From patchwork Fri Feb 28 00:22:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411205 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6E81614B7 for ; Fri, 28 Feb 2020 00:23:08 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3833C246A0 for ; Fri, 28 Feb 2020 00:23:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="WsMJYAHS"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="JT0Br7NK" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3833C246A0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6b3jrOVN040EEtiUAZjwIFjFVo5YI/nOmoeCH6aVda4=; b=WsMJYAHSqUUPGP RIXaZOWM4DhBvtp2J95WxyUQFHsMwgBQmwxB8tSPMOIVt/4jdhI/AbNLHfLCMoRo+Vv3ZFniVjOIy Mo3KbaueUlATPGTamxTOj/XYODD9voKAMRgSEhHUAP2C0IJbxvSsu9Birxdx82fjfKLPHxckHQXkX 9AWsWIVxBysA0jc/StfVWx+88TT7Vx7wzwHfRab1lHpz173VzEihxtmcCOHmTdaQzg6iDva4jADtb iZICakseMQ87PVFpzjZ8fkb1tqbRkm3fbMXXkiiDhERPJ0D5dVQw/D7HY+CIG1qvZpD+rLsHsK/72 WhxxKO4eRkXtAEAFw3gQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQp-0001H6-NU; Fri, 28 Feb 2020 00:23:07 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQY-0000zg-No for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:52 +0000 Received: by mail-pl1-x644.google.com with SMTP id j7so499122plt.1 for ; Thu, 27 Feb 2020 16:22:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ez79u0H95d7ehsU8Q6LXSGZw/ZiYxtURwwXuqb7McBM=; b=JT0Br7NKTOUA+nKOUR3kxByruQX68VKIehHVXqVVhKCbfrDUGawo16Sa3Z6WcHnQZE y1biceMyRdxWDQk+6EXypwYNBPqlrWDKMmnCqpMw9cnF2nSNIF6WOmlDvRjSHvtm0AYe cUNtMHvTvp1pA6un7KPrhVESojEL+IC+Da808= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ez79u0H95d7ehsU8Q6LXSGZw/ZiYxtURwwXuqb7McBM=; b=Hkn5I2ZoapXTlFnwxXDTOX72EhM6JoUduL1KttE1+YzACrbd848qsSkK6AXedDDOew 1vbIGM/OBnWqn/SRAbgsI0UPv6gJgiGXGacYyikY9OrhEbakwg/0zo303WHc5dQvx2ij 938vdiBrqo/I+b/CtDRK1CkpuZOgUl7+GbbPGoyqjNzdG5b1en1dgayYhAXhuLp1sS93 zow0jT61kGn7fNLgETSy6qtf+NMgIiAIvmOeBtdC0LZ/5uWDjb1+UCZ+SP0POoZYCpxn s1RiFJhz9ALNbTlcIevBAoKm9kWnhDU/yxwVIYxL/YN5LRcusJ2LQQCVm1ihZRlrlcd7 PlXA== X-Gm-Message-State: APjAAAUJQSq83sCYbURmMMvRvoEmWx76dY27lyaquMaTpqQiZPxayasy c+boa0sUs9txPHRUKRIjrsrFKQ== X-Google-Smtp-Source: APXvYqzYAj+CjU1Xxuv+xsBd/M7yvFwmBBzsC7seqTL50y8NxU4tBl30dNubdcD9vIp3lpLiWut6dg== X-Received: by 2002:a17:90a:be03:: with SMTP id a3mr1544230pjs.99.1582849369865; Thu, 27 Feb 2020 16:22:49 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 196sm8572448pfy.86.2020.02.27.16.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:48 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 1/9] scripts/link-vmlinux.sh: Delay orphan handling warnings until final link Date: Thu, 27 Feb 2020 16:22:36 -0800 Message-Id: <20200228002244.15240-2-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162250_772264_D4E44415 X-CRM114-Status: GOOD ( 10.82 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Right now, powerpc adds "--orphan-handling=warn" to LD_FLAGS_vmlinux to detect when there are unexpected sections getting added to the kernel image. There is no need to report these warnings more than once, so it can be removed until the final link stage. This helps pave the way for other architectures to enable this, with the end goal of enabling this warning by default for vmlinux for all architectures. Signed-off-by: Kees Cook --- scripts/link-vmlinux.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 1919c311c149..416968fea685 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -255,6 +255,11 @@ info GEN modules.builtin tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' | tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin + +# Do not warn about orphan sections until the final link stage. +saved_LDFLAGS_vmlinux="${LDFLAGS_vmlinux}" +LDFLAGS_vmlinux="$(echo "${LDFLAGS_vmlinux}" | sed -E 's/ --orphan-handling=warn( |$)/ /g')" + btf_vmlinux_bin_o="" if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then if gen_btf .tmp_vmlinux.btf .btf.vmlinux.bin.o ; then @@ -306,6 +311,7 @@ if [ -n "${CONFIG_KALLSYMS}" ]; then fi fi +LDFLAGS_vmlinux="${saved_LDFLAGS_vmlinux}" vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o} if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then From patchwork Fri Feb 28 00:22:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411219 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 83D9314B7 for ; Fri, 28 Feb 2020 00:24:13 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5C08F2469F for ; Fri, 28 Feb 2020 00:24:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OsQ+52c2"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="GkeoYAU8" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5C08F2469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ksKgkqzxA5zf180XAxdSMmbr+l7XsQDzqDuBUxSgMUs=; b=OsQ+52c2wgRccW 