From patchwork Thu Oct 10 12:28:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13830033 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B65F31C4610 for ; Thu, 10 Oct 2024 12:28:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563299; cv=none; b=UXOdRVE5CJTzKt2dhjWD8VLKOiwaH4oy5bqqcspmNBPq6zjS/7XcZ3g0qGgYFwlRT5mANlVtbowss08IB3Vb2C2fKWiSa3u34MunZx6wkveYj9qWSFQTqwqd+qFe0lLUszFe/2yHW0u8D8IUhChChK1ZixsaEQDr0FcN1Ms4Mzw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563299; c=relaxed/simple; bh=3ypYKGSzXikE1B2PepVX9e//JhorszwPHFIwfpOHiGY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bSE6XixAxugz+PpaWgVudS3c+J7JI/emVeorVNmRZjVRKhI/eUUDgqzR6wrBCEZoWSsArsh/DlxWvJBw4po2UkUsE6aFfPvx3an5QmjlGsnqE0MdWMY/w0ysp9fJDuneI1A4yQmEtt0H3nG8lEG9JbUL+bafDGkeOtZb1VAe2sw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=rXuUtr3v; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rXuUtr3v" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43057c9b32bso5411515e9.0 for ; Thu, 10 Oct 2024 05:28:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563296; x=1729168096; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=PEuVSEUio0W9/y2JZlJcnuGE1IpZn4WTPPWZxA7pzx4=; b=rXuUtr3vhURmsFhor46aW0b6+Vn3KjshHCR97fcMo62KzIQ2JLIJ+OHjFLaRH/ssKY apNwCVj2Y+hpKvrD1I9geCJ7iusmWwc8uETnzglojFcoqneJ1yx4B61ty6WEhILn4GFt WlL9ir4mhguFqxsolZJ3mJE27X3bEDRKT9KeNSJzoVNbOovlSLzDfrc2E+UG/zaR8ZxK hp2bS15Ftp7uajqN8AfbeiEFa83TV6K5lUQKuf3Xr0aNQXHgbkl5ffe21e98840xYD5z WJXrLHWumV5Zd/pr31nOxPwWrY7wuTkgwjTOL25c4d7rJEFofw2EmCQ8ScFpQ9SXNNTP Tj/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563296; x=1729168096; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PEuVSEUio0W9/y2JZlJcnuGE1IpZn4WTPPWZxA7pzx4=; b=djPl4gX1IWmfbYP8KANlPQmmiSojsLZ4OPSCwTO5OvLPS2aCLxbe9enpmcpe4Pxuy+ Cc28kYYxbOzE/jYWIFDJgZirf3eIfzu6fRcJ+2Ebf8vdL74vJLiodpwa1ubq6CKK3ysC 5O3I3tFME0b/M+NJwUaV/AivYeTxQj8r7o2i+sccqSaGg4F/3WFcgF55A0MXzuzy5mEm YB7dkmgGio7XuE+xyV1yC+srOWMKt+tShTN6guuee3Zlu8ZFT3y6+KFUipxOyTHFkgpX pBD92qf8HGbWJi9i88mjsSJKFKLXJ/FxT/oh9MPEympV+649pzx3uIlJqT8WzYiYPM22 bdZg== X-Forwarded-Encrypted: i=1; AJvYcCXlI74kwOgH4vS/lvyKOjNbkeehBvx2GJd30weCQB1I6duXr3T30pjbsQT45HvljjoXUCDHcNfNdyfyz0qGPV0=@vger.kernel.org X-Gm-Message-State: AOJu0YwnwdFzxmeSFqYf4fceOnOWgdLNAIkVtMuwmRdnOai6KpZykhgQ C89I8TqAIkjxIH+YFZohtcTL3i75wf8YWgOst2jXozgK5d75WQE0A6S6En4Usz5h+yonVg== X-Google-Smtp-Source: AGHT+IH8bAk+Lmp5dtvOjzTyZbYIM9r3sv/N3dIVhPFX8SwT+VjdV4Gg9WTBTFNkFQvxbYTAojWxs4Jd X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a7b:c7c8:0:b0:42c:b55a:2be7 with SMTP id 5b1f17b1804b1-430d70b3d5amr140785e9.6.1728563295804; Thu, 10 Oct 2024 05:28:15 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:03 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5174; i=ardb@kernel.org; h=from:subject; bh=X/1hdeUniupkXR56uj3gYLJGGRs5DubM6blrWxZVFtk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RMj3x1vjymbzxTjlhSxzlHwbHvSq+dCE53cZerw8t 3qaxu3rKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABMR38Hwz/JU/rnurJmaP13m sHtFvK/P/fNBIjTpbydv5MRJ5/QWiDEy9G97ZLkvWCMsKas76enNmfrxphopFy4sPrPzQeavjBt mHAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-8-ardb+git@google.com> Subject: [PATCH v2 1/5] objtool: Deal with relative jump tables correctly From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook From: Ard Biesheuvel Relative jump tables contain entries that carry the offset between the target of the jump and the start of the jump table. This permits the use of the PIC idiom of leaq jump_table(%rip), %tbl movslq (%tbl,%idx,4), %offset addq %offset, %tbl jmp *%tbl The jump table entries are decorated with PC32 relocations, which record the offset of the referenced symbol relative to the target of the relocation, which is the individual entry in the table. This means that only the first entry produces the correct value directly; the subsequent ones need to be corrected to produce the offset relative to the start of the table, by applying an addend. Given that the referenced symbols are anonymous, and thus already expressed in terms of sections and addends, e.g., .text+0x5df9, the correction is incorporated into the existing addend. The upshot of this is that chasing the reference to find the target instruction needs to take this second addend into account as well. