From patchwork Fri Jul 31 23:07:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695555 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 01E8C138A for ; Fri, 31 Jul 2020 23:09:19 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CE587206DA for ; Fri, 31 Jul 2020 23:09:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="xTLfLHVK"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="ChTbXvzs" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CE587206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+f2qlxpE5ariVAOndlGsGHntgfeVNeFjKsEszqqojoE=; b=xTLfLHVK3GnPY43FtX1++vqLg GywTafs0jaLYkqK0H1cQW6o/Z4cumWlhy98h2M1w6w9/4qpTmTEh1Tn7v2Ezh3tPflSnpITgD5qow NnWf3iIJ+83BlkUmIt5gIhgzPo4WnZz2kihEdniE8mRIOkJsIO15/db3hu0B1BLgq9f3IUrJD/Z1h td2orimFgiSJbNlIoQu2dXPHZCf9U3VZEVMlK/gY81qYQPeXcarIEGTabLSEdwlJ9JPgE6vNvDFhV oTGzKKYo980YGPUw+2c13kiWjsNCca4y4WODVsu5NW7/w6S/UjG2qaHyc6PKuBgaQI5O5y7s2q9Gu OE2l+BnnA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9C-0008Iz-9g; Fri, 31 Jul 2020 23:09:06 +0000 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8i-000837-Kg for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:44 +0000 Received: by mail-pl1-x641.google.com with SMTP id k13so10284223plk.13 for ; Fri, 31 Jul 2020 16:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/YhwjFJ10iSnqHVnH+E/18OCqFOxfL3O8briALHREkQ=; b=ChTbXvzsXUQoQlCmz5X8Q1Gxp3riiGCK1dNfhc3GaXY/yjlrWcZZYXu3uehyV0TVAH ihRqgWMrLH5jMadKjfk+FVyA1FEBsJSXXfWVEbqpLeRYsVNgrnwSPBcfSC73bZJhBxa1 JLaP+A64JNtfY9YvLrYFKoPvej2TJRx4yZ0es= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/YhwjFJ10iSnqHVnH+E/18OCqFOxfL3O8briALHREkQ=; b=hg8mA9mA3CAriW33+EmVCNxlxE6pY4MzxekQ8pPsTtABEnnHNGeUd9g6xfOgQQuEub RZdUv5gdRzc7tFOjG2AALmLKreCvuw2ax1jH6GkapK7rOIVzDQIlZkhGprdw2hISdH26 6C43Gn44zumycWtX0dh5++Z1ew4wBN9yhAozKlXGLNsNrSKtZzDcs1+XuqFHRzl64VBQ 5FGZe8cl4eD7CxKP59sZmAxXdjM7QOj2hqnybqhLhqbf6OfrlqrDKUbo6fiP4WW/T5G1 VVm1u05ylVItqkzGhwjX1JtZqvkkiVSgrXpRyfDM24VpELKXiH8qXH2TABYSCy3oPFDv UubA== X-Gm-Message-State: AOAM531lWryXwIrsJRhiiz4TxMunlNi6HxkjrOhnKSEvM8QV2N21CuOI yITQWPQrsMrure1M2oaSYS2o1g== X-Google-Smtp-Source: ABdhPJyiEsFmEcCe1WG+hFmLyNannOXDGWZ7/pGsnQqAo6NQ22CMiVZ00GK9pyuWatNfeet0DIr+ZA== X-Received: by 2002:a17:90a:1aee:: with SMTP id p101mr2914247pjp.138.1596236914544; Fri, 31 Jul 2020 16:08:34 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b22sm9843692pju.26.2020.07.31.16.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:30 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 01/36] x86/boot/compressed: Move .got.plt entries out of the .got section Date: Fri, 31 Jul 2020 16:07:45 -0700 Message-Id: <20200731230820.1742553-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190836_700512_4027242E X-CRM114-Status: GOOD ( 18.71 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:641 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Sedat Dilek , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Ard Biesheuvel The .got.plt section contains the part of the GOT which is used by PLT entries, and which gets updated lazily by the dynamic loader when function calls are dispatched through those PLT entries. On fully linked binaries such as the kernel proper or the decompressor, this never happens, and so in practice, the .got.plt section consists only of the first 3 magic entries that are meant to point at the _DYNAMIC section and at the fixup routine in the loader. However, since we don't use a dynamic loader, those entries are never populated or used. This means that treating those entries like ordinary GOT entries, and updating their values based on the actual placement of the executable in memory is completely pointless, and we can just ignore the .got.plt section entirely, provided that it has no additional entries beyond the first 3 ones. So add an assertion in the linker script to ensure that this assumption holds, and move the contents out of the [_got, _egot) memory range that is modified by the GOT fixup routines. While at it, drop the KEEP(), since it has no effect on the contents of output sections that are created by the linker itself. Signed-off-by: Ard Biesheuvel Signed-off-by: Arvind Sankar Tested-by: Sedat Dilek Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Acked-by: Arvind Sankar Link: https://lore.kernel.org/r/20200523120021.34996-2-ardb@kernel.org Signed-off-by: Kees Cook --- arch/x86/boot/compressed/vmlinux.lds.S | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 8f1025d1f681..b17d218ccdf9 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -44,10 +44,13 @@ SECTIONS } .got : { _got = .; - KEEP(*(.got.plt)) KEEP(*(.got)) _egot = .; } + .got.plt : { + *(.got.plt) + } + .data : { _data = . ; *(.data) @@ -77,3 +80,9 @@ SECTIONS DISCARDS } + +#ifdef CONFIG_X86_64 +ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!") +#else +ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!") +#endif From patchwork Fri Jul 31 23:07:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695553 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5E7F5138A for ; Fri, 31 Jul 2020 23:09:03 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 37BD3206DA for ; Fri, 31 Jul 2020 23:09:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="z0k8U7F4"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="I2t5q3EB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 37BD3206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6zDtSmSKqL6YoGMfNDEJa7mvdpnzizBq6dPETpD5HYY=; b=z0k8U7F4yUty5xZYLECsai/4s 5E4WbuU4AWBmdSDL58gkjGFo9ugCrLUS5Qw4hJUxwIAWsh7ZsbO59RF0/kPVbl3E7zziyd3I8s5+M bPpEx3eyGvRtIe8YI75l5nUdI1xOnAjrBf4lWEhhpMihlF3SfDkKSW5iKwDhLkduwk5NRk1ZYvGhR 56GAEaiL4vj04rYCrpt4OLBvj68WME8PhFC1x99KCqEqgNfb1i8oz87RJ9UcQosOiJIhCcQFagkXr sifHjLLaaWttut+g5/RFUbQ2zQ9s+b1pOSRTcUEmPi3a/MoNXXphkLgUae9jeiNyBfpVdp/wKWOtG KlgLP+mXg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8q-00087y-84; Fri, 31 Jul 2020 23:08:44 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8h-00082x-VW for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:37 +0000 Received: by mail-pl1-x642.google.com with SMTP id g19so5527470plq.0 for ; Fri, 31 Jul 2020 