5B82TMeN1QMgqAJ9MpvCY0whPaSb7QR9i5/GpywKuHjBcOkcquIEOEHoL+NLE9UAP625ZpOf6N4ik mSjDLCvxFKomlhCaBwyG2numBTkxquPsD4eTLwAKDoNvoX6RGNiAlZVr7deY91ACFw7QmX2vk+O25 jpdlJr5qfXz5bx47Q6NBfxRqrNhOZCVi0GetJ4Pg9mNSYSZ2qIar3PRnyOW5pw45cmNIcSOyx0IgJ H6vpZ7HKjT3dVPx8GJ/s7855+uGHm59F22p3KxfueXdpb9Z2EyYrrj1+COYHkGnM9/e1lIwZ2HbQS THIxLLtQqAE8cOWepPCA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TRs-00023e-7M; Fri, 28 Feb 2020 00:24:12 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQa-00010f-Dq for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:53 +0000 Received: by mail-pf1-x442.google.com with SMTP id l7so727522pff.6 for ; Thu, 27 Feb 2020 16:22:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6fHzEreEHEKZLIitB5E8ew7g5jiGLQoDWIhz+OknFf0=; b=GkeoYAU8e8z3RjiVy/lNoEzHu3xfZdCSskh8kGhFyVvHqzRnbnRbxbrn4TM4McSa26 b5dJvQCjoNTHztfI/3Yk8649TLr/Dejr2bVo8DdGFJbM/WkYGZ0CJ7NMkfa4SauXTXqM Nv+INQ8nhKoWxsj1wa0sdOVKRnF3rnDP62/0w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6fHzEreEHEKZLIitB5E8ew7g5jiGLQoDWIhz+OknFf0=; b=a6mU7vm4c9LbuCbyygUzHVy8/8Y3qyGCwpsN39cTo8G3599UbaK8RInCn4u+657BYW c9dECjg1EHYJ6YwsZjIsNucpRKScWUeL/XbGaD7OlDkXb1ZWhXGnUeWgu67Rb6fSw/K9 vZFgjiPkkwGUmie54VFEHu35uk+3RaAit7TWc54c74CB5mbA8gXhyhLIChUiYlf1ac4O FS465ssoYXzS3T4VfOIcQ647TZn24UFxFV5k9yAJ+IU+v89JW1DwnzgFPUf7dqONgbyV mNko64CImi1La68Nsmkd/5Pq6FCyUGFPzer8Ocf/Wf1S3nsdItgGxMRjVzC0zABgTZZy PURw== X-Gm-Message-State: APjAAAUeGf/VamKZn+PUV3FZq9K3tuEOq0i+NvR0+7PdG/ySg0QXo+eU waT7MTEQWdTrm75RNKR99wla3A== X-Google-Smtp-Source: APXvYqznb6YTTAlhNn7JqjD0ERUnnj6NxCnvI3DxIeFfKY/2l5deXUBraE5hW9O+0SqGg2RsiPTeNw== X-Received: by 2002:aa7:9891:: with SMTP id r17mr1670426pfl.205.1582849372029; Thu, 27 Feb 2020 16:22:52 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z30sm8485301pff.131.2020.02.27.16.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:48 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 2/9] vmlinux.lds.h: Add .gnu.version* to DISCARDS Date: Thu, 27 Feb 2020 16:22:37 -0800 Message-Id: <20200228002244.15240-3-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162252_463263_A8197CFB X-CRM114-Status: GOOD ( 11.74 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org For vmlinux linking, no architecture uses the .gnu.version* section, so remove it via the common DISCARDS macro in preparation for adding --orphan-handling=warn more widely. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index e00f41aa8ec4..303597e51396 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -902,6 +902,7 @@ *(.discard) \ *(.discard.*) \ *(.modinfo) \ + *(.gnu.version*) \ } /** From patchwork Fri Feb 28 00:22:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411215 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2955C14B7 for ; Fri, 28 Feb 2020 00:23:37 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D53BD246A1 for ; Fri, 28 Feb 2020 00:23:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="JW6v+/+D"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="aprtzyrZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D53BD246A1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=3Keg8txVrezjfnaKgbShxK8SpF8K4WLWJNE2pmnBxWI=; b=JW6v+/+DjPbmwm xx6rAmGGJvwvKHoCh4XMAhDV8wRnNBXIC76o4LGcWq5LpSAl1QVK3f3PiBdDlQSiDrnHoKdDejnfG H4I7a97EP6Bvi6XsbVesMEFdBMcp7Vxs995qg+44naOjqB3YJ9zasjgb8tlwiMS8eXbro0cvjO9ng Ke5Has/mg7r3ItRYrQ/FOnKow4D7hkZwbZyFOuCfoZEAdgwgcL1TcMv9kqvVDZCDcWaWPkvmHyF3v 8QuZ7icfyx43VNVMWFrSozooqdAd+iHmIg3TKLXxfzW4659zwa5muDBaZFgWMmvd9qHbL2fKUbeay 48nI14oQjmPkNiNRLd/w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TRH-0001by-6W; Fri, 28 Feb 2020 00:23:35 +0000 Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQZ-0000zu-84 for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:53 +0000 Received: by mail-pg1-x541.google.com with SMTP id 6so558451pgk.0 for ; Thu, 27 Feb 2020 16:22:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uceCceIOG2DmkN987H8EhCgiSZQG4q+SFGBRris4xG0=; b=aprtzyrZ60FGeJNkJNjVIQbc99c/fsdw9OKOw87YzHK/0SfhsWmA8PcyTPqZq9ptEL 0CNjt4bV3uQWUOlnulxZY8ZKsGjdFr3XpcUK9eN4hf7vx57s1iHQvbosRZGY9/LJNRxo MYhTtklU93oiIUE0nKY046nfAGvZw6E1IkunM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uceCceIOG2DmkN987H8EhCgiSZQG4q+SFGBRris4xG0=; b=jIAq8ugZmi5FaipuWGAJCWamnZ4PladI3/ns/yJOVi/RU0+YzPmw1CC5fVM0ilQN2t NebrS6lZhurIU86KxnTUS+L0V5KTovrX5AmqmZQ93eAtcqV3+csLja/amtdzQiF47L0J 9hi061/PJB8T+noSfQtyEFzgpwaK7wKjmXKM93DbncVAYVNHkF07TzIq81fYQoNVZ7Vb baO1Ohpl21jrq3D4rs6cPzdSsZ0MLMw/WGrD4dQtwdSpRQLbyMj9D/+CvyiuD6+7c6TB vadZ9hQo4yniNMt7m0pq5j9P+t45zhjJTS7XGeEJGOv1dQW9OPTPOwTi+/ybD0ARwY0A O/MA== X-Gm-Message-State: APjAAAWC22g7s4pFEPRz9RBMV8K43f/NOVrHPxhy3QJBBWKJsvWpbZd3 4bCIyDQ0Bf6e6yE+M4PU8EMfWg== X-Google-Smtp-Source: APXvYqyjOck/5wJSSqU+VYB+XqwXzBg0gQ0/fmVPRW162tG0JSVUcNPf0a5ewRShW9E52SJeL0B9Pg== X-Received: by 2002:aa7:9f90:: with SMTP id z16mr1671592pfr.161.1582849370382; Thu, 27 Feb 2020 16:22:50 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id j12sm3646141pjd.4.2020.02.27.16.