From patchwork Fri Apr 28 09:51:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hou Wenlong X-Patchwork-Id: 88573 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp821807vqo; Fri, 28 Apr 2023 03:12:26 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ55duOTqRSAYirlUAHCu2Ctk0LxNXDsHVXUA4uuhpBe9v6sS4H94nG3CXGDZ2JtPN0eolSR X-Received: by 2002:a17:90a:c09:b0:249:86bd:42a7 with SMTP id 9-20020a17090a0c0900b0024986bd42a7mr4851873pjs.42.1682676745909; Fri, 28 Apr 2023 03:12:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682676745; cv=none; d=google.com; s=arc-20160816; b=lXWHyz7dL54C18ecLsjPcjRs2SBgTuRxgGco8+z8QILLWw9JN25zHeqVBYeN60zVIs 9hinD6BGAZiOWBgNgzCgFdc+jXXV5z3OTMRkr2SKqI0H1GCnWstgKGM3xNEsiRdnUSMF /yUA10GeO+LcV5ZFq4tpUTMl3PZ5Xc5/mF82xNope3sa0WrBZaW62BEhue56tr0H5upE RQuXIW7q6fWidhHAP0kQjWFTEvgH59npbNy9GY9zEtS7JejpXohNyo9orTyDyRo3eI5k 1BtMBhGnavwTh0p/ya3zBrnA2dyFyBbKo/Rtpt2SD+9xz0cV6GgD6vQ6ZXMe6lqRivAd 3sQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Mw/oMadipzUfVubb09fVpf+MLmYXFQrY6rQ3ZBAlysU=; b=A6m+UXWv7Eq5qPWIPcpmAMD6WPjFhS2O9v6vVDZwTbnZ34cbGTU6rC6lx6an+sNm1I FOnR6O9XXYeO90z2H6kzxCkwWydGVkzNs2nqaVWWV4WtbwFRUZCt5QI46jHVhXZbX3YZ iNDvpxahjLN+0WFXOsY03ObIaf7ya9XNlcRW+zzjsWm9HtMFsospGP3KwiNOh9fltFFE kTZEfJd6Qy3dM6zmV+35e/YhEvM/L/4UVBB9M6BWc3WRQqboNQBbS46jPxmbtThkPJR+ Yt9PzvCHoinhYe48ot3gvjs2HDkav9wFc8n+Jx4Cz41sHfExZfv5crnyQTv3eUDon4b8 S1qQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h18-20020a170902f71200b001a51e159297si21082007plo.368.2023.04.28.03.12.10; Fri, 28 Apr 2023 03:12:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345853AbjD1JzP (ORCPT + 99 others); Fri, 28 Apr 2023 05:55:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345706AbjD1JzF (ORCPT ); Fri, 28 Apr 2023 05:55:05 -0400 Received: from out0-201.mail.aliyun.com (out0-201.mail.aliyun.com [140.205.0.201]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35C344EE2 for ; Fri, 28 Apr 2023 02:54:41 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R171e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047205;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=18;SR=0;TI=SMTPD_---.STFQGTg_1682675609; Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com fp:SMTPD_---.STFQGTg_1682675609) by smtp.aliyun-inc.com; Fri, 28 Apr 2023 17:53:30 +0800 From: "Hou Wenlong" To: linux-kernel@vger.kernel.org Cc: "Thomas Garnier" , "Lai Jiangshan" , "Kees Cook" , "Hou Wenlong" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , , "H. Peter Anvin" , "Peter Zijlstra" , "Petr Mladek" , "Greg Kroah-Hartman" , "Jason A. Donenfeld" , "Song Liu" , "Julian Pidancet" , "Ard Biesheuvel" Subject: [PATCH RFC 31/43] x86/modules: Adapt module loading for PIE support Date: Fri, 28 Apr 2023 17:51:11 +0800 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764414451418106017?= X-GMAIL-MSGID: =?utf-8?q?1764414451418106017?= Adapt module loading to support PIE relocations. No GOT is generared for module, all the GOT entry of got references in module should exist in kernel GOT. Currently, there is only one usable got reference for __fentry__(). Signed-off-by: Hou Wenlong Cc: Thomas Garnier Cc: Lai Jiangshan Cc: Kees Cook --- arch/x86/include/asm/sections.h | 5 +++++ arch/x86/kernel/module.c | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h index a6e8373a5170..dc1c2b08ec48 100644 --- a/arch/x86/include/asm/sections.h +++ b/arch/x86/include/asm/sections.h @@ -12,6 +12,11 @@ extern char __end_rodata_aligned[]; #if defined(CONFIG_X86_64) extern char __end_rodata_hpage_align[]; + +#ifdef CONFIG_X86_PIE +extern char __start_got[], __end_got[]; +#endif + #endif extern char __end_of_kernel_reserve[]; diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c index 84ad0e61ba6e..051f88e6884e 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -129,6 +129,18 @@ int apply_relocate(Elf32_Shdr *sechdrs, return 0; } #else /*X86_64*/ +#ifdef CONFIG_X86_PIE +static u64 find_got_kernel_entry(Elf64_Sym *sym, const Elf64_Rela *rela) +{ + u64 *pos; + + for (pos = (u64 *)__start_got; pos < (u64 *)__end_got; pos++) + if (*pos == sym->st_value) + return (u64)pos + rela->r_addend; + return 0; +} +#endif + static int __write_relocate_add(Elf64_Shdr *sechdrs, const char *strtab, unsigned int symindex, @@ -171,6 +183,7 @@ static int __write_relocate_add(Elf64_Shdr *sechdrs, case R_X86_64_64: size = 8; break; +#ifndef CONFIG_X86_PIE case R_X86_64_32: if (val != *(u32 *)&val) goto overflow; @@ -181,6 +194,13 @@ static int __write_relocate_add(Elf64_Shdr *sechdrs, goto overflow; size = 4; break; +#else + case R_X86_64_GOTPCREL: + val = find_got_kernel_entry(sym, rel); + if (!val) + goto unexpected_got_reference; + fallthrough; +#endif case R_X86_64_PC32: case R_X86_64_PLT32: val -= (u64)loc; @@ -214,11 +234,18 @@ static int __write_relocate_add(Elf64_Shdr *sechdrs, } return 0; +#ifdef CONFIG_X86_PIE +unexpected_got_reference: + pr_err("Target got entry doesn't exist in kernel got, loc %p\n", loc); + return -ENOEXEC; +#else overflow: pr_err("overflow in relocation type %d val %Lx\n", (int)ELF64_R_TYPE(rel[i].r_info), val); pr_err("`%s' likely not compiled with -mcmodel=kernel\n", me->name); +#endif + return -ENOEXEC; }