| Message ID | 20230112224948.1479453-1-samitolvanen@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp4146349wrt;
Thu, 12 Jan 2023 14:53:01 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXuxZZUAIkemUyG6z8bsrdA9MvX0ieXJ+MPkKeedw5ARjOKmD6feiXhKW6xQM89TjJvqJogG
X-Received: by 2002:aa7:9e4b:0:b0:582:407b:d90c with SMTP id
z11-20020aa79e4b000000b00582407bd90cmr45170155pfq.28.1673563981152;
Thu, 12 Jan 2023 14:53:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673563981; cv=none;
d=google.com; s=arc-20160816;
b=AvOrivPrQybRKfvPKjV7oM9w5VPJx7xi7Q6sKDcwThbuaOjv0iRmbl5fBbOT4TSCJg
XukVfNGnH7YNviF9fFiSRsyN1XLRsp3uBaKLFV5OcS8j+BFALUagazx8Z7+CrZQ4i2QR
dV1YIkuxKWu71nPixxHbbszq42uspOi7w4w8xRzy37jh47zQIa2EFlXd79BipfSlWmiY
zyg5A9CHh5Tn9FhxakDcUN9lWcB5W3knpvN/TKEqadt0HIUKcx0hmCm4jg1Kt1Pizdqo
yyVSJuFdFW/jVaRcpB3RdD31Twtl1c8MSU5sgneGx712Wx3iXNd/OzXu20pEXATvP+9v
Gp3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:dkim-signature;
bh=k1JPjbOQ3twwCwVlAFBMY3qVvPpY8UbYSrJ/ZH6BzqQ=;
b=eow8OEJs2TSaYT1C1+rVdG0449le1vCJu4a59m8v6xsGeP1RLrPmsnUCp+opj30lKx
7jy2i+Ho1Pu2n/Aar1KUla2ynIMUlmafeqkTGjf2+HhvSKc6EuG7wm3rVwfbt0VryluW
1adQI/QJNmkOgoHPlh/RZXPD4PZU7ufr7NqDmZX9t/7qs+QkMIzY2jaA3AkIwAFmfjux
8jhAZyBU2r6njJl92VwJM4didgAlkZMw+S46ekloSODAMglJvHcciwGFuL7t40Uv8h1z
opBZxGxotwOV88r5rMFR0Fwq8XsIxyooCRhkoM+loNlFbBHS9GuZCVDQgLnQCOZOegW4
UqsA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=C+6arahp;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
k3-20020aa788c3000000b005747a147929si18851096pff.21.2023.01.12.14.52.48;
Thu, 12 Jan 2023 14:53:01 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=C+6arahp;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S240026AbjALWuI (ORCPT <rfc822;zhuangel570@gmail.com>
+ 99 others); Thu, 12 Jan 2023 17:50:08 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57354 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S240157AbjALWtw (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 12 Jan 2023 17:49:52 -0500
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
[IPv6:2607:f8b0:4864:20::114a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3758E5C92D
for <linux-kernel@vger.kernel.org>;
Thu, 12 Jan 2023 14:49:52 -0800 (PST)
Received: by mail-yw1-x114a.google.com with SMTP id
00721157ae682-4b34cf67fb6so207825017b3.6
for <linux-kernel@vger.kernel.org>;
Thu, 12 Jan 2023 14:49:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
:date:message-id:reply-to;
bh=k1JPjbOQ3twwCwVlAFBMY3qVvPpY8UbYSrJ/ZH6BzqQ=;
b=C+6arahpXofsQ4/5TXoa5s3dPh2/+h8+T6vNr8Xm5Jzn0MJecvYKer2be4zi2BsNve
JNselWBnbBC2Yu/KP5VtuxgjMhAKTon4iLNvFm1eT394OkJVIk1JADYH4isIkJJQp/8T
2zd0rr+pPM4ZkdrjTEEqcR3XhFVlLAnQrpHO8lHul3nEVnyINw44zayX3Si6aU4UGNg9
l04lOd8ptfdISM/pmHbTFbGnTM2UGvY8qQBcUo98YoSt7MdmGRHknYOGUhtnsbKKSw9m
rpWntd0bbcM6dihybhM9aDSCiXv5ulT3gjPJvSKpwqa8aCs3J3ZBVTojp2FCBoomNZgL
IRkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=k1JPjbOQ3twwCwVlAFBMY3qVvPpY8UbYSrJ/ZH6BzqQ=;
b=XgxewQGWk7ki+FGCVgjoqXtL4Bfsr5As6KlWmupetuBsTKASUtnRp+o60bOCfnGYXP
GWEWFpGSZEy/ja/lh+RkpuvFxm6Y4Blc7gHqF+c8Fba1ssyp+GlGUwYP/5xKunANpWqW
qZn/gqR1QuX/wg7sHlTgWl2YITt9D1yOoZjpy6C0ncyd5PrqzApkTjXnsRw7LL8+g+lD
Xk6LP9DhaDtAD9AViPp76VgbR2e6jdZWrxO5Zu1tQ8aUv9iD7iRfdUMXcQ3h7xizsEvG
EUpu9yN0mjc7VZRr6WP5dqA1GVMwwu2IFmb6nItH4PYHV8KNHyIdwnUUoizFupbOvJSc
/wmw==