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:48 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 3/9] x86/build: Warn on orphan section placement Date: Thu, 27 Feb 2020 16:22:38 -0800 Message-Id: <20200228002244.15240-4-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162251_282829_AC6CBDD5 X-CRM114-Status: GOOD ( 11.30 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:541 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Discards the unused rela, plt, and got sections that are not needed in the final vmlinux, and enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/Makefile | 4 ++++ arch/x86/kernel/vmlinux.lds.S | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 94df0868804b..b2c8becadce5 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -51,6 +51,10 @@ ifdef CONFIG_X86_NEED_RELOCS LDFLAGS_vmlinux := --emit-relocs --discard-none endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + # # Prevent GCC from generating any FP code by mistake. # diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 5cab3a29adcb..1e345f302a46 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -412,6 +412,12 @@ SECTIONS DWARF_DEBUG DISCARDS + /DISCARD/ : { + *(.rela.*) *(.rela_*) + *(.rel.*) *(.rel_*) + *(.got) *(.got.*) + *(.igot.*) *(.iplt) + } } From patchwork Fri Feb 28 00:22:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411193 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6E6D414BC for ; Fri, 28 Feb 2020 00:22:53 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4AC3C2469F for ; Fri, 28 Feb 2020 00:22:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Krxs5whQ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="nHZ4Y7Yb" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4AC3C2469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=VFCjU7xZ7/k2JJ+ojaxAHUWcpqTleEiX/z0ERqYv7x8=; b=Krxs5whQRRttG3 3jxAHxHPKcEoowwAEdhiMYH3IZhoXSsE5KwMWY0gj7YBIR3uvvlTjqwIEPTU84RrHDDAELAbAeyoF Vsgz003JzhtfigVOzrYvhKIqaoG+pr62oAGMdtLojlsXzPvcrZRhIuKL0PMAMg330df6P5oONEChB hk8emol47JCI3mLbeLxLH3aBOPtefEKiY9MKm+fP9ApXdcji3vHgAtopLWYt6K3kEHVL930dankML d1iwZcoKCMkdE3yYyphnHLKmjLSo64pGqE4sBhfvqfbkXz0HW5uslDDkADioVZtFz+mCt7v64pqgD KQR9YG70kVBO2LtsGM8g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQb-000119-0H; Fri, 28 Feb 2020 00:22:53 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQY-0000zf-GV for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:51 +0000 Received: by mail-pf1-x442.google.com with SMTP id i19so737113pfa.2 for ; Thu, 27 Feb 2020 16:22:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oFQSSd8joQB26Yle3LRphyYOwCqM8lXqrwgR7KUB2ZM=; b=nHZ4Y7YbhF6uEk5/uFndEuekX2vKGSTC1OQpgCF1rYdVz1hL9KwhWsI6HLQwltLv2c olhA+OX8/TcWhf7cu831s2b1jUqHSYSvZqA7RHqWjI7TZURQ1M6+nuep8zkL0yqIzO/G rYLC+NOCo0eRuvYBoJQwHOB1tY/rFRwdZY/+s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oFQSSd8joQB26Yle3LRphyYOwCqM8lXqrwgR7KUB2ZM=; b=EVBzvvtPeJMqKH0LxgXVqnr8BiGqxweND0r+MVIUrM1vLpBLgFzrNLV7SB25IiMB6p NOB8SFMsgZonfwE1EFBPwP+loJK/zk3H4oXws6+3ucXbYLLYK7y9Dgx1xv9qNHqQAHJr t21uHt7k80v0fV17ZguezyGcYxp1osOA1c1X1eAESR6yrkxvzSW30Ns5jHKpPhw6dNrp UJpAMIsOlGHw/VOJmxIZQGKZyG28ypYWnsMcraFWqct6lwG/QGGGmRRfSnbeSTpf/YJn rE6rQf6u5FwBCZGERTQ9R6tFtLsA6FLmc6fe2TjIPGoBYywE4mnGQOC0/7HL8SfyId2p aoIg== X-Gm-Message-State: APjAAAWP275BI8/MeBxMvjPU0HU1jX5F/DgkWBf1ovytgwb7PCZ/Mydu 8sNYibl5Q03QXqN8qnMmmlZbMw== X-Google-Smtp-Source: APXvYqw6fCWM2xfT4DJ+VFMmyrDy6sPXs7ZYweUNi5l07x3V/XFaixY8I4K8wHA9HcWwEBIBYQBH6A== X-Received: by 2002:a63:5713:: with SMTP id l19mr1913060pgb.216.1582849369348; Thu, 27 Feb 2020 16:22:49 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h5sm7577879pgi.28.2020.02.27.16.22.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:48 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 4/9] x86/boot: Warn on orphan section placement Date: Thu, 27 Feb 2020 16:22:39 -0800 Message-Id: <20200228002244.15240-5-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162250_571699_418E822D X-CRM114-Status: GOOD ( 13.04 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Add the common debugging sections. Discard the unused note, rel, plt, dyn, and hash sections that are not needed in the compressed vmlinux. Disable .eh_frame generation in the linker and enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 3 ++- arch/x86/boot/compressed/vmlinux.lds.S | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index c33111341325..e0ea6b0924e8 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -46,6 +46,7 @@ GCOV_PROFILE := n UBSAN_SANITIZE :=n KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) +KBUILD_LDFLAGS += --no-ld-generated-unwind-info # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. ifeq ($(CONFIG_X86_32),y) @@ -57,7 +58,7 @@ else KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ && echo "-z noreloc-overflow -pie --no-dynamic-linker") endif -LDFLAGS_vmlinux := -T +LDFLAGS_vmlinux := --orphan-handling=warn -T hostprogs := mkpiggy HOST_EXTRACFLAGS += -I$(srctree)/tools/include diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 508cfa6828c5..b5406a8cebe0 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -73,4 +73,17 @@ SECTIONS #endif . = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */ _end = .; + + STABS_DEBUG + DWARF_DEBUG + + DISCARDS + /DISCARD/ : { + *(.note.*) + *(.rela.*) *(.rela_*) + *(.rel.*) *(.rel_*) + *(.plt) *(.plt.*) + *(.dyn*) + *(.hash) *(.gnu.hash) + } } From patchwork Fri Feb 28 00:22:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411229 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4CE9113A4 for ; Fri, 28 Feb 2020 00:25:38 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 24E612469F for ; Fri, 28 Feb 2020 00:25:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="GKKBvg+O"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Kf+gX5xd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 24E612469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8VK0Kt2CF1UbuFOAcVLMEOaV3Hdk1RUqHFxFCquCwco=; b=GKKBvg+OpcSh4i Lrz2oPT7YGVvjVNhWOYP34bJidmKGbmkYhfkI/60i/bMp15o02gb4QzQDydTy04lHfy8ByfIw+2Gy roJa6dQUPhlpfrgnNjerY3TR1C8S1DWdl3T6Gw3gjy3OXa1fziB6rgQeZM39CkT5VD5ScbyNNxZcS lAYurIxkTWcx9b9IXKBOuHqB9Vuix05zgbXgDrWgYIxpilneF8nM6cKxpkJ/mJTvrRIug5GzI4n2d dKPrMtkL+fjkFYyqlij7k0zQoJGjtgOFoZgD0d23j/38spH8V/rDdVw7eEVofc2wk4njr2V5C7VRa APfDjEb30875oZqR+sgw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TTE-0004cw-P3; Fri, 28 Feb 2020 00:25:37 +0000 Received: from mail-pg1-x543.google.com ([2607:f8b0:4864:20::543]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQe-00014V-Gk for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:58 +0000 Received: by mail-pg1-x543.google.com with SMTP id t3so556650pgn.1 for ; Thu, 27 Feb 2020 16:22:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=A992AjdJWLXJEjwtDWIJFXaA8r8Mu1S3gNtRzAo3spo=; b=Kf+gX5xddQKiKpPCh8bEqjWUqToYjUe3/Z9DWP7hzU0kpjC0HzX02FDHpmOXXOwPyC RQr5vgHl1MrkXOGQjyy45mc7XGMezFVZ2pKsfS+w2wtn0sI0CA8B9URb5ueTsQrTkFPO zN9DFPXLMUeWvltrwG3QFCbnPtEHU7Jjtr6Jo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A992AjdJWLXJEjwtDWIJFXaA8r8Mu1S3gNtRzAo3spo=; b=kUr6DZiCpVd75MkBb4fMvWSAosyITEibOoNu30TaT7ZTnDcFNDnhI8zVOKdRakoftq lG4YMdeHHnxSBiOOPkOtkfhPKv767WyymCVxtKpcYV2hdn7X5xQXz+v5+PoNLN5pLzwc WlHSRBRu2VEFD0WmAoTHT8IVwsOSemCL12e8EqAHfkjgJHOPNpJLe1lmJBYcfSQWsj98 WrTu+TBNcOZFqHljmve3xAopFHRDtZfmUZ9VVuqveCc1r6JtlYV+DjtlgWsPF8+bWW7m +7V8c0EvbRZQLXvRftAbAgloh2ThIQQ4oR1W5FLxgSMFblaMySh4y+UBg5YgcBqXuLRP gXig== X-Gm-Message-State: APjAAAVJ7aBkAQqdXX37loYks3Mz+x2ywACWyE99vqLGY0VfKCXh78YR c/P83R8OL7/kmQiJA+iqG84NYg== X-Google-Smtp-Source: APXvYqxORpz2NBO4YgeiTAddpXfXe3J/AmESIDy/gZRMg/FCrltSGt039dZiZFkPpl/Q4pPd1+W1MA== X-Received: by 2002:a63:7207:: with SMTP id n7mr1872186pgc.253.1582849375359; Thu, 27 Feb 2020 16:22:55 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b3sm8714061pft.73.2020.02.27.16.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:52 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 5/9] Add RUNTIME_DISCARD_EXIT to generic DISCARDS Date: Thu, 27 Feb 2020 16:22:40 -0800 Message-Id: <20200228002244.15240-6-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162256_682804_5CC60C29 X-CRM114-Status: GOOD ( 12.92 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:543 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: "H.J. Lu" In x86 kernel, .exit.text and .exit.data sections are discarded at runtime, not by linker. Add RUNTIME_DISCARD_EXIT to generic DISCARDS and define it in x86 kernel linker script to keep them. Signed-off-by: H.J. Lu Link: https://lore.kernel.org/r/20200130224337.4150-1-hjl.tools@gmail.com Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 1 + include/asm-generic/vmlinux.lds.h | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 1e345f302a46..1e12c097d09b 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -21,6 +21,7 @@ #define LOAD_OFFSET __START_KERNEL_map #endif +#define RUNTIME_DISCARD_EXIT #define EMITS_PT_NOTE #define RO_EXCEPTION_TABLE_ALIGN 16 diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 303597e51396..1797f2c9bb41 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -894,10 +894,16 @@ * section definitions so that such archs put those in earlier section * definitions. */ +#ifdef RUNTIME_DISCARD_EXIT +#define EXIT_DISCARDS +#else +#define EXIT_DISCARDS \ + EXIT_TEXT \ + EXIT_DATA +#endif #define DISCARDS \ /DISCARD/ : { \ - EXIT_TEXT \ - EXIT_DATA \ + EXIT_DISCARDS \ EXIT_CALL \ *(.discard) \ *(.discard.*) \ From patchwork Fri Feb 28 00:22:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411221 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D246814BC for ; Fri, 28 Feb 2020 00:24:29 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 94CF32469F for ; Fri, 28 Feb 2020 00:24:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="foxf5Liz"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="V36B51rI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 94CF32469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=NzzdDTl9kuMSRASJEuP9IBHii1ynnl67gMEGpWzla08=; b=foxf5LizJyEtZ/ 2bH0IR9Jfacec1J3EFC3v9KKdCwwKuEvUHuCFKuDqqOr3uUHknHYWZUBmwCpetCqurYohlj0QoFwf 8foxMSMCplpFa1cAHLDgXWjw+PxCEAvxyIO5WeGMuCA/XwdGt/CRO1YWf8qbhZsbc3NQw4GAOeAiB Jzx0FeJ2TrKiXQ5UdAvOPYm84mcBq5hm60jp3u6mhgSVe9ntyaFNUkpVAiU9xVOHuVE5wQdy1IGo4 UA8FetMlR0A79tI99CJmARcoZ+6R/ZMPAbIcyTa0ULwipLv2OstAQ7ts+W3VtVLqsmLQv8kzQtInt hTSQO7l5RD3oz5JvH/MQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TS6-0002Ho-DB; Fri, 28 Feb 2020 00:24:26 +0000 Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQc-000131-GY for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:56 +0000 Received: by mail-pg1-x541.google.com with SMTP id y30so523600pga.13 for ; Thu, 27 Feb 2020 16:22:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=njo/Fx4CsF+NQ0G1u7AY1RWSg6ZNLRJXLnHS1KzoDiw=; b=V36B51rI6uTfIFQ393op65AYhJqQDQrYEJ6cMpkwv1fytwIQq5RcV2b2ckkCtE1sw0 YM1LYtZD4DrhdU/Ea540khr3HPTpC+38/5GLj40jxxNahTYQDym9BttSb/i6IQdZFITg acSRiJiho/Jbfz/18SE8Y1nmC78EHYUE05Ibw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=njo/Fx4CsF+NQ0G1u7AY1RWSg6ZNLRJXLnHS1KzoDiw=; b=R+p3xXzcGq5Lh3G3TbDau+tkmyoEL1vkByHzaYiViPopo6E6gsqYoUC1PzQCPZa8XK rF1o3A006OTABaGX4HlPQ3G6XlAhRkChcIZGA5JhpIX+Y4l7haUqpAz+QGx9P90UlGtv hybWaFKv9r9tAwX8QeY7NBI4I35qFISFn/KwsNZir8g+fPYu3Vrn3JGgIcPlsoa0Ra3s 2cYWrEbGUqPTc12LWUOSbWv9DRv8G3gEserelg1wk9CitUK9X2niLNOzLDs+o/Mkk7cU FdEz7kJ1sMgTKk+bHFUQRIvVufPPMBw6n+oEojzfhrLGeNc99up1SauaulmqJQJsa5pi Q2Dg== X-Gm-Message-State: APjAAAWuvhn56GECUhEHbpuu8pRpAdhvyGkkeG9p8M470tepmmmuTp8V c6sit7k8VnkRJF4XGXqb+qleOg== X-Google-Smtp-Source: APXvYqx0VisnNsuBsLs1eNzqbgYv6zuOJyCgm5lqaZQuPJuf7INJygLV6ti12PFdMfz+LSKcLevlLw== X-Received: by 2002:a63:f403:: with SMTP id g3mr1948825pgi.62.1582849373921; Thu, 27 Feb 2020 16:22:53 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id g14sm4184582pfo.154.2020.02.27.16.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:52 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 6/9] arm64/build: Use common DISCARDS in linker script Date: Thu, 27 Feb 2020 16:22:41 -0800 Message-Id: <20200228002244.15240-7-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162254_637341_4942A96F X-CRM114-Status: GOOD ( 11.86 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:541 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Use the common DISCARDS rule for the linker script in an effort to regularize the linker script to prepare for warning on orphaned sections. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 497f9675071d..c61d9ab3211c 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -6,6 +6,7 @@ */ #define RO_EXCEPTION_TABLE_ALIGN 8 +#define RUNTIME_DISCARD_EXIT #include #include @@ -19,7 +20,6 @@ /* .exit.text needed in case of alternative patching */ #define ARM_EXIT_KEEP(x) x -#define ARM_EXIT_DISCARD(x) OUTPUT_ARCH(aarch64) ENTRY(_text) @@ -94,12 +94,8 @@ SECTIONS * matching the same input section name. There is no documented * order of matching. */ + DISCARDS /DISCARD/ : { - ARM_EXIT_DISCARD(EXIT_TEXT) - ARM_EXIT_DISCARD(EXIT_DATA) - EXIT_CALL - *(.discard) - *(.discard.*) *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) *(.eh_frame) From patchwork Fri Feb 28 00:22:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411223 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A38EA14BC for ; Fri, 28 Feb 2020 00:24:42 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7D3332469F for ; Fri, 28 Feb 2020 00:24:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="dZWXCGKN"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="krC6xmNg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7D3332469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=uq7iNtbkUxljQ5fWVWTlPFmB7Qc0xxHgizWJUHnVG6E=; b=dZWXCGKNVv52LJ K2Z96rxIjicZZgv4IpASTLiBvdvi/6Re0erucKqD0H+tjdRYWEYruKX5Li1PWhchzNQzJV5jLqoIp 9mF2t7M8YXvG0rDj9kvckjOrTlx9VnRRTLZR/dymwnNXz6aHyBHHg4opeBCAz9lLPHJYYPGeYYgtY