From patchwork Wed Jun 24 01:49:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11622197 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D87A992A for ; Wed, 24 Jun 2020 01:51:59 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B199920702 for ; Wed, 24 Jun 2020 01:51:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RF0NoFSx"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="TdJYKQfK" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B199920702 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Os8UHCei8DBDwTxtk6WgQXwfnd9Lcv7fQxGUvSLYmlk=; b=RF0NoFSxjlj2DUTtgAvSVFjbw Qs+IqCTBON2lEjlGzl7DF6dMetGQ7nlngpYrYiUZ1cR3OeMJI4COOEGAPohI5w47YBI3BaQJO3nUe RmECD7MkdKxrMO3xU/j8DrkRYoTiz/epomayvFtNsawmTwul4zkWfxtbI4KKAn/rPCW/T2ZxvH5d5 EDa1Cx+CMAelPGrAgcYBExQdPqj20OJxCdM80sZC2i4mk7ddXpWh+HbfmO8z4yxBiMjwR3Pzeg6+o rHcT9Oj94399VHFFILOPEkNMoHzwYNVgllevKqcYkE5bFt50cYVb0h+oxqDAxfJl1bMvQYzw+5oFW O8oCglR9A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnuYF-0006Ui-Fu; Wed, 24 Jun 2020 01:50:11 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnuXv-0006Kw-RQ for linux-arm-kernel@lists.infradead.org; Wed, 24 Jun 2020 01:49:53 +0000 Received: by mail-pl1-x644.google.com with SMTP id f2so328659plr.8 for ; Tue, 23 Jun 2020 18:49:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1dy932Q1L6bL01oX9ZyNGxMZGfZc9HBFmwG4K7Tai+w=; b=TdJYKQfKuVwGeVGHEDD2vnD1lvuUL7cKVDKIPrO6knxxj6QtsEWzxUWr99rLFOCPfK 9ohQqyEVVZpfo0ViNiWBQ3Ut68BJePEhP9nQaLhMsRG6OBio29yJbdvSaN570AxQ3PxD VtIPRHCizmozN4OWucFCQVq6c7qciUfkrqN+w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1dy932Q1L6bL01oX9ZyNGxMZGfZc9HBFmwG4K7Tai+w=; b=ZL6S3gmHueLspemiiFGT0nTeWV2UFw4d7MGRhAA6LI6Cjl0RvoSkgt5EFC7SCT+PaL 6mOYgKS4IziayoCLHYlrAYLlvJ1yEydqVF8NixvItytwlvwQB6VqJEcIJNkST+kJHXDy 6M+o4vHb27SRCjQzgHy8QFcK8PdFZqtj/r2mKGzKFAsHk5YhlDHxImpOqrCInPkXg6Es 0b6cQOCX0rNDBOqAUlBYNmZuAMPW96np+u0d051aV1RMfCdpbN1iArWsoiKJXW8iQYpI 2HKeWSIeGgpiu5TtK/JJ1Qp6LfiYaSEJH8kdz417WgJB5vlE6yvda+yOH++Ozq/mBGV0 Z+EQ== X-Gm-Message-State: AOAM532Ae5oTrGx0F0DL44zKRt5uGRvnJhWsaHQrltCzIpK1wCUoMi8c MqGQAuptjthPq+07fJ9uSdRNtA== X-Google-Smtp-Source: ABdhPJz6GuoF4HjGXS1UVnYm6pgHtPqOwo/XSsJjpo3fuRaU8aGICUridm4hb0FUl1JDIqO0EOq+8Q== X-Received: by 2002:a17:902:9693:: with SMTP id n19mr16693200plp.253.1592963389555; Tue, 23 Jun 2020 18:49:49 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d22sm172748pfd.105.2020.06.23.18.49.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jun 2020 18:49:46 -0700 (PDT) From: Kees Cook To: Will Deacon Subject: [PATCH v3 4/9] x86/build: Warn on orphan section placement Date: Tue, 23 Jun 2020 18:49:35 -0700 Message-Id: <20200624014940.1204448-5-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200624014940.1204448-1-keescook@chromium.org> References: <20200624014940.1204448-1-keescook@chromium.org> MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, Nathan Chancellor , clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Thomas Gleixner , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Discards the unused rela, plt, and got sections that are not needed in the final vmlinux, stop emitting kprobe sections without kprobes, and enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/Makefile | 4 ++++ arch/x86/include/asm/asm.h | 6 +++++- arch/x86/kernel/vmlinux.lds.S | 6 ++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 00e378de8bc0..f8a5b2333729 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -51,6 +51,10 @@ ifdef CONFIG_X86_NEED_RELOCS LDFLAGS_vmlinux := --emit-relocs --discard-none endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + # # Prevent GCC from generating any FP code by mistake. # diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h index 0f63585edf5f..92feec0f0a12 100644 --- a/arch/x86/include/asm/asm.h +++ b/arch/x86/include/asm/asm.h @@ -138,11 +138,15 @@ # define _ASM_EXTABLE_FAULT(from, to) \ _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault) -# define _ASM_NOKPROBE(entry) \ +# ifdef CONFIG_KPROBES +# define _ASM_NOKPROBE(entry) \ .pushsection "_kprobe_blacklist","aw" ; \ _ASM_ALIGN ; \ _ASM_PTR (entry); \ .popsection +# else +# define _ASM_NOKPROBE(entry) +# endif #else # define _EXPAND_EXTABLE_HANDLE(x) #x diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 3bfc8dd8a43d..bb085ceeaaad 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -412,6 +412,12 @@ SECTIONS DWARF_DEBUG DISCARDS + /DISCARD/ : { + *(.rela.*) *(.rela_*) + *(.rel.*) *(.rel_*) + *(.got) *(.got.*) + *(.igot.*) *(.iplt) + } }