From: Kristen Carlson Accardi <kristen@linux.intel.com>
To: keescook@chromium.org, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Arnd Bergmann <arnd@arndb.de>
Cc: arjan@linux.intel.com, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com, rick.p.edgecombe@intel.com,
Kristen Carlson Accardi <kristen@linux.intel.com>,
Tony Luck <tony.luck@intel.com>,
linux-kbuild@vger.kernel.org, linux-arch@vger.kernel.org
Subject: [PATCH v5 03/10] x86: Makefile: Add build and config option for CONFIG_FG_KASLR
Date: Wed, 23 Sep 2020 10:38:57 -0700 [thread overview]
Message-ID: <20200923173905.11219-4-kristen@linux.intel.com> (raw)
In-Reply-To: <20200923173905.11219-1-kristen@linux.intel.com>
Allow user to select CONFIG_FG_KASLR if dependencies are met. Change
the make file to build with -ffunction-sections if CONFIG_FG_KASLR.
While the only architecture that supports CONFIG_FG_KASLR does not
currently enable HAVE_LD_DEAD_CODE_DATA_ELIMINATION, make sure these
2 features play nicely together for the future by ensuring that if
CONFIG_LD_DEAD_CODE_DATA_ELIMINATION is selected when used with
CONFIG_FG_KASLR the function sections will not be consolidated back
into .text. Thanks to Kees Cook for the dead code elimination changes.
Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Tony Luck <tony.luck@intel.com>
---
Makefile | 6 +++++-
arch/x86/Kconfig | 4 ++++
include/asm-generic/vmlinux.lds.h | 16 ++++++++++++++--
init/Kconfig | 14 ++++++++++++++
4 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index 2b66d3398878..0c116b833fd5 100644
--- a/Makefile
+++ b/Makefile
@@ -878,10 +878,14 @@ KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once)
endif
ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
-KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections
+KBUILD_CFLAGS_KERNEL += -fdata-sections
LDFLAGS_vmlinux += --gc-sections
endif
+ifneq ($(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION)$(CONFIG_FG_KASLR),)
+KBUILD_CFLAGS += -ffunction-sections
+endif
+
ifdef CONFIG_SHADOW_CALL_STACK
CC_FLAGS_SCS := -fsanitize=shadow-call-stack
KBUILD_CFLAGS += $(CC_FLAGS_SCS)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7101ac64bb20..ff0f90d0421f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -374,6 +374,10 @@ config CC_HAS_SANE_STACKPROTECTOR
We have to make sure stack protector is unconditionally disabled if
the compiler produces broken code.
+config ARCH_HAS_FG_KASLR
+ def_bool y
+ depends on RANDOMIZE_BASE && X86_64
+
menu "Processor type and features"
config ZONE_DMA
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 5430febd34be..afd5cdf79a3a 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -93,14 +93,12 @@
* sections to be brought in with rodata.
*/
#ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
-#define TEXT_MAIN .text .text.[0-9a-zA-Z_]*
#define DATA_MAIN .data .data.[0-9a-zA-Z_]* .data..LPBX*
#define SDATA_MAIN .sdata .sdata.[0-9a-zA-Z_]*
#define RODATA_MAIN .rodata .rodata.[0-9a-zA-Z_]*
#define BSS_MAIN .bss .bss.[0-9a-zA-Z_]*
#define SBSS_MAIN .sbss .sbss.[0-9a-zA-Z_]*
#else
-#define TEXT_MAIN .text
#define DATA_MAIN .data
#define SDATA_MAIN .sdata
#define RODATA_MAIN .rodata
@@ -108,6 +106,20 @@
#define SBSS_MAIN .sbss
#endif
+/*
+ * Both LD_DEAD_CODE_DATA_ELIMINATION and CONFIG_FG_KASLR options enable
+ * -ffunction-sections, which produces separately named .text sections. In
+ * the case of CONFIG_FG_KASLR, they need to stay distict so they can be
+ * separately randomized. Without CONFIG_FG_KASLR, the separate .text
+ * sections can be collected back into a common section, which makes the
+ * resulting image slightly smaller
+ */
+#if defined(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION) && !defined(CONFIG_FG_KASLR)
+#define TEXT_MAIN .text .text.[0-9a-zA-Z_]*
+#else
+#define TEXT_MAIN .text
+#endif
+
/*
* GCC 4.5 and later have a 32 bytes section alignment for structures.
* Except GCC 4.9, that feels the need to align on 64 bytes.
diff --git a/init/Kconfig b/init/Kconfig
index d6a0b31b13dc..81220973b064 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2019,6 +2019,20 @@ config PROFILING
config TRACEPOINTS
bool
+config FG_KASLR
+ bool "Function Granular Kernel Address Space Layout Randomization"
+ depends on $(cc-option, -ffunction-sections)
+ depends on ARCH_HAS_FG_KASLR
+ default n
+ help
+ This option improves the randomness of the kernel text
+ over basic Kernel Address Space Layout Randomization (KASLR)
+ by reordering the kernel text at boot time. This feature
+ uses information generated at compile time to re-layout the
+ kernel text section at boot time at function level granularity.
+
+ If unsure, say N.
+
endmenu # General setup
source "arch/Kconfig"
--
2.20.1
next prev parent reply other threads:[~2020-09-23 17:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-23 17:38 [PATCH v5 00/10] Function Granular KASLR Kristen Carlson Accardi
2020-09-23 17:38 ` [PATCH v5 01/10] x86: tools/relocs: Support >64K section headers Kristen Carlson Accardi
2020-09-23 17:38 ` [PATCH v5 02/10] x86/boot: Allow a "silent" kaslr random byte fetch Kristen Carlson Accardi
2020-09-23 17:38 ` Kristen Carlson Accardi [this message]
2020-09-23 17:38 ` [PATCH v5 04/10] x86: Make sure _etext includes function sections Kristen Carlson Accardi
2020-09-23 17:38 ` [PATCH v5 05/10] x86/tools: Add relative relocs for randomized functions Kristen Carlson Accardi
2020-09-23 17:39 ` [PATCH v5 06/10] x86/boot/compressed: Avoid duplicate malloc() implementations Kristen Carlson Accardi
2020-09-23 17:39 ` [PATCH v5 07/10] x86: Add support for function granular KASLR Kristen Carlson Accardi
2020-09-23 17:39 ` [PATCH v5 08/10] kallsyms: Hide layout Kristen Carlson Accardi
2020-09-23 17:39 ` [PATCH v5 09/10] module: Reorder functions Kristen Carlson Accardi
2020-09-23 17:39 ` [PATCH v5 10/10] livepatch: only match unique symbols when using fgkaslr Kristen Carlson Accardi
2020-09-24 13:06 ` Miroslav Benes
2020-09-24 13:06 ` Miroslav Benes
2020-09-25 13:06 ` [PATCH v5 00/10] Function Granular KASLR Miroslav Benes
2020-09-25 13:06 ` Miroslav Benes
2020-09-28 17:31 ` Kristen Carlson Accardi
2020-09-28 17:31 ` Kristen Carlson Accardi
2020-09-29 18:58 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200923173905.11219-4-kristen@linux.intel.com \
--to=kristen@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=mingo@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.