16:08:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Oj0JTp0iqi1GihJzW9z0GKQvDoXirBrdmVyY4Bh4CEw=; b=I2t5q3EBqwnltmAS7q0OrrPpY094M59hezmnLcIULkMGdVotacbwos0bUyNY8Qo7UW 5B9WjiE9krbE0gsR7FuEHHXJHXmpjyUbGd3nncly9xJmQWGhXPY7dG9Zxaxp9z9A9mGY a/sT85HyPr6nBhcoJFB/7T8s3fi6jGiEvsAMk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Oj0JTp0iqi1GihJzW9z0GKQvDoXirBrdmVyY4Bh4CEw=; b=ONNM68Ez24wHsVYeZnFMIszcaYQh5Qrx4jSPcx4l+8NYyXNZnH55416JrN3oM4Jui1 /QdsCAwyFTw6BFbstUtGyouU+MxMBeVlj0ok1olDVh9oa4W2gDuG04zUCDsVZEh92yxY EkEOZBrQVhSvkBv89ho+TTgk4ljRnHkHFNClhiOmL3zu0n2E1evw4Ob9acRpEPQIlyJm pyqPtfc23IkSnTyyD6lpBrXIfJ05kxqllKROBFCwATIrFMhPepk9J3WzwFdY6TbccJJY QSRX3dEH1JS9YVzqf7sFKEtxe5YDy2UMxLri8d+Y8+hF0ufAQlXSXBTMoM0LDLwX4Rhp SWaw== X-Gm-Message-State: AOAM530JzzuNC8Prn5uIAvqtgCg775zCAwVlaNZq86k9pcR8SFwft4i0 P6Np6QVo2Xnk8VbNgHMXhyuZvw== X-Google-Smtp-Source: ABdhPJwYw/AUh2eGojEQV7vm2t+ZXdHCR6d3LIaxKtl06xeidhJja+cbMxLWJ3Pii/Hx94KOAGh76A== X-Received: by 2002:a17:902:b489:: with SMTP id y9mr5166444plr.99.1596236912355; Fri, 31 Jul 2020 16:08:32 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b185sm11019488pfa.148.2020.07.31.16.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:30 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 02/36] x86/boot/compressed: Force hidden visibility for all symbol references Date: Fri, 31 Jul 2020 16:07:46 -0700 Message-Id: <20200731230820.1742553-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190836_098357_0D6DBC18 X-CRM114-Status: GOOD ( 22.43 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:642 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Sedat Dilek , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Ard Biesheuvel Eliminate all GOT entries in the decompressor binary, by forcing hidden visibility for all symbol references, which informs the compiler that such references will be resolved at link time without the need for allocating GOT entries. To ensure that no GOT entries will creep back in, add an assertion to the decompressor linker script that will fire if the .got section has a non-zero size. Signed-off-by: Ard Biesheuvel Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Acked-by: Arvind Sankar Link: https://lore.kernel.org/r/20200523120021.34996-3-ardb@kernel.org [Arvind: move hidden.h to include/linux instead of making a copy] Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/vmlinux.lds.S | 1 + drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/libstub/hidden.h | 6 ------ include/linux/hidden.h | 19 +++++++++++++++++++ 5 files changed, 22 insertions(+), 7 deletions(-) delete mode 100644 drivers/firmware/efi/libstub/hidden.h create mode 100644 include/linux/hidden.h diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 5a828fde7a42..489fea16bcfb 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -42,6 +42,7 @@ KBUILD_CFLAGS += $(call cc-disable-warning, gnu) KBUILD_CFLAGS += -Wno-pointer-sign KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables +KBUILD_CFLAGS += -include $(srctree)/include/linux/hidden.h KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index b17d218ccdf9..4bcc943842ab 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -81,6 +81,7 @@ SECTIONS DISCARDS } +ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!") #ifdef CONFIG_X86_64 ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!") #else diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 75daaf20374e..b4f8c80cc591 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -26,7 +26,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt KBUILD_CFLAGS := $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \ - -include $(srctree)/drivers/firmware/efi/libstub/hidden.h \ + -include $(srctree)/include/linux/hidden.h \ -D__NO_FORTIFY \ $(call cc-option,-ffreestanding) \ $(call cc-option,-fno-stack-protector) \ diff --git a/drivers/firmware/efi/libstub/hidden.h b/drivers/firmware/efi/libstub/hidden.h deleted file mode 100644 index 3493b041f419..000000000000 --- a/drivers/firmware/efi/libstub/hidden.h +++ /dev/null @@ -1,6 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * To prevent the compiler from emitting GOT-indirected (and thus absolute) - * references to any global symbols, override their visibility as 'hidden' - */ -#pragma GCC visibility push(hidden) diff --git a/include/linux/hidden.h b/include/linux/hidden.h new file mode 100644 index 000000000000..49a17b6b5962 --- /dev/null +++ b/include/linux/hidden.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * When building position independent code with GCC using the -fPIC option, + * (or even the -fPIE one on older versions), it will assume that we are + * building a dynamic object (either a shared library or an executable) that + * may have symbol references that can only be resolved at load time. For a + * variety of reasons (ELF symbol preemption, the CoW footprint of the section + * that is modified by the loader), this results in all references to symbols + * with external linkage to go via entries in the Global Offset Table (GOT), + * which carries absolute addresses which need to be fixed up when the + * executable image is loaded at an offset which is different from its link + * time offset. + * + * Fortunately, there is a way to inform the compiler that such symbol + * references will be satisfied at link time rather than at load time, by + * giving them 'hidden' visibility. + */ + +#pragma GCC visibility push(hidden) From patchwork Fri Jul 31 23:07:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695557 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 99D3914B7 for ; Fri, 31 Jul 2020 23:09:30 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6F68A206DA for ; Fri, 31 Jul 2020 23:09:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ijVHON7J"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="hrQvkFF6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F68A206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=l2nRAoDyxEcDvRwVZWqLkYdzJxu0cO88wTDVd6Xzjm8=; b=ijVHON7Jt5tuIm/kLcJ9RnxBZ ujNB+nFooiHRBPnOplt0J21gjY6KCqCl1ZmKx1SkMVWEAUjNKuvGcD//svVJChm3/2Ebs4B6BpHwE HdmLdK8xpiw7KvTqUMS5G7PNOIKlujTv3o/1dU8Ddbo0Z5SrC8y+pGZEm5aSt0O1MdzUagjmTOctj +mNNrPZPAn55zDzmHVEldO9vgYOvYIyMeGv9Yj3MujQkL81Z39WV8M4Ool24IXgbd53Mc13117anN bPFANDqtvndq9G11+lCXsMPNoIctGGBU2g23JCaVe7/0t4+Ih40Y0FZwWiCmFfJfsAg67kPMzF2wx yafTsoA4g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9K-0008La-Ck; Fri, 31 Jul 2020 23:09:15 +0000 Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8k-00083E-6G for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:46 +0000 Received: by mail-pj1-x1043.google.com with SMTP id e4so4840570pjd.0 for ; Fri, 31 Jul 2020 16:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=G4Uyil/3RLKWyY67hAynjAiMWq2oklcnh8xSnmDcb3o=; b=hrQvkFF60z244mOdkjjH8vTWRTxj6MFuCnLo8kbEM3Wg/2jC+TKxxdTO/XWkd+b0rI g0CaufeDiLXoEMx7njzFCvwl6WyD6KBfAsMZD9VgTq42iYleDJO7cHNhgh56YmkKl1tZ l6eO0or+3UHALeW21Xr936DSrkQvYiQzdD7bU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=G4Uyil/3RLKWyY67hAynjAiMWq2oklcnh8xSnmDcb3o=; b=YJP/bVNGCzIuztN1cXDxqWdLK7RAyzpQXG9qmmdGVKXAi1iD4HnwbAUXohGFGx/yoz EpOdXpJAJqFuL7dcbBO1AlGfpElVYLo/WtKFbwjVsaSoq5G3Aqofe47yh7VtavBhbXK3 +mqGboF2eZmKz+IelClBw3NbVxb3FOdWaqrnf+RNVqWDSb/Px5q66vAfe5fKoerFmgSh ZrFsJVcFnsLoEspFkfc2JqTaFQjVnk0d5Ua4BDuC6OXF3QxBmhr8zZcvBPBR3aw0hLqR wZruhJB58NXHSwFuOzse/Zlqgf4pEzL6JEK90uQhCjCWOxtOBvI/b6kpBrHa+4DBcyvu Oc7g== X-Gm-Message-State: AOAM531jkRa+piSVM3VipletqEonBykf3P1n+KLKs3btVeR3fRF9H/Qo ypgn3gSdCWWzB/yCFiJrV3h0dQ== X-Google-Smtp-Source: ABdhPJwvVmZyQwFGyMl+CErylZmdSrKOai9F6LoZgV0UQW0OLBYzwJAoyOaRpEgR8OGBWkMtRNvenA== X-Received: by 2002:a17:902:b18b:: with SMTP id s11mr5649581plr.152.1596236915282; Fri, 31 Jul 2020 16:08:35 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m9sm10186094pjs.18.2020.07.31.16.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:30 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 03/36] x86/boot/compressed: Get rid of GOT fixup code Date: Fri, 31 Jul 2020 16:07:47 -0700 Message-Id: <20200731230820.1742553-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190838_284265_19F02FB2 X-CRM114-Status: GOOD ( 22.54 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Sedat Dilek , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Ard Biesheuvel In a previous patch, we have eliminated GOT entries from the decompressor binary and added an assertion that the .got section is empty. This means that the GOT fixup routines that exist in both the 32-bit and 64-bit startup routines have become dead code, and can be removed. While at it, drop the KEEP() from the linker script, as it has no effect on the contents of output sections that are created by the linker itself. Signed-off-by: Ard Biesheuvel Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Acked-by: Arvind Sankar Link: https://lore.kernel.org/r/20200523120021.34996-4-ardb@kernel.org Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/compressed/head_32.S | 24 ++--------- arch/x86/boot/compressed/head_64.S | 57 -------------------------- arch/x86/boot/compressed/vmlinux.lds.S | 4 +- 3 files changed, 5 insertions(+), 80 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 03557f2174bf..39f0bb43218f 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -49,16 +49,13 @@ * Position Independent Executable (PIE) so that linker won't optimize * R_386_GOT32X relocation to its fixed symbol address. Older * linkers generate R_386_32 relocations against locally defined symbols, - * _bss, _ebss, _got, _egot and _end, in PIE. It isn't wrong, just less - * optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle - * R_386_32 relocations when relocating the kernel. To generate - * R_386_RELATIVE relocations, we mark _bss, _ebss, _got, _egot and _end as - * hidden: + * _bss, _ebss and _end, in PIE. It isn't wrong, just less optimal than + * R_386_RELATIVE. But the x86 kernel fails to properly handle R_386_32 + * relocations when relocating the kernel. To generate R_386_RELATIVE + * relocations, we mark _bss, _ebss and _end as hidden: */ .hidden _bss .hidden _ebss - .hidden _got - .hidden _egot .hidden _end __HEAD @@ -192,19 +189,6 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) shrl $2, %ecx rep stosl -/* - * Adjust our own GOT - */ - leal _got(%ebx), %edx - leal _egot(%ebx), %ecx -1: - cmpl %ecx, %edx - jae 2f - addl %ebx, (%edx) - addl $4, %edx - jmp 1b -2: - /* * Do the extraction, and jump to the new kernel.. */ diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 97d37f0a34f5..bf1ab30acc5b 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -40,8 +40,6 @@ */ .hidden _bss .hidden _ebss - .hidden _got - .hidden _egot .hidden _end __HEAD @@ -353,25 +351,6 @@ SYM_CODE_START(startup_64) /* Set up the stack */ leaq boot_stack_end(%rbx), %rsp - /* - * paging_prepare() and cleanup_trampoline() below can have GOT - * references. Adjust the table with address we are running at. - * - * Zero RAX for adjust_got: the GOT was not adjusted before; - * there's no adjustment to undo. - */ - xorq %rax, %rax - - /* - * Calculate the address the binary is loaded at and use it as - * a GOT adjustment. - */ - call 1f -1: popq %rdi - subq $1b, %rdi - - call .Ladjust_got - /* * At this point we are in long mode with 4-level paging enabled, * but we might want to enable 5-level paging or vice versa. @@ -464,21 +443,6 @@ trampoline_return: pushq $0 popfq - /* - * Previously we've adjusted the GOT with address the binary was - * loaded at. Now we need to re-adjust for relocation address. - * - * Calculate the address the binary is loaded at, so that we can - * undo the previous GOT adjustment. - */ - call 1f -1: popq %rax - subq $1b, %rax - - /* The new adjustment is the relocation address */ - movq %rbx, %rdi - call .Ladjust_got - /* * Copy the compressed kernel to the end of our buffer * where decompression in place becomes safe. @@ -556,27 +520,6 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) jmp *%rax SYM_FUNC_END(.Lrelocated) -/* - * Adjust the global offset table - * - * RAX is the previous adjustment of the table to undo (use 0 if it's the - * first time we touch GOT). - * RDI is the new adjustment to apply. - */ -.Ladjust_got: - /* Walk through the GOT adding the address to the entries */ - leaq _got(%rip), %rdx - leaq _egot(%rip), %rcx -1: - cmpq %rcx, %rdx - jae 2f - subq %rax, (%rdx) /* Undo previous adjustment */ - addq %rdi, (%rdx) /* Apply the new adjustment */ - addq $8, %rdx - jmp 1b -2: - ret - .code32 /* * This is the 32-bit trampoline that will be copied over to low memory. diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 4bcc943842ab..a4a4a59a2628 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -43,9 +43,7 @@ SECTIONS _erodata = . ; } .got : { - _got = .; - KEEP(*(.got)) - _egot = .; + *(.got) } .got.plt : { *(.got.plt) From patchwork Fri Jul 31 23:07:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695565 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A21B414B7 for ; Fri, 31 Jul 2020 23:11:08 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7BA9D205CB for ; Fri, 31 Jul 2020 23:11:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RUPhp0sL"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="KfTF6oqb" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7BA9D205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=jGDN76TuG5d/pF43elz9HieqgyCwClRy/RgGtb0rJi0=; b=RUPhp0sLCNGY6sbfVOBtOnWIl SI2K6sua2nczQ9JD8DU/+OSLsIb+mVAFJJfy++MRkOSDT8lC0DfKQkkUdyvj0TzedlFOquf/0tJTH Ep6ZZODqoj8o89w1iAg2bahRo9paA2GZW1e0EbuHemGWIbh8F8RT4kkH3/aQVa5fwELAILVh/N/d7 suBmKyOzkeFe0eDKR5QxKxQoUHfTTqvrMZ+uI5ZMJXd4fM9r3bmAl1wffjy6AlO2Ezyf4YerkB30R 7+N0n8clgTWfZ1AEBbFEeOh/fJKLHmbkisMV9E+wziU+Q2qFa3LSBysTHAfv8tHKM4ukgxgC/16rc CRApp1BLA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8k-00085V-Pg; Fri, 31 Jul 2020 23:08:38 +0000 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8h-00082u-RD for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:37 +0000 Received: by mail-pf1-x443.google.com with SMTP id w126so15008204pfw.8 for ; Fri, 31 Jul 2020 16:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nYf6T7ak2fI7+X5dAIz+6RF2nee0gRVAMZVc45IKWXs=; b=KfTF6oqbUoVJephh1DS5MUSdhHbSjJv9s6nkBB1vsL6c45/MdK9Cq2XCVdexSGxfu4 THOiI7QqRzwP2n/90cHzxefypDi0PdbyoRZKlyz2/Qj20hx79mrA03A6yogeGoWcWyd8 emQqAuw5FziO/zi0EelZrjIZdVBbEEEaBDj+U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nYf6T7ak2fI7+X5dAIz+6RF2nee0gRVAMZVc45IKWXs=; b=pmv3UJZP7sO45RHma8Ywk5o8WQ0xWjJ56jeTKmV3uoNfOmy1jWWwSZLI/Dr1we/c71 zea4LswmXwg25qLbR+Xm2mdLn3SiyAmVPpLA88eq4uZPqs+qjxe9AX45irprYI7FhWhL 2xHdZpc99kQKfs9qHw7bJZAJQ4tnIHWUgy4hve6CiWKZ0MTP1uBSARZjLl/fpOKmubEE oun9uuamjTvgPoLuPlvydPEu1uDlFQEAajA049w2+BuatJrj1e+NqJU7xSsL35hX/2/e ZzEuzyT3Up2RuHA5IRIIPdJF0N6RDsB6tXAOSGlCvr0jPa5CNE9hWHn9M3RgO3nuGlW0 +mCQ== X-Gm-Message-State: AOAM531hjI4EGJ5qAeIlNC5MyIr/L6YYWVkDet5FQgnjgD/OZQlj5eXt PB12NaX31h3TP3E8Ez3etfr/1w== X-Google-Smtp-Source: ABdhPJy7266h+F7pMy3NP04oOwoKlnNEEd7sTQ64K+tVZoujHRZTB7RMSvGovfv1MI4oIe9oKwOwQQ== X-Received: by 2002:aa7:8143:: with SMTP id d3mr5616752pfn.97.1596236911855; Fri, 31 Jul 2020 16:08:31 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b25sm8429813pft.134.2020.07.31.16.08.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:30 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 04/36] x86/boot: Add .text.* to setup.ld Date: Fri, 31 Jul 2020 16:07:48 -0700 Message-Id: <20200731230820.1742553-5-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190835_935278_4B5B2ED8 X-CRM114-Status: GOOD ( 18.64 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:443 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi@vger.kernel.org, Catalin Marinas , Arvind Sankar , Ard Biesheuvel , linux-arch@vger.kernel.org, Fangrui Song , Masahiro Yamada , x86@kernel.org, Russell King , clang-built-linux@googlegroups.com, Ingo Molnar , Borislav Petkov , Kees Cook , Arnd Bergmann , Sedat Dilek , Nathan Chancellor , Peter Collingbourne , linux-arm-kernel@lists.infradead.org, Nick Desaulniers , linux-kernel@vger.kernel.org, James Morse Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Arvind Sankar gcc puts the main function into .text.startup when compiled with -Os (or -O2). This results in arch/x86/boot/main.c having a .text.startup section which is currently not included explicitly in the linker script setup.ld in the same directory. The BFD linker places this orphan section immediately after .text, so this still works. However, LLD git, since [1], is choosing to place it immediately after the .bstext section instead (this is the first code section). This plays havoc with the section layout that setup.elf requires to create the setup header, for eg on 64-bit: LD arch/x86/boot/setup.elf ld.lld: error: section .text.startup file range overlaps with .header >>> .text.startup range is [0x200040, 0x2001FE] >>> .header range is [0x2001EF, 0x20026B] ld.lld: error: section .header file range overlaps with .bsdata >>> .header range is [0x2001EF, 0x20026B] >>> .bsdata range is [0x2001FF, 0x200398] ld.lld: error: section .bsdata file range overlaps with .entrytext >>> .bsdata range is [0x2001FF, 0x200398] >>> .entrytext range is [0x20026C, 0x2002D3] ld.lld: error: section .text.startup virtual address range overlaps with .header >>> .text.startup range is [0x40, 0x1FE] >>> .header range is [0x1EF, 0x26B] ld.lld: error: section .header virtual address range overlaps with .bsdata >>> .header range is [0x1EF, 0x26B] >>> .bsdata range is [0x1FF, 0x398] ld.lld: error: section .bsdata virtual address range overlaps with .entrytext >>> .bsdata range is [0x1FF, 0x398] >>> .entrytext range is [0x26C, 0x2D3] ld.lld: error: section .text.startup load address range overlaps with .header >>> .text.startup range is [0x40, 0x1FE] >>> .header range is [0x1EF, 0x26B] ld.lld: error: section .header load address range overlaps with .bsdata >>> .header range is [0x1EF, 0x26B] >>> .bsdata range is [0x1FF, 0x398] ld.lld: error: section .bsdata load address range overlaps with .entrytext >>> .bsdata range is [0x1FF, 0x398] >>> .entrytext range is [0x26C, 0x2D3] Add .text.* to the .text output section to fix this, and also prevent any future surprises if the compiler decides to create other such sections. [1] https://reviews.llvm.org/D75225 Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Reviewed-by: Ard Biesheuvel Reviewed-by: Fangrui Song Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/setup.ld | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld index 24c95522f231..49546c247ae2 100644 --- a/arch/x86/boot/setup.ld +++ b/arch/x86/boot/setup.ld @@ -20,7 +20,7 @@ SECTIONS .initdata : { *(.initdata) } __end_init = .; - .text : { *(.text) } + .text : { *(.text .text.