From patchwork Mon Jun 25 22:39:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Garnier <thgarnie@google.com>
X-Patchwork-Id: 10488277
Return-Path: 
 <kernel-hardening-return-13663-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8477560552 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 26 Jun 2018 08:42:35 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 711A628870
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 26 Jun 2018 08:42:35 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5872228997; Tue, 26 Jun 2018 08:42:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 9B1A628A4F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 26 Jun 2018 08:42:06 +0000 (UTC)
Received: (qmail 26088 invoked by uid 550); 26 Jun 2018 08:39:23 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Delivered-To: moderator for kernel-hardening@lists.openwall.com
Received: (qmail 11513 invoked from network); 25 Jun 2018 22:41:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=mime-version:date:in-reply-to:message-id:references:subject:from:to
	:cc; bh=NIPEmqmnOXra8uvQ64ajNS/5EX567TxV9Xg06pgki5I=;
	b=GSLXlgty1C0zCiAPDiBXJgVxjg5Ob/4RN53OdT/fYqGw81Z5Z2e/DzZMA82UfmDBPw
	wMTDfOyrflRSK8R80krDOjY9nHUja8Y2vDFd1yIqs3xRqNo/RQMuCC9MrmHzGbL65mTT
	wwUrccK5GB7Bk1jSTp2Qlsymo80sPMEhLRB3gtJDWltIHRvPBZHrGxWfxfKpGbi7jOkc
	nR3bv8MaAW8XZ3hDc2xKCJ9t+VT6WUp5N+0oG7TVTnBqy3OBhQ2/z4bLpwoMuxoxC8qq
	ypnlViTXIdaXDxUH4QOanDngD46zjZ0knJcEsjGS4KvjEHwLk8jk9CSr+tCXm+YgidoO
	Ki1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:date:in-reply-to:message-id
	:references:subject:from:to:cc;
	bh=NIPEmqmnOXra8uvQ64ajNS/5EX567TxV9Xg06pgki5I=;
	b=VtZgSAUh6qpycaDZOpmC9JCwe1ZFS0B5xxpDjVtgFG5fKBGju36k10TCNb6xjbugxp
	HleaGDDMQdZOu3Ehz+GJwFQKhIXIGXBuVhvcGjGe2bJH1aCuy7KFJ+hkQD1LVibQR52Q
	HmufX4QDWRMgVnvUoQPxbRApJ2HZ6PIe0WzC3liagaN7IUYNXY9IC6flI3Kp/uxwPNU/
	PU3vk1ir/YEyqUI72X+ieYw+JcTIFRHESxDBG+6DgETCywVTlsnWoy7Z1SNSygBIVD4c
	jlLnqLx4hcuTiFjgCqREjhOgNkuBImeZwyBKqVV2sIWnXWzUz7/ORwQVNawoG0TzikJR
	OqoA==
X-Gm-Message-State: APt69E3Q317zfRM32auX5P1q6AHsUDJZLE65gWbMAaIiVa82ALsfSLcQ
	mAuxvnxAiTbbxtqwoucO1Wd6ZZdPbkVy0BrGy0Bxyrm+UCXbNmRnvf8h/5lfI/WM2KuftMAFUoy
	aukneEflp4WX8ylnj9YqEYW4F6vf9dhZSJrXfO8X+XDZsEyr9R7jkqI4zA9ANfdaB43Wr6BHCtb
	ipaGdxYOz2
X-Google-Smtp-Source: 
 ADUXVKJIgcPzismgVd98v6Lw4Ey7Z4F5fVTg6Y3w5t/9+IeZEhx42xqCTvqpqB8NdeUoxH2eZxeniLMNy/OhHQ==
MIME-Version: 1.0
X-Received: by 2002:a25:ba8c:: with SMTP id
	s12-v6mr4019098ybg.6.1529966495833;
	Mon, 25 Jun 2018 15:41:35 -0700 (PDT)
Date: Mon, 25 Jun 2018 15:39:01 -0700
In-Reply-To: <20180625224014.134829-1-thgarnie@google.com>
Message-Id: <20180625224014.134829-14-thgarnie@google.com>
References: <20180625224014.134829-1-thgarnie@google.com>
X-Mailer: git-send-email 2.18.0.rc2.346.g013aa6912e-goog
Subject: [PATCH v5 13/27] x86/boot/64: Build head64.c as mcmodel large when
	PIE is enabled
From: Thomas Garnier <thgarnie@google.com>
To: kernel-hardening@lists.openwall.com
Cc: Thomas Garnier <thgarnie@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
	"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Jan Kiszka <jan.kiszka@siemens.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, linux-kernel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The __startup_64 function assumes all symbols have relocated addresses
instead of the current boot virtual address. PIE generated code favor
relative addresses making all virtual and physical address math incorrect.
If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute
references on all memory access. Add a global __force_order variable required
when using a large model with read_cr* functions.

To build head64.c as mcmodel=large, disable the retpoline gcc flags.
This code is used at early boot and removed later, it doesn't need
retpoline mitigation.

Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range 0xffffffff80000000.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
 arch/x86/kernel/Makefile | 6 ++++++
 arch/x86/kernel/head64.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 02d6f5cf4e70..0f6da4b216e0 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -22,6 +22,12 @@ CFLAGS_REMOVE_early_printk.o = -pg
 CFLAGS_REMOVE_head64.o = -pg
 endif
 
+ifdef CONFIG_X86_PIE
+# Remove PIE and retpoline flags that are incompatible with mcmodel=large
+CFLAGS_REMOVE_head64.o += -fPIE -mindirect-branch=thunk-extern -mindirect-branch-register
+CFLAGS_head64.o = -mcmodel=large
+endif
+
 KASAN_SANITIZE_head$(BITS).o				:= n
 KASAN_SANITIZE_dumpstack.o				:= n
 KASAN_SANITIZE_dumpstack_$(BITS).o			:= n
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 8047379e575a..49df0386098c 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -62,6 +62,9 @@ EXPORT_SYMBOL(vmemmap_base);
 
 #define __head	__section(.head.text)
 
+/* Required for read_cr3 when building as PIE */
+unsigned long __force_order;
+
 static void __head *fixup_pointer(void *ptr, unsigned long physaddr)
 {
 	return ptr - (void *)_text + (void *)physaddr;