From patchwork Tue Sep 5 19:42:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9939573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E59EE604D3 for ; Tue, 5 Sep 2017 19:42:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D79491FE8B for ; Tue, 5 Sep 2017 19:42:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC1CE28A00; Tue, 5 Sep 2017 19:42:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id C84111FE8B for ; Tue, 5 Sep 2017 19:42:33 +0000 (UTC) Received: (qmail 1454 invoked by uid 550); 5 Sep 2017 19:42:32 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 1413 invoked from network); 5 Sep 2017 19:42:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TH1TIN4GE5wLzT1BPpZ5VAcABScAeqr77komWu6U8DM=; b=j2jl1H04q+13zF3r8AJKC4a598SoEi2sVgDBWjwmHNke5ocx6OFjVTBbEl7/qKsDq4 53sYlYwdqRmo5PXhr9wKhnmKQh1Gbn9N1osoHCDQ5UQRZsRiEdDw6qbYuY0h91+C1bLR hmMXzkRxm4eIzgUOZN5673epwAdlIrqlT1w34= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TH1TIN4GE5wLzT1BPpZ5VAcABScAeqr77komWu6U8DM=; b=grAuq/BvaYtvQCBfGvq8q5EkyoxoTvxL2FxjmsOE8mL+JjzPDC6LaIqd5gub4LC8U7 ezH3u4an+a20T6VO1acKU0qxHmzDWfxIn9Xf3j9o1TUiO+vy2aKcG6kaJMgVyzz7efwm 7HdpaGl0DDR+VyWKyBiv3dEhQA+VwBdTvV5atTrZRlvvR452rd3MUL6v4R9DN3Jl5sPp QrC/hd8c3yysN1Ayy06OKL+KUFWWOHp/J4B+UxZXaINmLpqSBaePcUpemWvk3hJNRFmX XBcTP7kDdUHXbFlt/y8b2VrDgTybiYiZ0+pgSEGkVxjF3kaLJopuHWcoBwmtHtajk/+r 7Qog== X-Gm-Message-State: AHPjjUiKKc32V45Y1jm6PXP1XqM5hXO0o+TieJiPTgwBgRAh8RawJv5T 12ObyOkOpZzF5iVh0YvWNJfYiIwbV5UE X-Google-Smtp-Source: AOwi7QBvIxCvnp05nBvZwamUq+bhj9ehPF/OFCUOKNsw/SRVC35eEHxXH471Py3lNOLMQrUvhsBeM+zOwkdnKA7S3Ro= X-Received: by 10.107.145.134 with SMTP id t128mr200708iod.190.1504640535445; Tue, 05 Sep 2017 12:42:15 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20170905193754.GD5024@atomide.com> References: <20170903120757.14968-1-ard.biesheuvel@linaro.org> <20170905164547.GA5024@atomide.com> <20170905193754.GD5024@atomide.com> From: Ard Biesheuvel Date: Tue, 5 Sep 2017 20:42:14 +0100 Message-ID: To: Tony Lindgren Cc: "linux-arm-kernel@lists.infradead.org" , Kernel Hardening , Arnd Bergmann , Nicolas Pitre , Russell King , Kees Cook , Thomas Garnier , Marc Zyngier , Mark Rutland , Matt Fleming , Dave Martin Subject: [kernel-hardening] Re: [PATCH v2 00/29] implement KASLR for ARM X-Virus-Scanned: ClamAV using ClamSMTP On 5 September 2017 at 20:37, Tony Lindgren wrote: > * Ard Biesheuvel [170905 09:49]: >> On 5 September 2017 at 17:45, Tony Lindgren wrote: >> > I did see boot attempts fail with randomize enable where no output >> > was produced. It seems this is happening for me maybe 1 out of 5 boots. >> > Enabling DEBUG_LL did not show anything either. >> > >> >> Yes. I am looking into a couple of kernelci boot reports that look >> suspicious, but it is rather difficult to reproduce, for obvious >> reasons :-) >> >> Which hardware are you testing this on? > > For testing on omap3, I'm mostly using logicpd torpedo devkit as > it works out of box with PM with mainline Linux and has NFSroot > usable too. > Right. Well, I will try to reproduce with the BB white I have. Are you booting with an initrd? >> > Then loading modules with CONFIG_RANDOMIZE_BASE=y seems to fail with: >> > >> > $ sudo modprobe rtc-twl >> > rtc_twl: disagrees about version of symbol module_layout >> > modprobe: ERROR: could not insert 'rtc_twl': Exec format error >> > >> >> Is this with CONFIG_MODVERSIONS enabled? > > Yes, but disabling that did not seem to make any difference > based on just one test. > Yeah, well, it appears I missed a couple of details :-) This should fix the module loading issues: diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 1a0304dd388d..bbefd5f32ec2 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1830,6 +1830,8 @@ config RANDOMIZE_BASE depends on MMU && AUTO_ZRELADDR depends on !XIP_KERNEL && !ZBOOT_ROM select RELOCATABLE + select ARM_MODULE_PLTS if MODULES + select MODULE_REL_CRCS if MODVERSIONS help Randomizes the virtual and physical address at which the kernel image is loaded, as a security feature that deters exploit attempts diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h index f13ae153fb24..b56fc4dd27b6 100644 --- a/arch/arm/include/asm/elf.h +++ b/arch/arm/include/asm/elf.h @@ -50,6 +50,7 @@ typedef struct user_fp elf_fpregset_t; #define R_ARM_NONE 0 #define R_ARM_PC24 1 #define R_ARM_ABS32 2 +#define R_ARM_REL32 3 #define R_ARM_CALL 28 #define R_ARM_JUMP24 29 #define R_ARM_TARGET1 38 diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 3ff571c2c71c..aa4d72837cd5 100644 --- a/arch/arm/kernel/module.c +++ b/arch/arm/kernel/module.c @@ -175,6 +175,10 @@ *(u32 *)loc |= offset & 0x7fffffff; break; + case R_ARM_REL32: + *(u32 *)loc += sym->st_value - loc; + break; + case R_ARM_MOVW_ABS_NC: case R_ARM_MOVT_ABS: offset = tmp = __mem_to_opcode_arm(*(u32 *)loc);