@@ -26,6 +26,7 @@
*.gz
*.i
*.ko
+*.lds
*.lex.c
*.ll
*.lst
@@ -127,6 +127,18 @@
#define TEXT_MAIN .text
#endif
+/*
+ * Same for modules. However, LD_DEAD_CODE_DATA_ELIMINATION doesn't touch
+ * them, so no need to check for it here.
+ */
+#if defined(CONFIG_LTO_CLANG) && !defined(CONFIG_MODULE_FG_KASLR)
+#define TEXT_MAIN_MODULE .text .text.[0-9a-zA-Z_]*
+#elif defined(CONFIG_MODULE_FG_KASLR)
+#define TEXT_MAIN_MODULE .text.__unused__
+#else
+#define TEXT_MAIN_MODULE .text
+#endif
+
/*
* Used by scripts/generate_text_sections.pl to inject text sections,
* harmless if FG-KASLR is disabled.
@@ -2363,7 +2363,6 @@ config UNUSED_KSYMS_WHITELIST
config MODULE_FG_KASLR
bool "Module Function Granular Layout Randomization"
default FG_KASLR
- depends on BROKEN
help
This option randomizes the module text section by reordering the text
section by function at module load time. In order to use this
@@ -2372,6 +2371,20 @@ config MODULE_FG_KASLR
If unsure, say N.
+config MODULE_FG_KASLR_SHIFT
+ int "Module FG-KASLR granularity (functions per section shift)"
+ depends on MODULE_FG_KASLR
+ range 0 16
+ default 0
+ help
+ This sets the number of functions that will be put in each section
+ as a power of two.
+ Decreasing the value increases the randomization, but also increases
+ the size of the final kernel module due to the amount of sections.
+ 0 means that a separate section will be created for each function.
+ 16 almost disables the randomization, leaving only the manual
+ separation.
+
endif # MODULES
config MODULES_TREE_LOOKUP
@@ -28,13 +28,24 @@ quiet_cmd_cc_o_c = CC [M] $@
%.mod.o: %.mod.c FORCE
$(call if_changed_dep,cc_o_c)
+ifdef CONFIG_MODULE_FG_KASLR
+quiet_cmd_gen_modules_lds = GEN [M] $@
+ cmd_gen_modules_lds = \
+ $(PERL) $(srctree)/scripts/generate_text_sections.pl \
+ -s $(CONFIG_MODULE_FG_KASLR_SHIFT) $(filter %.o, $^) \
+ < $(filter %.lds, $^) > $@
+
+%.lds: %$(mod-prelink-ext).o scripts/module.lds FORCE
+ $(call if_changed,gen_modules_lds)
+endif
+
ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink)
quiet_cmd_ld_ko_o = LD [M] $@
cmd_ld_ko_o += \
$(LD) -r $(KBUILD_LDFLAGS) \
$(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \
- -T scripts/module.lds -o $@ $(filter %.o, $^); \
+ -T $(filter %.lds, $^) -o $@ $(filter %.o, $^); \
$(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true)
quiet_cmd_btf_ko = BTF [M] $@
@@ -56,13 +67,15 @@ if_changed_except = $(if $(call newer_prereqs_except,$(2))$(cmd-check), \
# Re-generate module BTFs if either module's .ko or vmlinux changed
-$(modules): %.ko: %$(mod-prelink-ext).o %.mod.o scripts/module.lds $(if $(KBUILD_BUILTIN),vmlinux) FORCE
+$(modules): %.ko: %$(mod-prelink-ext).o %.mod.o
+$(modules): %.ko: $(if $(CONFIG_MODULE_FG_KASLR),%.lds,scripts/module.lds)
+$(modules): %.ko: $(if $(KBUILD_BUILTIN),vmlinux) FORCE
+$(call if_changed_except,ld_ko_o,vmlinux)
ifdef CONFIG_DEBUG_INFO_BTF_MODULES
+$(if $(newer-prereqs),$(call cmd,btf_ko))
endif
-targets += $(modules) $(modules:.ko=.mod.o)
+targets += $(modules) $(modules:.ko=.mod.o) $(if $(CONFIG_MODULE_FG_KASLR),$(modules:.ko=.lds))
# Add FORCE to the prequisites of a target to force it to be always rebuilt.
# ---------------------------------------------------------------------------
@@ -45,6 +45,7 @@ my $readelf = $ENV{'READELF'} || die "$0: ERROR: READELF not set?";
## text sections array
my @sections = ();
my $has_ccf = 0;
+my $vmlinux = 0;
## max alignment found to reserve some space
my $max_align = 64;
@@ -73,6 +74,12 @@ sub read_sections {
$has_ccf = 1;
}
+ ## If we're processing a module, don't reserve any space
+ ## at the end as its sections are being allocated separately.
+ if ($name eq ".sched.text") {
+ $vmlinux = 1;
+ }
+
if (!($name =~ /^\.text\.[0-9a-zA-Z_]*((\.constprop|\.isra|\.part)\.[0-9])*(|\.[0-9cfi]*)$/)) {
next;
}
@@ -132,7 +139,7 @@ sub print_reserve {
## If we have text sections aligned with 64 bytes or more, make
## sure we reserve some space for them to not overlap _etext
## while shuffling sections.
- if (!$count) {
+ if (!$vmlinux or !$count) {
return;
}
@@ -3,6 +3,11 @@
* Archs are free to supply their own linker scripts. ld will
* combine them automatically.
*/
+
+#include <asm-generic/vmlinux.lds.h>
+
+#undef SANITIZER_DISCARDS
+
#ifdef CONFIG_CFI_CLANG
# include <asm/page.h>
# define ALIGN_CFI ALIGN(PAGE_SIZE)
@@ -58,9 +63,16 @@ SECTIONS {
*/
.text : ALIGN_CFI {
*(.text.__cfi_check)
- *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*)
+ *(TEXT_MAIN_MODULE)
+ *(.text..L.cfi.jumptable .text..L.cfi.jumptable.*)
+ }
+#elif defined(CONFIG_MODULE_FG_KASLR)
+ .text : {
+ *(TEXT_MAIN_MODULE)
}
#endif
+
+ TEXT_FG_KASLR
}
/* bring in arch-specific sections */
Use the same methods and scripts to generate an LD script for every module containing all the output text sections. The only difference there is that we don't need to reserve any space as the memory for every section is being allocated dynamically. Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com> --- .gitignore | 1 + include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ init/Kconfig | 15 ++++++++++++++- scripts/Makefile.modfinal | 19 ++++++++++++++++--- scripts/generate_text_sections.pl | 9 ++++++++- scripts/module.lds.S | 14 +++++++++++++- 6 files changed, 64 insertions(+), 6 deletions(-)