From patchwork Mon Jun 22 20:49:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11619099 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8957914E3 for ; Mon, 22 Jun 2020 20:51:03 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 556092073E for ; Mon, 22 Jun 2020 20:51:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HiCJxWUk"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="WOD4bmbD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 556092073E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=gOshOZtmQlFw1U7CUUCHpPNwnON/tF8GVMbjtz2pyqs=; b=HiCJxWUkCAuqgFXOO17vfKZhB4 70PabD7ORCJmSG14DP66jTwqoydL8yn2ive/hfHTpMVz4f2rRdda8cI+W1vmjp8YExsEu6dvgAi5q bmf6h5GqXol9JIfUXGsYUn3rhMdTE+y/pdshh76E16JOfIndTg+R+tzFPZRPkV8lskBKmtBdbwpIL P5YKg9LlMxx6TyLAWRmwl9zFNeB0URU2HkxRxSL9cSqdtivaHjqO0rwL58+vjwBwvqgCH39zbyDEH mrNteXsAvgYmmW1woBZTpb2Pci2K0QPKqvaUR+cGHN48ykk3aLz3KfndOtbqYo07kOJAp6nzcH0nB mNBq+ydA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNb-0006qt-Gc; Mon, 22 Jun 2020 20:49:23 +0000 Received: from mail-pg1-x543.google.com ([2607:f8b0:4864:20::543]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNZ-0006pz-1j for linux-arm-kernel@lists.infradead.org; Mon, 22 Jun 2020 20:49:21 +0000 Received: by mail-pg1-x543.google.com with SMTP id e8so3549054pgc.5 for ; Mon, 22 Jun 2020 13:49:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=PH47MJnT9iMtyTipendvYX/j3g8mD6+p2C6HpOMAS2s=; b=WOD4bmbDBmCvKG9VPJe1yBY5F6RA/C5d94+rIsCOMC/AhYzvpHVOI31fkouMGWmnNs WAaT2BCHxMTDm8CF9kN1Yzmk7+OiQZeiaaHVykdf/5VG9I+XluQq+BWZ7hsb8EYRz9Sj 4FyDsma3WccZgUj17OvcILKa/Y9C4tSpDet5s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=PH47MJnT9iMtyTipendvYX/j3g8mD6+p2C6HpOMAS2s=; b=gFTwLU6IeKJtRrnL0qxm/wTKs23o/ZUO3ueekayU79fpAuCRdXmi0o0r09r8Duyx1T HVLeuyWEfkT6P8ZX1zSwv3otoYoOMeCL4qw2WU5QnBhaW5v3tQhTzF5UP5XpaCpUKKrF 7VQ0lqPjFbynBVcBiAcT60FhXvvpuOm4GytoXK+E4MQmUqSPQWKhLsMcdN9Z/udpf27o TNdd/USUqywe/XVp//QFP9C4zxR85not3xwmeAUADrRtV1mO8smomwnUsKwhipH9iWfq BQpg+g1CReG95XAB5Dl0hZprVUWMDZCkhHovbENV6R4kXitWaSO6os6czglBYlBoBr+v ZWQA== X-Gm-Message-State: AOAM530XnZmbtrGvZ41GSFaxFEqqU115P1ZPqnGckr1p545v7k7sihiy qqjuqvKd8xa2JCxKAWybTDUR1w== X-Google-Smtp-Source: ABdhPJx5Gl45//R2Ig0yurEEEVbHIR0XqfcdMn9gku7cjBoQNNfGNtFadJk52dJy3Fh27YYKIlXgsA== X-Received: by 2002:a63:6643:: with SMTP id a64mr11612472pgc.246.1592858958665; Mon, 22 Jun 2020 13:49:18 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s30sm11975161pgn.34.2020.06.22.13.49.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jun 2020 13:49:17 -0700 (PDT) From: Kees Cook To: Russell King Subject: [PATCH v2 0/2] arm: Warn on orphan section placement Date: Mon, 22 Jun 2020 13:49:13 -0700 Message-Id: <20200622204915.2987555-1-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:543 listed in] [list.dnswl.org] -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Arnd Bergmann , Masahiro Yamada , Nick Desaulniers , linux-kernel@vger.kernel.org, Nathan Chancellor , Will Deacon , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org v2: - split by architecture, rebase to v5.8-rc2 v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/ A recent bug[1] was solved for builds linked with ld.lld, and tracking it down took way longer than it needed to (a year). Ultimately, it boiled down to differences between ld.bfd and ld.lld's handling of orphan sections. Similarly, the recent FGKASLR series brough up orphan section handling too[2]. In both cases, it would have been nice if the linker was running with --orphan-handling=warn so that surprise sections wouldn't silently get mapped into the kernel image at locations up to the whim of the linker's orphan handling logic. Instead, all desired sections should be explicitly identified in the linker script (to be either kept or discarded) with any orphans throwing a warning. The powerpc architecture actually already does this, so this series extends coverage to arm. This series needs one additional commit that is not yet in any tree, but I hope to have it landed via x86 -tip shortly: https://lore.kernel.org/lkml/20200228002244.15240-3-keescook@chromium.org/ Thanks! -Kees [1] https://github.com/ClangBuiltLinux/linux/issues/282 [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/ Kees Cook (2): arm/build: Warn on orphan section placement arm/boot: Warn on orphan section placement arch/arm/Makefile | 4 ++++ arch/arm/boot/compressed/Makefile | 2 ++ arch/arm/boot/compressed/vmlinux.lds.S | 17 ++++++-------- .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++----- arch/arm/kernel/vmlinux-xip.lds.S | 5 ++--- arch/arm/kernel/vmlinux.lds.S | 5 ++--- 6 files changed, 34 insertions(+), 21 deletions(-) rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%)