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 8 ------- tools/objtool/check.c | 24 +++++++++++++++++--- tools/objtool/include/objtool/elf.h | 6 +++++ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/special.c index 4ea0f9815fda..415e4d035e53 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -150,13 +150,5 @@ struct reloc *arch_find_switch_table(struct objtool_file *file, if (!rodata_reloc) return NULL; - /* - * Use of RIP-relative switch jumps is quite rare, and - * indicates a rare GCC quirk/bug which can leave dead - * code behind. - */ - if (reloc_type(text_reloc) == R_X86_64_PC32) - file->ignore_unreachables = true; - return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 3cb3e9b5ad0b..7f7981a93535 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -2101,6 +2101,8 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, { struct symbol *pfunc = insn_func(insn)->pfunc; struct reloc *table = insn_jump_table(insn); + unsigned int rtype = reloc_type(table); + bool pcrel = rtype == R_X86_64_PC32; struct instruction *dest_insn; unsigned int prev_offset = 0; struct reloc *reloc = table; @@ -2111,13 +2113,18 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, * instruction. */ for_each_reloc_from(table->sec, reloc) { + unsigned long addend = reloc_addend(reloc); /* Check for the end of the table: */ if (reloc != table && reloc == next_table) break; + /* Each entry in the jump table should use the same relocation type */ + if (reloc_type(reloc) != rtype) + break; + /* Make sure the table entries are consecutive: */ - if (prev_offset && reloc_offset(reloc) != prev_offset + 8) + if (prev_offset && reloc_offset(reloc) != prev_offset + (pcrel ? 4 : 8)) break; /* Detect function pointers from contiguous objects: */ @@ -2125,7 +2132,15 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, reloc_addend(reloc) == pfunc->offset) break; - dest_insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); + /* + * Place-relative jump tables carry offsets relative to the + * start of the jump table, not to the entry itself. So correct + * the addend for the location of the entry in the table. + */ + if (pcrel) + addend -= reloc_offset(reloc) - reloc_offset(table); + + dest_insn = find_insn(file, reloc->sym->sec, addend); if (!dest_insn) break; @@ -2133,6 +2148,9 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) break; + if (pcrel) + reloc->sym_offset = addend; + alt = malloc(sizeof(*alt)); if (!alt) { WARN("malloc failed"); @@ -4536,7 +4554,7 @@ static int validate_ibt_data_reloc(struct objtool_file *file, struct instruction *dest; dest = find_insn(file, reloc->sym->sec, - reloc->sym->offset + reloc_addend(reloc)); + reloc->sym->offset + reloc_sym_offset(reloc)); if (!dest) return 0; diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index d7e815c2fd15..f4a6307f4c08 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -78,6 +78,7 @@ struct reloc { struct section *sec; struct symbol *sym; struct reloc *sym_next_reloc; + s64 sym_offset; }; struct elf { @@ -251,6 +252,11 @@ static inline s64 reloc_addend(struct reloc *reloc) return __get_reloc_field(reloc, r_addend); } +static inline s64 reloc_sym_offset(struct reloc *reloc) +{ + return reloc->sym_offset ?: reloc_addend(reloc); +} + static inline void set_reloc_addend(struct elf *elf, struct reloc *reloc, s64 addend) { __set_reloc_field(reloc, r_addend, addend); From patchwork Thu Oct 10 12:28:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13830034 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B68B1C4623 for ; Thu, 10 Oct 2024 12:28:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563301; cv=none; b=cEL6OLRQamEOCBKiPReOEiH0GukmcZoa4dFk1xCb2FD4KRykcAjVMpN9QCCm5yLbBThGyx/qSzp5jgBVNzQGsmPwMfm/0WkK9CcHYyNXNh9jUUe3UqE/2wl7mk5ANE0R4+CvIS0tlr6LzxO6DK6eVoYUlY6g+pBLiy2N8hPhuX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563301; c=relaxed/simple; bh=XueFKKJfNv5S62FTI6Nn6miZHSnizhT2/a1kRTz+4zc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EXspukqJB2vno4RsDWrnYgTk9RUXVF5x0oLd2ew/aloq6GFISJhyEBtADvslVkPkqvN018vKQlOdeYk4aaBRO773JIi4q7ziKwX/UJgpoW6Z9SzQSWuu7CSXeAzPHdDq5Cvl6O1fp3N37TGCztpWERxiMx29sSejxiahKMnVoSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1ihjNd+z; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1ihjNd+z" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e000d68bb1so22697687b3.1 