From patchwork Mon Jun 22 20:49:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11619103 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C52714E3 for ; Mon, 22 Jun 2020 20:51:16 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 051932073E for ; Mon, 22 Jun 2020 20:51:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="h1OM45zz"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="KGrufEOt" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 051932073E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=RDtLZwjnf7B841OWOs7riYnyhBddMnRXyc950N5KVNw=; b=h1OM45zzbEBukmiiLWfNi/flW hOjPkCW+NW8iyNymsI/WdvSvbMy3zDlYKBt03fFtMr6s0C+TqSXwuiPksSoOybo6hUA+itDR8KYm8 oZDJdj9Zg9OJWTTz/WV8JlICLPBTJa/o7kpyq9RRj0D3OCAgzKpff2VLPNodhpI4Jx4x2DHoq5hq6 cK5ciFsxGB563dbi3NWbSmeNKVQao1EYt2nrpxEFjN0JSrMzzYbOe6ZnUCDO3ieHZkhgXQYEVXOYI ullH9YgKaPEEHCXQzSqZqzE2oMp/VrstW0RcY+jMzByYENsvYXF/eB0nnG4P9kAJkL8cYXE3Z+tLz 7dblbTCQA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNf-0006rm-Tz; Mon, 22 Jun 2020 20:49:27 +0000 Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTNa-0006qE-4L for linux-arm-kernel@lists.infradead.org; Mon, 22 Jun 2020 20:49:22 +0000 Received: by mail-pf1-x441.google.com with SMTP id x22so8957242pfn.3 for ; Mon, 22 Jun 2020 13:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=r1CVChw5lv6qJCnYUjb6+Q15TOtyE7dXeIu2ryL/SHg=; b=KGrufEOtpDgs2nOg9wb3X5+aCdoDBcU2BbqBJF9JnFiN7NYhGx8YRWkjEsx1innFuW 9AoEF8lI0idh1cywRxfFl46gPAtmITrhRGTpwyb9cDX6wWdAo/AUl9rtqtLADYyRSUjL w7JkfvilcJwN8sldL7jdsQIGufYkLtY7/Y9Ts= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=r1CVChw5lv6qJCnYUjb6+Q15TOtyE7dXeIu2ryL/SHg=; b=nuJYFR+k8iDyl9npxS/H/kDl/P034cV6CDEavwwL6TPXvTjhdm5iqD26wTwAztP4gX vXbLjZ3kuSTOKzuBPPUaZYw/t/gos66zlBGaQw148bJXPKgCvrad0b+CF+cH8qC6biHj SkhAtzNNCaAcD1+BXA3UyDZghPg+p8+WWi7wsFpPiKfU1WvCsVa6RmouRk0TURh2dGJA 9TbGkd72oUgeXxly7kXgE/SaazqQ2lDHw3HH+nrVU556MXQrZUN3bWaplwM7g/QJIqfL klt8/fXl7i5JqzvXTLUiMPKSfBh5o9nV99aV93qXI5EUYfPjdPgOJTjwu5huUzETTABY gTUg== X-Gm-Message-State: AOAM531kpHD4esNcuGSG00/C1HOSxPtNJ7hWJQvqeNbHO5DAawkqmsTp rB8X1MFVPukMm/yezVmlfT87eg== X-Google-Smtp-Source: ABdhPJxPxpqqRtjCVllhoqkxjmNgjtYDQxIQ16KOwWiOWFtnPCAZVrzEjz24KyaZYQPU/nCq+BLAsw== X-Received: by 2002:a63:a1f:: with SMTP id 31mr14066354pgk.228.1592858960160; Mon, 22 Jun 2020 13:49:20 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id i7sm12270469pgr.86.2020.06.22.13.49.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jun 2020 13:49:17 -0700 (PDT) From: Kees Cook To: Russell King Subject: [PATCH v2 2/2] arm/boot: Warn on orphan section placement Date: Mon, 22 Jun 2020 13:49:15 -0700 Message-Id: <20200622204915.2987555-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622204915.2987555-1-keescook@chromium.org> References: <20200622204915.2987555-1-keescook@chromium.org> MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Arnd Bergmann , Masahiro Yamada , Nick Desaulniers , linux-kernel@vger.kernel.org, Nathan Chancellor , Will Deacon , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Use common macros for debug sections, discards, and text stubs. Add discards for unwanted .note, and .rel sections. Finally, enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/boot/compressed/Makefile | 2 ++ arch/arm/boot/compressed/vmlinux.lds.S | 17 +++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index 00602a6fba04..b8a97d81662d 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -128,6 +128,8 @@ endif LDFLAGS_vmlinux += --no-undefined # Delete all temporary local symbols LDFLAGS_vmlinux += -X +# Report orphan sections +LDFLAGS_vmlinux += --orphan-handling=warn # Next argument is a linker script LDFLAGS_vmlinux += -T diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S index 09ac33f52814..c2a8509f876f 100644 --- a/arch/arm/boot/compressed/vmlinux.lds.S +++ b/arch/arm/boot/compressed/vmlinux.lds.S @@ -2,6 +2,7 @@ /* * Copyright (C) 2000 Russell King */ +#include #ifdef CONFIG_CPU_ENDIAN_BE8 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \ @@ -17,8 +18,11 @@ ENTRY(_start) SECTIONS { /DISCARD/ : { + ARM_COMMON_DISCARD *(.ARM.exidx*) *(.ARM.extab*) + *(.note.*) + *(.rel.*) /* * Discard any r/w data - this produces a link error if we have any, * which is required for PIC decompression. Local data generates @@ -36,9 +40,7 @@ SECTIONS *(.start) *(.text) *(.text.*) - *(.gnu.warning) - *(.glue_7t) - *(.glue_7) + ARM_STUBS_TEXT } .table : ALIGN(4) { _table_start = .; @@ -128,12 +130,7 @@ SECTIONS PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data)); PROVIDE(__pecoff_end = ALIGN(512)); - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + STABS_DEBUG + DWARF_DEBUG } ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");