From patchwork Thu Jan 31 19:24:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Garnier <thgarnie@chromium.org>
X-Patchwork-Id: 10791349
Return-Path: 
 <kernel-hardening-return-15049-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B8F4E746
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 31 Jan 2019 19:44:29 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFC1531545
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 31 Jan 2019 19:44:29 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A2F2A3179D; Thu, 31 Jan 2019 19:44:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham
	version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id CFC7631545
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 31 Jan 2019 19:44:28 +0000 (UTC)
Received: (qmail 9458 invoked by uid 550); 31 Jan 2019 19:43:23 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Delivered-To: moderator for kernel-hardening@lists.openwall.com
Received: (qmail 19865 invoked from network); 31 Jan 2019 19:28:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=lYQCxiWY0ydX8ViY3WHUNLfCbgYkqllnTKd1RGLisYQ=;
        b=YeyM2mZhe8SOiS5B502BvG0CG8pV3RgDUT20wQrb5qdkq0nJhxRsT0FtSbnpc233Np
         zNcJmVGfDegctRup0/yIBEBiMWRApryac+IVPGGUd7ShBk1pyxYyNhaGwcA85XcF4qrD
         OFNnOQnUmKoE5xs5q/FHIiZgD2mYJhZ12n1TU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=lYQCxiWY0ydX8ViY3WHUNLfCbgYkqllnTKd1RGLisYQ=;
        b=UgPDRB7ql97YrY3DFus1GEfM1otW/Cjp7QQmtUk5LNGXeh6zolr8mt6WOf3aEa4LEl
         kaGtWqkUqbIqITez0rI9EnWR2eotHKbNbL5KAX4UKsXQfMIUcp8cm/sWqIIl+oyt5Spf
         FxII75sOGQmFulJvoEybvJ6MsXPHZkluCTfSbPEAVaOoXzjbI19lbQHnweagr7s8mvbX
         aFIf3EXx5ai3Q45NC2hsGBs9UwG8EuWd1ggf61G/4eMoEQhLjR/S8p3jr8kUIiaRpTql
         C4P/8QyKwhp5r8biYW/SHUsavbchPuqM7QxLA1o72B5M/zXdndW+O8xMJs4KChpKxckC
         QqRg==
X-Gm-Message-State: AJcUukeTdtwsgEQ/Q30MYnIjd0wrHQuw/1GYZW2vtLRj/U+6suhBPxFf
	fXuCLryDWm3yNuB1yafEVL3T/Mco3zE=
X-Google-Smtp-Source: 
 ALg8bN6J2DMUmLRDDcqCh2Oj54V4ihCjp3x9pQPDzZwdoHY+vTmcv+jVJykw92EfmG8sy+wHJijtBQ==
X-Received: by 2002:a62:1289:: with SMTP id 9mr36578574pfs.102.1548962916976;
        Thu, 31 Jan 2019 11:28:36 -0800 (PST)
From: Thomas Garnier <thgarnie@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: kristen@linux.intel.com,
	Thomas Garnier <thgarnie@chromium.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org,
	Mimi Zohar <zohar@linux.ibm.com>,
	Juergen Gross <jgross@suse.com>,
	Nayna Jain <nayna@linux.ibm.com>,
	Masahiro Yamada <yamada.masahiro@socionext.com>,
	Thomas Garnier <thgarnie@google.com>,
	Jan Kiszka <jan.kiszka@siemens.com>,
	Nick Desaulniers <ndesaulniers@google.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v6 13/27] x86/boot/64: Build head64.c as mcmodel large when
 PIE is enabled
Date: Thu, 31 Jan 2019 11:24:20 -0800
Message-Id: <20190131192533.34130-14-thgarnie@chromium.org>
X-Mailer: git-send-email 2.20.1.495.gaa96b0ce6b-goog
In-Reply-To: <20190131192533.34130-1-thgarnie@chromium.org>
References: <20190131192533.34130-1-thgarnie@chromium.org>
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP

The __startup_64 function assumes all symbols have relocated addresses
instead of the current boot virtual address. PIE generated code favor
relative addresses making all virtual and physical address math incorrect.
If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute
references on all memory access. Add a global __force_order variable required
when using a large model with read_cr* functions.

To build head64.c as mcmodel=large, disable the retpoline gcc flags.
This code is used at early boot and removed later, it doesn't need
retpoline mitigation.

Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range below 0xffffffff80000000.

Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
---
 arch/x86/kernel/Makefile | 6 ++++++
 arch/x86/kernel/head64.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 00b7e27bc2b7..1f98f52eab9f 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -22,6 +22,12 @@ CFLAGS_REMOVE_early_printk.o = -pg
 CFLAGS_REMOVE_head64.o = -pg
 endif
 
+ifdef CONFIG_X86_PIE
+# Remove PIE and retpoline flags that are incompatible with mcmodel=large
+CFLAGS_REMOVE_head64.o += -fPIE -mindirect-branch=thunk-extern -mindirect-branch-register
+CFLAGS_head64.o = -mcmodel=large
+endif
+
 KASAN_SANITIZE_head$(BITS).o				:= n
 KASAN_SANITIZE_dumpstack.o				:= n
 KASAN_SANITIZE_dumpstack_$(BITS).o			:= n
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 16b1cbd3a61e..22e81275495b 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -63,6 +63,9 @@ EXPORT_SYMBOL(vmemmap_base);
 
 #define __head	__section(.head.text)
 
+/* Required for read_cr3 when building as PIE */
+unsigned long __force_order;
+
 static void __head *fixup_pointer(void *ptr, unsigned long physaddr)
 {
 	return ptr - (void *)_text + (void *)physaddr;