for ; Thu, 10 Oct 2024 05:28:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563298; x=1729168098; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1h9fFvgBUeRFx9Aotl4DWJObQ4kxzCBME+ifVsDcAJM=; b=1ihjNd+z74nFSturzSj7XH1Tw+nKvFIoGap1tnOK+WhOoAoFdyqMnkIXO4Cmkkwy8t oShAUJfRB7PgHaPzUGyfdQzdMD+Vdfe7NZcOoJNyc/Y4orl0ShlLlVyqnR7sarDbHk3i MXmGQYtZweYJbUscdluVuNm/zBz7wrHGnxa89bAyz/zeE0/gBQB9mcyzf9vL0lqRX929 NjYoAErCq37sUmLbZ1/gP0BscLRPU4iufPaGL7bORrn7FAzomA1RvfoV/AbMjho/xHfu 83pVQ9AwWCRpvf/CWec5EZEILOGwv5scc28aHeU9aCBKUEvgSQUqtfTIRYnt+PpVl3Wd hsTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563298; x=1729168098; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1h9fFvgBUeRFx9Aotl4DWJObQ4kxzCBME+ifVsDcAJM=; b=cvNIHcbQRaEkx4/2/zlXMOxW4VxcBgeUEIFMu2zqfonSqADx5i+F6Q+msMSiBvhUzV Vbg9EW/5AFPq7PKcrpagosOl7dtUtlrw2F8t9JyG68J+7ZsjEUsPMbVvrvNGkmyr1sgr nFYS3fO4md+S2hY3r9Qsl2UTPFXa3XxCrUMZ55Pr8rhEc8ViqWyfbtPkieBxzvPyWJEo c07onUCWjAH9aCbTVS0zVzebazMmjwmRoc3XwmQEgz+exNq2hedStHFfGKIBQyeyLsup djHTktsX3siQhKmG/qXfXb8TxZp/5e/+uYtETOnF8CmzQsP4IMVEQqcL9HE3tG+9JQb7 8QCA== X-Forwarded-Encrypted: i=1; AJvYcCWVPVDm30zffelVj/ZiuIY859iFoNbjw+rRZPz0YsDTNzZKRY2K60xeltHV9YNxotZXYtFPxJNGp2HXAUO9zz0=@vger.kernel.org X-Gm-Message-State: AOJu0YyysfYhckojBYxVhSZtuJ1a3FFrVs4KrR91Kf7bUCr1TMgWSyZS qhPOpJmSkG3mD2SVViWw/Xvffqt+SW1hbYPJBrQzTURJlN8p88uJKxzUDZhAx8JmFPmI8A== X-Google-Smtp-Source: AGHT+IE9TBQHDn81ejkh1rw2v+XDC+2cpXnc7DsPnWjm4u6sifCrO6OF2c5NoEQ7evGC5PCEb3uoSlO6 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:6902:2d02:b0:e29:2a3:ad7f with SMTP id 3f1490d57ef6-e290b5afe99mr42880276.1.1728563298554; Thu, 10 Oct 2024 05:28:18 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:04 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6898; i=ardb@kernel.org; h=from:subject; bh=jlstyuRGCsVkoeHTvHTTSvfyzwb2vzkKg7m++dSyEtY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RKg1x/mChKdFy6Q2BvjdbTARsDHbn87dG1siXWud8 plB9H1HKQuDGAeDrJgii8Dsv+92np4oVes8SxZmDisTyBAGLk4BmEiRACPDapENBTc1fXP4/bbW cf7M+7RlVUPXE2vNrrSTr69mzAveysjQ4b4s0PydpdP075/X7/ffkfNyRsnsezZLI9o/pc6pvOP ICAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-9-ardb+git@google.com> Subject: [PATCH v2 2/5] objtool: Allow arch code to discover jump table size From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook From: Ard Biesheuvel In preparation for adding support for annotated jump tables, where ELF relocations and symbols are used to describe the locations of jump tables in the executable, refactor the jump table discovery logic so the table size can be returned from arch_find_switch_table(). Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/loongarch/special.c | 3 +- tools/objtool/arch/powerpc/special.c | 3 +- tools/objtool/arch/x86/special.c | 4 ++- tools/objtool/check.c | 31 +++++++++++++------- tools/objtool/include/objtool/check.h | 5 +++- tools/objtool/include/objtool/special.h | 3 +- 6 files changed, 33 insertions(+), 16 deletions(-) diff --git a/tools/objtool/arch/loongarch/special.c b/tools/objtool/arch/loongarch/special.c index 9bba1e9318e0..87230ed570fd 100644 --- a/tools/objtool/arch/loongarch/special.c +++ b/tools/objtool/arch/loongarch/special.c @@ -9,7 +9,8 @@ bool arch_support_alt_relocation(struct special_alt *special_alt, } struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { return NULL; } diff --git a/tools/objtool/arch/powerpc/special.c b/tools/objtool/arch/powerpc/special.c index d33868147196..51610689abf7 100644 --- a/tools/objtool/arch/powerpc/special.c +++ b/tools/objtool/arch/powerpc/special.c @@ -13,7 +13,8 @@ bool arch_support_alt_relocation(struct special_alt *special_alt, } struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { exit(-1); } diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/special.c index 415e4d035e53..f8fb67636384 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -109,7 +109,8 @@ bool arch_support_alt_relocation(struct special_alt *special_alt, * NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic jumps. */ struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; @@ -150,5 +151,6 @@ struct reloc *arch_find_switch_table(struct objtool_file *file, if (!rodata_reloc) return NULL; + *table_size = 0; return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 7f7981a93535..5f711ac5b43d 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -150,6 +150,15 @@ static inline struct reloc *insn_jump_table(struct instruction *insn) return NULL; } +static inline unsigned long insn_jump_table_size(struct instruction *insn) +{ + if (insn->type == INSN_JUMP_DYNAMIC || + insn->type == INSN_CALL_DYNAMIC) + return insn->_jump_table_size; + + return 0; +} + static bool is_jump_table_jump(struct instruction *insn) { struct alt_group *alt_group = insn->alt_group; @@ -2099,6 +2108,7 @@ static int add_special_section_alts(struct objtool_file *file) static int add_jump_table(struct objtool_file *file, struct instruction *insn, struct reloc *next_table) { + unsigned long table_size = insn_jump_table_size(insn); struct symbol *pfunc = insn_func(insn)->pfunc; struct reloc *table = insn_jump_table(insn); unsigned int rtype = reloc_type(table); @@ -2116,6 +2126,8 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, unsigned long addend = reloc_addend(reloc); /* Check for the end of the table: */ + if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size) + break; if (reloc != table && reloc == next_table) break; @@ -2175,12 +2187,12 @@ static int add_jump_table(struct objtool_file *file, struct instruction *insn, * find_jump_table() - Given a dynamic jump, find the switch jump table * associated with it. */ -static struct reloc *find_jump_table(struct objtool_file *file, - struct symbol *func, - struct instruction *insn) +static void find_jump_table(struct objtool_file *file, struct symbol *func, + struct instruction *insn) { struct reloc *table_reloc; struct instruction *dest_insn, *orig_insn = insn; + unsigned long table_size; /* * Backward search using the @first_jump_src links, these help avoid @@ -2201,17 +2213,17 @@ static struct reloc *find_jump_table(struct objtool_file *file, insn->jump_dest->offset > orig_insn->offset)) break; - table_reloc = arch_find_switch_table(file, insn); + table_reloc = arch_find_switch_table(file, insn, &table_size); if (!table_reloc) continue; dest_insn = find_insn(file, table_reloc->sym->sec, reloc_addend(table_reloc)); if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) continue; - return table_reloc; + orig_insn->_jump_table = table_reloc; + orig_insn->_jump_table_size = table_size; + break; } - - return NULL; } /* @@ -2222,7 +2234,6 @@ static void mark_func_jump_tables(struct objtool_file *file, struct symbol *func) { struct instruction *insn, *last = NULL; - struct reloc *reloc; func_for_each_insn(file, func, insn) { if (!last) @@ -2245,9 +2256,7 @@ static void mark_func_jump_tables(struct objtool_file *file, if (insn->type != INSN_JUMP_DYNAMIC) continue; - reloc = find_jump_table(file, func, insn); - if (reloc) - insn->_jump_table = reloc; + find_jump_table(file, func, insn); } } diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/objtool/check.h index daa46f1f0965..e1cd13cd28a3 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -71,7 +71,10 @@ struct instruction { struct instruction *first_jump_src; union { struct symbol *_call_dest; - struct reloc *_jump_table; + struct { + struct reloc *_jump_table; + unsigned long _jump_table_size; + }; }; struct alternative *alts; struct symbol *sym; diff --git a/tools/objtool/include/objtool/special.h b/tools/objtool/include/objtool/special.h index 89ee12b1a138..e049679bb17b 100644 --- a/tools/objtool/include/objtool/special.h +++ b/tools/objtool/include/objtool/special.h @@ -38,5 +38,6 @@ bool arch_support_alt_relocation(struct special_alt *special_alt, struct instruction *insn, struct reloc *reloc); struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn); + struct instruction *insn, + unsigned long *table_size); #endif /* _SPECIAL_H */ From patchwork Thu Oct 10 12:28:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13830035 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 65F851C4635 for ; Thu, 10 Oct 2024 