sIYpLKCAuP9R5wuGO0U5xL1ubE+dsAVFBZgdKGUJeA7hBMerG72qHUqd2hK6mrvxaZtPT5MZObcbT rz7h2RPzHbKAclF6X5c9HTp3f+KE+xvV6LVUENje3UqmzlftGfii97wPa6G/z7eXYVOeel2nzg2+J e+OCejFma6pEX7dboKBA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TSJ-0002Vs-JJ; Fri, 28 Feb 2020 00:24:39 +0000 Received: from mail-pj1-x1041.google.com ([2607:f8b0:4864:20::1041]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQc-00012G-Fm for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:56 +0000 Received: by mail-pj1-x1041.google.com with SMTP id f2so3738736pjq.1 for ; Thu, 27 Feb 2020 16:22:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zVpHeuxipIPK/qd0iCdiGqFiQMqEhmX8CGXx2I34f0o=; b=krC6xmNgw5C2QYlaOO7YN2OpvJP+ov9IyIlPgq0DXWrHV9QPfrB/V2c9HARqDeyVlZ sbobrSdf3PuOxYRxxISvcUJUmQP1jaLlm2A+bGY0UwvmvfbkOinG7qJ0aqiD+JNnfd8f ebMF68HeaLLIxb73BOCWdAV1jFz++pJGNFM2U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zVpHeuxipIPK/qd0iCdiGqFiQMqEhmX8CGXx2I34f0o=; b=Lg1inKaiLEaC0JYdxSq/+fWqX1ik8CcsQ3d/jaUCx8N1t37nOLV5sghklXpviSZ8f0 phtFFiAiMm1iMGCIxJq+DNm+wAVCPynvFhXlyYmCGheP4kDlzjp6dWwnrNVB6ryI/IRv MZNFil+yO4B6dQumA7tRRduXsX2gh/8qpSMuJu2hVL71Wc9sx6IG5/dWWAmly/ZuB33E b7H8BE0oTPBv63tkVmRnA2uFSyEm1/Ec3CnrJsGrvl4EJ+p+MgqVvM/QALcJdihvEnVu Pwt9wL/NYB9Dbz3QngQzXmMT3+7ovGomGCk9ZW6XX3YVnwlJ+aa1C0Hdq6EgCoIePbYW 4ApQ== X-Gm-Message-State: APjAAAWzk2HDoczTHMuWbJqvQ0oc2VjpGfF/YM3rolKu+4Fadz/TgSWl O2um1Oc5YdvF3lM6RnkmDfOgMQ+8pRA= X-Google-Smtp-Source: APXvYqwL7Pts9z/sbRgRZgMFUPPpjfZxHHeQCL3ybGBJta4uKv6RUba5OOEn0ffoF3CqGS5GRVG4Qw== X-Received: by 2002:a17:902:a588:: with SMTP id az8mr1413232plb.123.1582849373376; Thu, 27 Feb 2020 16:22:53 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e28sm8072097pgn.21.2020.02.27.16.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:52 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 7/9] arm64/build: Warn on orphan section placement Date: Thu, 27 Feb 2020 16:22:42 -0800 Message-Id: <20200228002244.15240-8-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162254_552574_390F6547 X-CRM114-Status: GOOD ( 12.52 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Explicitly include debug sections when they're present. Add .eh_frame* to discard as it seems that these are still generated even though -fno-asynchronous-unwind-tables is being specified. Add .plt and .data.rel.ro to discards as they are not actually used. Add .got.plt to the image as it does appear to be mapped near .data. Finally enable orphan section warnings. Signed-off-by: Kees Cook --- arch/arm64/Makefile | 4 ++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index dca1a97751ab..c682a65b3ab8 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -30,6 +30,10 @@ LDFLAGS_vmlinux += --fix-cortex-a53-843419 endif endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y) ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y) $(warning LSE atomics not supported by binutils) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index c61d9ab3211c..6141d5b72f8f 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -98,7 +98,8 @@ SECTIONS /DISCARD/ : { *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) - *(.eh_frame) + *(.plt) *(.data.rel.ro) + *(.eh_frame) *(.init.eh_frame) } . = KIMAGE_VADDR + TEXT_OFFSET; @@ -212,6 +213,7 @@ SECTIONS _data = .; _sdata = .; RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN) + .got.plt : ALIGN(8) { *(.got.plt) } /* * Data written with the MMU off but read with the MMU on requires @@ -246,6 +248,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG HEAD_SYMBOLS } From patchwork Fri Feb 28 00:22:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411227 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A4C3B14B7 for ; Fri, 28 Feb 2020 00:25:21 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 81ADA2469F for ; Fri, 28 Feb 2020 00:25:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="C82CMr5u"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SxadLoRd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 81ADA2469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=v12ELlUP6TxJOc8zrKQ8MmfRoVmcS5E0UXs1fsccyJ0=; b=C82CMr5uSHmwyw q6CYJuIzFwXguQpHPyGgFXnN8MmhCpKL9Y20f/SHlUHuiTcj+0enf3szehj8NrPi5+U/3/Hw+dd5h 50+5iimBJg+e88W77Yr3HoBqn2OPqJBhCaaHmxCVGHuix/f3sNmCHkBp8N7ibgjetQ5EgBWwJM2K8 g90NwvB973raqELl52vkFKIqnbNLGlmkDK7xDp7vUZpeGq0U+XMKju/k/b7dvEe2YCpiBntHxZysY 1STITd3cHPOnm4XXKpCw8EC782p+9XxhVlsxAN/5fGp6mffv895qbC+xk/s58IQgs6hxHi1t8irf8 2PIza5dtexhiQdOQ7chQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TSy-0004DZ-TK; Fri, 28 Feb 2020 00:25:20 +0000 Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQd-000142-U0 for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:57 +0000 Received: by mail-pf1-x441.google.com