From nobody Wed Nov 27 11:58:16 2024 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC9B21C57AD for ; Thu, 10 Oct 2024 12:28:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563299; cv=none; b=UXOdRVE5CJTzKt2dhjWD8VLKOiwaH4oy5bqqcspmNBPq6zjS/7XcZ3g0qGgYFwlRT5mANlVtbowss08IB3Vb2C2fKWiSa3u34MunZx6wkveYj9qWSFQTqwqd+qFe0lLUszFe/2yHW0u8D8IUhChChK1ZixsaEQDr0FcN1Ms4Mzw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563299; c=relaxed/simple; bh=3ypYKGSzXikE1B2PepVX9e//JhorszwPHFIwfpOHiGY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bSE6XixAxugz+PpaWgVudS3c+J7JI/emVeorVNmRZjVRKhI/eUUDgqzR6wrBCEZoWSsArsh/DlxWvJBw4po2UkUsE6aFfPvx3an5QmjlGsnqE0MdWMY/w0ysp9fJDuneI1A4yQmEtt0H3nG8lEG9JbUL+bafDGkeOtZb1VAe2sw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=rXuUtr3v; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rXuUtr3v" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-42cb0b0514bso5355035e9.1 for ; Thu, 10 Oct 2024 05:28:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563296; x=1729168096; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=PEuVSEUio0W9/y2JZlJcnuGE1IpZn4WTPPWZxA7pzx4=; b=rXuUtr3vhURmsFhor46aW0b6+Vn3KjshHCR97fcMo62KzIQ2JLIJ+OHjFLaRH/ssKY apNwCVj2Y+hpKvrD1I9geCJ7iusmWwc8uETnzglojFcoqneJ1yx4B61ty6WEhILn4GFt WlL9ir4mhguFqxsolZJ3mJE27X3bEDRKT9KeNSJzoVNbOovlSLzDfrc2E+UG/zaR8ZxK hp2bS15Ftp7uajqN8AfbeiEFa83TV6K5lUQKuf3Xr0aNQXHgbkl5ffe21e98840xYD5z WJXrLHWumV5Zd/pr31nOxPwWrY7wuTkgwjTOL25c4d7rJEFofw2EmCQ8ScFpQ9SXNNTP Tj/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563296; x=1729168096; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PEuVSEUio0W9/y2JZlJcnuGE1IpZn4WTPPWZxA7pzx4=; b=nlZweiXlfUqGKKejc1zOnRFgkDmQ+hwSSgWxyOUKvAC0yL/l1G8QRF2ioyFVQht1LP 2eHo3VH9BnKN36B85NY19WVgyRpehLGioVNxXFYdxCnGBmj6dSimgc+wFPJ/07nYwrZC wj8wkSvPlQkwoFBmLjgYjOz9AI7n+9yDzEUZOfWdVIZFczJtvgfILFLCupZcq09n6xOm z0Jam0KLv01aHQhtjO/HSIGx/E/wmvogdZxrofdOKTNC52+tziVyRSEnBQ6WZMnP6FTk HGxgo6FTXp3lh6nnqvmVvwxQxflO7812U798htxQ5ljLcjNBqDEY7jmEgnvghxqg8iJ9 ZrXw== X-Gm-Message-State: AOJu0YzTuVLvP7CC+SBmWLbWGK5zWlSvp6I/Awl2AVswXLuveyf2U3g/ /GtpPXcGKuMOPtxCoh8olWtDNhFuunuFclMsSUbBUlXLx0AmXJ5ze8VMB7rmo8dkEXMTaRrpp4B BCTN/y5HYZBm8JVsnuxi76CX+YJZH9tLjm2tZ2ViXLRo14wbVymsOfKAJF3+ZS43/IMshpP1w0q 281yUw7NfRN0lzu2ucbelWWA3CyX5RMQ== X-Google-Smtp-Source: AGHT+IH8bAk+Lmp5dtvOjzTyZbYIM9r3sv/N3dIVhPFX8SwT+VjdV4Gg9WTBTFNkFQvxbYTAojWxs4Jd X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a7b:c7c8:0:b0:42c:b55a:2be7 with SMTP id 5b1f17b1804b1-430d70b3d5amr140785e9.6.1728563295804; Thu, 10 Oct 2024 05:28:15 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:03 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5174; i=ardb@kernel.org; h=from:subject; bh=X/1hdeUniupkXR56uj3gYLJGGRs5DubM6blrWxZVFtk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RMj3x1vjymbzxTjlhSxzlHwbHvSq+dCE53cZerw8t 3qaxu3rKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABMR38Hwz/JU/rnurJmaP13m sHtFvK/P/fNBIjTpbydv5MRJ5/QWiDEy9G97ZLkvWCMsKas76enNmfrxphopFy4sPrPzQeavjBt mHAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-8-ardb+git@google.com> Subject: [PATCH v2 1/5] objtool: Deal with relative jump tables correctly From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Relative jump tables contain entries that carry the offset between the target of the jump and the start of the jump table. This permits the use of the PIC idiom of leaq jump_table(%rip), %tbl movslq (%tbl,%idx,4), %offset addq %offset, %tbl jmp *%tbl The jump table entries are decorated with PC32 relocations, which record the offset of the referenced symbol relative to the target of the relocation, which is the individual entry in the table. This means that only the first entry produces the correct value directly; the subsequent ones need to be corrected to produce the offset relative to the start of the table, by applying an addend. Given that the referenced symbols are anonymous, and thus already expressed in terms of sections and addends, e.g., .text+0x5df9, the correction is incorporated into the existing addend. The upshot of this is that chasing the reference to find the target instruction needs to take this second addend into account as well. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 8 ------- tools/objtool/check.c | 24 +++++++++++++++++--- tools/objtool/include/objtool/elf.h | 6 +++++ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index 4ea0f9815fda..415e4d035e53 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -150,13 +150,5 @@ struct reloc *arch_find_switch_table(struct objtool_fi= le *file, if (!rodata_reloc) return NULL; =20 - /* - * Use of RIP-relative switch jumps is quite rare, and - * indicates a rare GCC quirk/bug which can leave dead - * code behind. - */ - if (reloc_type(text_reloc) =3D=3D R_X86_64_PC32) - file->ignore_unreachables =3D true; - return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 3cb3e9b5ad0b..7f7981a93535 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -2101,6 +2101,8 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, { struct symbol *pfunc =3D insn_func(insn)->pfunc; struct reloc *table =3D insn_jump_table(insn); + unsigned int rtype =3D reloc_type(table); + bool pcrel =3D rtype =3D=3D R_X86_64_PC32; struct instruction *dest_insn; unsigned int prev_offset =3D 0; struct reloc *reloc =3D table; @@ -2111,13 +2113,18 @@ static int add_jump_table(struct objtool_file *file= , struct instruction *insn, * instruction. */ for_each_reloc_from(table->sec, reloc) { + unsigned long addend =3D reloc_addend(reloc); =20 /* Check for the end of the table: */ if (reloc !=3D table && reloc =3D=3D next_table) break; =20 + /* Each entry in the jump table should use the same relocation type */ + if (reloc_type(reloc) !=3D rtype) + break; + /* Make sure the table entries are consecutive: */ - if (prev_offset && reloc_offset(reloc) !=3D prev_offset + 8) + if (prev_offset && reloc_offset(reloc) !=3D prev_offset + (pcrel ? 4 : 8= )) break; =20 /* Detect function pointers from contiguous objects: */ @@ -2125,7 +2132,15 @@ static int add_jump_table(struct objtool_file *file,= struct instruction *insn, reloc_addend(reloc) =3D=3D pfunc->offset) break; =20 - dest_insn =3D find_insn(file, reloc->sym->sec, reloc_addend(reloc)); + /* + * Place-relative jump tables carry offsets relative to the + * start of the jump table, not to the entry itself. So correct + * the addend for the location of the entry in the table. + */ + if (pcrel) + addend -=3D reloc_offset(reloc) - reloc_offset(table); + + dest_insn =3D find_insn(file, reloc->sym->sec, addend); if (!dest_insn) break; =20 @@ -2133,6 +2148,9 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc !=3D pfunc) break; =20 + if (pcrel) + reloc->sym_offset =3D addend; + alt =3D malloc(sizeof(*alt)); if (!alt) { WARN("malloc failed"); @@ -4536,7 +4554,7 @@ static int validate_ibt_data_reloc(struct objtool_fil= e *file, struct instruction *dest; =20 dest =3D find_insn(file, reloc->sym->sec, - reloc->sym->offset + reloc_addend(reloc)); + reloc->sym->offset + reloc_sym_offset(reloc)); if (!dest) return 0; =20 diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/ob= jtool/elf.h index d7e815c2fd15..f4a6307f4c08 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -78,6 +78,7 @@ struct reloc { struct section *sec; struct symbol *sym; struct reloc *sym_next_reloc; + s64 sym_offset; }; =20 struct elf { @@ -251,6 +252,11 @@ static inline s64 reloc_addend(struct reloc *reloc) return __get_reloc_field(reloc, r_addend); } =20 +static inline s64 reloc_sym_offset(struct reloc *reloc) +{ + return reloc->sym_offset ?: reloc_addend(reloc); +} + static inline void set_reloc_addend(struct elf *elf, struct reloc *reloc, = s64 addend) { __set_reloc_field(reloc, r_addend, addend); --=20 2.47.0.rc0.187.ge670bccf7e-goog From nobody Wed Nov 27 11:58:16 2024 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F92E1C6885 for ; Thu, 10 Oct 2024 12:28:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563301; cv=none; b=qotkZW5fHI7DAcp2ZhxF+1K4LAMNbh9uZ76gHvb/dfi48ARCuQi/JbJW9t3WH6B39FhLNzEL5S17M8WBDGEQhjYXNg5vd96qXq5v+NdUqRoMDgVQNkrrX7/0jZFV24fTeSZcO1fkC5cETtVp0Nc324oh301nD3AKPBCKbFPuSl4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563301; c=relaxed/simple; bh=XueFKKJfNv5S62FTI6Nn6miZHSnizhT2/a1kRTz+4zc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EXspukqJB2vno4RsDWrnYgTk9RUXVF5x0oLd2ew/aloq6GFISJhyEBtADvslVkPkqvN018vKQlOdeYk4aaBRO773JIi4q7ziKwX/UJgpoW6Z9SzQSWuu7CSXeAzPHdDq5Cvl6O1fp3N37TGCztpWERxiMx29sSejxiahKMnVoSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1ihjNd+z; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1ihjNd+z" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e2913beeddaso167410276.0 