| Message ID | 20241010122801.1321976-7-ardb+git@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Improve objtool jump table handling | expand |
On Thu, 10 Oct 2024 at 14:28, Ard Biesheuvel <ardb+git@google.com> wrote: > > From: Ard Biesheuvel <ardb@kernel.org> > > Jump table handling has faded into the background a little due to the > fact that jump tables are [currently] disabled when enabling retpoline > mitigations and/or IBT on x86. > > However, this is likely to come back and bite us later, so it still > needs to be addressed. Given the difficulty in identifying jump tables > from .rodata references and indirect jump instructions that often have > no obvious correlation, it would be better to do this in the compiler. > > This series implements [on the objtool side] the suggestion made at GNU > Cauldron this year to annotate the indirect jump with a R_X86_64_NONE > relocation that refers to the jump table, and ensure that it is covered > by a STT_OBJECT symbol whose size accurately reflects the size of the > jump table. > For the adventurous, I have a branch [0] that implements the first part of this in Clang. Getting the jump table emitted as a STT_OBJECT with a proper size shouldn't be too hard either, but I'll look into that later. [0] https://github.com/ardbiesheuvel/llvm-project/tree/jump-table-annotations
On Thu, Oct 10, 2024 at 07:50:17PM +0200, Ard Biesheuvel wrote: > On Thu, 10 Oct 2024 at 14:28, Ard Biesheuvel <ardb+git@google.com> wrote: > > > > From: Ard Biesheuvel <ardb@kernel.org> > > > > Jump table handling has faded into the background a little due to the > > fact that jump tables are [currently] disabled when enabling retpoline > > mitigations and/or IBT on x86. > > > > However, this is likely to come back and bite us later, so it still > > needs to be addressed. Given the difficulty in identifying jump tables > > from .rodata references and indirect jump instructions that often have > > no obvious correlation, it would be better to do this in the compiler. > > > > This series implements [on the objtool side] the suggestion made at GNU > > Cauldron this year to annotate the indirect jump with a R_X86_64_NONE > > relocation that refers to the jump table, and ensure that it is covered > > by a STT_OBJECT symbol whose size accurately reflects the size of the > > jump table. > > > > For the adventurous, I have a branch [0] that implements the first > part of this in Clang. > > Getting the jump table emitted as a STT_OBJECT with a proper size > shouldn't be too hard either, but I'll look into that later. > > > [0] https://github.com/ardbiesheuvel/llvm-project/tree/jump-table-annotations That was fast! This is good stuff, thank you for working on this.
From: Ard Biesheuvel <ardb@kernel.org> Jump table handling has faded into the background a little due to the fact that jump tables are [currently] disabled when enabling retpoline mitigations and/or IBT on x86. However, this is likely to come back and bite us later, so it still needs to be addressed. Given the difficulty in identifying jump tables from .rodata references and indirect jump instructions that often have no obvious correlation, it would be better to do this in the compiler. This series implements [on the objtool side] the suggestion made at GNU Cauldron this year to annotate the indirect jump with a R_X86_64_NONE relocation that refers to the jump table, and ensure that it is covered by a STT_OBJECT symbol whose size accurately reflects the size of the jump table. This can be wired up in objtool with minimal effort. The only complication is that indirect jumps may be direct jumps in disguise, if they target retpoline thunks. This will result in more than one relocation attached to the same instruction, which needs careful handling in objtool. Other than that, changes are rather straight-forward. Patches #4 and #5 update the CRC32C driver, which has a jump table implemented in assembler, to a) use a relative jump table, for compatibility with linking in PIE mode (#4) and b) make the jump table more difficult to identify by objtool's existing heuristics, but provide the annotation so it can found nonetheless. This series is labeled as v2 because patch #1 was sent out before. Changes since v1: - tweak logic in patch #1 to ensure that all jump table entries are covered by the same type of relocation - use the corrected addend when validating IBT targets - add patches #2 - #5 Cc: Josh Poimboeuf <jpoimboe@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Jan Beulich <jbeulich@suse.com> Cc: "Jose E. Marchesi" <jemarch@gnu.org> Cc: Kees Cook <kees@kernel.org> Ard Biesheuvel (5): objtool: Deal with relative jump tables correctly objtool: Allow arch code to discover jump table size objtool: Add support for annotated jump tables crypto: x86/crc32c - Use idiomatic relative jump table crypto: x86/crc32c - Tweak jump table to validate objtool logic arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 40 +++++++----- tools/objtool/arch/loongarch/special.c | 3 +- tools/objtool/arch/powerpc/special.c | 3 +- tools/objtool/arch/x86/special.c | 43 ++++++++----- tools/objtool/check.c | 65 +++++++++++++++----- tools/objtool/include/objtool/check.h | 5 +- tools/objtool/include/objtool/elf.h | 6 ++ tools/objtool/include/objtool/special.h | 3 +- 8 files changed, 117 insertions(+), 51 deletions(-)