From patchwork Tue Jan 15 19:01:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ruslan Nikolaev X-Patchwork-Id: 10765003 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9653814E5 for ; Tue, 15 Jan 2019 19:09:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 863412C9D3 for ; Tue, 15 Jan 2019 19:09:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 77C842CB75; Tue, 15 Jan 2019 19:09:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 9A2032C9D3 for ; Tue, 15 Jan 2019 19:08:59 +0000 (UTC) Received: (qmail 24490 invoked by uid 550); 15 Jan 2019 19:08:51 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 14229 invoked from network); 15 Jan 2019 19:01:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1547578869; bh=pxU81j2x8FrO/ArGrAjzwZfBoFcj0g1WM+JNM5m42Js=; h=To:Cc:From:Subject:Date:From:Subject; b=gRe9wNONL2dyppkluPxlbWE7rCfr5w1v9OVUb330bRyzPyeI1wn64DbemepiUqSvr3nVYyhHaD0JfQJKVG18cZX0OrKiVjpLB2989Vag2H06QeceZ5axv4orE+gcWKbk650Zw/4v94ufUbnVUO0V9daEP+799TI+L90nj5QgR7qOYlU8sE8Bdvpq4GectsvpN9qHHFaAS81N135LzBLhTSG3zqtwMfGVJ0mxoTWBAOaDevmVROEsZROHfhd2VSCRv7Yo5fvyR1ehoBuKefoeuzSL6dP8fVrJEuSlqtUrN+q32tGOgAI/ViRxFQzDv3XF19jiO6CNXdWq4owB0uMHfA== X-YMail-OSG: wcEuJjYVM1nAuce.W.CFSZBih3UIVBSzE9xzLzaVqlaq.E96fLcAlNzM2zTReBs CHmhfsOb9AkMxOFuf.V0ldZo.lbrbPNAo09PJeHKJIvP3A4KrFjBtkZXHdvBTnHMRSu2Tnn1YiVP dZ8a8pkjZ6Rr9O5TMUpdSYOufWc0D9v8Iul0mw8EqFPpCFRvqMKpfJ7JUpp6jRkt45qFgoPGPIuU wW37nptC9YJu9qF.AzkrL4VrR8CdOnucL6I5cprI3v3MYCAvfcULx3rwMMD2hFBPC8VwVXu5jLN3 BsyevDIrWz87zmfZV1RvEeWnHTPYzgd6a2PnAMlMESGF9SNRpnDKuW2w4.b1lzBApIY5lAhAcbtB eY_GMosds9LB4V6v9F8yKnlBrFAS2OINySP1y3DUzhYF9QTVEO3AfynqdAS9BWpHtS5FU9SqGDNS W4VDOT446wel4vt4UUI0TulkbUlYU3eSA3a17M1mV.NKeR4ALTar3cenHctiwkbMcjvNGznVUC6P Ty8H8OVj9PDyvXUMZKpXBNT2iNw_3Z_aSTBf7nMQ5t6cqt5dwdyXZ7pALKcztI199zl0O.B7H0RJ UUqwujMBC_J0DZcd4m6JcBzFv5Or8ICugju3S88v.RN6XzJ4F0g.nK3pCbVQKMFsmwj..vu5YNkB ExY46EKFz79091CPIy7EgDIsvxMilmE_43bGGIQL.BKhCqnB7Zcc4Qi_FwYZwHz6ukLv2nJ__QX0 g3VzfU_oslI3NToHol36wXFxT7KoIaSBc7ulLvzETg49fkZK0W.6enqqqYptMO5Ln6A6CzOMGiuR dw24u0L2STpNBivrpuDK6SGirCOvi6hchEvH5rfY9lhwmUr5oLw9XQNcrcnosnvEFAH9gysDzOp5 msrf_QXAnYzCtoeMCetZUz7gO9vC2Z.SsRh6WAvLLex25KzWPWbnjTU645qibcqXW0GVxKl.eAuq IkbSR94VKWX6DcfoljiipIMdOZehQsOyisJY2QxX5UkY1xk4vP12P8Q9QhXXwWy0g5XsmdlltGLN toBvvwVysIHZW8Raj1ii5gm0wRKAGXkEzkLU.uA0ach8CheWh0eLiAsBSfmIlPAaFWLUoya1nk46 MzNV2cze_yUbI To: kernel-hardening@lists.openwall.com Cc: thgarnie@google.com, x86@kernel.org, kstewart@linuxfoundation.org, gregkh@linuxfoundation.org, keescook@chromium.org From: Ruslan Nikolaev Subject: [PATCH v1 04/06]: The PLT stub for PIC modules Message-ID: <6a7e9f8a-75e1-c9a2-94c2-471e8d0ce85c@yahoo.com> Date: Tue, 15 Jan 2019 14:01:06 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 Content-Language: en-US X-Virus-Scanned: ClamAV using ClamSMTP The PLT stub for PIC modules The patch is by Hassan Nadeem and Ruslan Nikolaev. This extends the prior PIE kernel patch (by Thomas Garnier) to also support position-independent modules that can be placed anywhere in the 48/64-bit address space (for better KASLR). Signed-off-by: Ruslan Nikolaev --- Makefile | 3 ++- module-plt-stub.S | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff -uprN a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile --- a/arch/x86/kernel/Makefile 2019-01-15 11:20:45.271168382 -0500 +++ b/arch/x86/kernel/Makefile 2019-01-15 11:30:12.576999665 -0500 @@ -104,7 +104,8 @@ obj-$(CONFIG_KEXEC_CORE) += relocate_ker obj-$(CONFIG_KEXEC_FILE) += kexec-bzimage64.o obj-$(CONFIG_CRASH_DUMP) += crash_dump_$(BITS).o obj-y += kprobes/ -obj-$(CONFIG_MODULES) += module.o +obj-$(CONFIG_MODULES) += module.o module-plt-stub.o +OBJECT_FILES_NON_STANDARD_module-plt-stub.o := y obj-$(CONFIG_DOUBLEFAULT) += doublefault.o obj-$(CONFIG_KGDB) += kgdb.o obj-$(CONFIG_VM86) += vm86_32.o diff -uprN a/arch/x86/kernel/module-plt-stub.S b/arch/x86/kernel/module-plt-stub.S --- a/arch/x86/kernel/module-plt-stub.S 1969-12-31 19:00:00.000000000 -0500 +++ b/arch/x86/kernel/module-plt-stub.S 2019-01-15 11:30:12.580999706 -0500 @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#include +#include +#include +#include +#include +#include +#include + +/* The following code is used for PLT generation only + and should never be executed directly. */ +.section .rodata +.globl __THUNK_FOR_PLT +.globl __THUNK_FOR_PLT_SIZE +__THUNK_FOR_PLT: +#ifdef CONFIG_RETPOLINE + movq 0(%rip), %rax + JMP_NOSPEC %rax +#else + jmpq *0(%rip) +#endif +__THUNK_FOR_PLT_SIZE: .long . - __THUNK_FOR_PLT