for ; Thu, 10 Oct 2024 05:28:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563298; x=1729168098; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1h9fFvgBUeRFx9Aotl4DWJObQ4kxzCBME+ifVsDcAJM=; b=1ihjNd+z74nFSturzSj7XH1Tw+nKvFIoGap1tnOK+WhOoAoFdyqMnkIXO4Cmkkwy8t oShAUJfRB7PgHaPzUGyfdQzdMD+Vdfe7NZcOoJNyc/Y4orl0ShlLlVyqnR7sarDbHk3i MXmGQYtZweYJbUscdluVuNm/zBz7wrHGnxa89bAyz/zeE0/gBQB9mcyzf9vL0lqRX929 NjYoAErCq37sUmLbZ1/gP0BscLRPU4iufPaGL7bORrn7FAzomA1RvfoV/AbMjho/xHfu 83pVQ9AwWCRpvf/CWec5EZEILOGwv5scc28aHeU9aCBKUEvgSQUqtfTIRYnt+PpVl3Wd hsTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563298; x=1729168098; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1h9fFvgBUeRFx9Aotl4DWJObQ4kxzCBME+ifVsDcAJM=; b=hJ4udxajY0Cah3N995LAVrGQSGgPrKU2pLXI/yMrsBzpGDzGLQWXkp+z2IzRZz8vj/ yrR5jU11DFd73u+0uvqT6905s05rmFyz+bg+5jwlQg2NJYt5NKXjFQFQQfdOxIwJ/B86 jbamAaUjmfECIkT4PVXOSWnhJsFy9ipqzG1Sr8OsRBmV4pIzP26nCzcHekvrhKGSJ+Sl jZDfLkIYnh+iJBG2A+Qv+rPNWXRRpNdd/84zomrcrEXo8pp9yy0309fkTtOS0gcESeeA hVDOb0lyjthEepBELW8MduQt+NTz+Pi9+Gg/+h7pAb4VPoBP0GM1cs8EItGRLnSBzlHi dSGA== X-Gm-Message-State: AOJu0YwGCrh2ckHxK8MCje29FSnm6j45QSFHXtVwcE9oGWmWK9r+yNoe Ur+fP9/6aRENZ00nls2y3Y5pxDaFJn/qyZndiMLWTJDUFwlXVnDjabzOfv82YK4otcY0s1JcmCl DaxhghKhmD/rftnNlcl5YpjJEp6q/4R260iJXDht9BUUfR+ktj+ZRFeFEj/zkwhLDo8HP2NWEJd 76hA3pms3+/9gYCen0YrMFcHZwx1mTxw== X-Google-Smtp-Source: AGHT+IE9TBQHDn81ejkh1rw2v+XDC+2cpXnc7DsPnWjm4u6sifCrO6OF2c5NoEQ7evGC5PCEb3uoSlO6 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:6902:2d02:b0:e29:2a3:ad7f with SMTP id 3f1490d57ef6-e290b5afe99mr42880276.1.1728563298554; Thu, 10 Oct 2024 05:28:18 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:04 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6898; i=ardb@kernel.org; h=from:subject; bh=jlstyuRGCsVkoeHTvHTTSvfyzwb2vzkKg7m++dSyEtY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RKg1x/mChKdFy6Q2BvjdbTARsDHbn87dG1siXWud8 plB9H1HKQuDGAeDrJgii8Dsv+92np4oVes8SxZmDisTyBAGLk4BmEiRACPDapENBTc1fXP4/bbW cf7M+7RlVUPXE2vNrrSTr69mzAveysjQ4b4s0PydpdP075/X7/ffkfNyRsnsezZLI9o/pc6pvOP ICAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-9-ardb+git@google.com> Subject: [PATCH v2 2/5] objtool: Allow arch code to discover jump table size From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In preparation for adding support for annotated jump tables, where ELF relocations and symbols are used to describe the locations of jump tables in the executable, refactor the jump table discovery logic so the table size can be returned from arch_find_switch_table(). Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/loongarch/special.c | 3 +- tools/objtool/arch/powerpc/special.c | 3 +- tools/objtool/arch/x86/special.c | 4 ++- tools/objtool/check.c | 31 +++++++++++++------- tools/objtool/include/objtool/check.h | 5 +++- tools/objtool/include/objtool/special.h | 3 +- 6 files changed, 33 insertions(+), 16 deletions(-) diff --git a/tools/objtool/arch/loongarch/special.c b/tools/objtool/arch/lo= ongarch/special.c index 9bba1e9318e0..87230ed570fd 100644 --- a/tools/objtool/arch/loongarch/special.c +++ b/tools/objtool/arch/loongarch/special.c @@ -9,7 +9,8 @@ bool arch_support_alt_relocation(struct special_alt *specia= l_alt, } =20 struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { return NULL; } diff --git a/tools/objtool/arch/powerpc/special.c b/tools/objtool/arch/powe= rpc/special.c index d33868147196..51610689abf7 100644 --- a/tools/objtool/arch/powerpc/special.c +++ b/tools/objtool/arch/powerpc/special.c @@ -13,7 +13,8 @@ bool arch_support_alt_relocation(struct special_alt *spec= ial_alt, } =20 struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { exit(-1); } diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index 415e4d035e53..f8fb67636384 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -109,7 +109,8 @@ bool arch_support_alt_relocation(struct special_alt *sp= ecial_alt, * NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic ju= mps. */ struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; @@ -150,5 +151,6 @@ struct reloc *arch_find_switch_table(struct objtool_fil= e *file, if (!rodata_reloc) return NULL; =20 + *table_size =3D 0; return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 7f7981a93535..5f711ac5b43d 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -150,6 +150,15 @@ static inline struct reloc *insn_jump_table(struct ins= truction *insn) return NULL; } =20 +static inline unsigned long insn_jump_table_size(struct instruction *insn) +{ + if (insn->type =3D=3D INSN_JUMP_DYNAMIC || + insn->type =3D=3D INSN_CALL_DYNAMIC) + return insn->_jump_table_size; + + return 0; +} + static bool is_jump_table_jump(struct instruction *insn) { struct alt_group *alt_group =3D insn->alt_group; @@ -2099,6 +2108,7 @@ static int add_special_section_alts(struct objtool_fi= le *file) static int add_jump_table(struct objtool_file *file, struct instruction *i= nsn, struct reloc *next_table) { + unsigned long table_size =3D insn_jump_table_size(insn); struct symbol *pfunc =3D insn_func(insn)->pfunc; struct reloc *table =3D insn_jump_table(insn); unsigned int rtype =3D reloc_type(table); @@ -2116,6 +2126,8 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, unsigned long addend =3D reloc_addend(reloc); =20 /* Check for the end of the table: */ + if (table_size && reloc_offset(reloc) - reloc_offset(table) >=3D table_s= ize) + break; if (reloc !=3D table && reloc =3D=3D next_table) break; =20 @@ -2175,12 +2187,12 @@ static int add_jump_table(struct objtool_file *file= , struct instruction *insn, * find_jump_table() - Given a dynamic jump, find the switch jump table * associated with it. */ -static struct reloc *find_jump_table(struct objtool_file *file, - struct symbol *func, - struct instruction *insn) +static void find_jump_table(struct objtool_file *file, struct symbol *func, + struct instruction *insn) { struct reloc *table_reloc; struct instruction *dest_insn, *orig_insn =3D insn; + unsigned long table_size; =20 /* * Backward search using the @first_jump_src links, these help avoid @@ -2201,17 +2213,17 @@ static struct reloc *find_jump_table(struct objtool= _file *file, insn->jump_dest->offset > orig_insn->offset)) break; =20 - table_reloc =3D arch_find_switch_table(file, insn); + table_reloc =3D arch_find_switch_table(file, insn, &table_size); if (!table_reloc) continue; dest_insn =3D find_insn(file, table_reloc->sym->sec, reloc_addend(table_= reloc)); if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != =3D func) continue; =20 - return table_reloc; + orig_insn->_jump_table =3D table_reloc; + orig_insn->_jump_table_size =3D table_size; + break; } - - return NULL; } =20 /* @@ -2222,7 +2234,6 @@ static void mark_func_jump_tables(struct objtool_file= *file, struct symbol *func) { struct instruction *insn, *last =3D NULL; - struct reloc *reloc; =20 func_for_each_insn(file, func, insn) { if (!last) @@ -2245,9 +2256,7 @@ static void mark_func_jump_tables(struct objtool_file= *file, if (insn->type !=3D INSN_JUMP_DYNAMIC) continue; =20 - reloc =3D find_jump_table(file, func, insn); - if (reloc) - insn->_jump_table =3D reloc; + find_jump_table(file, func, insn); } } =20 diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/= objtool/check.h index daa46f1f0965..e1cd13cd28a3 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -71,7 +71,10 @@ struct instruction { struct instruction *first_jump_src; union { struct symbol *_call_dest; - struct reloc *_jump_table; + struct { + struct reloc *_jump_table; + unsigned long _jump_table_size; + }; }; struct alternative *alts; struct symbol *sym; diff --git a/tools/objtool/include/objtool/special.h b/tools/objtool/includ= e/objtool/special.h index 89ee12b1a138..e049679bb17b 100644 --- a/tools/objtool/include/objtool/special.h +++ b/tools/objtool/include/objtool/special.h @@ -38,5 +38,6 @@ bool arch_support_alt_relocation(struct special_alt *spec= ial_alt, struct instruction *insn, struct reloc *reloc); struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn); + struct instruction *insn, + unsigned long *table_size); #endif /* _SPECIAL_H */ --=20 2.47.0.rc0.187.ge670bccf7e-goog From nobody Wed Nov 27 11:58:16 2024 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89D2A1C6F68 for ; Thu, 10 Oct 2024 