*) } .text32 : { *(.text32) } . = ALIGN(16); From patchwork Fri Jul 31 23:07:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695561 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4D8C4138A for ; Fri, 31 Jul 2020 23:10:14 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 146A820791 for ; Fri, 31 Jul 2020 23:10:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="SViM6/p6"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="mgykzLh5" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 146A820791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Yhw9gx3i5YzxgmMi1Y26Ym1rJa2yEyRymnuE0D83Dcg=; b=SViM6/p6B0FHXUs6/Dy5y6S0r Hz4xHpIVo5NeBXKkgCbXc5B99H6Ls1L4hkrPnpX985crDyCLC3fRUHuAj+au8Of1J0fr4JiziW0yI HNHsT/kjVwvZ053Md36jduZG08NkporyFEijxgIK/W2iXSH/tOwMgprWoj/PBCoHsZqjuSE9lNW4d 9S2Rlp05qvTpfL2k0ckt7uSiEYhsQWYZsMJXO24uTYtwYCnjj0JfCm3U9ekf5qbteuVPaUSaZ4eCg GPnR/NxJojEg0vsUy1uX3AIgsfMcw7HrYIyyrPdonTc0IQisOPRLqgySJqPLAUyryJx75HHAcVqru FjGhicqNQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9y-00007B-Fl; Fri, 31 Jul 2020 23:09:54 +0000 Received: from mail-pf1-x434.google.com ([2607:f8b0:4864:20::434]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8n-00086P-SV for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:55 +0000 Received: by mail-pf1-x434.google.com with SMTP id j20so15179093pfe.5 for ; Fri, 31 Jul 2020 16:08:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7Zd2Ynh87FW7HOpGrJRistZj5b4FBma9DtLDgQ63T4c=; b=mgykzLh5rqAUVnTpwkUngTy2kNDoX6P07BeZ25EFuh4ZHPJ9SK861tXHBLEnhLetFy SyMEicP5/j1UeE+Lv3/PjtUac7T3C2Vp+DPjBcy5+tYfvEXg+47XBbvSiNk/u37DARP3 ooVj8/qzmezYDZDec2isFC+Nt2sTAGUWAF8mI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7Zd2Ynh87FW7HOpGrJRistZj5b4FBma9DtLDgQ63T4c=; b=t2wMOiAQVfV2DdK3gfB1zC0eZ2qmRq0NUAAONGdR+KmHWs4bI+SDD4Ead7Ukz+c8f6 vZzKs68x+3oT7uzlcnXnzpLiHabKkY/48Dti9GL1ADrWXJd0zVXJKitU1iw5eokHNNte SjCu5FFzZMtp1S9kBisOvj4VBpgUpy8RfQoZ41pTJda5I9GAdmBD3oxbS5FoPdUmiZz6 /y++cKX1JoabMavqUMwmOx3Crmo99XaGEeQuGNyjm4yT7WOex/2Se98l9TglIWwSW+eY ElJ4FPEUZezjSLxT1g56lRgllDCaoZnuksGVVAU5oAv/NgcpYj3eQUqPGRhewUARKd9W OQzQ== X-Gm-Message-State: AOAM530cfKhvokGVEn8Em5qIB4UBB0TyQOHrZ3TrhVLh/HPEgaRJAEpR 04vUVqHnVHKh2GKC5hE3YPa/lA== X-Google-Smtp-Source: ABdhPJykh8cvPAhA6TSV5Le/rsp8LoFLHZnETjmE/n6iPaGVPPpVUsd2PiZD35xal8aNKhVmwG0cvg== X-Received: by 2002:a63:395:: with SMTP id 143mr5794060pgd.57.1596236919311; Fri, 31 Jul 2020 16:08:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p11sm11344450pgh.80.2020.07.31.16.08.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:35 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 05/36] x86/boot: Remove run-time relocations from .head.text code Date: Fri, 31 Jul 2020 16:07:49 -0700 Message-Id: <20200731230820.1742553-6-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190842_008597_90450960 X-CRM114-Status: GOOD ( 32.83 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:434 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi@vger.kernel.org, Catalin Marinas , Arvind Sankar , Ard Biesheuvel , linux-arch@vger.kernel.org, Fangrui Song , Masahiro Yamada , x86@kernel.org, Russell King , clang-built-linux@googlegroups.com, Ingo Molnar , Borislav Petkov , Kees Cook , Arnd Bergmann , Sedat Dilek , Nathan Chancellor , Peter Collingbourne , linux-arm-kernel@lists.infradead.org, Nick Desaulniers , linux-kernel@vger.kernel.org, James Morse Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Arvind Sankar The assembly code in head_{32,64}.S, while meant to be position-independent, generates run-time relocations because it uses instructions such as leal gdt(%edx), %eax which make the assembler and linker think that the code is using %edx as an index into gdt, and hence gdt needs to be relocated to its run-time address. On 32-bit, with lld Dmitry Golovin reports that this results in a link-time error with default options (i.e. unless -z notext is explicitly passed): LD arch/x86/boot/compressed/vmlinux ld.lld: error: can't create dynamic relocation R_386_32 against local symbol in readonly segment; recompile object files with -fPIC or pass '-Wl,-z,notext' to allow text relocations in the output With the BFD linker, this generates a warning during the build, if --warn-shared-textrel is enabled, which at least Gentoo enables by default: LD arch/x86/boot/compressed/vmlinux ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating a DT_TEXTREL in object On 64-bit, it is not possible to link the kernel as -pie with lld, and it is only possible with a BFD linker that supports -z noreloc-overflow, i.e. versions >2.26. This is because these instructions cannot really be relocated: the displacement field is only 32-bits wide, and thus cannot be relocated for a 64-bit load address. The -z noreloc-overflow option simply overrides the linker error, and results in R_X86_64_RELATIVE relocations that apply a 64-bit relocation to a 32-bit field anyway. This happens to work because nothing will process these run-time relocations. Start fixing this by removing relocations from .head.text: - On 32-bit, use a base register that holds the address of the GOT and reference symbol addresses using @GOTOFF, i.e. leal gdt@GOTOFF(%edx), %eax - On 64-bit, most of the code can (and already does) use %rip-relative addressing, however the .code32 bits can't, and the 64-bit code also needs to reference symbol addresses as they will be after moving the compressed kernel to the end of the decompression buffer. For these cases, reference the symbols as an offset to startup_32 to avoid creating relocations, i.e. leal (gdt-startup_32)(%bp), %eax This only works in .head.text as the subtraction cannot be represented as a PC-relative relocation unless startup_32 is in the same section as the code. Move efi32_pe_entry into .head.text so that it can use the same method to avoid relocations. Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Reviewed-by: Ard Biesheuvel Reviewed-by: Fangrui Song Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook Reported-by: Dmitry Golovin --- arch/x86/boot/compressed/head_32.S | 64 +++++++----------- arch/x86/boot/compressed/head_64.S | 104 ++++++++++++++++++----------- 2 files changed, 90 insertions(+), 78 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 39f0bb43218f..8c1a4f5610f5 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -33,26 +33,10 @@ #include /* - * The 32-bit x86 assembler in binutils 2.26 will generate R_386_GOT32X - * relocation to get the symbol address in PIC. When the compressed x86 - * kernel isn't built as PIC, the linker optimizes R_386_GOT32X - * relocations to their fixed symbol addresses. However, when the - * compressed x86 kernel is loaded at a different address, it leads - * to the following load failure: - * - * Failed to allocate space for phdrs - * - * during the decompression stage. - * - * If the compressed x86 kernel is relocatable at run-time, it should be - * compiled with -fPIE, instead of -fPIC, if possible and should be built as - * Position Independent Executable (PIE) so that linker won't optimize - * R_386_GOT32X relocation to its fixed symbol address. Older - * linkers generate R_386_32 relocations against locally defined symbols, - * _bss, _ebss and _end, in PIE. It isn't wrong, just less optimal than - * R_386_RELATIVE. But the x86 kernel fails to properly handle R_386_32 - * relocations when relocating the kernel. To generate R_386_RELATIVE - * relocations, we mark _bss, _ebss and _end as hidden: + * These symbols needed to be marked as .hidden to prevent the BFD linker from + * generating R_386_32 (rather than R_386_RELATIVE) relocations for them when + * the 32-bit compressed kernel is linked as PIE. This is no longer necessary, + * but it doesn't hurt to keep them .hidden. */ .hidden _bss .hidden _ebss @@ -74,10 +58,10 @@ SYM_FUNC_START(startup_32) leal (BP_scratch+4)(%esi), %esp call 1f 1: popl %edx - subl $1b, %edx + addl $_GLOBAL_OFFSET_TABLE_+(.-1b), %edx /* Load new GDT */ - leal gdt(%edx), %eax + leal gdt@GOTOFF(%edx), %eax movl %eax, 2(%eax) lgdt (%eax) @@ -90,14 +74,16 @@ SYM_FUNC_START(startup_32) movl %eax, %ss /* - * %edx contains the address we are loaded at by the boot loader and %ebx - * contains the address where we should move the kernel image temporarily - * for safe in-place decompression. %ebp contains the address that the kernel - * will be decompressed to. + * %edx contains the address we are loaded at by the boot loader (plus the + * offset to the GOT). The below code calculates %ebx to be the address where + * we should move the kernel image temporarily for safe in-place decompression + * (again, plus the offset to the GOT). + * + * %ebp is calculated to be the address that the kernel will be decompressed to. */ #ifdef CONFIG_RELOCATABLE - movl %edx, %ebx + leal startup_32@GOTOFF(%edx), %ebx #ifdef CONFIG_EFI_STUB /* @@ -108,7 +94,7 @@ SYM_FUNC_START(startup_32) * image_offset = startup_32 - image_base * Otherwise image_offset will be zero and has no effect on the calculations. */ - subl image_offset(%edx), %ebx + subl image_offset@GOTOFF(%edx), %ebx #endif movl BP_kernel_alignment(%esi), %eax @@ -125,10 +111,10 @@ SYM_FUNC_START(startup_32) movl %ebx, %ebp // Save the output address for later /* Target address to relocate to for decompression */ addl BP_init_size(%esi), %ebx - subl $_end, %ebx + subl $_end@GOTOFF, %ebx /* Set up the stack */ - leal boot_stack_end(%ebx), %esp + leal boot_stack_end@GOTOFF(%ebx), %esp /* Zero EFLAGS */ pushl $0 @@ -139,8 +125,8 @@ SYM_FUNC_START(startup_32) * where decompression in place becomes safe. */ pushl %esi - leal (_bss-4)(%edx), %esi - leal (_bss-4)(%ebx), %edi + leal (_bss@GOTOFF-4)(%edx), %esi + leal (_bss@GOTOFF-4)(%ebx), %edi movl $(_bss - startup_32), %ecx shrl $2, %ecx std @@ -153,14 +139,14 @@ SYM_FUNC_START(startup_32) * during extract_kernel below. To avoid any issues, repoint the GDTR * to the new copy of the GDT. */ - leal gdt(%ebx), %eax + leal gdt@GOTOFF(%ebx), %eax movl %eax, 2(%eax) lgdt (%eax) /* * Jump to the relocated address. */ - leal .Lrelocated(%ebx), %eax + leal .Lrelocated@GOTOFF(%ebx), %eax jmp *%eax SYM_FUNC_END(startup_32) @@ -170,7 +156,7 @@ SYM_FUNC_START_ALIAS(efi_stub_entry) add $0x4, %esp movl 8(%esp), %esi /* save boot_params pointer */ call efi_main - leal startup_32(%eax), %eax + /* efi_main returns the possibly relocated address of startup_32 */ jmp *%eax SYM_FUNC_END(efi32_stub_entry) SYM_FUNC_END_ALIAS(efi_stub_entry) @@ -183,8 +169,8 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) * Clear BSS (stack is currently empty) */ xorl %eax, %eax - leal _bss(%ebx), %edi - leal _ebss(%ebx), %ecx + leal _bss@GOTOFF(%ebx), %edi + leal _ebss@GOTOFF(%ebx), %ecx subl %edi, %ecx shrl $2, %ecx rep stosl @@ -198,9 +184,9 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) pushl %ebp /* output address */ pushl $z_input_len /* input_len */ - leal input_data(%ebx), %eax + leal input_data@GOTOFF(%ebx), %eax pushl %eax /* input_data */ - leal boot_heap(%ebx), %eax + leal boot_heap@GOTOFF(%ebx), %eax pushl %eax /* heap area */ pushl %esi /* real mode pointer */ call extract_kernel /* returns kernel location in %eax */ diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index bf1ab30acc5b..11429092c224 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -43,6 +43,32 @@ .hidden _end __HEAD + +/* + * This macro gives the relative virtual address of X, i.e. the offset of X + * from startup_32. This is the same as the link-time virtual address of X, + * since startup_32 is at 0, but defining it this way tells the + * assembler/linker that we do not want the actual run-time address of X. This + * prevents the linker from trying to create unwanted run-time relocation + * entries for the reference when the compressed kernel is linked as PIE. + * + * A reference X(%reg) will result in the link-time VA of X being stored with + * the instruction, and a run-time R_X86_64_RELATIVE relocation entry that + * adds the 64-bit base address where the kernel is loaded. + * + * Replacing it with (X-startup_32)(%reg) results in the offset being stored, + * and no run-time relocation. + * + * The macro should be used as a displacement