with SMTP id 15so721706pfo.9 for ; Thu, 27 Feb 2020 16:22:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AwIdnSLxc1IQxbb7lR9quaS2Zk4ZIexbe3LplVopvDU=; b=SxadLoRdLQDFU2sMtSW2VbvnGgGtZ9nCv8JDVG6dgim+vwQxXd5tD6x6EYwmtVgnK9 g0afBGuHNACAm2YpVUqCMSfGYmfEu6veqLTy8Q0Ov4wLLVzwWKqU96E24PsO03T2q6E/ qQhzi6HA8L+yEMS6HEOrD8/pM84qK/Fk9wGbg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AwIdnSLxc1IQxbb7lR9quaS2Zk4ZIexbe3LplVopvDU=; b=sidkhhFETaIppoaWHPHh08ZogI1T+TGaxsfVZFX1YLacXw0zQbcAFQKvqP6Q2OGkhO 2GSN/YDtgHw2QjLOExprVHbElwH/e+dlX1R4bmK8TWpFiDJhQgs9vUG7HI8Jasfhtszk O4cVTwvdQ/+qUbeaN6kqEWW/1gcHXUCb0fqtfjqJd9PS959fzxZnD4s5ADNPBBUtWuF2 7oORxJWKUO/va67zplk/6RkqufqRQjgyJEj0b8wbDDY70Yk9z+SR3rXNZLelr6WbnK3n A/5pXVIf90nnkC1u+3T+DmpyjBQnVuDHEnCjYCCA/8jC4eo8FWdXBkH5aDM+4HzJ4C/m aV5A== X-Gm-Message-State: APjAAAX5tFQbnlEZ77L1f0x3xIHbqPm5iynT6dHUQiy841IMFucgHcVv +uI7eqKfxl9mX2QmA/o3b6ZM1g== X-Google-Smtp-Source: APXvYqyXge8yxc0byOAFcYYogqDHBcP8WReHRi7mz3K+YWkdQcq5DXiV06dtqt1g148mFGy5LeYCug== X-Received: by 2002:a63:ef03:: with SMTP id u3mr1816813pgh.77.1582849374784; Thu, 27 Feb 2020 16:22:54 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id r11sm8163080pgi.9.2020.02.27.16.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:52 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 8/9] arm/build: Warn on orphan section placement Date: Thu, 27 Feb 2020 16:22:43 -0800 Message-Id: <20200228002244.15240-9-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162255_984247_189A1FB4 X-CRM114-Status: GOOD ( 10.73 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Specifically, this would have made a recently fixed bug very obvious: ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup' Refactor linker script include file for use in standard and XIP linker scripts, as well as in the coming boot linker script changes. Add debug sections explicitly. Create ARM_COMMON_DISCARD macro with unneeded sections .ARM.attributes, .iplt, .rel.iplt, .igot.plt, and .modinfo. Create ARM_STUBS_TEXT macro with missed text stub sections .vfp11_veneer, and .v4_bx. Finally enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/Makefile | 4 ++++ .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++----- arch/arm/kernel/vmlinux-xip.lds.S | 5 ++--- arch/arm/kernel/vmlinux.lds.S | 5 ++--- 4 files changed, 25 insertions(+), 11 deletions(-) rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index db857d07114f..f1622bea987a 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -16,6 +16,10 @@ LDFLAGS_vmlinux += --be8 KBUILD_LDFLAGS_MODULE += --be8 endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM_MODULE_PLTS),y) KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds endif diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h similarity index 92% rename from arch/arm/kernel/vmlinux.lds.h rename to arch/arm/include/asm/vmlinux.lds.h index 8247bc15addc..3ae2cf2e351b 100644 --- a/arch/arm/kernel/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -1,4 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#include #ifdef CONFIG_HOTPLUG_CPU #define ARM_CPU_DISCARD(x) @@ -46,6 +47,13 @@ *(.hyp.idmap.text) \ __hyp_idmap_text_end = .; +#define ARM_COMMON_DISCARD \ + *(.ARM.attributes) \ + *(.iplt) *(.rel.iplt) *(.igot.plt) \ + *(.modinfo) \ + *(.discard) \ + *(.discard.*) + #define ARM_DISCARD \ *(.ARM.exidx.exit.text) \ *(.ARM.extab.exit.text) \ @@ -58,8 +66,14 @@ EXIT_CALL \ ARM_MMU_DISCARD(*(.text.fixup)) \ ARM_MMU_DISCARD(*(__ex_table)) \ - *(.discard) \ - *(.discard.*) + ARM_COMMON_DISCARD + +#define ARM_STUBS_TEXT \ + *(.gnu.warning) \ + *(.glue_7t) \ + *(.glue_7) \ + *(.vfp11_veneer) \ + *(.v4_bx) #define ARM_TEXT \ IDMAP_TEXT \ @@ -74,9 +88,7 @@ LOCK_TEXT \ HYPERVISOR_TEXT \ KPROBES_TEXT \ - *(.gnu.warning) \ - *(.glue_7) \ - *(.glue_7t) \ + ARM_STUBS_TEXT \ . = ALIGN(4); \ *(.got) /* Global offset table */ \ ARM_CPU_KEEP(PROC_INFO) diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 21b8b271c80d..8e9ac99a4335 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -9,15 +9,13 @@ #include -#include +#include #include #include #include #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) @@ -152,6 +150,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG } /* diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 319ccb10846a..f1c6f66e8e6c 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,7 @@ #include "vmlinux-xip.lds.S" #else -#include +#include #include #include #include @@ -16,8 +16,6 @@ #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) @@ -151,6 +149,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG } #ifdef CONFIG_STRICT_KERNEL_RWX From patchwork Fri Feb 28 00:22:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11411225 