12:28:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563304; cv=none; b=rkBZh0Jf4o9B1+RFla2FfDKS7mXmqcDKEh032KV8TTYBIG4Y3rBY1BruIB/BFTeSDOLsgR0XhV6Q8VslWQuPpDE8GmK4j+uU8qU/T8JLaUnMHvnaUj1VsnP93G16yzZ1xPqncSogfBkbN8zGQAk+3Cq3ofOS4Mg4d2W2PyD1i2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563304; c=relaxed/simple; bh=8A7Rduxh7B7wBcV+WeKKZLLPV5xHM3xV32Vl9/HOJpA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DOJJFq4niXFg6EPb1YzR3lxH09hKfrx3ixXex2YWhoGjRO0wssm6rzc+wLpW0orurS8QXJWRjxPo2zhmmlN8+PhIMJ7nTJ0Wd2OjmHgfmI6qpKmnselmlcaCUyJNh2WTMgVfwfj2FZghXcGQ3bA+BgHHqloQ+SbR0CiZvphtc2w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hzYnjjrQ; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hzYnjjrQ" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-42cb6f3c476so5616565e9.0 for ; Thu, 10 Oct 2024 05:28:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563301; x=1729168101; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c6QcR9n1m0q/l9zGQbgLs5hja5J4WWq16DHiF4+8sPU=; b=hzYnjjrQzbuWDq56DW6sYEt7g4oQMA0wg/7Ny+haturPpBAInMuxtB6m65bSgEgr28 rOEhe5qI15fO+FkJQobpa97Q09kzP8EXxRM1DDHj0onTEcC7EF7YasuRtutM8vlf4ccc Ws8nJVzg7K4YRIiC7LOWkmdbwSSDrDM89LZ9/Cax9nf0Xyv2L++lv5c1xCwfVwehycwi 4wJ9bvRu78+iIoX5/DaTHy25b++Wb4T6oKpA9oNECqzs4EcPZNRBf+rwZwAAbEf/TNH1 UVUNvYUvalmOqioF/Q25mwuzXOfnnSv/1qdyqv10XGpMLunUYXQeeOFhjuU63EwymaOc s/0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563301; x=1729168101; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c6QcR9n1m0q/l9zGQbgLs5hja5J4WWq16DHiF4+8sPU=; b=FrHHh0oDCFSSi3AGnGAXiyvfGZnBeZJzxFEwatOSdPeeRMVF5zufARFG3EE2LHeWpW B4//4IqjJ/n0sXVRjSe6TZkO7FJlKzv5+NIzLzw7OXQaNPoO45bGjMx/zPI0hY2Iu3Xg MlxRHhl6DHPxrW+lC70UhUOQu3I4YHnbmpk+udFjjhmm5Dqv1qpVHTMerhjQY5rPkQVt uFdyao/ibPTos5gC21UrxREOF0qDYJFaOL2K4xOqUQHbWTTlvEqN4jSttiPIU5BjNKNO KAOXxoduyA+WcUiwfmUbwRnVdfx5AUJyV0CWtr1DH5z35AatZiCB4iUz+QoEQEsoXmu3 R00w== X-Forwarded-Encrypted: i=1; AJvYcCWWhDO5Wpdyn9FlpZiBAjDuH2Hz+jqiao9Bea5Yi3vJl9g6zSAmzBhoYkAMcq8eK5fjoNU90amWZUxwtTcBu2Y=@vger.kernel.org X-Gm-Message-State: AOJu0YzvalL/dbHu0eanOX9PtvGWcZuwOlkHCzSiQS3zD8c9jOg8yDuA iroP1owSxsdcG1o8hYznmXAF0z4xwjWQB2YmkZihqyOvOkxeAh/AwdBt4KtWs7uJyOOJeA== X-Google-Smtp-Source: AGHT+IHuM4AVrB3/VA+KSNoFn/gVu2nH/tNFfFetPAnZU3/5n7kxbHksI8Xp5YeqknZ6dS+iHq9qQ/Nz X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:600c:4395:b0:42e:8ffd:4276 with SMTP id 5b1f17b1804b1-430c3a9844bmr82645e9.0.1728563300750; Thu, 10 Oct 2024 05:28:20 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:05 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4558; i=ardb@kernel.org; h=from:subject; bh=sRiVcv8Ap32tzSM2ObqgKu+cYGNZF+YeavTcnVlMYrg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RLjOa+4nZq887O5KLzj8mveY2rczSUpNm+NVl/n/v ffb0M68o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzk7lSG/9E1Eg6Z/vsnm3io JV7be+qa6NNNGyX1khoOzNmskWAYysTwT11BvfDwK90Zj2v3KX3P1oidrammV5H0iI+z/lJbSJ4 5CwA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-10-ardb+git@google.com> Subject: [PATCH v2 3/5] objtool: Add support for annotated jump tables From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook From: Ard Biesheuvel Add logic to follow R_X86_64_NONE relocations attached to indirect jumps, which are emitted to annotate jump tables, which are otherwise difficult to spot reliably. If an ELF symbol is associated with the jump table, its size is taken as the size of the jump table, and subsequently used to limit the traversal of the table and validate its jump destinations. One complicating factor is that indirect jumps may actually be direct jumps to retpoline thunks, and therefore already have a relocation associated with it. Accommodate these by ignoring R_*_NONE relocations in insn_reloc(), so that the existing code does not get confused by them. E.g., 8c: 48 63 7c 85 00 movslq 0x0(%rbp,%rax,4),%rdi 91: 48 01 ef add %rbp,%rdi 94: e9 00 00 00 00 jmp 99 94: R_X86_64_NONE .rodata+0x400 95: R_X86_64_PLT32 __x86_indirect_thunk_rdi-0x4 Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 33 ++++++++++++++++---- tools/objtool/check.c | 10 ++++-- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/special.c index f8fb67636384..67c20623d7f7 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -115,30 +115,51 @@ struct reloc *arch_find_switch_table(struct objtool_file *file, struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; unsigned long table_offset; + struct symbol *sym; /* look for a relocation which references .rodata */ text_reloc = find_reloc_by_dest_range(file->elf, insn->sec, insn->offset, insn->len); - if (!text_reloc || text_reloc->sym->type != STT_SECTION || - !text_reloc->sym->sec->rodata) + if (!text_reloc || !text_reloc->sym->sec->rodata) return NULL; - table_offset = reloc_addend(text_reloc); + /* + * If the indirect jump instruction itself is annotated with a + * R_X86_64_NONE relocation, it should point to the jump table + * in .rodata. In this case, the ELF symbol will give us the + * size of the table. Ignore other occurrences of R_X86_64_NONE. + */ + if (reloc_type(text_reloc) == R_X86_64_NONE && + insn->type != INSN_JUMP_DYNAMIC) + return NULL; + + table_offset = text_reloc->sym->offset + reloc_addend(text_reloc); table_sec = text_reloc->sym->sec; if (reloc_type(text_reloc) == R_X86_64_PC32) table_offset += 4; + switch (text_reloc->sym->type) { + case STT_OBJECT: + sym = text_reloc->sym; + break; + case STT_SECTION: + sym = find_symbol_containing(table_sec, table_offset); + break; + default: + return NULL; + } + /* * Make sure the .rodata address isn't associated with a - * symbol. GCC jump tables are anonymous data. + * symbol. Unannotated GCC jump tables are anonymous data. * * Also support C jump tables which are in the same format as * switch jump tables. For objtool to recognize them, they * need to be placed in the C_JUMP_TABLE_SECTION section. They * have symbols associated with them. */ - if (find_symbol_containing(table_sec, table_offset) && + if (reloc_type(text_reloc) != R_X86_64_NONE && sym && strcmp(table_sec->name, C_JUMP_TABLE_SECTION)) return NULL; @@ -151,6 +172,6 @@ struct reloc *arch_find_switch_table(struct objtool_file *file, if (!rodata_reloc) return NULL; - *table_size = 0; + *table_size = sym ? sym->len : 0; return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 5f711ac5b43d..6521c82880f0 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1386,6 +1386,8 @@ __weak const char *arch_nop_fentry_call(int len) static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) { + unsigned long offset = insn->offset; + unsigned int len = insn->len; struct reloc *reloc; if (insn->no_reloc) @@ -1394,8 +1396,12 @@ static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *i if (!file) return NULL; - reloc = find_reloc_by_dest_range(file->elf, insn->sec, - insn->offset, insn->len); + do { + /* Skip any R_*_NONE relocations */ + reloc = find_reloc_by_dest_range(file->elf, insn->sec, + offset++, len--); + } while (len && reloc && reloc_type(reloc) == 0); + if (!reloc) { insn->no_reloc = 1; return NULL; From patchwork Thu Oct 10 12:28:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13830036 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 504F91C7B64 for ; Thu, 10 Oct 2024 12:28:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563305; cv=none; b=A2ZdZFEm9pvv2DjaGlPOcGNJnHu1cOtq4eLRP4x98+3jyrF5JaqaAKVTWDR2jjD/wZmqB7d5DKBTTtvXDo0171kEGj61SI/mobYIoN+729VrrcNdehYBXwMSufjxx2KeRS/B/HY4qqV3T6EK3SAcEje0uE16E0g7/r7hvmXcZAM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563305; c=relaxed/simple; bh=MRo6HjQ15aNR0eJ50gt5+sfVcqyhO/6KpFlpqqECZJs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ck57bd0FlKvXZEZ82lleudyhmlsTiD89NeUaE7qIPZIvJGnL5/rSt+NdUYnKkL1I+Zol5j5HcwHyGLUmF5NwLM0BJee3c4IpnMIPefqnB2m2YYtVzua78EdzGLWSMypGfDyhU1dN75B/S3VUyDuy/Oydghbm6lHzB3r/Eleu9Qw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0S+8+lSS; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0S+8+lSS" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e1159fb161fso1514942276.1 for ; Thu, 10 Oct 2024 05:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563303; x=1729168103; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GuP8Dw+VpWRcprLt/X+HiKdbyXuiqtG6Iu2yHIJSWwU=; b=0S+8+lSS44nykFrKjGUzoK18TaMFv2oQaIIIBssHcKaLsig5Iof+NqWDH0qoCYJF4Q f+zKOuwFOGL0YLYZMFWZxXFCkI+cccg+XdRdqMtbJ3Rk0DUGBT2U3tRGACsTGnZGyVtW nNK9h4mrzBcJFKUGNNmfC+Sd1Ltxbe9+R4z8fYNkyXgzuRqjxNSKw8d+PpKgZWMl4WaW 5wpSDM9Eyq1retUOeyCJppS3jGsFlC8Rvltqx+3nJGyNEmp2IEJ06C7Rre7xvBpOaDxj 1PW8Jr9DnJyLcVAoqWHR5TftHA2OtI01O26vWiXeXh2j4t0DQnJYPwklb3rp6Py2gi63 67FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563303; x=1729168103; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GuP8Dw+VpWRcprLt/X+HiKdbyXuiqtG6Iu2yHIJSWwU=; b=EFZAN8kZPnU+JcWOhwYxeAs3x3S+Uvw08gK3PmCyx5ZVYiZcVfSGrm0oBnucz8CgVE rV0YzA6UncdNzhJT6csqW0IOoITeb4BRGIe86YpwZX3QjT3MpPSCzoD0oCxbPOmOl/58 7Og2MFkF9WZtkL05KNRCOsj/mEyEhzVZicvitPCDpatT7567FWxN0fzcVzMsNgFpczAs +B2jJPtWruPtxAymdaILValMsg0w7IXDpYvbIWqFCSqPRgWCXq5G/THYRI5dbFzbRne7 OYITNd4phzfNQ9faqczoMimR/Oowi/LVdIMKRUapx9t/xC7r5nSbEL4M7vZmzZOoDR2V WWDQ== X-Forwarded-Encrypted: i=1; AJvYcCW3eoaTZZ0b29XVX6AZe9VaZubESreZn5G0NIUZaW/R6NBCMmJf8+Cg++uVWMFtSAomFOsQvfPNIPo3DEVLYMg=@vger.kernel.org X-Gm-Message-State: AOJu0Yyld6My1ljJVKrSunEZlSvo4WG1CM4FrwujMQ2vKYKRGrWA+jX9 /WldRuv/Qi7kKVZAWlmtHk46nyLMvzE7XVO5ZTM269GHntyob+iLo9pXvq9tEGED+ry5gw== X-Google-Smtp-Source: AGHT+IHL+aSBpZQ8XgGYGpH0O9CURph9tagSzDdjdDu89XN4DeeMFZXywYndZAwf/GPPkkHqRxOiKyoU X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a5b:312:0:b0:e28:e97f:5394 with SMTP id 3f1490d57ef6-e28fe33aed1mr4678276.4.1728563303096; Thu, 10 Oct 2024 05:28:23 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:06 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1552; i=ardb@kernel.org; h=from:subject; bh=NRgY3UMAuDIJTAcx2+Y8d13RXHmPxwHdPW9+1ltPrDw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RMS9+3HyUVxz3N6rFic4/86um9+3/smqyr/zTgncZ Zo+yetsRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIqxUM/wPfJZ9NNS48fad3 z8LWxz+ElmpIu7zdPqu+Zt7CeZ/qNXsYGV4nxAswx5UceSYy9bxb+me/sxyZ5Rs5/+us4FRYvUT 7Ez8A X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-11-ardb+git@google.com> Subject: [PATCH v2 4/5] crypto: x86/crc32c - Use idiomatic relative jump table From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook From: Ard Biesheuvel The original crc32c code used a place-relative jump table but with a slightly awkward use of two separate symbols. To help objtool, this was replaced with a bog-standard position dependent jump table call, which was subsequently tweaked to use a RIP-relative reference to the table, but still populate it with absolute 64-bit references. Given that objtool will need to be taught about the jump table idiom that compilers use when running with -fpie enabled, let's update the jump table in the crc32c code once again to use this standard idiom, where the jump table carries 32-bit references relative to the start of the table, and the destination address can be obtained by adding the two. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S index bbcff1fb78cb..45b005935194 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -53,7 +53,7 @@ .endm .macro JMPTBL_ENTRY i -.quad .Lcrc_\i +.long .Lcrc_\i - jump_table .endm .macro JNC_LESS_THAN j @@ -169,7 +169,8 @@ SYM_FUNC_START(crc_pcl) ## branch into array leaq jump_table(%rip), %bufp - mov (%bufp,%rax,8), %bufp + movslq (%bufp,%rax,4), len + addq len, %bufp JMP_NOSPEC bufp ################################################################ From patchwork Thu Oct 10 12:28:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13830037 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94DD51C8317 for ; Thu, 10 Oct 2024 12:28:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563308; cv=none; b=Vgqa9OKnckonA5VCpoSZpSEvhbEcjJGxCfQh+i8ExHYx2FbQ3ecbsYb5KEgQ4nG/Kg8L6yN5W25qs45wN1p7C0mmTxD/sYrDEmpF9X2Ra4GcphKBaS0t89GIitsYoyQwALGvGDfxst8Qg8dnEITE/u/bUDPEBx+Ayc1Bi3tInA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563308; c=relaxed/simple; bh=/o/yZ4swobCw3VY94GgXQ0C8aM777wTuhgBNMFNnV60=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Nqx3npx9wPuKuEB82gxI10qFzHO49HwMCF0S6m95b43G10R9KdMCJMlUGG2PrQV182nH/q5ZPqlBIi06BCFepX/s1WV6pMmkcwsnvXVPxx+NRg5BP57icN1PcwqzugOWkVf4AFc4R3/Yb0Sqos6dMC3MRePWPSatoi3J/uo1YFs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u/yIcTmt; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u/yIcTmt" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e32e8436adso13874787b3.0 for ; Thu, 10 Oct 2024 05:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563305; x=1729168105; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ysiTQYnIFAM+GVpiQPZxea96jDzKFB0S2bf0Q1srz24=; b=u/yIcTmtS0xO48wZqY0P+gD7n5CoHPHLWbPYHUVVnS2Ff0brg/3EwPNUxiOOGuzl2X