From patchwork Wed Jun 24 01:49:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11622203 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0E8201392 for ; Wed, 24 Jun 2020 01:52:07 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DBC6720702 for ; Wed, 24 Jun 2020 01:52:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Bcvfbj7T"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CIDABal4" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBC6720702 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=cBSPHZpS9THEstmSjKQMWZCfjKCp53XwxZLw6thmpaI=; b=Bcvfbj7TkNHRqr7IQ9AR1Ub9lH 9Ypo7M5FWhTIjrisjU6PYKa7RZF1zlX6YqT8Gf5XsFUpJd0X0dwZxD2OVKVoAyoRyisL7It2/Pr89 d+KzgW1yI+KlXdCjL+pJ/gg8c5PpOBc6A0cpX6MqgA1YW/QDyMRvtFSEIbHvXHVdWksyHewc2fRS2 viZPmZ1xV1yezVRx1EQupH1h7OWs4zQLecCrKFU5M0UzmpUFHUBB5KBjX+FD7l6Q/HWByn7/Xt8fD 6ESoQmDIJkS3EX90bDPkG7B844VAtUgRJDTc20Xep0WH4a+LFtvNLdUbc+NnWFPOD5mYXxrngVBWT SYi13sQw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnuYB-0006Tl-W9; Wed, 24 Jun 2020 01:50:08 +0000 Received: from mail-pj1-x1041.google.com ([2607:f8b0:4864:20::1041]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnuXu-0006KS-SJ for linux-arm-kernel@lists.infradead.org; Wed, 24 Jun 2020 01:49:52 +0000 Received: by mail-pj1-x1041.google.com with SMTP id u14so414646pjj.2 for ; Tue, 23 Jun 2020 18:49:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XRX+a9QElrykJZmLdxem4I40g6I/9leCnrUb/OjtOMI=; b=CIDABal4Q+UfzI6TBZvIf3fo33EAYBlTM+i4WnVSQcoUlRTxWm02Cj9OOEXCd4yS6L 307zhAh97TXGXcj5JjcKAZqxQURhTxfozAhzuBm60rS3Yo9aZZgowAfuLuMjWedb3dF6 EuQg6eb5KlOItUtb9njXU8b0lPFOb9RM4akWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XRX+a9QElrykJZmLdxem4I40g6I/9leCnrUb/OjtOMI=; b=OM6xW3VcM4UdnUcE5l2Uxlzi7HEDdoiRIFjbwLsMTjzXGgeG/UxXKjRlk3deWqJvQE 736s1g2KsxlLJZFdHB6K4ABnoSeem6gwsgx6ZXQNaAt1/FHBgOWjZANuDvKYw1uHYCgY CFVGzN838zJj7OoboEK+y+AqBdVhfDBheMzuC6VLdu308txIWQ2NJn+QNHJ0YZ6C6Zr6 QZjFOFDa6MVYgpM8F7tdAB03mr1CefX312c8Nfv1Cz2rGz+LrRjsUdFmKPpB33vRpBd4 y9FnakYBje0xtgGqHZBeJpwbClqTdffNzJuVNPqdcfJx7+RwjTLpqr1yQqcXdfWI8QLl Nv7g== X-Gm-Message-State: AOAM531BWXzwstX5nPmrPZtwXeAOo1av/8c/v5RHG7db80ryLBgxn2+b nMPHJZiGP1S6l/0abiJ6FhLnbQ== X-Google-Smtp-Source: ABdhPJwl6JTcw+g/B90wVgoZK0xqnoCWxZXqyZZiqvL8XYPvPf3KqeE6RxoFL30elVgP9TzunKDaOQ== X-Received: by 2002:a17:90a:d186:: with SMTP id fu6mr4433095pjb.185.1592963388068; Tue, 23 Jun 2020 18:49:48 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id nl11sm3230884pjb.0.2020.06.23.18.49.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jun 2020 18:49:46 -0700 (PDT) From: Kees Cook To: Will Deacon Subject: [PATCH v3 0/9] Warn on orphan section placement Date: Tue, 23 Jun 2020 18:49:31 -0700 Message-Id: <20200624014940.1204448-1-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1041 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, Nathan Chancellor , clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Thomas Gleixner , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org v3: - merge series back together (I tried to make it separable, but no luck) - remove unwanted sections in libstub - remove unwanted .eh_frame sections for both .c and .S - handle sections seen during allnoconfig builds - handle synthetic and double-quoted sections reported by Clang - add reviewed-bys v2: https://lore.kernel.org/lkml/20200622205815.2988115-1-keescook@chromium.org/ v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/ A recent bug[1] was solved for builds linked with ld.lld, and tracking it down took way longer than it needed to (a year). Ultimately, it boiled down to differences between ld.bfd and ld.lld's handling of orphan sections. Similarly, the recent FGKASLR series brough up orphan section handling too[2]. In both cases, it would have been nice if the linker was running with --orphan-handling=warn so that surprise sections wouldn't silently get mapped into the kernel image at locations up to the whim of the linker's orphan handling logic. Instead, all desired sections should be explicitly identified in the linker script (to be either kept or discarded) with any orphans throwing a warning. The powerpc architecture actually already does this, so this series extends coverage to x86, arm, and arm64. All three architectures depend on the first two commits (to vmlinux.lds.h), and x86 and arm64 depend on the third patch (to libstub). As such, I'd like to land this series as a whole. Given that two thirds of it is in the arm universe, perhaps this can land via the arm64 tree? If x86 -tip is preferred, that works too. Or I could just carry this myself in -next. In all cases, I would really appreciate reviews/acks/etc. :) Thanks! -Kees This series is here: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v3 [1] https://github.com/ClangBuiltLinux/linux/issues/282 [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/ Kees Cook (9): vmlinux.lds.h: Add .gnu.version* to DISCARDS vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to STABS_DEBUG efi/libstub: Remove .note.gnu.property x86/build: Warn on orphan section placement x86/boot: Warn on orphan section placement arm/build: Warn on orphan section placement arm/boot: Warn on orphan section placement arm64/build: Use common DISCARDS in linker script arm64/build: Warn on orphan section placement arch/arm/Makefile | 4 ++++ arch/arm/boot/compressed/Makefile | 2 ++ arch/arm/boot/compressed/vmlinux.lds.S | 17 ++++++-------- .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++----- arch/arm/kernel/vmlinux-xip.lds.S | 5 ++--- arch/arm/kernel/vmlinux.lds.S | 5 ++--- arch/arm64/Makefile | 9 +++++++- arch/arm64/kernel/smccc-call.S | 2 -- arch/arm64/kernel/vmlinux.lds.S | 16 ++++++++++---- arch/arm64/mm/mmu.c | 2 +- arch/x86/Makefile | 4 ++++ arch/x86/boot/compressed/Makefile | 3 ++- arch/x86/boot/compressed/vmlinux.lds.S | 11 ++++++++++ arch/x86/include/asm/asm.h | 6 ++++- arch/x86/kernel/vmlinux.lds.S | 6 +++++ drivers/firmware/efi/libstub/Makefile | 3 +++ include/asm-generic/vmlinux.lds.h | 7 +++++- 17 files changed, 92 insertions(+), 32 deletions(-) rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%)