From patchwork Fri Aug 21 19:43:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11730419 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A8B1F138C for ; Fri, 21 Aug 2020 19:55:13 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 811DC214F1 for ; Fri, 21 Aug 2020 19:55:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pU6eD3wS"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="PH6uKvVh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 811DC214F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fx7ZZ/yF4MAPa9qQDZYzVqMp83ppCk3VyuqFWQXYHBE=; b=pU6eD3wSDpoxlab/fOB2H38+o QrcQjx1thVLRu3y+6VMimOYsvn0jFge0ElN/ICCbFDtaorKi4+MeaQx/uuiyCkvMxYsRNVkkWF4JZ LBEm196PJOGqsgevPS4ERpDA8i/569YCnxehIirp2oEGI0AA5f/z2LxeWPEZFMpbiIs+iIwZXhaID jL7JO+qlcl2qzJSzJtBUErRew3JBLA88NbrmIsQQAXv5eWX8kQAHXRm3IaJv8q1e75UzbeU48ho5T keHh7AUk7P4IA0XCFxx+mkCM1hOPBtB2WQyAzthJHLJI3e/TK5D2+8zyyzwt/ZwXyhuikYzvR9Z9U yWyTTafvg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k9D7k-0003Nn-8Z; Fri, 21 Aug 2020 19:54:52 +0000 Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k9D70-00036o-3b for linux-arm-kernel@lists.infradead.org; Fri, 21 Aug 2020 19:54:10 +0000 Received: by mail-pj1-x1042.google.com with SMTP id ep8so1262104pjb.3 for ; Fri, 21 Aug 2020 12:54:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X1pLED4dOZHjJehTtWdStx3hbiXOC8sBHN8PPW1XfeE=; b=PH6uKvVhsYajnUeu9WI2S5GhMXGTVSnkPRxAIXL2PQfyslzAd+tUmyU2hUVqyaQiNq R753MmTdw4LGV1AeWW4YF/PEX9V5Kij7VQwCWXLgHNxh+7mIIWrxJDxeVUGxkMY13cGg ETS7WkMSrGy3ull8otZSIbk81u4Ez6PoMkmzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X1pLED4dOZHjJehTtWdStx3hbiXOC8sBHN8PPW1XfeE=; b=ol+2vdHuqUOszRheYag0FcvXK2e/YfBoyinXPs11HOu4aGK8jk//LuDt3EYivzPjIl puKOlOC5Mg93zwR7JuatzwDwM9X4hQQnf2r1zNzsh8+ceA3+uMinLWEx/Aw1+Pngp9Kv 4wqaUvaWXAbPN5YqcORz5AL6zk2eXSTeAkCFb6OwxU1AYEBBHQRTkSl3nWYHs+ufsiPH O0E1V9VvGJ1xyE3XD0+jjKYqhajVhDu2BnTGt2J3Ea87RwjPsgDWAEEAwb4d5qa7wsdn 2IPyvMdsgxBnQq1ttoui/y0m4acI/jlGM3SXVsJ0nRocH8LVyLWsO3JcJMQGRc/KCVk2 xIFw== X-Gm-Message-State: AOAM533qr39qlHYbI9RlMFzjL9GwiUDoOsbYGhSkrkPpuGpu+5l55wXa cT4xqJpwmGyektSfxYLWvECDwA== X-Google-Smtp-Source: ABdhPJz0nuBd9Wk5RpEnkrKlLdMQ6PcV+wFlYs/rvYLJ53wHdBdXbAoFW0IM+5VNqofeAUl0Piyg0Q== X-Received: by 2002:a17:902:a60f:: with SMTP id u15mr2567999plq.239.1598039644162; Fri, 21 Aug 2020 12:54:04 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h18sm3442336pfo.21.2020.08.21.12.54.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Aug 2020 12:54:02 -0700 (PDT) From: Kees Cook To: Ingo Molnar Subject: [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement Date: Fri, 21 Aug 2020 12:43:10 -0700 Message-Id: <20200821194310.3089815-30-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200821194310.3089815-1-keescook@chromium.org> References: <20200821194310.3089815-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200821_155406_206268_EC200240 X-CRM114-Status: GOOD ( 14.36 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1042 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Now that all sections are explicitly handled, enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 5b7f6e175b03..647e15837a28 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -54,6 +54,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux += --orphan-handling=warn LDFLAGS_vmlinux += -T hostprogs := mkpiggy