1. Patchew
  2. linux
  3. View series

[PATCH 0/1] Fix CFI hash randomization with KASAN

Sami Tolvanen posted 1 patch 2 years, 8 months ago 
init/Makefile            | 1 +
scripts/Makefile.vmlinux | 1 +
2 files changed, 2 insertions(+)
[PATCH 0/1] Fix CFI hash randomization with KASAN
Posted by Sami Tolvanen 2 years, 8 months ago 
Peter, Masahiro,

I noticed that KASAN+CFI fails to boot on x86_64 without
cfi=norand. The randomization code is missing a couple of KASAN
constructors in object files that are not part of vmlinux.o. This
happens because we don't run objtool for the files, which means
the type hashes are not included in the .cfi_sites section.

This patch simply disables KASAN for these files, which seems
reasonable to me and fixes the boot issue, but perhaps you have
better ideas?

Sami


Sami Tolvanen (1):
  kbuild: Fix CFI hash randomization with KASAN

 init/Makefile            | 1 +
 scripts/Makefile.vmlinux | 1 +
 2 files changed, 2 insertions(+)


base-commit: c757fc92a3f73734872c7793b97f06434773d65d
-- 
2.39.0.314.g84b9a713c41-goog
Re: [PATCH 0/1] Fix CFI hash randomization with KASAN
Posted by Kees Cook 2 years, 8 months ago 
On Thu, 12 Jan 2023 22:49:47 +0000, Sami Tolvanen wrote:
> Peter, Masahiro,
> 
> I noticed that KASAN+CFI fails to boot on x86_64 without
> cfi=norand. The randomization code is missing a couple of KASAN
> constructors in object files that are not part of vmlinux.o. This
> happens because we don't run objtool for the files, which means
> the type hashes are not included in the .cfi_sites section.
> 
> [...]

Applied to for-linus/hardening, thanks!

[1/1] kbuild: Fix CFI hash randomization with KASAN
      https://git.kernel.org/kees/c/a6c5a3491b3f

-- 
Kees Cook

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.