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C134014B7 for ; Fri, 28 Feb 2020 00:25:02 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9F6CD2469F for ; Fri, 28 Feb 2020 00:25:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="r0rYrJac"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="NdpfQ9E7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9F6CD2469F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OdVwenjTYGS7TFIhFcU9SjpBNbBZhq60hOsj3G44wJM=; b=r0rYrJacLM6q0B yESRRrkJPcEygfubQFvx0386TUUxNGECY369AVHIYxEll7gopiGHy72SiikuRGcyUUESBPpYtPeUX m14GsjJJzcX0JPdlsqDJarf2S7dQhB5rvkxgdGuuN7ooSEW0Xk/M8k3iHseiuKHLwTf/uuNCfRpiR bQYfIjE5qVXbrutulDAJ+EU+VcOkLZXLDzCmlgWSehwBYskTVnSFf9QqTEI7I4aYGhg6LZqJQj+YR J/2RSQHzt037gJyY3DYy2p7ecYydydyVtDe6YH5GBp2xZ9TPfYNPyd4Y2JTSfgh45dBskf+/ifnjf Peoqpk8Nkzl2a1TvTm8A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TSd-0002m1-F9; Fri, 28 Feb 2020 00:24:59 +0000 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7TQe-00015E-Ub for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 00:22:58 +0000 Received: by mail-pl1-x641.google.com with SMTP id j7so499196plt.1 for ; Thu, 27 Feb 2020 16:22:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5pMXhDd5WkHmc2Nd9+Jjb38fhh7Zetn6tk9gX3pPvjM=; b=NdpfQ9E77BQQDeLbRe4C0kneiRaa4BRWlG/661nY6+36gEg6ulvyK6zJdrM6FlpkLx rZnuOrOoXJH6eCy0PMi8rot0VETFWym5wj0fDsIe9QVrzJg7KEO+1C0QPBYDgIEB4mcg xFYZAsgdnMK5ZAzxXgLUxelkrt9eHsy30qa9U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5pMXhDd5WkHmc2Nd9+Jjb38fhh7Zetn6tk9gX3pPvjM=; b=fOjxYvaoD0hJKsVkqAZCVDKVtptgAz1NSXT5xH9BSI79EHVEEKfQCHCrgEiaL4AYwH ABXCjYIdIz6kYqxIMP5fWPVkVp5FffpsidIJ96iMGUPN6LSpRyQQkK6UWoqUz3hVhvea 0d7znNvQb2SDPce7UrnHLsVcbdakkXeIIbnM2BLyAS5feIj+ukarXblXL9PzBpMtTx0j C4sh9ZO1srF5kGMVo5GWbM1MlY8jpJ1tZzxMSMXODfAOhatD9NcFPFPiWZYCcFcp5a10 W/C4Ub3bxlvjPsJD+h6jIBz3zelhQxFZBFoDSy83tPLikepEMVNsto0bwzA1K9YIu+L+ 3GHw== X-Gm-Message-State: APjAAAXD2MRUidnDHXnjPF/0qF/j6uyNJnBhDPHvaHAkuhhaCN3gRJkJ F3T2jYRAtZp71saXuxHNkRFpEQ== X-Google-Smtp-Source: APXvYqzuOX0XiyVaOeVuugXOJBvn7E6Nhu05xm90KTUN/qkQ34/SDiQ4lE0A5jOUkXzf88ArP2HuXA== X-Received: by 2002:a17:902:694b:: with SMTP id k11mr1375405plt.334.1582849375873; Thu, 27 Feb 2020 16:22:55 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 3sm8455845pfi.13.2020.02.27.16.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2020 16:22:52 -0800 (PST) From: Kees Cook To: Borislav Petkov Subject: [PATCH 9/9] arm/boot: Warn on orphan section placement Date: Thu, 27 Feb 2020 16:22:44 -0800 Message-Id: <20200228002244.15240-10-keescook@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200228002244.15240-1-keescook@chromium.org> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200227_162257_031173_08E0B0DC X-CRM114-Status: GOOD ( 12.56 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:641 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Kees Cook , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, James Morse , linux-arch@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Use common macros for debug sections, discards, and text stubs. Add discards for unwanted .note, and .rel sections. Finally, enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/boot/compressed/Makefile | 2 ++ arch/arm/boot/compressed/vmlinux.lds.S | 17 +++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index da599c3a1193..7faa2b5e7e16 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -136,6 +136,8 @@ endif LDFLAGS_vmlinux += --no-undefined # Delete all temporary local symbols LDFLAGS_vmlinux += -X +# Report orphan sections +LDFLAGS_vmlinux += --orphan-handling=warn # Next argument is a linker script LDFLAGS_vmlinux += -T diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S index fc7ed03d8b93..a6a51b5d2328 100644 --- a/arch/arm/boot/compressed/vmlinux.lds.S +++ b/arch/arm/boot/compressed/vmlinux.lds.S @@ -2,6 +2,7 @@ /* * Copyright (C) 2000 Russell King */ +#include #ifdef CONFIG_CPU_ENDIAN_BE8 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \ @@ -17,8 +18,11 @@ ENTRY(_start) SECTIONS { /DISCARD/ : { + ARM_COMMON_DISCARD *(.ARM.exidx*) *(.ARM.extab*) + *(.note.*) + *(.rel.*) /* * Discard any r/w data - this produces a link error if we have any, * which is required for PIC decompression. Local data generates @@ -37,9 +41,7 @@ SECTIONS *(.text) *(.text.*) *(.fixup) - *(.gnu.warning) - *(.glue_7t) - *(.glue_7) + ARM_STUBS_TEXT } .table : ALIGN(4) { _table_start = .; @@ -124,12 +126,7 @@ SECTIONS PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data)); PROVIDE(__pecoff_end = ALIGN(512)); - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + STABS_DEBUG + DWARF_DEBUG } ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");