12:28:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563304; cv=none; b=rkBZh0Jf4o9B1+RFla2FfDKS7mXmqcDKEh032KV8TTYBIG4Y3rBY1BruIB/BFTeSDOLsgR0XhV6Q8VslWQuPpDE8GmK4j+uU8qU/T8JLaUnMHvnaUj1VsnP93G16yzZ1xPqncSogfBkbN8zGQAk+3Cq3ofOS4Mg4d2W2PyD1i2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563304; c=relaxed/simple; bh=8A7Rduxh7B7wBcV+WeKKZLLPV5xHM3xV32Vl9/HOJpA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DOJJFq4niXFg6EPb1YzR3lxH09hKfrx3ixXex2YWhoGjRO0wssm6rzc+wLpW0orurS8QXJWRjxPo2zhmmlN8+PhIMJ7nTJ0Wd2OjmHgfmI6qpKmnselmlcaCUyJNh2WTMgVfwfj2FZghXcGQ3bA+BgHHqloQ+SbR0CiZvphtc2w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hzYnjjrQ; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hzYnjjrQ" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-42cb6f3c476so5616585e9.0 for ; Thu, 10 Oct 2024 05:28:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563301; x=1729168101; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c6QcR9n1m0q/l9zGQbgLs5hja5J4WWq16DHiF4+8sPU=; b=hzYnjjrQzbuWDq56DW6sYEt7g4oQMA0wg/7Ny+haturPpBAInMuxtB6m65bSgEgr28 rOEhe5qI15fO+FkJQobpa97Q09kzP8EXxRM1DDHj0onTEcC7EF7YasuRtutM8vlf4ccc Ws8nJVzg7K4YRIiC7LOWkmdbwSSDrDM89LZ9/Cax9nf0Xyv2L++lv5c1xCwfVwehycwi 4wJ9bvRu78+iIoX5/DaTHy25b++Wb4T6oKpA9oNECqzs4EcPZNRBf+rwZwAAbEf/TNH1 UVUNvYUvalmOqioF/Q25mwuzXOfnnSv/1qdyqv10XGpMLunUYXQeeOFhjuU63EwymaOc s/0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563301; x=1729168101; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c6QcR9n1m0q/l9zGQbgLs5hja5J4WWq16DHiF4+8sPU=; b=EQU9pPYeibQ73IkX7F42ix8UWX3iyYjJA+z0Z7Yby/jxtSg1DPN24iFvGPQB8y73en uJKvDHPc1rNiwHsQLTAth0Ewv6+sB+C/UK1SxlURFP7VhxZS5K5x75FZDnhq1b0ty615 +R+rEyopEYT1oO6FVEaxlZV8S7If7kbGJXbf9ru9+r6CyKvQyC8zpr/QDQ4TTpu3TdfP Jw1PUBrN4b4cK+G8dqJGRDo0SWxAtIMG6BOR5fVLKs1eVmmfwVw1l7h0JwfnXUbZX5jI a7qXCGPmEcCJAOxIgQLPy3nM7MrS5Lawtoj/f3egzZPrYlnptjZuvQ8womiqPrNP443t RSYA== X-Gm-Message-State: AOJu0YzjTigFPboTpRiVcAvifZZtdLksABa/jPlO/xcvgiR7jKwL7nlr hECdWyyIZdqVj4XLK6P/t1cZC1vFkvUqYw68EpcZbhN+6LTvubMmWNUdtIBQkm5P0DLcDIa6DOE g3kr5vBCiOOd21PRg0SeB0azUvzCEuq+p2Z345lBxnlZFzCyP9apGtm0v6KhHpzdjKJ092JufoG DUTwuWsau07yXJZevJFpXSQhmTmT1VFA== X-Google-Smtp-Source: AGHT+IHuM4AVrB3/VA+KSNoFn/gVu2nH/tNFfFetPAnZU3/5n7kxbHksI8Xp5YeqknZ6dS+iHq9qQ/Nz X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:600c:4395:b0:42e:8ffd:4276 with SMTP id 5b1f17b1804b1-430c3a9844bmr82645e9.0.1728563300750; Thu, 10 Oct 2024 05:28:20 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:05 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4558; i=ardb@kernel.org; h=from:subject; bh=sRiVcv8Ap32tzSM2ObqgKu+cYGNZF+YeavTcnVlMYrg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RLjOa+4nZq887O5KLzj8mveY2rczSUpNm+NVl/n/v ffb0M68o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzk7lSG/9E1Eg6Z/vsnm3io JV7be+qa6NNNGyX1khoOzNmskWAYysTwT11BvfDwK90Zj2v3KX3P1oidrammV5H0iI+z/lJbSJ4 5CwA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-10-ardb+git@google.com> Subject: [PATCH v2 3/5] objtool: Add support for annotated jump tables From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Add logic to follow R_X86_64_NONE relocations attached to indirect jumps, which are emitted to annotate jump tables, which are otherwise difficult to spot reliably. If an ELF symbol is associated with the jump table, its size is taken as the size of the jump table, and subsequently used to limit the traversal of the table and validate its jump destinations. One complicating factor is that indirect jumps may actually be direct jumps to retpoline thunks, and therefore already have a relocation associated with it. Accommodate these by ignoring R_*_NONE relocations in insn_reloc(), so that the existing code does not get confused by them. E.g., 8c: 48 63 7c 85 00 movslq 0x0(%rbp,%rax,4),%rdi 91: 48 01 ef add %rbp,%rdi 94: e9 00 00 00 00 jmp 99 94: R_X86_64_NONE .rodata+0x400 95: R_X86_64_PLT32 __x86_indirect_thunk_rdi-0x4 Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 33 ++++++++++++++++---- tools/objtool/check.c | 10 ++++-- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index f8fb67636384..67c20623d7f7 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -115,30 +115,51 @@ struct reloc *arch_find_switch_table(struct objtool_f= ile *file, struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; unsigned long table_offset; + struct symbol *sym; =20 /* look for a relocation which references .rodata */ text_reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, insn->offset, insn->len); - if (!text_reloc || text_reloc->sym->type !