:49 ` [PATCH 1/1] kbuild: " Sami Tolvanen
@ 2023-01-12 22:52 ` Kees Cook
2023-01-13 9:27 ` Peter Zijlstra
1 sibling, 0 replies; 5+ messages in thread
From: Kees Cook @ 2023-01-12 22:52 UTC (permalink / raw)
To: Sami Tolvanen
Cc: Peter Zijlstra (Intel),
Masahiro Yamada, Nathan Chancellor, Nick Desaulniers,
linux-kbuild, llvm, linux-kernel
On Thu, Jan 12, 2023 at 10:49:48PM +0000, Sami Tolvanen wrote:
> Clang emits a asan.module_ctor constructor to each object file
> when KASAN is enabled, and these functions are indirectly called
> in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI
> type hash before each address-taken global function so they can
> pass indirect call checks.
>
> However, in commit 0c3e806ec0f9 ("x86/cfi: Add boot time hash
> randomization"), x86 implemented boot time hash randomization,
> which relies on the .cfi_sites section generated by objtool. As
> objtool is run against vmlinux.o instead of individual object
> files with X86_KERNEL_IBT (enabled by default), CFI types in
> object files that are not part of vmlinux.o end up not being
> included in .cfi_sites, and thus won't get randomized and trip
> CFI when called.
>
> Only .vmlinux.export.o and init/version-timestamp.o are linked
> into vmlinux separately from vmlinux.o. As these files don't
> contain any functions, disable KASAN for both of them to avoid
> breaking hash randomization.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1742
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] kbuild: Fix CFI hash randomization with KASAN
2023-01-12 22:49 ` [PATCH 1/1] kbuild: " Sami Tolvanen
2023-01-12 22:52 ` Kees Cook
@ 2023-01-13 9:27 ` Peter Zijlstra
1 sibling, 0 replies; 5+ messages in thread
From: Peter Zijlstra @ 2023-01-13 9:27 UTC (permalink / raw)
To: Sami Tolvanen
Cc: Masahiro Yamada, Nathan Chancellor, Nick Desaulniers, Kees Cook,
linux-kbuild, llvm, linux-kernel
On Thu, Jan 12, 2023 at 10:49:48PM +0000, Sami Tolvanen wrote:
> Clang emits a asan.module_ctor constructor to each object file
> when KASAN is enabled, and these functions are indirectly called
> in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI
> type hash before each address-taken global function so they can
> pass indirect call checks.
>
> However, in commit 0c3e806ec0f9 ("x86/cfi: Add boot time hash
> randomization"), x86 implemented boot time hash randomization,
> which relies on the .cfi_sites section generated by objtool. As
> objtool is run against vmlinux.o instead of individual object
> files with X86_KERNEL_IBT (enabled by default), CFI types in
> object files that are not part of vmlinux.o end up not being
> included in .cfi_sites, and thus won't get randomized and trip
> CFI when called.
>
> Only .vmlinux.export.o and init/version-timestamp.o are linked
> into vmlinux separately from vmlinux.o. As these files don't
> contain any functions, disable KASAN for both of them to avoid
> breaking hash randomization.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1742
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Must've been 'fun' to figure out, Thanks!
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 0/1] Fix CFI hash randomization with KASAN
2023-01-12 22:49 [PATCH 0/1] Fix CFI hash randomization with KASAN Sami Tolvanen
2023-01-12 22:49 ` [PATCH 1/1] kbuild: " Sami Tolvanen
@ 2023-01-13 23:15 ` Kees Cook
1 sibling, 0 replies; 5+ messages in thread
From: Kees Cook @ 2023-01-13 23:15 UTC (permalink / raw)
To: masahiroy, peterz, samitolvanen
Cc: Kees Cook, linux-kernel, llvm, linux-kbuild, nathan, ndesaulniers
On Thu, 12 Jan 2023 22:49:47 +0000, Sami Tolvanen wrote:
> Peter, Masahiro,
>
> I noticed that KASAN+CFI fails to boot on x86_64 without
> cfi=norand. The randomization code is missing a couple of KASAN
> constructors in object files that are not part of vmlinux.o. This
> happens because we don't run objtool for the files, which means
> the type hashes are not included in the .cfi_sites section.
>
> [...]
Applied to for-linus/hardening, thanks!
[1/1] kbuild: Fix CFI hash randomization with KASAN
https://git.kernel.org/kees/c/a6c5a3491b3f
--
Kees Cook
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-01-13 23:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-12 22:49 [PATCH 0/1] Fix CFI hash randomization with KASAN Sami Tolvanen
2023-01-12 22:49 ` [PATCH 1/1] kbuild: " Sami Tolvanen
2023-01-12 22:52 ` Kees Cook
2023-01-13 9:27 ` Peter Zijlstra
2023-01-13 23:15 ` [PATCH 0/1] " Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).