Re: [PATCH] x86, relocs: Ignore relocations in .notes section on walk_relocs

[Borislav Petkov]

On Tue, Mar 19, 2024 at 09:56:29AM -0700, Kees Cook wrote:
> > Yes, please. Just send a Reviewed-by and it'll get picked up.
> 
> Okay, thanks!

Dammit, how did this commit land upstream and in stable?!

Forgot to zap it from your tree and sent the branch to Linus anyway?

Kees, please refrain from taking tip patches in the future. You know how
this works - get_maintainers.pl.

Thx.

Date: Fri, 22 Mar 2024 14:47:05 -0400
From: Sasha Levin <sashal@xxxxxxxxxx>
To: stable-commits@xxxxxxxxxxxxxxx, keescook@xxxxxxxxxxxx
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>,
 Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>,
 x86@xxxxxxxxxx, "H. Peter Anvin" <hpa@xxxxxxxxx>
Subject: Patch "x86, relocs: Ignore relocations in .notes section" has been
 added to the 5.4-stable tree
X-Mailer: git-send-email 2.43.0
Message-ID: <20240322184705.144463-1-sashal@xxxxxxxxxx>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8

This is a note to let you know that I've just added the patch titled

    x86, relocs: Ignore relocations in .notes section

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-relocs-ignore-relocations-in-.notes-section.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 91aa857ccbd1212a23cd80bb45f71715f2db7144
Author: Kees Cook <keescook@xxxxxxxxxxxx>
Date:   Tue Feb 27 09:51:12 2024 -0800

    x86, relocs: Ignore relocations in .notes section
    
    [ Upstream commit aaa8736370db1a78f0e8434344a484f9fd20be3b ]
    
    When building with CONFIG_XEN_PV=y, .text symbols are emitted into
    the .notes section so that Xen can find the "startup_xen" entry point.
    This information is used prior to booting the kernel, so relocations
    are not useful. In fact, performing relocations against the .notes
    section means that the KASLR base is exposed since /sys/kernel/notes
    is world-readable.
    
    To avoid leaking the KASLR base without breaking unprivileged tools that
    are expecting to read /sys/kernel/notes, skip performing relocations in
    the .notes section. The values readable in .notes are then identical to
    those found in System.map.
    
    Reported-by: Guixiong Wei <guixiongwei@xxxxxxxxx>
    Closes: https://lore.kernel.org/all/20240218073501.54555-1-guixiongwei@xxxxxxxxx/
    Fixes: 5ead97c84fa7 ("xen: Core Xen implementation")
    Fixes: da1a679cde9b ("Add /sys/kernel/notes")
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index 1c3a1962cade6..0043fd374a62f 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -596,6 +596,14 @@ static void print_absolute_relocs(void)
 		if (!(sec_applies->shdr.sh_flags & SHF_ALLOC)) {
 			continue;
 		}
+		/*
+		 * Do not perform relocations in .notes section; any
+		 * values there are meant for pre-boot consumption (e.g.
+		 * startup_xen).
+		 */
+		if (sec_applies->shdr.sh_type == SHT_NOTE) {
+			continue;
+		}
 		sh_symtab  = sec_symtab->symtab;
 		sym_strtab = sec_symtab->link->strtab;
 		for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) {

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette