From patchwork Mon Jun 29 06:18:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11630499 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CEEF3618 for ; Mon, 29 Jun 2020 06:29:13 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A6CD923132 for ; Mon, 29 Jun 2020 06:29:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="QtZi9Iux"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="KCQ5YzkO" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A6CD923132 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=5+DmG4MNBZQcFM6nUl908mbEPPNEa9rvsp/dbndijQU=; b=QtZi9IuxJr+oJ6wPJli9P8kJ2 C7ggWGgckH0W69uMHdaon/85zNfBqklZaGdhYefgplU2hsxIZJtJSz2jbJvC3f1euEMCoqoCwdzJ/ EvintdtFEqhRbFygXlN3DU/KopZB26ZOf6/yj8MT5Ari1gWQ7qKH3cSzYVLGjK+ffzEMO9pB5tiVi zWjB5ss5cw1fKvPV1Ut8Ql7uV78GHq/7qF3fubZ0BqbbD+op26C39CYudzMQ5ahGyrQTR7ZWZZl/m J6HPPTqeps5RSjp+7012xmszyrL9oSH84DB1TeaL1DsERJQI7zx1/3HnzF4g6yHfiRQgYxHifHLnG y9pUhArTA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jpnGd-0001Uf-Kg; Mon, 29 Jun 2020 06:27:47 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jpnGO-0001Re-Ij for linux-arm-kernel@lists.infradead.org; Mon, 29 Jun 2020 06:27:37 +0000 Received: by mail-pl1-x642.google.com with SMTP id u9so3086619pls.13 for ; Sun, 28 Jun 2020 23:27:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EO3sRskvzqVrSi/8WlTJ+nKIw1S19eoepjwOuVzqC+k=; b=KCQ5YzkONWOo65CEsckxdgEZDidmsxzkUPEN/UJBCW/qObWNXMfEoB9r0/E7rvaRmO xlnRluaPTdkLMjWOJpH+yUIspSAOF0HgZkzvSgs47FWa+/kG7rzViG86wdee3s9jODiH uu4zTKxTboSZHSRTNaUsgRAj4+LH6Z0yJ6Lok= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EO3sRskvzqVrSi/8WlTJ+nKIw1S19eoepjwOuVzqC+k=; b=GqtC8Et+do4RUU5LUmHVUM3tkY61SIQpV4AhlA647ByLvDzyLQEj7sPXNxS4HOFBhM zXJx0BHtXbfTJMrMebW7uYvZHCdk8Ba3jsWRHhFqmsBFcobSakQZHH6eJeq7sxs6GJBI p6MQ1dCEswb1EXKuZBoG2afSmB6fhmWGqhpmj2jHTlDu6K2IlQehYxZ/mwVnf+hz5oLc A/1cyWut577RzBwt+xPUToUthwhjBj/8zBc+Zq8GJIpYL4TuBi+SQwwO8s7hdUn97Xla eUq+j3/C+TiismhNCGKIjbEJWutNUvwyezOjGkKKfNrfsVqBB7D1zOEB8HWhuJXH/aLT TkzA== X-Gm-Message-State: AOAM530/hZty5Q4jK3xkg8/a/Hio1y5ci5gThnJAr6AQZCkv1HDrsDdB AIV2F6S3R/tqjUyFl4JtMwnDLA== X-Google-Smtp-Source: ABdhPJxsnK2AsNvKawVoNrn3+ksDPrZ4SCYduO82/RDQuADusHJqjvhs/5ikZAbuEc8CjzSaMNuCrA== X-Received: by 2002:a17:90b:4d10:: with SMTP id mw16mr15789032pjb.143.1593412050567; Sun, 28 Jun 2020 23:27:30 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h3sm19838700pje.28.2020.06.28.23.27.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Jun 2020 23:27:28 -0700 (PDT) From: Kees Cook To: Will Deacon Subject: [PATCH v4 17/17] x86/boot: Warn on orphan section placement Date: Sun, 28 Jun 2020 23:18:40 -0700 Message-Id: <20200629061840.4065483-18-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200629061840.4065483-1-keescook@chromium.org> References: <20200629061840.4065483-1-keescook@chromium.org> MIME-Version: 1.0 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:642 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, Nathan Chancellor , clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Thomas Gleixner , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Add the common debugging sections. Discard the unused note, rel, plt, dyn, and hash sections that are not needed in the compressed vmlinux. Disable .eh_frame generation in the linker and enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 3 ++- arch/x86/boot/compressed/vmlinux.lds.S | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 7619742f91c9..646720a05f89 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -48,6 +48,7 @@ GCOV_PROFILE := n UBSAN_SANITIZE :=n KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) +KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. ifeq ($(CONFIG_X86_32),y) @@ -59,7 +60,7 @@ else KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ && echo "-z noreloc-overflow -pie --no-dynamic-linker") endif -LDFLAGS_vmlinux := -T +LDFLAGS_vmlinux := --orphan-handling=warn -T hostprogs := mkpiggy HOST_EXTRACFLAGS += -I$(srctree)/tools/include diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index d88612e3091f..9afb8737896f 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -75,7 +75,17 @@ SECTIONS . = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */ _end = .; + STABS_DEBUG + DWARF_DEBUG ELF_DETAILS DISCARDS + /DISCARD/ : { + *(.note.*) + *(.rela.*) *(.rela_*) + *(.rel.*) *(.rel_*) + *(.plt) *(.plt.*) + *(.dyn*) + *(.hash) *(.gnu.hash) + } }