[v4,11/15] x86, relocs: Ignore __typeid__ relocations

Message ID	20210930180531.1190642-12-samitolvanen@google.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-hardening-owner@kernel.org> Date: Thu, 30 Sep 2021 11:05:27 -0700 In-Reply-To: <20210930180531.1190642-1-samitolvanen@google.com> Message-Id: <20210930180531.1190642-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20210930180531.1190642-1-samitolvanen@google.com> Subject: [PATCH v4 11/15] x86, relocs: Ignore __typeid__ relocations From: Sami Tolvanen <samitolvanen@google.com> To: x86@kernel.org Cc: Kees Cook <keescook@chromium.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Peter Zijlstra <peterz@infradead.org>, Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Sedat Dilek <sedat.dilek@gmail.com>, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen <samitolvanen@google.com> Content-Type: text/plain; charset="UTF-8" Precedence: bulk
Series	x86: Add support for Clang CFI \| expand [v4,00/15] x86: Add support for Clang CFI [v4,01/15] objtool: Add CONFIG_CFI_CLANG support [v4,02/15] objtool: Add ASM_STACK_FRAME_NON_STANDARD [v4,03/15] linkage: Add DECLARE_ASM_FUNC_SYMBOL [v4,04/15] cfi: Add DEFINE_CFI_IMMEDIATE_RETURN_STUB [v4,05/15] tracepoint: Exclude tp_stub_func from CFI checking [v4,06/15] ftrace: Use an opaque type for functions not callable from C [v4,07/15] lkdtm: Disable UNSET_SMEP with CFI [v4,08/15] lkdtm: Use an opaque type for lkdtm_rodata_do_nothing [v4,09/15] x86: Use an opaque type for functions not callable from C [v4,10/15] x86/purgatory: Disable CFI [v4,11/15] x86, relocs: Ignore __typeid__ relocations [v4,12/15] x86, module: Ignore __typeid__ relocations [v4,13/15] x86, cpu: Use LTO for cpu.c with CFI [v4,14/15] x86, kprobes: Fix optprobe_template_func type mismatch [v4,15/15] x86, build: Allow CONFIG_CFI_CLANG to be selected

Message ID

20210930180531.1190642-12-samitolvanen@google.com (mailing list archive)

State

Superseded

Headers

Date: Thu, 30 Sep 2021 11:05:27 -0700
In-Reply-To: <20210930180531.1190642-1-samitolvanen@google.com>
Message-Id: <20210930180531.1190642-12-samitolvanen@google.com>
Mime-Version: 1.0
References: <20210930180531.1190642-1-samitolvanen@google.com>
Subject: [PATCH v4 11/15] x86, relocs: Ignore __typeid__ relocations
From: Sami Tolvanen <samitolvanen@google.com>
To: x86@kernel.org
Cc: Kees Cook <keescook@chromium.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Sedat Dilek <sedat.dilek@gmail.com>,
        linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        llvm@lists.linux.dev, Sami Tolvanen <samitolvanen@google.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

Series

x86: Add support for Clang CFI | expand

Commit Message

Sami Tolvanen Sept. 30, 2021, 6:05 p.m. UTC

From: Kees Cook <keescook@chromium.org>

The __typeid__* symbols aren't actually relocations, so they can be
ignored during relocation generation.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
---
 arch/x86/tools/relocs.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Josh Poimboeuf Oct. 6, 2021, 3:31 a.m. UTC | #1

On Thu, Sep 30, 2021 at 11:05:27AM -0700, Sami Tolvanen wrote:
> From: Kees Cook <keescook@chromium.org>
> 
> The __typeid__* symbols aren't actually relocations, so they can be
> ignored during relocation generation.

Then what are they?  It would be good to add that information here.

Sami Tolvanen Oct. 6, 2021, 4:17 p.m. UTC | #2

On Tue, Oct 5, 2021 at 8:31 PM Josh Poimboeuf <jpoimboe@redhat.com> wrote:
>
> On Thu, Sep 30, 2021 at 11:05:27AM -0700, Sami Tolvanen wrote:
> > From: Kees Cook <keescook@chromium.org>
> >
> > The __typeid__* symbols aren't actually relocations, so they can be
> > ignored during relocation generation.
>
> Then what are they?  It would be good to add that information here.

These relocations are for compiler-generated constants that it uses
for indirect call type checking. I think we can clarify this in the
next version.

Sami

diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index 27c82207d387..5304a6037924 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -51,6 +51,7 @@  static const char * const sym_regex_kernel[S_NSYMTYPES] = {
 	"^(xen_irq_disable_direct_reloc$|"
 	"xen_save_fl_direct_reloc$|"
 	"VDSO|"
+	"__typeid__|"
 	"__crc_)",
 
 /*
@@ -811,6 +812,12 @@  static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym,
 			    symname);
 		break;
 
+	case R_X86_64_8:
+		if (!shn_abs || !is_reloc(S_ABS, symname))
+			die("Non-whitelisted %s relocation: %s\n",
+				rel_type(r_type), symname);
+		break;
+
 	case R_X86_64_32:
 	case R_X86_64_32S:
 	case R_X86_64_64:

[v4,11/15] x86, relocs: Ignore typeid relocations

Commit Message

Comments

Patch