X-Gm-Message-State: AFqh2kq6NvBTjlrnxGP3pWit+hVLZRiSxGwQOLf1gzEw+OmumVh3varr
4s6eJb51pzChDnmAZJrcLPwOWExe/+Q22JxRbTA=
X-Received: from samitolvanen.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92])
(user=samitolvanen job=sendgmr) by 2002:a05:690c:291:b0:498:693d:c342 with
SMTP id bf17-20020a05690c029100b00498693dc342mr5155044ywb.468.1673563791533;
Thu, 12 Jan 2023 14:49:51 -0800 (PST)
Date: Thu, 12 Jan 2023 22:49:47 +0000
Mime-Version: 1.0
X-Developer-Key: i=samitolvanen@google.com; a=openpgp;
fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE
X-Developer-Signature: v=1; a=openpgp-sha256; l=759;
i=samitolvanen@google.com;
h=from:subject; bh=FjTRhLA9CePRZYIdtY20ypwiouGtoz1QdaFB6TOg7Dk=;
b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBjwI6MpoLvqaH1V7mD24emzCXHeOJafLjsjoDYdvtk
w53TaaCJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCY8COjAAKCRBMtfaEi7xW7j6mDA
CpsD+W/2uCHxg43p5GFPtc6hB7gf2sNnjbX2olMo/N1oymT0eWYLML9jzn/VYWqCKq5EgkFErYf2cJ
kjcO5VHj8yDo0bmAbyRJTbkkxP1zJNSRk98PeKc/ZkxFrVRYNuFODO3VXj1qPP8zSNeheAkgh2z2+I
od+5+9Zl2dYE9QJZNb50qmsrGMUFjkmo2xXw/xp/4I/5h1QUIcupcspXeIbgRQAuRjx+lQXatiAKcA
WZoMscSUh7J4ZzMlF/kFjS5RTHgc7atL++s1AyCTo4/6dD8GgOKpwKJQ66cA7LnPDJP98uRNuCZDxG
qjuWdF3l+PPSVqDsRQjW71TZy8EWOXA7Td8Zz3fR2voTPwi2MFd+dksta3smkfsnZKepdnbZOL6QpB
Bq5GXapBR/RDT9PRHan5wSAUi/h8xvbf+flIPBwBTAmISxC6zMo/WRNO86IrFjiTMkwipFcDrVxGhC
Tfm0sg22++c5k0aBWdP+8uheSiAG1Wxo6KKZD80bSd+3A=
X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog
Message-ID: <20230112224948.1479453-1-samitolvanen@google.com>
Subject: [PATCH 0/1] Fix CFI hash randomization with KASAN
From: Sami Tolvanen <samitolvanen@google.com>
To: "Peter Zijlstra (Intel)" <peterz@infradead.org>,
Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Kees Cook <keescook@chromium.org>,
linux-kbuild@vger.kernel.org, llvm@lists.linux.dev,
linux-kernel@vger.kernel.org,
Sami Tolvanen <samitolvanen@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754859025167286899?=
X-GMAIL-MSGID: =?utf-8?q?1754859025167286899?=
|
| Series |
Fix CFI hash randomization with KASAN
|
|
Message
Sami Tolvanen
Jan. 12, 2023, 10:49 p.m. UTC
Peter, Masahiro, I noticed that KASAN+CFI fails to boot on x86_64 without cfi=norand. The randomization code is missing a couple of KASAN constructors in object files that are not part of vmlinux.o. This happens because we don't run objtool for the files, which means the type hashes are not included in the .cfi_sites section. This patch simply disables KASAN for these files, which seems reasonable to me and fixes the boot issue, but perhaps you have better ideas? Sami Sami Tolvanen (1): kbuild: Fix CFI hash randomization with KASAN init/Makefile | 1 + scripts/Makefile.vmlinux | 1 + 2 files changed, 2 insertions(+) base-commit: c757fc92a3f73734872c7793b97f06434773d65d
Comments
On Thu, 12 Jan 2023 22:49:47 +0000, Sami Tolvanen wrote: > Peter, Masahiro, > > I noticed that KASAN+CFI fails to boot on x86_64 without > cfi=norand. The randomization code is missing a couple of KASAN > constructors in object files that are not part of vmlinux.o. This > happens because we don't run objtool for the files, which means > the type hashes are not included in the .cfi_sites section. > > [...] Applied to for-linus/hardening, thanks! [1/1] kbuild: Fix CFI hash randomization with KASAN https://git.kernel.org/kees/c/a6c5a3491b3f