=3D STT_SECTION || - !text_reloc->sym->sec->rodata) + if (!text_reloc || !text_reloc->sym->sec->rodata) return NULL; =20 - table_offset =3D reloc_addend(text_reloc); + /* + * If the indirect jump instruction itself is annotated with a + * R_X86_64_NONE relocation, it should point to the jump table + * in .rodata. In this case, the ELF symbol will give us the + * size of the table. Ignore other occurrences of R_X86_64_NONE. + */ + if (reloc_type(text_reloc) =3D=3D R_X86_64_NONE && + insn->type !=3D INSN_JUMP_DYNAMIC) + return NULL; + + table_offset =3D text_reloc->sym->offset + reloc_addend(text_reloc); table_sec =3D text_reloc->sym->sec; =20 if (reloc_type(text_reloc) =3D=3D R_X86_64_PC32) table_offset +=3D 4; =20 + switch (text_reloc->sym->type) { + case STT_OBJECT: + sym =3D text_reloc->sym; + break; + case STT_SECTION: + sym =3D find_symbol_containing(table_sec, table_offset); + break; + default: + return NULL; + } + /* * Make sure the .rodata address isn't associated with a - * symbol. GCC jump tables are anonymous data. + * symbol. Unannotated GCC jump tables are anonymous data. * * Also support C jump tables which are in the same format as * switch jump tables. For objtool to recognize them, they * need to be placed in the C_JUMP_TABLE_SECTION section. They * have symbols associated with them. */ - if (find_symbol_containing(table_sec, table_offset) && + if (reloc_type(text_reloc) !=3D R_X86_64_NONE && sym && strcmp(table_sec->name, C_JUMP_TABLE_SECTION)) return NULL; =20 @@ -151,6 +172,6 @@ struct reloc *arch_find_switch_table(struct objtool_fil= e *file, if (!rodata_reloc) return NULL; =20 - *table_size =3D 0; + *table_size =3D sym ? sym->len : 0; return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 5f711ac5b43d..6521c82880f0 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1386,6 +1386,8 @@ __weak const char *arch_nop_fentry_call(int len) =20 static struct reloc *insn_reloc(struct objtool_file *file, struct instruct= ion *insn) { + unsigned long offset =3D insn->offset; + unsigned int len =3D insn->len; struct reloc *reloc; =20 if (insn->no_reloc) @@ -1394,8 +1396,12 @@ static struct reloc *insn_reloc(struct objtool_file = *file, struct instruction *i if (!file) return NULL; =20 - reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, - insn->offset, insn->len); + do { + /* Skip any R_*_NONE relocations */ + reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, + offset++, len--); + } while (len && reloc && reloc_type(reloc) =3D=3D 0); + if (!reloc) { insn->no_reloc =3D 1; return NULL; --=20 2.47.0.rc0.187.ge670bccf7e-goog From nobody Wed Nov 27 11:58:16 2024 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2E3E1C6F79 for ; Thu, 10 Oct 2024 12:28:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563306; cv=none; b=Uho5ZTUtP86zZCCJ0ucUMLYkUOwMxXXZYkx5RQKJfAPz93w/ysgWH7SDuCJFNByVhhptsdZzvYzZQevKawGAYAnvpEzt9uA1x4eFQnP+HecdS0Ryjq3tkaBnxJt0n2Xyrb5F1EC5jHCpr4PeAyfzphkrhR+IZ2/eywbVnzhAvX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563306; c=relaxed/simple; bh=MRo6HjQ15aNR0eJ50gt5+sfVcqyhO/6KpFlpqqECZJs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HsrVRPlZuxRwjGhlueE0SbeyV3a2D5qCmpmiLRAeOsz/FvGjUuYXDmGAVIt9ClPFzOSu2R6Tq2y+3IA9Sxe2FOUQixCaMqVBEH55MsSyionsE46ZNL+/jPffVgOyMv3J0/cIIJpnry2SeWNI5wlRtjCY7hiif4skO83jVQj9QL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2ToUc1p4; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2ToUc1p4" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e1159fb161fso1514979276.1 for ; Thu, 10 Oct 2024 05:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563304; x=1729168104; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GuP8Dw+VpWRcprLt/X+HiKdbyXuiqtG6Iu2yHIJSWwU=; b=2ToUc1p4Kl3mw31cB49oESpiIxPlVhdJb4mRkw0tanX3vY0/+D9iMHKbYtSP7nEh2i qSASo4KWRQE5ld3zA0PAsBy3xRJm7NqVNd1XFUPtjhHGKYhs3yOb2U8Tj2K17IyvLAJ1 2vNc/5e6n3f9WkzUnUn1MyibmfMQf9Adc1okeTJPqBuH3ioKRnEMyWD2t8GRhJ89FGOY 4RzDNN3206h1XsB9nsTUH/AdSAP9K77HPBynaXoX6RF2GT5fMDR+ynqo4KpjZShmpPJS RVVoXuEzDVaMno0esQBXHhcRHZarB2YWBHQJxJ5xxPXQNNfOx1Y9LbW5LoC2hhFc/ZWR DSsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563304; x=1729168104; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GuP8Dw+VpWRcprLt/X+HiKdbyXuiqtG6Iu2yHIJSWwU=; b=YzbK/BymC81vFcj4BGtHycL/ehFKp+D1e+Vzh0ytu1AgIIMG8eG/WmsJLdG6Pnw7pT VrDTmdCM1ymh83ZBP6SNZbjbrvEPprZzt87uTvViOmWsUJ01gizq32UDU2o313ON+hUY 4wvG3Fq1V4sXNbrdlAS+/bsUM6JJ9ZspkqWNO91G1KpAIVQ4G5AGVKg6EZQB4xMrGrjr Eq6bpAoqhK2yhOE8Vhd3a/qYrr0uw4GZ7gGOLOGI9ovR03dnehWWglC/dw9pelwZM45I 3KA4e2dMTrdLDVyjx//RczExEgpydydDcbEmXUaqZvfw9bJyvvehUMh6TydCKvUV+R05 mkVg== X-Gm-Message-State: AOJu0YzAekNmTdE5+OrkDODfxfCHx+mw34MX1JPb3TAT0nvpJrs5MV1F mSfnmrcoJeJHtkbgyM03/9lSd+xW+Gn3KxXVW1Y298WyJxG+Nc4eh9T3s0DBV6JFgvGgL8aKX4x +0AqN2UZ5EVMe7gGM3MxzSS1Mj+oaUouyjfxzPXwMiV3Zv4tizuuTLabQgn64gGyd3/QqsfXo8f YFr3XbKKtFLqBI5oZzghB205OlSbwBhA== X-Google-Smtp-Source: AGHT+IHL+aSBpZQ8XgGYGpH0O9CURph9tagSzDdjdDu89XN4DeeMFZXywYndZAwf/GPPkkHqRxOiKyoU X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a5b:312:0:b0:e28:e97f:5394 with SMTP id 3f1490d57ef6-e28fe33aed1mr4678276.4.1728563303096; Thu, 10 Oct 2024 05:28:23 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:06 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1552; i=ardb@kernel.org; h=from:subject; bh=NRgY3UMAuDIJTAcx2+Y8d13RXHmPxwHdPW9+1ltPrDw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RMS9+3HyUVxz3N6rFic4/86um9+3/smqyr/zTgncZ Zo+yetsRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIqxUM/wPfJZ9NNS48fad3 z8LWxz+ElmpIu7zdPqu+Zt7CeZ/qNXsYGV4nxAswx5UceSYy9bxb+me/sxyZ5Rs5/+us4FRYvUT 7Ez8A X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-11-ardb+git@google.com> Subject: [PATCH v2 4/5] crypto: x86/crc32c - Use idiomatic relative jump table From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The original crc32c code used a place-relative jump table but with a slightly awkward use of two separate symbols. To help objtool, this was replaced with a bog-standard position dependent jump table call, which was subsequently tweaked to use a RIP-relative reference to the table, but still populate it with absolute 64-bit references. Given that objtool will need to be taught about the jump table idiom that compilers use when running with -fpie enabled, let's update the jump table in the crc32c code once again to use this standard idiom, where the jump table carries 32-bit references relative to the start of the table, and the destination address can be obtained by adding the two. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/cr= c32c-pcl-intel-asm_64.S index bbcff1fb78cb..45b005935194 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -53,7 +53,7 @@ .endm =20 .macro JMPTBL_ENTRY i -.quad .Lcrc_\i +.long .Lcrc_\i - jump_table .endm =20 .macro JNC_LESS_THAN j @@ -169,7 +169,8 @@ SYM_FUNC_START(crc_pcl) =20 ## branch into array leaq jump_table(%rip), %bufp - mov (%bufp,%rax,8), %bufp + movslq (%bufp,%rax,4), len + addq len, %bufp JMP_NOSPEC bufp =20 ################################################################ --=20 2.47.0.rc0.187.ge670bccf7e-goog From nobody Wed Nov 27 11:58:16 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2E251C8FC1 for ; Thu, 10 Oct 2024 12:28:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563309; cv=none; b=eK6bM09HNYTnRg3EynzaOteNIUe54FJo671U79N+SW2Yp+3Gw7/zaIqgo3Jag7enJijK95YVjF8xedlbmCcqGIxVYd0/AXdYhDbWsT/OFkjx18NkV4zms8jZZslTYrtKQt5qLN2es2x0fsF/7sSwpO0erJ24sKbRnLvEPswMUPM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728563309; c=relaxed/simple; bh=/o/yZ4swobCw3VY94GgXQ0C8aM777wTuhgBNMFNnV60=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VWbZIjX7Vw+empkcfnpvIBviy1S/etT1DadeVN/4mgzCcgkklh9s6ksT4w8+01ZCgo2TTMkgzGKczoMlE+bQIMQ6L/5sJQbtORd89BkXmRVOjd6vyJdVKb/or+BX0DvB0W73eTm9/TIHDsfwY5dX+ANjkbBBByHMdcraq/Uo+CE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=VOYmbAvh; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="VOYmbAvh" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6d9e31e66eeso18659217b3.1 for ; Thu, 10 Oct 2024 05:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728563306; x=1729168106; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ysiTQYnIFAM+GVpiQPZxea96jDzKFB0S2bf0Q1srz24=; b=VOYmbAvhxap0cte9dg4PfMjRzh+VLx1RDazD2HeYqoERO/YW4lj1NtG+ntwSjn7VAg EgOg+QiKGOfX4uiwzrgNRmRfoPW/b4riat0uKDZPy0z8iZ4s5iO1X3uzPMgvzxRtqFDm 19lEYb/PPOUyMF2GQ2iaxNAyDj/AJJ38r8S9gxCCG+nyzFWuDCwX7eFb++Tt7f7HlosH 