From patchwork Wed May 23 19:54:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Garnier <thgarnie@google.com>
X-Patchwork-Id: 10422279
Return-Path: 
 <kernel-hardening-return-13360-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7A8F46032A for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 23 May 2018 19:58:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9284228C42
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 23 May 2018 19:58:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 844B028C8A; Wed, 23 May 2018 19:58:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 75AFC28C42
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 23 May 2018 19:58:46 +0000 (UTC)
Received: (qmail 23964 invoked by uid 550); 23 May 2018 19:55:51 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 23854 invoked from network); 23 May 2018 19:55:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=NR/2K9AIwc8V6fzFrSBy7pTSsSBSkQKVyDTUmilRjdU=;
	b=E4CBUkqgkZq8M09KxopA/n8T1m8LDpyF5PelXX8wddUTrSok2gmBj1KO8zfbJsUlLK
	HqqcTvBlCEmcgalryXRU1zM8/hMhuKMz5Eowyk7Rc9CwuFhsdLx4ChdZwMQGLcLFri6x
	bNZQa/TjrJO/93avvRJWHVs1rnn2eMaT3dCz2BP5aaI0mYbQVbyM5iBaTVqI7r93a+A6
	gR50Uzp0S1ptdrpD8jFmIXpr1skipg1b+O5xl4VkBFOxw2QaR1cQQxH44FAsxDywnIch
	FyAM5C3QAQmEqKyNWO4RZSJt80pkio/R38F5ndK67MLTbZidS8GRG5Yq/svDoDryQZ3t
	IJEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=NR/2K9AIwc8V6fzFrSBy7pTSsSBSkQKVyDTUmilRjdU=;
	b=lY2Yli2XGDDbwOrhsPW0xNHv5ZXMJOFHgocTju5H1+94mHvdv+FxeMSHGx52ObRlZw
	0GsiKK+kS7BZFQeoDy/zV1Tik2WJPWI0UFfTWxa5lxpnuUD581uBuXmLFoNlZk6wRd5c
	5qxxhDn5ifolrTpJ4DobQov3eu331nglzfi2iIuBx44fMF3QoyA62OD7t9PTXcaiiQQu
	6BIHit8xRqZQvJNDMWuX5wo9DWBEbpOcbGP3F6Qoz7QWX5lWbU0pQtkOcjNY5793iG6r
	KGnI3EVRBZUqEffLkFFfmuNYIhE7RXPQ3zgvKBSprw6iZpilU2tYnD3M1B0AdOjKXLHI
	M+zA==
X-Gm-Message-State: ALKqPweMOEbw0tmp+e+/sZ+U+pxmXXT1gsEuD+KWs9p8uCvQQ9F9YPAs
	5YoXQywebkPnH4Cb6j/GCmSwpw==
X-Google-Smtp-Source: 
 AB8JxZqVUHsxYNYhH8B8wzF7+o9GvQaFEyALuQ/8VJgAW2sf6q9GKHrJRKTAlIiPnGMmeKCdqg9/XQ==
X-Received: by 2002:a62:8785:: with SMTP id
	i127-v6mr4194944pfe.201.1527105332331;
	Wed, 23 May 2018 12:55:32 -0700 (PDT)
From: Thomas Garnier <thgarnie@google.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S . Miller" <davem@davemloft.net>,
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
	"H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Thomas Garnier <thgarnie@google.com>,
	Philippe Ombredanne <pombredanne@nexb.com>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	Arnaldo Carvalho de Melo <acme@redhat.com>, Yonghong Song <yhs@fb.com>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Kees Cook <keescook@chromium.org>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Dominik Brodowski <linux@dominikbrodowski.net>,
	Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>,
	"Rafael J . Wysocki" <rjw@rjwysocki.net>,
	Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
	Juergen Gross <jgross@suse.com>, Alok Kataria <akataria@vmware.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Jan Kiszka <jan.kiszka@siemens.com>, Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>, Dennis Zhou <dennisszhou@gmail.com>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Alexey Dobriyan <adobriyan@gmail.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Cao jin <caoj.fnst@cn.fujitsu.com>,
	Francis Deslauriers <francis.deslauriers@efficios.com>,
	"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
	Nicolas Pitre <nicolas.pitre@linaro.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Luis R . Rodriguez" <mcgrof@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	Christopher Li <sparse@chrisli.org>, Jason Baron <jbaron@akamai.com>,
	Mika Westerberg <mika.westerberg@linux.intel.com>,
	Lukas Wunner <lukas@wunner.de>, Dou Liyang <douly.fnst@cn.fujitsu.com>,
	Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
	Petr Mladek <pmladek@suse.com>,
	Masahiro Yamada <yamada.masahiro@socionext.com>,
	Ingo Molnar <mingo@kernel.org>, Nicholas Piggin <npiggin@gmail.com>,
	"H . J . Lu" <hjl.tools@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Joerg Roedel <joro@8bytes.org>, David Woodhouse <dwmw@amazon.co.uk>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Rik van Riel <riel@redhat.com>, Jia Zhang <qianyue.zj@alibaba-inc.com>,
	Ricardo Neri <ricardo.neri-calderon@linux.intel.com>,
	Jonathan Corbet <corbet@lwn.net>, Jan Beulich <JBeulich@suse.com>,
	Matthias Kaehlcke <mka@chromium.org>, Baoquan He <bhe@redhat.com>,
	=?UTF-8?q?Jan=20H=20=2E=20Sch=C3=B6nherr?= <jschoenh@amazon.de>,
	Daniel Micay <danielmicay@gmail.com>
Cc: x86@kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org,
	linux-sparse@vger.kernel.org, kvm@vger.kernel.org,
	linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [PATCH v3 13/27] x86/boot/64: Build head64.c as mcmodel large when
	PIE is enabled
Date: Wed, 23 May 2018 12:54:07 -0700
Message-Id: <20180523195421.180248-14-thgarnie@google.com>
X-Mailer: git-send-email 2.17.0.441.gb46fe60e1d-goog
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
References: <20180523195421.180248-1-thgarnie@google.com>
X-Virus-Scanned: ClamAV using ClamSMTP

