From patchwork Fri Jul 31 23:07:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695557 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 99D3914B7 for ; Fri, 31 Jul 2020 23:09:30 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6F68A206DA for ; Fri, 31 Jul 2020 23:09:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ijVHON7J"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="hrQvkFF6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F68A206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=l2nRAoDyxEcDvRwVZWqLkYdzJxu0cO88wTDVd6Xzjm8=; b=ijVHON7Jt5tuIm/kLcJ9RnxBZ ujNB+nFooiHRBPnOplt0J21gjY6KCqCl1ZmKx1SkMVWEAUjNKuvGcD//svVJChm3/2Ebs4B6BpHwE HdmLdK8xpiw7KvTqUMS5G7PNOIKlujTv3o/1dU8Ddbo0Z5SrC8y+pGZEm5aSt0O1MdzUagjmTOctj +mNNrPZPAn55zDzmHVEldO9vgYOvYIyMeGv9Yj3MujQkL81Z39WV8M4Ool24IXgbd53Mc13117anN bPFANDqtvndq9G11+lCXsMPNoIctGGBU2g23JCaVe7/0t4+Ih40Y0FZwWiCmFfJfsAg67kPMzF2wx yafTsoA4g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9K-0008La-Ck; Fri, 31 Jul 2020 23:09:15 +0000 Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8k-00083E-6G for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:46 +0000 Received: by mail-pj1-x1043.google.com with SMTP id e4so4840570pjd.0 for ; Fri, 31 Jul 2020 16:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=G4Uyil/3RLKWyY67hAynjAiMWq2oklcnh8xSnmDcb3o=; b=hrQvkFF60z244mOdkjjH8vTWRTxj6MFuCnLo8kbEM3Wg/2jC+TKxxdTO/XWkd+b0rI g0CaufeDiLXoEMx7njzFCvwl6WyD6KBfAsMZD9VgTq42iYleDJO7cHNhgh56YmkKl1tZ l6eO0or+3UHALeW21Xr936DSrkQvYiQzdD7bU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=G4Uyil/3RLKWyY67hAynjAiMWq2oklcnh8xSnmDcb3o=; b=YJP/bVNGCzIuztN1cXDxqWdLK7RAyzpQXG9qmmdGVKXAi1iD4HnwbAUXohGFGx/yoz EpOdXpJAJqFuL7dcbBO1AlGfpElVYLo/WtKFbwjVsaSoq5G3Aqofe47yh7VtavBhbXK3 +mqGboF2eZmKz+IelClBw3NbVxb3FOdWaqrnf+RNVqWDSb/Px5q66vAfe5fKoerFmgSh ZrFsJVcFnsLoEspFkfc2JqTaFQjVnk0d5Ua4BDuC6OXF3QxBmhr8zZcvBPBR3aw0hLqR wZruhJB58NXHSwFuOzse/Zlqgf4pEzL6JEK90uQhCjCWOxtOBvI/b6kpBrHa+4DBcyvu Oc7g== X-Gm-Message-State: AOAM531jkRa+piSVM3VipletqEonBykf3P1n+KLKs3btVeR3fRF9H/Qo ypgn3gSdCWWzB/yCFiJrV3h0dQ== X-Google-Smtp-Source: ABdhPJwvVmZyQwFGyMl+CErylZmdSrKOai9F6LoZgV0UQW0OLBYzwJAoyOaRpEgR8OGBWkMtRNvenA== X-Received: by 2002:a17:902:b18b:: with SMTP id s11mr5649581plr.152.1596236915282; Fri, 31 Jul 2020 16:08:35 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m9sm10186094pjs.18.2020.07.31.16.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:30 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 03/36] x86/boot/compressed: Get rid of GOT fixup code Date: Fri, 31 Jul 2020 16:07:47 -0700 Message-Id: <20200731230820.1742553-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190838_284265_19F02FB2 X-CRM114-Status: GOOD ( 22.54 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Sedat Dilek , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Ard Biesheuvel In a previous patch, we have eliminated GOT entries from the decompressor binary and added an assertion that the .got section is empty. This means that the GOT fixup routines that exist in both the 32-bit and 64-bit startup routines have become dead code, and can be removed. While at it, drop the KEEP() from the linker script, as it has no effect on the contents of output sections that are created by the linker itself. Signed-off-by: Ard Biesheuvel Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Acked-by: Arvind Sankar Link: https://lore.kernel.org/r/20200523120021.34996-4-ardb@kernel.org Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/compressed/head_32.S | 24 ++--------- arch/x86/boot/compressed/head_64.S | 57 -------------------------- arch/x86/boot/compressed/vmlinux.lds.S | 4 +- 3 files changed, 5 insertions(+), 