RE: [crypto] aa031b8f70: leaking-addresses.proc..rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK.

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: "Elliott, Robert (Servers)" <elliott@hpe.com>
To: kernel test robot <oliver.sang@intel.com>, "me@tobin.cc" <me@tobin.cc>
Cc: "lkp@lists.01.org" <lkp@lists.01.org>,
	"lkp@intel.com" <lkp@intel.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Linux Memory Management List <linux-mm@kvack.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: RE: [crypto]  aa031b8f70: leaking-addresses.proc..rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK.
Date: Tue, 25 Oct 2022 21:15:50 +0000	[thread overview]
Message-ID: <MW5PR84MB1842289055550CE30913D2CEAB319@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <YwXfnidzkebRDty0@xsang-OptiPlex-9020>



> -----Original Message-----
> From: kernel test robot <oliver.sang@intel.com>
> Sent: Wednesday, August 24, 2022 3:22 AM
> To: Elliott, Robert (Servers) <elliott@hpe.com>
> 
> FYI, we noticed the following commit (built with gcc-11):
> 
> commit: aa031b8f702e7941b4c86022348a366c335d389a ("crypto: x86/sha512 - load based on CPU features")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> 
> in testcase: leaking-addresses caused below changes 
> 2022-08-21 00:20:54 ./leaking_addresses.pl --output-raw result/scan.out
> 2022-08-21 00:21:21 ./leaking_addresses.pl --input-raw result/scan.out --squash-by-filename
...
> [49 .init_array] 0xffffffffa03f0000
> [50 .gnu.linkonce.this_module] 0xffffffffa041a540
> [2 .rodata.cst16.bswap_mask] 0xffffffffa040d100
> [2 .noinstr.text] 0xffffffffa0c3ae00
> [4 .altinstr_aux] 0xffffffffa0c39d55
> [20 __param] 0xffffffffa0415a88
> [20 .altinstructions] 0xffffffffa06fb180
...
> [1 .rodata.cst640.K512] 0xffffffffa08001c0    <-------- (1)
> [1 .rodata.cst16.XMM_QWORD_BSWAP] 0xffffffffa08001a0   <-------- (2)
> [1 .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK] 0xffffffffa0801160  <--------- (3)
> [1 .rodata.cst32.MASK_YMM_LO] 0xffffffffa0801180     <-------- (4)
...

The patch simply causes the x86 sha512 module to be loaded instead of
sitting unused. Future patches will do the same for the rest of the
x86 crypto modules.

scripts/leaking_addresses.pl is scanning all the files in /proc and /sys
looking for files with contents that look like kernel addresses (16 hex
characters starting with ffff).

kernel/module/sysfs.c creates a sysfs directory for each loaded
module that includes a sections subdirectory containing numerous files 
with filenames starting with . including:
-r--------. 1 root root 19 Oct 25 14:07 .rodata.str1.1
-r--------. 1 root root 19 Oct 25 14:07 .rodata.str1.8
-r--------. 1 root root 19 Oct 25 14:07 .rodata
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst16.XMM_QWORD_BSWAP
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst32.MASK_YMM_LO
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK
-r--------. 1 root root 19 Oct 25 14:07 .rodata.cst640.K512

The contents of the files are not accessible to non-root users.

Those contain linker addresses:
/sys/module/sha512_ssse3/sections/.rodata:0xffffffffc084b000
/sys/module/sha512_ssse3/sections/.rodata.cst16.XMM_QWORD_BSWAP:0xffffffffc084b170
/sys/module/sha512_ssse3/sections/.rodata.cst32.MASK_YMM_LO:0xffffffffc084bf00
/sys/module/sha512_ssse3/sections/.rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK:0xffffffffc084bee0
/sys/module/sha512_ssse3/sections/.rodata.cst640.K512:0xffffffffc084b1c0
/sys/module/sha512_ssse3/sections/.rodata.str1.1:0xffffffffc084bf20
/sys/module/sha512_ssse3/sections/.rodata.str1.8:0xffffffffc084bf28

That is not unique to the crypto modules - all modules are there:
/sys/module/intel_uncore_frequency/sections/.rodata: 0xffffffffc08d0020
/sys/module/intel_uncore_frequency/sections/.rodata.str1.8: 0xffffffffc08d0118

/sys/module/coretemp/sections/.init.rodata: 0xffffffffc0c5d000
/sys/module/coretemp/sections/.rodata: 0xffffffffc0a2c280
/sys/module/coretemp/sections/.rodata.str1.1: 0xffffffffc0a2c000
/sys/module/coretemp/sections/.rodata.str1.8: 0xffffffffc0a2c130
...

Perhaps lkp needs to run that script as a normal user, not root? 
As root, it outputs 67234 lines; as a normal user, it outputs
just 3 lines (all values related to keyboards, not addresses).

next prev parent reply	other threads:[~2022-10-25 21:16 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-24  8:21 kernel test robot
2022-10-23 12:57 ` Oliver Sang
2022-10-25 21:15 ` Elliott, Robert (Servers) [this message]
2022-10-30  7:59   ` Oliver Sang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MW5PR84MB1842289055550CE30913D2CEAB319@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM \
    --to=elliott@hpe.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=lkp@lists.01.org \
    --cc=me@tobin.cc \
    --cc=oliver.sang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox