From patchwork Tue Mar 13 20:59:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Garnier X-Patchwork-Id: 10280783 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0EB02602C2 for ; Tue, 13 Mar 2018 21:04:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F087721327 for ; Tue, 13 Mar 2018 21:04:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E21F7284CE; Tue, 13 Mar 2018 21:04:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 4179D21327 for ; Tue, 13 Mar 2018 21:04:32 +0000 (UTC) Received: (qmail 21715 invoked by uid 550); 13 Mar 2018 21:01:06 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21534 invoked from network); 13 Mar 2018 21:00:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=c8qD1KiibZTkGA/FCtb/7LkTH6iqYoL56JQMr1OhEoo=; b=iD7EYDCvR9wEgvWpf8VeiK1I4UC/qBc9Lk5oi19wDMYBqzcYCKQNcwlGhgjtSArgCh 7Z4MLdsxXRA/Qtw0RBVmkoxrnFuMsoTe3T8/h82VNWantyrSCgNg/2PFz/uRDGnc7pDd 4dN/D2lvt7dsPv+YAodT5FzwCQgdM2rCGv1npxNnWocsYb/5+m65oWWzilaX4GCkkvJI GHJ+kw6IvvGurddAWGYFxLEJVL+8Ool2bevVktKcLuaTgjJ0WFUcNh9VkU25uRS0Uewf vXEoSaaR8E/mFnBsSp0o/05MBDlCmpDgX0mZIRVhMCe2VYZXkcLC0e2YoRMWMIRmBWmD 789Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=c8qD1KiibZTkGA/FCtb/7LkTH6iqYoL56JQMr1OhEoo=; b=R3EPX+hwtlpzHlV06NHXzq0aJpJJFl91E0RzjXwhTqV20f1s+B6HUvmLC4l+JYIKDP 4gTa3LukdANYq/PWz02TqpbwcFLu0XFrIzUmv8wBZSoLQlv7/nCS4vZ++GspfCXBI2+C GqUwPZcD2//dvlNLpdCPD5YaOUgijO5PKY12d6msZssSYczRWz/afYKOvSTGNPgFqpS6 Ltux51o+1gjQYAYuDZiO97RLvS2oKJ8XwNT97SmMN8zfenOMIyfOsVNI2NNWQbH6lnTT mzBDkwIJ2fGEvHdYMzQXXK+IhhSVmSwjQwU0awFftNa9BqgKlGr/kC1jiYS+EYGlQY33 BUOw== X-Gm-Message-State: AElRT7FFXVuhrR48IQJQ7TSSHDV5khOEe0lIYQykP3px614IpksnQs2t D3nT84U+Nx3PlNYBjxPuR7loqA== X-Google-Smtp-Source: AG47ELtPBWwzHcmX55RdLimTjGf2RTD+b6ZW7GTT1ZnTDu6MO7Hdr4CmqQ5l5hlesDI4mA+oThkmUQ== X-Received: by 2002:a17:902:be02:: with SMTP id r2-v6mr1757256pls.234.1520974846348; Tue, 13 Mar 2018 14:00:46 -0700 (PDT) From: Thomas Garnier To: Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Greg Kroah-Hartman , Kate Stewart , Thomas Garnier , Arnd Bergmann , Philippe Ombredanne , Arnaldo Carvalho de Melo , Andrey Ryabinin , Matthias Kaehlcke , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Andy Lutomirski , Dominik Brodowski , Borislav Petkov , Borislav Petkov , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Juergen Gross , Alok Kataria , Steven Rostedt , Tejun Heo , Christoph Lameter , Dennis Zhou , Boris Ostrovsky , David Woodhouse , Alexey Dobriyan , "Paul E . McKenney" , Andrew Morton , Nicolas Pitre , Randy Dunlap , "Luis R . Rodriguez" , Christopher Li , Jason Baron , Ashish Kalra , Kyle McMartin , Dou Liyang , Lukas Wunner , Petr Mladek , Sergey Senozhatsky , Masahiro Yamada , Ingo Molnar , Nicholas Piggin , Cao jin , "H . J . Lu" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Dave Hansen , Rik van Riel , Jia Zhang , Jiri Slaby , Kyle Huey , Jonathan Corbet , Matthew Wilcox , Michal Hocko , Rob Landley , Baoquan He , Daniel Micay , =?UTF-8?q?Jan=20H=20=2E=20Sch=C3=B6nherr?= Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, virtualization@lists.linux-foundation.org, xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 15/27] compiler: Option to default to hidden symbols Date: Tue, 13 Mar 2018 13:59:33 -0700 Message-Id: <20180313205945.245105-16-thgarnie@google.com> X-Mailer: git-send-email 2.16.2.660.g709887971b-goog In-Reply-To: <20180313205945.245105-1-thgarnie@google.com> References: <20180313205945.245105-1-thgarnie@google.com> X-Virus-Scanned: ClamAV using ClamSMTP Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. The default visibility is also enabled for external symbols that are compared as they maybe equals (start/end of sections). In this case, older versions of GCC will remove the comparison if the symbols are hidden. This issue exists at least on gcc 4.9 and before. Signed-off-by: Thomas Garnier --- arch/x86/boot/boot.h | 2 +- arch/x86/include/asm/setup.h | 2 +- arch/x86/kernel/cpu/microcode/core.c | 4 ++-- drivers/base/firmware_class.c | 4 ++-- include/asm-generic/sections.h | 6 ++++++ include/linux/compiler.h | 7 +++++++ init/Kconfig | 7 +++++++ kernel/kallsyms.c | 16 ++++++++-------- kernel/trace/trace.h | 4 ++-- lib/dynamic_debug.c | 4 ++-- 10 files changed, 38 insertions(+), 18 deletions(-) diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h index ef5a9cc66fb8..d726c35bdd96 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -193,7 +193,7 @@ static inline bool memcmp_gs(const void *s1, addr_t s2, size_t len) } /* Heap -- available for dynamic lists. */ -extern char _end[]; +extern char _end[] __default_visibility; extern char *HEAP; extern char *heap_end; #define RESET_HEAP() ((void *)( HEAP = _end )) diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 3108e297d87d..dfba64fe1c7e 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -70,7 +70,7 @@ static inline void x86_ce4100_early_setup(void) { } * This is set up by the setup-routine at boot-time */ extern struct boot_params boot_params; -extern char _text[]; +extern char _text[] __default_visibility; static inline bool kaslr_enabled(void) { diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index aa1b9a422f2b..ed5675db6e82 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -141,8 +141,8 @@ static bool __init check_loader_disabled_bsp(void) return *res; } -extern struct builtin_fw __start_builtin_fw[]; -extern struct builtin_fw __end_builtin_fw[]; +extern struct builtin_fw __start_builtin_fw[] __default_visibility; +extern struct builtin_fw __end_builtin_fw[] __default_visibility; bool get_builtin_firmware(struct cpio_data *cd, const char *name) { diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index 7dd36ace6152..939a1952d0ab 100644 --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c @@ -136,8 +136,8 @@ static struct firmware_cache fw_cache; #ifdef CONFIG_FW_LOADER -extern struct builtin_fw __start_builtin_fw[]; -extern struct builtin_fw __end_builtin_fw[]; +extern struct builtin_fw __start_builtin_fw[] __default_visibility; +extern struct builtin_fw __end_builtin_fw[] __default_visibility; static void fw_copy_to_prealloc_buf(struct firmware *fw, void *buf, size_t size) diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h index 849cd8eb5ca0..0a0e23405ddd 100644 --- a/include/asm-generic/sections.h +++ b/include/asm-generic/sections.h @@ -32,6 +32,9 @@ * __softirqentry_text_start, __softirqentry_text_end * __start_opd, __end_opd */ +#ifdef CONFIG_DEFAULT_HIDDEN +#pragma GCC visibility push(default) +#endif extern char _text[], _stext[], _etext[]; extern char _data[], _sdata[], _edata[]; extern char __bss_start[], __bss_stop[]; @@ -49,6 +52,9 @@ extern char __start_once[], __end_once[]; /* Start and end of .ctors section - used for constructor calls. */ extern char __ctors_start[], __ctors_end[]; +#ifdef CONFIG_DEFAULT_HIDDEN +#pragma GCC visibility pop +#endif /* Start and end of .opd section - used for function descriptors. */ extern char __start_opd[], __end_opd[]; diff --git a/include/linux/compiler.h b/include/linux/compiler.h index ab4711c63601..a9ac84e37af9 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -278,6 +278,13 @@ unsigned long read_word_at_a_time(const void *addr) __u.