with a base register containing + * the run-time address of startup_32 [i.e. rva(X)(%reg)], or as an immediate + * [$ rva(X)]. + * + * This macro can only be used from within the .head.text section, since the + * expression requires startup_32 to be in the same section as the code being + * assembled. + */ +#define rva(X) ((X) - startup_32) + .code32 SYM_FUNC_START(startup_32) /* @@ -65,10 +91,10 @@ SYM_FUNC_START(startup_32) leal (BP_scratch+4)(%esi), %esp call 1f 1: popl %ebp - subl $1b, %ebp + subl $ rva(1b), %ebp /* Load new GDT with the 64bit segments using 32bit descriptor */ - leal gdt(%ebp), %eax + leal rva(gdt)(%ebp), %eax movl %eax, 2(%eax) lgdt (%eax) @@ -81,7 +107,7 @@ SYM_FUNC_START(startup_32) movl %eax, %ss /* setup a stack and make sure cpu supports long mode. */ - leal boot_stack_end(%ebp), %esp + leal rva(boot_stack_end)(%ebp), %esp call verify_cpu testl %eax, %eax @@ -108,7 +134,7 @@ SYM_FUNC_START(startup_32) * image_offset = startup_32 - image_base * Otherwise image_offset will be zero and has no effect on the calculations. */ - subl image_offset(%ebp), %ebx + subl rva(image_offset)(%ebp), %ebx #endif movl BP_kernel_alignment(%esi), %eax @@ -124,7 +150,7 @@ SYM_FUNC_START(startup_32) /* Target address to relocate to for decompression */ addl BP_init_size(%esi), %ebx - subl $_end, %ebx + subl $ rva(_end), %ebx /* * Prepare for entering 64 bit mode @@ -152,19 +178,19 @@ SYM_FUNC_START(startup_32) 1: /* Initialize Page tables to 0 */ - leal pgtable(%ebx), %edi + leal rva(pgtable)(%ebx), %edi xorl %eax, %eax movl $(BOOT_INIT_PGT_SIZE/4), %ecx rep stosl /* Build Level 4 */ - leal pgtable + 0(%ebx), %edi + leal rva(pgtable + 0)(%ebx), %edi leal 0x1007 (%edi), %eax movl %eax, 0(%edi) addl %edx, 4(%edi) /* Build Level 3 */ - leal pgtable + 0x1000(%ebx), %edi + leal rva(pgtable + 0x1000)(%ebx), %edi leal 0x1007(%edi), %eax movl $4, %ecx 1: movl %eax, 0x00(%edi) @@ -175,7 +201,7 @@ SYM_FUNC_START(startup_32) jnz 1b /* Build Level 2 */ - leal pgtable + 0x2000(%ebx), %edi + leal rva(pgtable + 0x2000)(%ebx), %edi movl $0x00000183, %eax movl $2048, %ecx 1: movl %eax, 0(%edi) @@ -186,7 +212,7 @@ SYM_FUNC_START(startup_32) jnz 1b /* Enable the boot page tables */ - leal pgtable(%ebx), %eax + leal rva(pgtable)(%ebx), %eax movl %eax, %cr3 /* Enable Long mode in EFER (Extended Feature Enable Register) */ @@ -211,14 +237,14 @@ SYM_FUNC_START(startup_32) * We place all of the values on our mini stack so lret can * used to perform that far jump. */ - leal startup_64(%ebp), %eax + leal rva(startup_64)(%ebp), %eax #ifdef CONFIG_EFI_MIXED - movl efi32_boot_args(%ebp), %edi + movl rva(efi32_boot_args)(%ebp), %edi cmp $0, %edi jz 1f - leal efi64_stub_entry(%ebp), %eax - movl efi32_boot_args+4(%ebp), %esi - movl efi32_boot_args+8(%ebp), %edx // saved bootparams pointer + leal rva(efi64_stub_entry)(%ebp), %eax + movl rva(efi32_boot_args+4)(%ebp), %esi + movl rva(efi32_boot_args+8)(%ebp), %edx // saved bootparams pointer cmpl $0, %edx jnz 1f /* @@ -229,7 +255,7 @@ SYM_FUNC_START(startup_32) * the correct stack alignment for entry. */ subl $40, %esp - leal efi_pe_entry(%ebp), %eax + leal rva(efi_pe_entry)(%ebp), %eax movl %edi, %ecx // MS calling convention movl %esi, %edx 1: @@ -255,18 +281,18 @@ SYM_FUNC_START(efi32_stub_entry) call 1f 1: pop %ebp - subl $1b, %ebp + subl $ rva(1b), %ebp - movl %esi, efi32_boot_args+8(%ebp) + movl %esi, rva(efi32_boot_args+8)(%ebp) SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL) - movl %ecx, efi32_boot_args(%ebp) - movl %edx, efi32_boot_args+4(%ebp) - movb $0, efi_is64(%ebp) + movl %ecx, rva(efi32_boot_args)(%ebp) + movl %edx, rva(efi32_boot_args+4)(%ebp) + movb $0, rva(efi_is64)(%ebp) /* Save firmware GDTR and code/data selectors */ - sgdtl efi32_boot_gdt(%ebp) - movw %cs, efi32_boot_cs(%ebp) - movw %ds, efi32_boot_ds(%ebp) + sgdtl rva(efi32_boot_gdt)(%ebp) + movw %cs, rva(efi32_boot_cs)(%ebp) + movw %ds, rva(efi32_boot_ds)(%ebp) /* Disable paging */ movl %cr0, %eax @@ -345,11 +371,11 @@ SYM_CODE_START(startup_64) /* Target address to relocate to for decompression */ movl BP_init_size(%rsi), %ebx - subl $_end, %ebx + subl $ rva(_end), %ebx addq %rbp, %rbx /* Set up the stack */ - leaq boot_stack_end(%rbx), %rsp + leaq rva(boot_stack_end)(%rbx), %rsp /* * At this point we are in long mode with 4-level paging enabled, @@ -423,7 +449,7 @@ SYM_CODE_START(startup_64) lretq trampoline_return: /* Restore the stack, the 32-bit trampoline uses its own stack */ - leaq boot_stack_end(%rbx), %rsp + leaq rva(boot_stack_end)(%rbx), %rsp /* * cleanup_trampoline() would restore trampoline memory. @@ -435,7 +461,7 @@ trampoline_return: * this function call. */ pushq %rsi - leaq top_pgtable(%rbx), %rdi + leaq rva(top_pgtable)(%rbx), %rdi call cleanup_trampoline popq %rsi @@ -449,9 +475,9 @@ trampoline_return: */ pushq %rsi leaq (_bss-8)(%rip), %rsi - leaq (_bss-8)(%rbx), %rdi - movq $_bss /* - $startup_32 */, %rcx - shrq $3, %rcx + leaq rva(_bss-8)(%rbx), %rdi + movl $(_bss - startup_32), %ecx + shrl $3, %ecx std rep movsq cld @@ -462,15 +488,15 @@ trampoline_return: * during extract_kernel below. To avoid any issues, repoint the GDTR * to the new copy of the GDT. */ - leaq gdt64(%rbx), %rax - leaq gdt(%rbx), %rdx + leaq rva(gdt64)(%rbx), %rax + leaq rva(gdt)(%rbx), %rdx movq %rdx, 2(%rax) lgdt (%rax) /* * Jump to the relocated address. */ - leaq .Lrelocated(%rbx), %rax + leaq rva(.Lrelocated)(%rbx), %rax jmp *%rax SYM_CODE_END(startup_64) @@ -482,7 +508,7 @@ SYM_FUNC_START_ALIAS(efi_stub_entry) movq %rdx, %rbx /* save boot_params pointer */ call efi_main movq %rbx,%rsi - leaq startup_64(%rax), %rax + leaq rva(startup_64)(%rax), %rax jmp *%rax SYM_FUNC_END(efi64_stub_entry) SYM_FUNC_END_ALIAS(efi_stub_entry) @@ -645,7 +671,7 @@ SYM_DATA(efi_is64, .byte 1) #define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) #define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) - .text + __HEAD .code32 SYM_FUNC_START(efi32_pe_entry) /* @@ -667,12 +693,12 @@ SYM_FUNC_START(efi32_pe_entry) call 1f 1: pop %ebx - subl $1b, %ebx + subl $ rva(1b), %ebx /* Get the loaded image protocol pointer from the image handle */ leal -4(%ebp), %eax