iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
564c9cc84e
linux/arch/x86/mm
History
Kees Cook 564c9cc84e locking/refcounts, x86/asm: Use unique .text section for refcount exceptions 
Using .text.unlikely for refcount exceptions isn't safe because gcc may
move entire functions into .text.unlikely (e.g. in6_dev_dev()), which
would cause any uses of a protected refcount_t function to stay inline
with the function, triggering the protection unconditionally:

        .section        .text.unlikely,"ax",@progbits
        .type   in6_dev_get, @function
in6_dev_getx:
.LFB4673:
        .loc 2 4128 0
        .cfi_startproc
...
        lock; incl 480(%rbx)
        js 111f
        .pushsection .text.unlikely
111:    lea 480(%rbx), %rcx
112:    .byte 0x0f, 0xff
.popsection
113:

This creates a unique .text..refcount section and adds an additional
test to the exception handler to WARN in the case of having none of OF,
SF, nor ZF set so we can see things like this more easily in the future.

The double dot for the section name keeps it out of the TEXT_MAIN macro
namespace, to avoid collisions and so it can be put at the end with
text.unlikely to keep the cold code together.

See commit:

  cb87481ee8 ("kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured")

... which matches C names: [a-zA-Z0-9_] but not ".".

Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Elena <elena.reshetova@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arch <linux-arch@vger.kernel.org>
Fixes: 7a46ec0e2f ("locking/refcounts, x86/asm: Implement fast refcount overflow protection")
Link: http://lkml.kernel.org/r/1504382986-49301-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-09-28 09:45:05 +02:00
..
kmemcheck x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
amdtopology.c x86/boot/e820: Move asm/e820.h to asm/e820/api.h 2017-01-28 09:31:13 +01:00
debug_pagetables.c x86/mm/ptdump: Make (debugfs)/kernel_page_tables read-only 2015-12-04 12:55:01 +01:00
dump_pagetables.c x86/mm/dump_pagetables: Speed up page tables dump for CONFIG_KASAN=y 2017-07-25 11:22:09 +02:00
extable.c locking/refcounts, x86/asm: Use unique .text section for refcount exceptions 2017-09-28 09:45:05 +02:00
fault.c x86/asm: Fix inline asm call constraints for Clang 2017-09-23 15:06:20 +02:00
highmem_32.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
hugetlbpage.c x86/mm: Prepare to expose larger address space to userspace 2017-07-21 10:05:18 +02:00
ident_map.c x86/mm, kexec: Allow kexec to be used with SME 2017-07-18 11:38:04 +02:00
init_32.c mm, memory_hotplug: replace for_device by want_memblock in arch_add_memory 2017-07-06 16:24:32 -07:00
init_64.c mm/memory_hotplug: introduce add_pages 2017-09-08 18:26:46 -07:00
init.c x86/mm/64: Initialize CR4.PCIDE early 2017-09-13 09:54:43 +02:00
iomap_32.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
ioremap.c x86/mm: Use proper encryption attributes with /dev/mem 2017-07-18 11:38:05 +02:00
kasan_init_64.c x86/mm: Insure that boot memory areas are mapped properly 2017-07-18 11:38:01 +02:00
kaslr.c x86/mm: Add support for 5-level paging for KASLR 2017-06-13 08:56:58 +02:00
kmmio.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
Makefile x86/mm: Add support to encrypt the kernel in-place 2017-07-18 11:38:05 +02:00
mem_encrypt_boot.S x86/mm: Fix SME encryption stack ptr handling 2017-08-29 10:57:16 +02:00
mem_encrypt.c x86/mm: Make the SME mask a u64 2017-09-07 11:53:11 +02:00
mm_internal.h x86: Enable PAT to use cache mode translation tables 2014-11-16 11:04:26 +01:00
mmap.c Merge branch 'linus' into x86/mm to pick up fixes and to fix conflicts 2017-08-26 09:19:13 +02:00
mmio-mod.c x86/boot/e820: Move asm/e820.h to asm/e820/api.h 2017-01-28 09:31:13 +01:00
mpx.c x86/mpx: Do not allow MPX if we have mappings above 47-bit 2017-07-21 10:05:18 +02:00
numa_32.c x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() 2017-05-09 08:12:27 +02:00
numa_64.c
numa_emulation.c x86/numa_emulation: Recalculate numa_nodes_parsed from emulated nodes 2017-07-18 11:16:49 +02:00
numa_internal.h
numa.c Merge branch 'x86/boot' into x86/mm, to avoid conflict 2017-04-11 08:56:05 +02:00
pageattr-test.c x86/mm/pat: Make mm/pageattr[-test].c explicitly non-modular 2015-08-25 09:48:38 +02:00
pageattr.c x86, drm, fbdev: Do not specify encrypted memory for video mappings 2017-07-18 11:38:04 +02:00
pat_internal.h x86/mm/pat: Convert to pr_*() usage 2015-05-27 14:40:59 +02:00
pat_rbtree.c x86/mm/pat: Use rb_entry() 2017-02-04 17:18:00 +01:00
pat.c x86/mm: Use proper encryption attributes with /dev/mem 2017-07-18 11:38:05 +02:00
pf_in.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
pf_in.h
pgtable_32.c Merge branch 'x86/boot' into x86/mm, to avoid conflict 2017-04-11 08:56:05 +02:00
pgtable.c x86/paravirt: Remove no longer used paravirt functions 2017-09-13 10:55:15 +02:00
physaddr.c x86/mm: Audit and remove any unnecessary uses of module.h 2016-07-14 13:04:20 +02:00
physaddr.h
pkeys.c x86/fpu: Rename fpu::fpstate_active to fpu::initialized 2017-09-26 09:43:36 +02:00
setup_nx.c Revert "x86/mm/32: Set NX in __supported_pte_mask before enabling paging" 2016-04-26 19:52:57 +02:00
srat.c x86/boot/e820: Move asm/e820.h to asm/e820/api.h 2017-01-28 09:31:13 +01:00
testmmiotrace.c Annotate hardware config module parameters in arch/x86/mm/ 2017-04-04 16:54:21 +01:00
tlb.c x86/mm: Factor out CR3-building code 2017-09-17 18:59:08 +02:00