2zftoZZo43X3cj1LglIblXDE4BLfpO1dQZwARbknCClfbwD1efQX4CU03I7pbDR0OZUI WyjaJEuaflWSGt7amrLUw5o2uDYSs8TknSh5HD37aYSqiLwH/ripsVSzGDvICgIToS4d 5M5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728563306; x=1729168106; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ysiTQYnIFAM+GVpiQPZxea96jDzKFB0S2bf0Q1srz24=; b=Gn7QBktkaM50jFBBBLbB7bKU6qhoyoW1A7N8lIiMQu8zl8Mq/HY4At3U0jotT4daZE 4YsC0hUYFHF/9bFLNKaKzmoq2Frka5tMS7hPeYUQQpgYc/31TUZBNcXRzaAgBmBFTJBl tepMviitJBg7nyx/5bLf378XuYp8IyUkW+faLumf9pic1hNC6HMJ59vumZBze+XNDE6c bmr1yyhlyKsPF7yzK2G9bJ6zDoQGCLtC68feb1d9E9y1DjZ2a4S1xy/DLC0p+rZ3Wvom c6XaRyD+CfrBv8Oz2gAbdJfYRwx0lqXZcZIiZ7Yf0QlnSN9VoOIeBLnANbCHxp7acmlf ordA== X-Gm-Message-State: AOJu0YxwBYiBbZr7A52wGepPj1zNndv9vLhNdZ9F/8aH+UzWY4Jbk1H4 eISau6Vt4l4rtOxGm1mXceBBoSiYNOGw0EDJGyFSwpZNGlnKiWADKGZtT5EMzjyOt+/ptJV8LFB eyZ+o87qwcI9GG4BaG+VQsG70xFd1ycNLw6sR3kdQ9MatO/R9x8ze31GGbayVotjpW/TmlSpDr3 ZLI91XCYqmDVUKJ3JjU/73YJfbyi58Wg== X-Google-Smtp-Source: AGHT+IGYzCVf/jII8KomABTrMZDoXEXfru199j0RK0tDWPSxK1xkfDqRPfD8R/E6mn2ZF9v6gg5pIreS X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:731:b0:6e3:eab:18b1 with SMTP id 00721157ae682-6e3221767a6mr203727b3.1.1728563305577; Thu, 10 Oct 2024 05:28:25 -0700 (PDT) Date: Thu, 10 Oct 2024 14:28:07 +0200 In-Reply-To: <20241010122801.1321976-7-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241010122801.1321976-7-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2591; i=ardb@kernel.org; h=from:subject; bh=RmdquyWiyHUUPxUBLvM2Ygamlf/86/TxkgF8NWyXERA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ39RGTnOvUT3GJzrx1X9JCRfnpo9w2pI/P+f72q8Y5HS 2VhS1hJRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjI/VqGn4yKCg4MbTISnK/Y F87etqfSUuC0V+eSGs4vLtH5KVNelDP8M/12ry6phyVirtfhVYVX34UvNvU0q/3pKLY8Kf7HkZk prAA= X-Mailer: git-send-email 2.47.0.rc0.187.ge670bccf7e-goog Message-ID: <20241010122801.1321976-12-ardb+git@google.com> Subject: [PATCH v2 5/5] crypto: x86/crc32c - Tweak jump table to validate objtool logic From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Tweak the jump table so - the address is taken far way from its use - its offset from the start of .rodata is !=3D 0x0 - its type is STT_OBJECT and its size is set to the size of the actual table - the indirect jump is annotated with a R_X86_64_NONE relocation pointing to the jump table Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 39 +++++++++++--------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/cr= c32c-pcl-intel-asm_64.S index 45b005935194..ba1cca66875b 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -93,10 +93,13 @@ SYM_FUNC_START(crc_pcl) #define crc1 %r9 #define crc2 %r10 =20 + pushq %rbp pushq %rbx pushq %rdi pushq %rsi =20 + leaq jump_table(%rip), %rbp + ## Move crc_init for Linux to a different mov crc_init_arg, crc_init =20 @@ -168,9 +171,9 @@ SYM_FUNC_START(crc_pcl) xor crc2, crc2 =20 ## branch into array - leaq jump_table(%rip), %bufp - movslq (%bufp,%rax,4), len - addq len, %bufp + movslq (%rbp,%rax,4), %bufp + addq %rbp, %bufp + .reloc ., R_X86_64_NONE, jump_table JMP_NOSPEC bufp =20 ################################################################ @@ -310,24 +313,11 @@ LABEL less_than_ %j # less_than_j: Length should be= in popq %rsi popq %rdi popq %rbx + popq %rbp RET SYM_FUNC_END(crc_pcl) =20 .section .rodata, "a", @progbits - ################################################################ - ## jump table Table is 129 entries x 2 bytes each - ################################################################ -.align 4 -jump_table: - i=3D0 -.rept 129 -.altmacro -JMPTBL_ENTRY %i -.noaltmacro - i=3Di+1 -.endr - - ################################################################ ## PCLMULQDQ tables ## Table is 128 entries x 2 words (8 bytes) each @@ -462,3 +452,18 @@ K_table: .long 0x45cddf4e, 0xe0ac139e .long 0xacfa3103, 0x6c23e841 .long 0xa51b6135, 0x170076fa + + ################################################################ + ## jump table Table is 129 entries x 2 bytes each + ################################################################ +.align 4 +jump_table: + i=3D0 +.rept 129 +.altmacro +JMPTBL_ENTRY %i +.noaltmacro + i=3Di+1 +.endr +.size jump_table, . - jump_table +.type jump_table, @object --=20 2.47.0.rc0.187.ge670bccf7e-goog