The __startup_64 function assumes all symbols have relocated addresses
instead of the current boot virtual address. PIE generated code favor
relative addresses making all virtual and physical address math incorrect.
If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute
references on all memory access. Add a global __force_order variable required
when using a large model with read_cr* functions.

To build head64.c as mcmodel=large, disable the retpoline gcc flags.
This code is used at early boot and removed later, it doesn't need
retpoline mitigation.

Position Independent Executable (PIE) support will allow to extended the
KASLR randomization range below the -2G memory limit.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
 arch/x86/kernel/Makefile | 6 ++++++
 arch/x86/kernel/head64.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 02d6f5cf4e70..0f6da4b216e0 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -22,6 +22,12 @@ CFLAGS_REMOVE_early_printk.o = -pg
 CFLAGS_REMOVE_head64.o = -pg
 endif
 
+ifdef CONFIG_X86_PIE
+# Remove PIE and retpoline flags that are incompatible with mcmodel=large
+CFLAGS_REMOVE_head64.o += -fPIE -mindirect-branch=thunk-extern -mindirect-branch-register
+CFLAGS_head64.o = -mcmodel=large
+endif
+
 KASAN_SANITIZE_head$(BITS).o				:= n
 KASAN_SANITIZE_dumpstack.o				:= n
 KASAN_SANITIZE_dumpstack_$(BITS).o			:= n
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 2d29e47c056e..fa661fb97127 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -64,6 +64,9 @@ EXPORT_SYMBOL(vmemmap_base);
 
 #define __head	__section(.head.text)
 
+/* Required for read_cr3 when building as PIE */
+unsigned long __force_order;
+
 static void __head *fixup_pointer(void *ptr, unsigned long physaddr)
 {
 	return ptr - (void *)_text + (void *)physaddr;