__val; \ }) +#ifdef CONFIG_DEFAULT_HIDDEN +#pragma GCC visibility push(hidden) +#define __default_visibility __attribute__((visibility ("default"))) +#else +#define __default_visibility +#endif + #endif /* __KERNEL__ */ #endif /* __ASSEMBLY__ */ diff --git a/init/Kconfig b/init/Kconfig index acc9087546ac..c924babc6d47 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1667,6 +1667,13 @@ config PROFILING config TRACEPOINTS bool +# +# Default to hidden visibility for all symbols. +# Useful for Position Independent Code to reduce global references. +# +config DEFAULT_HIDDEN + bool + source "arch/Kconfig" endmenu # General setup diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c index a23e21ada81b..f4e58b7a6daf 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -29,24 +29,24 @@ * These will be re-linked against their real values * during the second link stage. */ -extern const unsigned long kallsyms_addresses[] __weak; -extern const int kallsyms_offsets[] __weak; -extern const u8 kallsyms_names[] __weak; +extern const unsigned long kallsyms_addresses[] __weak __default_visibility; +extern const int kallsyms_offsets[] __weak __default_visibility; +extern const u8 kallsyms_names[] __weak __default_visibility; /* * Tell the compiler that the count isn't in the small data section if the arch * has one (eg: FRV). */ extern const unsigned long kallsyms_num_syms -__attribute__((weak, section(".rodata"))); +__attribute__((weak, section(".rodata"))) __default_visibility; extern const unsigned long kallsyms_relative_base -__attribute__((weak, section(".rodata"))); +__attribute__((weak, section(".rodata"))) __default_visibility; -extern const u8 kallsyms_token_table[] __weak; -extern const u16 kallsyms_token_index[] __weak; +extern const u8 kallsyms_token_table[] __weak __default_visibility; +extern const u16 kallsyms_token_index[] __weak __default_visibility; -extern const unsigned long kallsyms_markers[] __weak; +extern const unsigned long kallsyms_markers[] __weak __default_visibility; /* * Expand a compressed symbol data into the resulting uncompressed string, diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 2a6d0325a761..5aebb0dcecba 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1741,8 +1741,8 @@ extern int trace_event_enable_disable(struct trace_event_file *file, int enable, int soft_disable); extern int tracing_alloc_snapshot(void); -extern const char *__start___trace_bprintk_fmt[]; -extern const char *__stop___trace_bprintk_fmt[]; +extern const char *__start___trace_bprintk_fmt[] __default_visibility; +extern const char *__stop___trace_bprintk_fmt[] __default_visibility; extern const char *__start___tracepoint_str[]; extern const char *__stop___tracepoint_str[]; diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index c7c96bc7654a..40b752b53627 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -37,8 +37,8 @@ #include #include -extern struct _ddebug __start___verbose[]; -extern struct _ddebug __stop___verbose[]; +extern struct _ddebug __start___verbose[] __default_visibility; +extern struct _ddebug __stop___verbose[] __default_visibility; struct ddebug_table { struct list_head link;