From patchwork Tue May 29 22:15:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Garnier X-Patchwork-Id: 10437301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6377C601C7 for ; Tue, 29 May 2018 22:20:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AD8528900 for ; Tue, 29 May 2018 22:20:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F66E2891F; Tue, 29 May 2018 22:20:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5EFA228900 for ; Tue, 29 May 2018 22:20:42 +0000 (UTC) Received: (qmail 18089 invoked by uid 550); 29 May 2018 22:17:32 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17902 invoked from network); 29 May 2018 22:17:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+wDrfODq43O5Gu6c/lZ9jraDGNkMf22U/7IgiYxICtE=; b=QqAgqn7gRXpe7fKiV6rODbwnbV7KFOTt6hQHXnmeKeFHrY0vvvwBymrN+d95ua8FOh aOErs8yW0y5h+Mx8KA/JAn146o7aEzVudoaR4MDMcVbt94lQAIZzsdY9/0KcERATpnVQ JaN+LWRi2phzbAg2tsCadoG+cgC1F/qsThc0x53AGtlULhzAGtImQOai6/WLFCXQQl3S EAJmBPFnV3y5K/bQs9LQRnaeMjyZzL3m/tMK9hMhcR52czwIG+fG3XPr38FpArJ81T9g FhecY9pMmNDfdljDRVR2X4+JAw/5pzowaOM1cA0F+rn2SHaaueK8TEBJt7DIbREZPJGr Ho1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+wDrfODq43O5Gu6c/lZ9jraDGNkMf22U/7IgiYxICtE=; b=k+3BN9Agy+7H+qVs5bFOUOEzoahHFxnicDH9nIgjqSJOdwxM0jtBuK5HGCPRhLofUz onaxCJXcOc6BGSN8evpjTEZ0nntoc2/Tj7qgeol65txbLdFiYWz8+pPsKh+FGSnf6VYV rx2nvqpSKT0lBOzwa4+nHAPCd7n3pBgC3Fg9Oj1m06wtKskrK8feqMvF9l9JH5eaC/yu iCvvOEM649iizr/+gYx+AEf0sQnAaVV6qzu3YsquKa7+kOxw/pgsCMOJiUMivxHidh5E a6ulvSo9w81s0rXH5USbyZ8oWxUR8q+dwYw8kTUDf67JxLovOojFg17ccaqID4N6Ag+Z zhEg== X-Gm-Message-State: ALKqPweYv/c85SCDraAH0TeNKLsKYy2aY1TwKNV8rnClLOuoVwdm9MU0 p2OvDbNz0WhFZq1Wk8+PmfO7KayR/Dw= X-Google-Smtp-Source: ADUXVKJ7r1r+iBxVMmw2tGNNb9jK337fTIhmX0IbiGDG0eVxxRz6qdfVRylSsQ7Y2EYjVwV7tB4UPQ== X-Received: by 2002:a17:902:8c92:: with SMTP id t18-v6mr197618plo.337.1527632230601; Tue, 29 May 2018 15:17:10 -0700 (PDT) From: Thomas Garnier To: kernel-hardening@lists.openwall.com Cc: Thomas Garnier , Skip Andrey Ryabinin , Skip Alexander Potapenko , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Josh Poimboeuf , "Steven Rostedt (VMware)" , Jan Kiszka , "Kirill A. Shutemov" , Tom Lendacky , linux-kernel@vger.kernel.org Subject: [PATCH v4 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled Date: Tue, 29 May 2018 15:15:14 -0700 Message-Id: <20180529221625.33541-14-thgarnie@google.com> X-Mailer: git-send-email 2.17.0.921.gf22659ad46-goog In-Reply-To: <20180529221625.33541-1-thgarnie@google.com> References: <20180529221625.33541-1-thgarnie@google.com> X-Virus-Scanned: ClamAV using ClamSMTP The __startup_64 function assumes all symbols have relocated addresses instead of the current boot virtual address. PIE generated code favor relative addresses making all virtual and physical address math incorrect. If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute references on all memory access. Add a global __force_order variable required when using a large model with read_cr* functions. To build head64.c as mcmodel=large, disable the retpoline gcc flags. This code is used at early boot and removed later, it doesn't need retpoline mitigation. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0xffffffff80000000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/Makefile | 6 ++++++ arch/x86/kernel/head64.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 02d6f5cf4e70..0f6da4b216e0 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -22,6 +22,12 @@ CFLAGS_REMOVE_early_printk.o = -pg CFLAGS_REMOVE_head64.o = -pg endif +ifdef CONFIG_X86_PIE +# Remove PIE and retpoline flags that are incompatible with mcmodel=large +CFLAGS_REMOVE_head64.o += -fPIE -mindirect-branch=thunk-extern -mindirect-branch-register +CFLAGS_head64.o = -mcmodel=large +endif + KASAN_SANITIZE_head$(BITS).o := n KASAN_SANITIZE_dumpstack.o := n KASAN_SANITIZE_dumpstack_$(BITS).o := n diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 2d29e47c056e..fa661fb97127 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -64,6 +64,9 @@ EXPORT_SYMBOL(vmemmap_base); #define __head __section(.head.text) +/* Required for read_cr3 when building as PIE */ +unsigned long __force_order; + static void __head *fixup_pointer(void *ptr, unsigned long physaddr) { return ptr - (void *)_text + (void *)physaddr;