From patchwork Mon Jun 22 20:58:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11619111 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6E0E5912 for ; Mon, 22 Jun 2020 21:00:11 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4798C2073E for ; Mon, 22 Jun 2020 21:00:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fz3TI5dY"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="lP9wwldV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4798C2073E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dMyadzB+WmxE6LF9t1Ky5dOp0Zfunx1km9ebhhew1oc=; b=fz3TI5dYXVh30PrSQih04MNTC YRhpMKICUghJ/tBOofOOPCEU4ApQV0ogS2HbvbRPxlleTSJZQF0d+zjx91iSwIZ9b7WlBQQ7tk3BZ 1COkbIBW8/BA1DLappdpTlnCE0MdJx4bbD6YnYa2XLDNatg63xP9C2wY12NuLq0SQbLfZrPrt72K2 kVGVLwYBBCPZpIqdW5g4dtcCEZwhoE8Gu/+/IFWBbPx7kEgkE1LvBtUEPF7IrYCEHWp1ZO/HRLSkx 2cjkywK4+r1eZWYnVVZOxbJdr64ezbwpcGQ5wevA5zGU7Ah0dzkxS+Z51lrTMuvuTUT1jSsuezthK lg60ucgDg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTWN-00082G-Gb; Mon, 22 Jun 2020 20:58:27 +0000 Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnTWH-00080f-PI for linux-arm-kernel@lists.infradead.org; Mon, 22 Jun 2020 20:58:22 +0000 Received: by mail-pj1-x1042.google.com with SMTP id m2so467775pjv.2 for ; Mon, 22 Jun 2020 13:58:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=q1OBEWaxVovTEcB37uBYgE/K0BmOSSCdkkUrY0xJrlc=; b=lP9wwldVbiqOOceUWdcR1/C7JaoksAFC1AGEd2IpbVdS5COWrufq97/Clbs06ahpr2 Ig8zhhzjxNxRym5ybzFNeTJC+U+BpytAyxPh75t0lBs4bq76eLYcLhgFjiDqgxE0E80I P1GfY/nA+xqh4eaMGNkWsygArj3VzHmI8Q4wY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=q1OBEWaxVovTEcB37uBYgE/K0BmOSSCdkkUrY0xJrlc=; b=VZw+JTJCVTkZvfO0oyFYoE/7RFgzZkNrW5ZEN3sQiRIP8uIw+LL02uyORzXDJkIFA4 OTMvNW351JnW68rz/b6qN4y+IO3G8AbncaJl1MIeOt/HKYrUd8/NIuidLYlMQop1Rceo ttX/BzvOtBkLoMhgvytovDI457OYndtq1IjPo0Cz4rr9UgO74uqeHWHgZTf82yhJCMrd Ad6rYYPhiCJQ4Rh0wmOnxxxsRbkn0INxB6zUdB9CWhCu8DPHExKBt7whyAAe95qePMEQ 4tkKgpN8nYokwdE5mDAiI9U+il6sh2StkC1nHKAvAEU1f4pRcXhHoQtC6NyTSmwOgHsy LPRw== X-Gm-Message-State: AOAM5300OtKlJuW4hqZIb4g0uVPdBVsizKrKQcHvuEsMjX0+CLtK/m6T GekGnUfjPY2G897z49bVztfBuw== X-Google-Smtp-Source: ABdhPJw8ZfE/t9NOYRfv219EhLime3UVPPpW1/MOsNhWaFmvHsPXrFNhzxDZ8zzY52sAlFVq4jY/Yw== X-Received: by 2002:a17:90a:e387:: with SMTP id b7mr20930337pjz.176.1592859499822; Mon, 22 Jun 2020 13:58:19 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id i3sm12146531pgj.52.2020.06.22.13.58.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jun 2020 13:58:17 -0700 (PDT) From: Kees Cook To: Will Deacon Subject: [PATCH v2 2/2] arm64/build: Warn on orphan section placement Date: Mon, 22 Jun 2020 13:58:15 -0700 Message-Id: <20200622205815.2988115-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622205815.2988115-1-keescook@chromium.org> References: <20200622205815.2988115-1-keescook@chromium.org> MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1042 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Arnd Bergmann , Catalin Marinas , Nick Desaulniers , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , Nathan Chancellor , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Explicitly include debug sections when they're present. Add .eh_frame* to discard as it seems that these are still generated even though -fno-asynchronous-unwind-tables is being specified. Add .plt and .data.rel.ro to discards as they are not actually used. Add .got.plt to the image as it does appear to be mapped near .data. Finally enable orphan section warnings. Signed-off-by: Kees Cook --- arch/arm64/Makefile | 4 ++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index a0d94d063fa8..3e628983445a 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -29,6 +29,10 @@ LDFLAGS_vmlinux += --fix-cortex-a53-843419 endif endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y) ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y) $(warning LSE atomics not supported by binutils) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 5427f502c3a6..c9ecb3b2007d 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -94,7 +94,8 @@ SECTIONS /DISCARD/ : { *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) - *(.eh_frame) + *(.plt) *(.data.rel.ro) + *(.eh_frame) *(.init.eh_frame) } . = KIMAGE_VADDR + TEXT_OFFSET; @@ -209,6 +210,7 @@ SECTIONS _data = .; _sdata = .; RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN) + .got.plt : ALIGN(8) { *(.got.plt) } /* * Data written with the MMU off but read with the MMU on requires @@ -244,6 +246,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG HEAD_SYMBOLS }