cqhb8A5bvXAp3JuWPUX644PNybMQyHfyfVEzTiJTWlCBgigPi7WNoc5Pu5UxW8aj1zPz c6dyXptV/UAop22++4Mndl7iIeai9JIGpQrqpTQCV+pdbWt17zboNryhJex6ms+ArVyU 20S4NKH2NTL1QFLwjtcvpJ/5GxaAOnkngOFGvKjAJCmQmQspUmjgjwd4AKr1NTPVQ8MB mD05lr9WoN6nQ5y0KspfM7hleP+M+8XwkadYuOJVO0n3gx0dVWmPofparz6arPEeARpS W6LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563305; x=1729168105; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ysiTQYnIFAM+GVpiQPZxea96jDzKFB0S2bf0Q1srz24=; b=jW9aqs5Xa7kCjKw9TEaa6did29+5k03veF9k2nQHLNPndN0dPrUVJhMU5BuG8AaZau 6vI6ezfDY8eGc/WsfjtkiTWrUmJyqNcKHlGV81Z57KEt5dS89zKL4Lnfs/zOnHhQRrJs AfO/U3O/NxmTgb88lkV/gOc/eRkMONnvZdba3rANH/0BB9M/6ky7CSxpbQ5LBgjZWziF N0Q1UGGX/bbxMbxrU/tOjulKVjPT7VXJAGRBOqWvnHzQHAmrO28dP87zHVNR5tcBfnJY VYePgKJFxpvcHbzWU1+ik9tuJBSoQpOCuKdBTye5WtMmHKV6sT/5kg0fcYANh6upr85U Cs3w== X-Forwarded-Encrypted: i=1; AJvYcCXj0qPgHEAmOhdFCB1bQxXnjrFdb2MCTi3F6Pb6SDZ0EwzxWxRlqymP9nnmqM9g8mUcCqaideMcLOIJ/dZJdHY=@vger.kernel.org X-Gm-Message-State: AOJu0YyjLHpez3L+tj0+jHZqlTPGmtRcWUWKQkAR3ZzO5gFuAecQUG4p kT7JX5cB0bAdBR6vGJWARfcCNyww378piGmsjXkV4I78sWToxM1L+DwycloxYUJdNAW2Og== X-Google-Smtp-Source: AGHT+IGYzCVf/jII8KomABTrMZDoXEXfru199j0RK0tDWPSxK1xkfDqRPfD8R/E6mn2ZF9v6gg5pIreS X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:731:b0:6e3:eab:18b1 with SMTP id 00721157ae682-6e3221767a6mr203727b3.1.1728563305577; Thu, 10 Oct 2024 05:28:25 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:07 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2591; i=ardb@kernel.org; h=from:subject; bh=RmdquyWiyHUUPxUBLvM2Ygamlf/86/TxkgF8NWyXERA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RGTnOvUT3GJzrx1X9JCRfnpo9w2pI/P+f72q8Y5HS 2VhS1hJRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjI/VqGn4yKCg4MbTISnK/Y F87etqfSUuC0V+eSGs4vLtH5KVNelDP8M/12ry6phyVirtfhVYVX34UvNvU0q/3pKLY8Kf7HkZk prAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-12-ardb+git@google.com> Subject: [PATCH v2 5/5] crypto: x86/crc32c - Tweak jump table to validate objtool logic From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook From: Ard Biesheuvel Tweak the jump table so - the address is taken far way from its use - its offset from the start of .rodata is != 0x0 - its type is STT_OBJECT and its size is set to the size of the actual table - the indirect jump is annotated with a R_X86_64_NONE relocation pointing to the jump table Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 39 +++++++++++--------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S index 45b005935194..ba1cca66875b 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -93,10 +93,13 @@ SYM_FUNC_START(crc_pcl) #define crc1 %r9 #define crc2 %r10 + pushq %rbp pushq %rbx pushq %rdi pushq %rsi + leaq jump_table(%rip), %rbp + ## Move crc_init for Linux to a different mov crc_init_arg, crc_init @@ -168,9 +171,9 @@ SYM_FUNC_START(crc_pcl) xor crc2, crc2 ## branch into array - leaq jump_table(%rip), %bufp - movslq (%bufp,%rax,4), len - addq len, %bufp + movslq (%rbp,%rax,4), %bufp + addq %rbp, %bufp + .reloc ., R_X86_64_NONE, jump_table JMP_NOSPEC bufp ################################################################ @@ -310,24 +313,11 @@ LABEL less_than_ %j # less_than_j: Length should be in popq %rsi popq %rdi popq %rbx + popq %rbp RET SYM_FUNC_END(crc_pcl) .section .rodata, "a", @progbits - ################################################################ - ## jump table Table is 129 entries x 2 bytes each - ################################################################ -.align 4 -jump_table: - i=0 -.rept 129 -.altmacro -JMPTBL_ENTRY %i -.noaltmacro - i=i+1 -.endr - - ################################################################ ## PCLMULQDQ tables ## Table is 128 entries x 2 words (8 bytes) each @@ -462,3 +452,18 @@ K_table: .long 0x45cddf4e, 0xe0ac139e .long 0xacfa3103, 0x6c23e841 .long 0xa51b6135, 0x170076fa + + ################################################################ + ## jump table Table is 129 entries x 2 bytes each + ################################################################ +.align 4 +jump_table: + i=0 +.rept 129 +.altmacro +JMPTBL_ENTRY %i +.noaltmacro + i=i+1 +.endr +.size jump_table, . - jump_table +.type jump_table, @object