From patchwork Mon Jun 22 20:49:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11619101 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0237913 for ; Mon, 22 Jun 2020 20:51:06 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 99E0F2073E for ; Mon, 22 Jun 2020 20:51:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jtddYOJB"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="DooDqOpD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 99E0F2073E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=nohSTCmM6uME5V+hVeTtx+eBYiykTR7fa4XFCz2ke4I=; b=jtddYOJBX0izirkDPCAcvvEJ1 Md83tm35sGP/BF8MU8+ysFKOlc99tqbJ+LdGCdNLfXg+xOv5KpBAF/1S7EcWnvz0R6P8luFq/6Pra fyFYXv4nvyidY6bCUPugJn/uZSUzRlkLjUGilr+iO5duDSyw2nrUK3h3jW4YBVyvpY+5PfNgbbEpG yy4+7SPFPRAiwBF/C+xVOOQdFk1hX4OOwYd4DqjMweJKU1qUh4Ny6422r80H4FrXJd/38bwjgDRcD lcXjaBKIoxjvchmOxXQZWXkTyVc7CY86mZBgTQo7a2io7QUKXLPwQ/bTUluKdzfWkiKIBPIm7AovV j5+OjEQeA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNd-0006rD-4L; Mon, 22 Jun 2020 20:49:25 +0000 Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNZ-0006q8-95 for linux-arm-kernel@lists.infradead.org; Mon, 22 Jun 2020 20:49:22 +0000 Received: by mail-pj1-x1035.google.com with SMTP id u8so412544pje.4 for ; Mon, 22 Jun 2020 13:49:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=l5ovQdOa53Wq08SUrbeqBNAB7olZAVfsR3FjDV/m7eY=; b=DooDqOpDKT5GVcqKI+NdzbhpsVG5cTPTjRWDvCnalSZ78TU0BflJKcy0+WjXQdzJUd nui1jCUlJ5fbIJxzP0agAYsi+h5M9y+IvvMzBHAjbP668AnpRIx8aWNsQNZgS/aY6d/d u8xLfqbEWCv1etHLm0M4ZsogtMdBgDAhDGbc4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=l5ovQdOa53Wq08SUrbeqBNAB7olZAVfsR3FjDV/m7eY=; b=TLxhUU4iJG0oVJZmbaxXRV0pDg7oeZivuXT5B9zPH6WlvV4A9rJf2r3pmImrMO469u GzUCucHDyBYKJibArBgUViZSFVXQ75Ts1jPdkCVOOXDr3e9u4rhuYgIS5Vi5erU36N8c /sZoRMIies/Z1/A5UoSy3iAtU0siVoYPtxDg/z4oZeD7Bene3HVDMdR0ewwTGjjMCXu9 OYIMQIg3Gf9gS6pJcLaNcFTifSy+txtq0voOVhq5f6u+IrUjqgJUSMjpprnza8p/RwvG 93/8qFGh9vAIwgeOCYKvIE0eBoQJ2l+x3jT5fC/txTvuDBOWqkOBXyIw3guDuSn87hqj pU6g== X-Gm-Message-State: AOAM532+ck0uAaumpBVvzSy3s76pbz33Lhihf4Hlu8luEYPS6lRK+wLI feFu5a7wULzjJJEoM1016S4gyQ== X-Google-Smtp-Source: ABdhPJxWLjAN3LTRor3CItyiankVSVFYUWavtWYs3XzWIhWViymp1qIM+aN6nQqNjlDW1cBjx8Fkxg== X-Received: by 2002:a17:90a:5c82:: with SMTP id r2mr9732950pji.161.1592858959245; Mon, 22 Jun 2020 13:49:19 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id u26sm2152216pgo.71.2020.06.22.13.49.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jun 2020 13:49:17 -0700 (PDT) From: Kees Cook To: Russell King Subject: [PATCH v2 1/2] arm/build: Warn on orphan section placement Date: Mon, 22 Jun 2020 13:49:14 -0700 Message-Id: <20200622204915.2987555-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622204915.2987555-1-keescook@chromium.org> References: <20200622204915.2987555-1-keescook@chromium.org> MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1035 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Arnd Bergmann , Masahiro Yamada , Nick Desaulniers , linux-kernel@vger.kernel.org, Nathan Chancellor , Will Deacon , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Specifically, this would have made a recently fixed bug very obvious: ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup' Refactor linker script include file for use in standard and XIP linker scripts, as well as in the coming boot linker script changes. Add debug sections explicitly. Create ARM_COMMON_DISCARD macro with unneeded sections .ARM.attributes, .iplt, .rel.iplt, .igot.plt, and .modinfo. Create ARM_STUBS_TEXT macro with missed text stub sections .vfp11_veneer, and .v4_bx. Finally enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/Makefile | 4 ++++ .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++----- arch/arm/kernel/vmlinux-xip.lds.S | 5 ++--- arch/arm/kernel/vmlinux.lds.S | 5 ++--- 4 files changed, 25 insertions(+), 11 deletions(-) rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 59fde2d598d8..e414e3732b3a 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -16,6 +16,10 @@ LDFLAGS_vmlinux += --be8 KBUILD_LDFLAGS_MODULE += --be8 endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM_MODULE_PLTS),y) KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds endif diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h similarity index 92% rename from arch/arm/kernel/vmlinux.lds.h rename to arch/arm/include/asm/vmlinux.lds.h index 381a8e105fa5..3d88ea74f4cd 100644 --- a/arch/arm/kernel/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -1,4 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#include #ifdef CONFIG_HOTPLUG_CPU #define ARM_CPU_DISCARD(x) @@ -37,6 +38,13 @@ *(.idmap.text) \ __idmap_text_end = .; \ +#define ARM_COMMON_DISCARD \ + *(.ARM.attributes) \ + *(.iplt) *(.rel.iplt) *(.igot.plt) \ + *(.modinfo) \ + *(.discard) \ + *(.discard.*) + #define ARM_DISCARD \ *(.ARM.exidx.exit.text) \ *(.ARM.extab.exit.text) \ @@ -49,8 +57,14 @@ EXIT_CALL \ ARM_MMU_DISCARD(*(.text.fixup)) \ ARM_MMU_DISCARD(*(__ex_table)) \ - *(.discard) \ - *(.discard.*) + ARM_COMMON_DISCARD + +#define ARM_STUBS_TEXT \ + *(.gnu.warning) \ + *(.glue_7t) \ + *(.glue_7) \ + *(.vfp11_veneer) \ + *(.v4_bx) #define ARM_TEXT \ IDMAP_TEXT \ @@ -64,9 +78,7 @@ CPUIDLE_TEXT \ LOCK_TEXT \ KPROBES_TEXT \ - *(.gnu.warning) \ - *(.glue_7) \ - *(.glue_7t) \ + ARM_STUBS_TEXT \ . = ALIGN(4); \ *(.got) /* Global offset table */ \ ARM_CPU_KEEP(PROC_INFO) diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 6d2be994ae58..0807f40844a2 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -9,15 +9,13 @@ #include -#include +#include #include #include #include #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) @@ -152,6 +150,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG } /* diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 7f24bc08403e..969205f125ca 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -9,15 +9,13 @@ #else #include -#include +#include #include #include #include #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) @@ -151,6 +149,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG } #ifdef CONFIG_STRICT_KERNEL_RWX