RE: [crypto] aa031b8f70: leaking-addresses.proc..rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: kernel test robot <oliver.sang@xxxxxxxxx>
> Sent: Wednesday, August 24, 2022 3:22 AM
> To: Elliott, Robert (Servers) <elliott@xxxxxxx>
> 
> FYI, we noticed the following commit (built with gcc-11):
> 
> commit: aa031b8f702e7941b4c86022348a366c335d389a ("crypto: x86/sha512 - load based on CPU features")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> 
> in testcase: leaking-addresses caused below changes 
> 2022-08-21 00:20:54 ./leaking_addresses.pl --output-raw result/scan.out
> 2022-08-21 00:21:21 ./leaking_addresses.pl --input-raw result/scan.out --squash-by-filename
...
> [49 .init_array] 0xffffffffa03f0000
> [50 .gnu.linkonce.this_module] 0xffffffffa041a540
> [2 .rodata.cst16.bswap_mask] 0xffffffffa040d100
> [2 .noinstr.text] 0xffffffffa0c3ae00
> [4 .altinstr_aux] 0xffffffffa0c39d55
> [20 __param] 0xffffffffa0415a88
> [20 .altinstructions] 0xffffffffa06fb180
...
> [1 .rodata.cst640.K512] 0xffffffffa08001c0    <-------- (1)
> [1 .rodata.cst16.XMM_QWORD_BSWAP] 0xffffffffa08001a0   <-------- (2)
> [1 .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK] 0xffffffffa0801160  <--------- (3)
> [1 .rodata.cst32.MASK_YMM_LO] 0xffffffffa0801180     <-------- (4)
...

The patch simply causes the x86 sha512 module to be loaded instead of
sitting unused. Future patches will do the same for the rest of the
x86 crypto modules.

scripts/leaking_addresses.pl is scanning all the files in /proc and /sys
looking for files with contents that look like kernel addresses (16 hex
characters starting with ffff).

kernel/module/sysfs.c creates a sysfs directory for each loaded
module that includes a sections subdirectory containing numerous files 
with filenames starting with . including:
-r--------. 1 root root 19 Oct 25 14:07 .rodata.str1.1
-r--------. 1 root root 19 Oct 25 14:07 .rodata.str1.8
-r--------. 1 root root 19 Oct 25 14:07 .rodata
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst16.XMM_QWORD_BSWAP
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst32.MASK_YMM_LO
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst640.K512

The contents of the files are not accessible to non-root users.

Those contain linker addresses:
/sys/module/sha512_ssse3/sections/.rodata:0xffffffffc084b000
/sys/module/sha512_ssse3/sections/.rodata.cst16.XMM_QWORD_BSWAP:0xffffffffc084b170
/sys/module/sha512_ssse3/sections/.rodata.cst32.MASK_YMM_LO:0xffffffffc084bf00
/sys/module/sha512_ssse3/sections/.rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK:0xffffffffc084bee0
/sys/module/sha512_ssse3/sections/.rodata.cst640.K512:0xffffffffc084b1c0
/sys/module/sha512_ssse3/sections/.rodata.str1.1:0xffffffffc084bf20
/sys/module/sha512_ssse3/sections/.rodata.str1.8:0xffffffffc084bf28

That is not unique to the crypto modules - all modules are there:
/sys/module/intel_uncore_frequency/sections/.rodata: 0xffffffffc08d0020
/sys/module/intel_uncore_frequency/sections/.rodata.str1.8: 0xffffffffc08d0118

/sys/module/coretemp/sections/.init.rodata: 0xffffffffc0c5d000
/sys/module/coretemp/sections/.rodata: 0xffffffffc0a2c280
/sys/module/coretemp/sections/.rodata.str1.1: 0xffffffffc0a2c000
/sys/module/coretemp/sections/.rodata.str1.8: 0xffffffffc0a2c130
...

Perhaps lkp needs to run that script as a normal user, not root? 
As root, it outputs 67234 lines; as a normal user, it outputs
just 3 lines (all values related to keyboards, not addresses).





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux