Re: [PATCH v4 00/10] Function Granular KASLR

From: Frank Ch. Eigler
Date: Mon Aug 03 2020 - 20:48:31 EST

Next message: John Stultz: "Re: [PATCH v3] pinctrl: qcom: Handle broken/missing PDC dual edge IRQs on sc7180"
Previous message: Wesley Cheng: "[PATCH v7 0/4] Introduce PMIC based USB type C detection"
In reply to: Kees Cook: "Re: [PATCH v4 00/10] Function Granular KASLR"
Next in thread: Jessica Yu: "Re: [PATCH v4 00/10] Function Granular KASLR"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi -

> > We have relocated based on sections, not some subset of function
> > symbols accessible that way, partly because DWARF line- and DIE- based
> > probes can map to addresses some way away from function symbols, into
> > function interiors, or cloned/moved bits of optimized code. It would
> > take some work to prove that function-symbol based heuristic
> > arithmetic would have just as much reach.
>
> Interesting. Do you have an example handy?

No, I'm afraid I don't have one that I know cannot possibly be
expressed by reference to a function symbol only. I'd look at
systemtap (4.3) probe point lists like:

% stap -vL 'kernel.statement("*@kernel/*verif*.c:*")'
% stap -vL 'module("amdgpu").statement("*@*execution*.c:*")'

which give an impression of computed PC addresses.

> It seems like something like that would reference the enclosing
> section, which means we can't just leave them out of the sysfs
> list... (but if such things never happen in the function-sections,
> then we *can* remove them...)

I'm not sure we can easily prove they can never happen there.

- FChE

Next message: John Stultz: "Re: [PATCH v3] pinctrl: qcom: Handle broken/missing PDC dual edge IRQs on sc7180"
Previous message: Wesley Cheng: "[PATCH v7 0/4] Introduce PMIC based USB type C detection"
In reply to: Kees Cook: "Re: [PATCH v4 00/10] Function Granular KASLR"
Next in thread: Jessica Yu: "Re: [PATCH v4 00/10] Function Granular KASLR"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]