80 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 03557f2174bf..39f0bb43218f 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -49,16 +49,13 @@ * Position Independent Executable (PIE) so that linker won't optimize * R_386_GOT32X relocation to its fixed symbol address. Older * linkers generate R_386_32 relocations against locally defined symbols, - * _bss, _ebss, _got, _egot and _end, in PIE. It isn't wrong, just less - * optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle - * R_386_32 relocations when relocating the kernel. To generate - * R_386_RELATIVE relocations, we mark _bss, _ebss, _got, _egot and _end as - * hidden: + * _bss, _ebss and _end, in PIE. It isn't wrong, just less optimal than + * R_386_RELATIVE. But the x86 kernel fails to properly handle R_386_32 + * relocations when relocating the kernel. To generate R_386_RELATIVE + * relocations, we mark _bss, _ebss and _end as hidden: */ .hidden _bss .hidden _ebss - .hidden _got - .hidden _egot .hidden _end __HEAD @@ -192,19 +189,6 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) shrl $2, %ecx rep stosl -/* - * Adjust our own GOT - */ - leal _got(%ebx), %edx - leal _egot(%ebx), %ecx -1: - cmpl %ecx, %edx - jae 2f - addl %ebx, (%edx) - addl $4, %edx - jmp 1b -2: - /* * Do the extraction, and jump to the new kernel.. */ diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 97d37f0a34f5..bf1ab30acc5b 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -40,8 +40,6 @@ */ .hidden _bss .hidden _ebss - .hidden _got - .hidden _egot .hidden _end __HEAD @@ -353,25 +351,6 @@ SYM_CODE_START(startup_64) /* Set up the stack */ leaq boot_stack_end(%rbx), %rsp - /* - * paging_prepare() and cleanup_trampoline() below can have GOT - * references. Adjust the table with address we are running at. - * - * Zero RAX for adjust_got: the GOT was not adjusted before; - * there's no adjustment to undo. - */ - xorq %rax, %rax - - /* - * Calculate the address the binary is loaded at and use it as - * a GOT adjustment. - */ - call 1f -1: popq %rdi - subq $1b, %rdi - - call .Ladjust_got - /* * At this point we are in long mode with 4-level paging enabled, * but we might want to enable 5-level paging or vice versa. @@ -464,21 +443,6 @@ trampoline_return: pushq $0 popfq - /* - * Previously we've adjusted the GOT with address the binary was - * loaded at. Now we need to re-adjust for relocation address. - * - * Calculate the address the binary is loaded at, so that we can - * undo the previous GOT adjustment. - */ - call 1f -1: popq %rax - subq $1b, %rax - - /* The new adjustment is the relocation address */ - movq %rbx, %rdi - call .Ladjust_got - /* * Copy the compressed kernel to the end of our buffer * where decompression in place becomes safe. @@ -556,27 +520,6 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) jmp *%rax SYM_FUNC_END(.Lrelocated) -/* - * Adjust the global offset table - * - * RAX is the previous adjustment of the table to undo (use 0 if it's the - * first time we touch GOT). - * RDI is the new adjustment to apply. - */ -.Ladjust_got: - /* Walk through the GOT adding the address to the entries */ - leaq _got(%rip), %rdx - leaq _egot(%rip), %rcx -1: - cmpq %rcx, %rdx - jae 2f - subq %rax, (%rdx) /* Undo previous adjustment */ - addq %rdi, (%rdx) /* Apply the new adjustment */ - addq $8, %rdx - jmp 1b -2: - ret - .code32 /* * This is the 32-bit trampoline that will be copied over to low memory. diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 4bcc943842ab..a4a4a59a2628 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -43,9 +43,7 @@ SECTIONS _erodata = . ; } .got : { - _got = .; - KEEP(*(.got)) - _egot = .; + *(.got) } .got.plt : { *(.got.plt)