[PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR

[PATCH v8 00/14] Function Granular KASLR · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 01/14] x86: Makefile: Add build and config option for CONFIG_FG_KASLR · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 02/14] x86/tools: Add relative relocs for randomized functions · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 03/14] x86: Add support for function granular KASLR · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 03/14] x86: Add support for function granular KASLR · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 03/14] x86: Add support for function granular KASLR · Alexander Lobakin <hidden> · 2021-12-03
Re: [PATCH v8 03/14] x86: Add support for function granular KASLR · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
[PATCH v8 04/14] linkage: add macros for putting ASM functions into own sections · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 04/14] linkage: add macros for putting ASM functions into own sections · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 04/14] linkage: add macros for putting ASM functions into own sections · Alexander Lobakin <hidden> · 2021-12-03
[PATCH v8 07/14] kallsyms: Hide layout · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 07/14] kallsyms: Hide layout · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 07/14] kallsyms: Hide layout · Ard Biesheuvel <ardb@kernel.org> · 2021-12-03
Re: [PATCH v8 07/14] kallsyms: Hide layout · Josh Poimboeuf <hidden> · 2021-12-07
[PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR · Alexander Lobakin <hidden> · 2021-12-03
Re: [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR · Josh Poimboeuf <hidden> · 2021-12-06
[PATCH v8 06/14] FG-KASLR: use a scripted approach to handle .text.* sections · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 06/14] FG-KASLR: use a scripted approach to handle .text.* sections · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
[PATCH v8 09/14] x86/boot: allow FG-KASLR to be selected · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 10/14] arm64/crypto: conditionally place ASM functions into separate sections · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 12/14] module: use a scripted approach for FG-KASLR · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 13/14] Documentation: add documentation for FG-KASLR · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 14/14] maintainers: add MAINTAINERS entry for FG-KASLR · Alexander Lobakin <hidden> · 2021-12-02
[PATCH v8 11/14] module: Reorder functions · Alexander Lobakin <hidden> · 2021-12-02
Re: [PATCH v8 11/14] module: Reorder functions · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 00/14] Function Granular KASLR · Peter Zijlstra <peterz@infradead.org> · 2021-12-03
Re: [PATCH v8 00/14] Function Granular KASLR · Alexander Lobakin <hidden> · 2021-12-03
Re: [PATCH v8 00/14] Function Granular KASLR · Peter Zijlstra <peterz@infradead.org> · 2021-12-03

STALE1644d

Revisions (4)

2021-08-31 v6 [diff vs current]
2021-12-02 v8 current
2021-12-23 v9 [diff vs current]
2022-02-09 v10 [diff vs current]

From: Alexander Lobakin <hidden>
Date: 2021-12-02 22:33:32
Also in: linux-hardening, linux-kbuild, live-patching, lkml, llvm
Subsystem: live patching, the rest · Maintainers: Josh Poimboeuf, Jiri Kosina, Miroslav Benes, Petr Mladek, Linus Torvalds

If any type of function granular randomization is enabled, the sympos
algorithm will fail, as it will be impossible to resolve symbols when
there are duplicates using the previous symbol position.

We could override sympos to 0, but make it more clear to the user
and bail out if the symbol is not unique.

Suggested-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Alexander Lobakin <redacted>
---
 kernel/livepatch/core.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 335d988bd811..10ea75111057 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c

@@ -169,6 +169,17 @@ static int klp_find_object_symbol(const char *objname, const char *name,
 	else
 		kallsyms_on_each_symbol(klp_find_callback, &args);
 
+	/*
+	 * If function granular randomization is enabled, it is impossible
+	 * to resolve symbols when there are duplicates using the previous
+	 * symbol position (i.e. sympos != 0).
+	 */
+	if (IS_ENABLED(CONFIG_FG_KASLR) && sympos) {
+		pr_err("FG-KASLR is enabled, specifying symbol position %lu for symbol '%s' in object '%s' does not work\n",
+		       sympos, name, objname ? objname : "vmlinux");
+		goto out_err;
+	}
+
 	/*
 	 * Ensure an address was found. If sympos is 0, ensure symbol is unique;
 	 * otherwise ensure the symbol position count matches sympos.

@@ -186,6 +197,7 @@ static int klp_find_object_symbol(const char *objname, const char *name,
 		return 0;
 	}
 
+out_err:
 	*addr = 0;
 	return -EINVAL;
 }

-- 
2.33.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help