Patch "x86, relocs: Ignore relocations in .notes section" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 22 Mar 2024 14:39:57 -0400

This is a note to let you know that I've just added the patch titled

    x86, relocs: Ignore relocations in .notes section

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-relocs-ignore-relocations-in-.notes-section.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 271f8fc9fab6b1e8ce89e98fcd4bc495d1c17efb
Author: Kees Cook <keescook@xxxxxxxxxxxx>
Date:   Tue Feb 27 09:51:12 2024 -0800

    x86, relocs: Ignore relocations in .notes section
    
    [ Upstream commit aaa8736370db1a78f0e8434344a484f9fd20be3b ]
    
    When building with CONFIG_XEN_PV=y, .text symbols are emitted into
    the .notes section so that Xen can find the "startup_xen" entry point.
    This information is used prior to booting the kernel, so relocations
    are not useful. In fact, performing relocations against the .notes
    section means that the KASLR base is exposed since /sys/kernel/notes
    is world-readable.
    
    To avoid leaking the KASLR base without breaking unprivileged tools that
    are expecting to read /sys/kernel/notes, skip performing relocations in
    the .notes section. The values readable in .notes are then identical to
    those found in System.map.
    
    Reported-by: Guixiong Wei <guixiongwei@xxxxxxxxx>
    Closes: https://lore.kernel.org/all/20240218073501.54555-1-guixiongwei@xxxxxxxxx/
    Fixes: 5ead97c84fa7 ("xen: Core Xen implementation")
    Fixes: da1a679cde9b ("Add /sys/kernel/notes")
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index 1c3a1962cade6..0043fd374a62f 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -596,6 +596,14 @@ static void print_absolute_relocs(void)
 		if (!(sec_applies->shdr.sh_flags & SHF_ALLOC)) {
 			continue;
 		}
+		/*
+		 * Do not perform relocations in .notes section; any
+		 * values there are meant for pre-boot consumption (e.g.
+		 * startup_xen).
+		 */
+		if (sec_applies->shdr.sh_type == SHT_NOTE) {
+			continue;
+		}
 		sh_symtab  = sec_symtab->symtab;
 		sym_strtab = sec_symtab->link->strtab;
 		for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) {







