Re: [PATCH v4 00/10] Function Granular KASLR
From: Miroslav Benes <mbenes@suse.cz>
Date: 2020-08-28 10:22:44
Also in:
lkml
Possibly related (same subject, not in this thread)
- 2020-08-12 · Re: [PATCH v4 00/10] Function Granular KASLR · Kristen Carlson Accardi <hidden>
- 2020-08-10 · Re: [PATCH v4 00/10] Function Granular KASLR · Kristen Carlson Accardi <hidden>
- 2020-08-07 · Re: [PATCH v4 00/10] Function Granular KASLR · Kees Cook <hidden>
- 2020-08-07 · Re: [PATCH v4 00/10] Function Granular KASLR · Kristen Carlson Accardi <hidden>
- 2020-08-04 · Re: [PATCH v4 00/10] Function Granular KASLR · Joe Lawrence <joe.lawrence@redhat.com>
Leaving Josh's proposals here for reference...
quoted
I'm not sure how LTO does it, but a few more (half-brained) ideas that could work: 1) Add a field in kallsyms to keep track of a symbol's original offset before randomization/re-sorting. Livepatch could use that field to determine the original sympos. 2) In fgkaslr code, go through all the sections and mark the ones which have duplicates (i.e. same name). Then when shuffling the sections, skip a shuffle if it involves a duplicate section. That way all the duplicates would retain their original sympos. 3) Livepatch could uniquely identify symbols by some feature other than sympos. For example: Symbol/function size - obviously this would only work if duplicately named symbols have different sizes. Checksum - as part of a separate feature we're also looking at giving each function its own checksum, calculated based on its instruction opcodes. Though calculating checksums at runtime could be complicated by IP-relative addressing. I'm thinking #1 or #2 wouldn't be too bad. #3 might be harder.Hi there! I was trying to find a super easy way to address this, so I thought the best thing would be if there were a compiler or linker switch to just eliminate any duplicate symbols at compile time for vmlinux. I filed this question on the binutils bugzilla looking to see if there were existing flags that might do this, but H.J. Lu went ahead and created a new one "-z unique", that seems to do what we would need it to do. https://sourceware.org/bugzilla/show_bug.cgi?id=26391 When I use this option, it renames any duplicate symbols with an extension - for example duplicatefunc.1 or duplicatefunc.2. You could either match on the full unique name of the specific binary you are trying to patch, or you match the base name and use the extension to determine original position. Do you think this solution would work?
Yes, I think so (thanks, Joe, for testing!). It looks cleaner to me than the options above, but it may just be a matter of taste. Anyway, I'd go with full name matching, because -z unique-symbol would allow us to remove sympos altogether, which is appealing.
If so, I can modify livepatch to refuse to patch on duplicated symbols if CONFIG_FG_KASLR and when this option is merged into the tool chain I can add it to KBUILD_LDFLAGS when CONFIG_FG_KASLR and livepatching should work in all cases.
Ok. Josh, Petr, would this work for you too? Thanks Miroslav