pushl %eax // &loaded_image - leal loaded_image_proto(%ebx), %eax + leal rva(loaded_image_proto)(%ebx), %eax pushl %eax // pass the GUID address pushl 8(%ebp) // pass the image handle @@ -707,7 +733,7 @@ SYM_FUNC_START(efi32_pe_entry) * use it before we get to the 64-bit efi_pe_entry() in C code. */ subl %esi, %ebx - movl %ebx, image_offset(%ebp) // save image_offset + movl %ebx, rva(image_offset)(%ebp) // save image_offset jmp efi32_pe_stub_entry 2: popl %edi // restore callee-save registers From patchwork Fri Jul 31 23:07:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695569 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8A34D14B7 for ; Fri, 31 Jul 2020 23:11:29 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 16EA82063A for ; Fri, 31 Jul 2020 23:11:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Xi3kpW7X"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="JmjzOVU/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 16EA82063A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Ae7ff3Hlb6aI6n6OasHsSyCTlEaI7WDUHxFqH0a3Cyc=; b=Xi3kpW7Xdx042g9EtUEZAV35X jVB5xdXZfwpRt7bcmnv8BIw6SaYNDct8HGmDoGCzDWgpJ8iu90s7gp+rWAZ4ogW9OFXqYtIpx1Kmw R6ARVVIQWRqnCMRMbEnWqcUr6DZovRpY/poQUcRZhILQiUWfy6wkxSlxL0mSEO7c7yEedzAbJ8hNv jP5rVm7DShsJZLhfHZHmLRQhLtUrWiOSzmi3awYAtbsizF32zljivRGl82CKzKn4DcvFLnU8ydtoH yZL7pVskf1rfonHOUdhSEoOP+kKHq/3HTNBDxraGudmy+dCDfN3xBBUfRUIgMx0n5J2rqvjhj8v6o TxhZjtAJQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9Q-0008NX-Ao; Fri, 31 Jul 2020 23:09:20 +0000 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8l-00085L-1z for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:47 +0000 Received: by mail-pf1-x444.google.com with SMTP id y206so4890846pfb.10 for ; Fri, 31 Jul 2020 16:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/1/CQp/9TCFtUhmrbGSN+G+eKG6hQ9pjXSEZQo4Ae9Q=; b=JmjzOVU/RaXlOiFFOHk7V8/AgGdI46MzdU9wv+02d4f4NTpnQkxZxK1sxR8JoEbPgi ekZ642W7K0Uu+DwjmLOg0sT8EtA4LTkfZsXl74fPoot53WoyOF6ezZtw8E07jBUy0kCC cNh+9RsDnj6ZhCGVfH637wTcaBuJyL8eFcxd4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/1/CQp/9TCFtUhmrbGSN+G+eKG6hQ9pjXSEZQo4Ae9Q=; b=oCpLh75iXWLW6HV/ogLN0xLF84MTEOYYot3ko7zTSL/e+fQi88r8IS+WrvVK0c2rif 0z9XuMlL/jIyH9OXgnbESgA8Sp/ZjaIowrh3fqC3B1RkgjrTKppQyzs7No4cWxLGUWZ/ /Iuav2rMUOoYWsSfXBsLVg0p32xIqkJGwiV1xKMk+25V0pbNdwbomb/dIUy8DhgjffvW cQXQ8QPdSOtGAfoYfCrN1OFLW2jGM0c6+dMztJoFm+/inc6zC0LxML+6GNtj+ixDY3uD FS/kxhS2m5P8nISeN6Yb6/s3Jm9HgqwzLGzkB9iaog1P0rkItlAM7QZpxAqpqQymh7Yf /UNw== X-Gm-Message-State: AOAM532qw6OpqGQlGnLxa8Pu2Wrrb7K0jjj3ZEMdD1tgV5QQv+LFu2Qo 3298+76yqLoLtONdhZSmJl3PyA== X-Google-Smtp-Source: ABdhPJzxNgTd2XHSmAHQMBraWG3bmYByy98gr1UqwK3Ga3Zigw7n1puB/nA4EpZvqv2upYIo490LwQ== X-Received: by 2002:a63:5613:: with SMTP id k19mr5940172pgb.424.1596236916880; Fri, 31 Jul 2020 16:08:36 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s22sm11167471pgv.43.2020.07.31.16.08.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:35 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 06/36] x86/boot: Remove run-time relocations from head_{32, 64}.S Date: Fri, 31 Jul 2020 16:07:50 -0700 Message-Id: <20200731230820.1742553-7-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190839_257925_E9A2FFEE X-CRM114-Status: GOOD ( 17.25 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:444 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi@vger.kernel.org, Catalin Marinas , Arvind Sankar , Ard Biesheuvel , linux-arch@vger.kernel.org, Fangrui Song , Masahiro Yamada , x86@kernel.org, Russell King , clang-built-linux@googlegroups.com, Ingo Molnar , Borislav Petkov , Kees Cook , Arnd Bergmann , Sedat Dilek , Nathan Chancellor , Peter Collingbourne , linux-arm-kernel@lists.infradead.org, Nick Desaulniers , linux-kernel@vger.kernel.org, James Morse Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Arvind Sankar The BFD linker generates run-time relocations for z_input_len and z_output_len, even though they are absolute symbols. This is fixed for binutils-2.35 [1]. Work around this for earlier versions by defining two variables input_len and output_len in addition to the symbols, and use them via position-independent references. This eliminates the last two run-time relocations in the head code and allows us to drop the -z noreloc-overflow flag to the linker. Move the -pie and --no-dynamic-linker LDFLAGS to LDFLAGS_vmlinux instead of KBUILD_LDFLAGS. There shouldn't be anything else getting linked, but this is the more logical location for these flags, and modversions might call the linker if an EXPORT_SYMBOL is left over accidentally in one of the decompressors. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=25754 Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Reviewed-by: Ard Biesheuvel Reviewed-by: Fangrui Song Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 12 ++---------- arch/x86/boot/compressed/head_32.S | 17 ++++++++--------- arch/x86/boot/compressed/head_64.S | 4 ++-- arch/x86/boot/compressed/mkpiggy.c | 6 ++++++ 4 files changed, 18 insertions(+), 21 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 489fea16bcfb..7db0102a573d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -51,16 +51,8 @@ UBSAN_SANITIZE :=n KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. -ifeq ($(CONFIG_X86_32),y) -KBUILD_LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) -else -# To build 64-bit compressed kernel as PIE, we disable relocation -# overflow check to avoid relocation overflow error with a new linker -# command-line option, -z noreloc-overflow. -KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ - && echo "-z noreloc-overflow -pie --no-dynamic-linker") -endif -LDFLAGS_vmlinux := -T +LDFLAGS_vmlinux := $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux += -T hostprogs := mkpiggy HOST_EXTRACFLAGS += -I$(srctree)/tools/include diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 8c1a4f5610f5..659fad53ca82 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -178,18 +178,17 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) /* * Do the extraction, and jump to the new kernel.. */ - /* push arguments for extract_kernel: */ - pushl $z_output_len /* decompressed length, end of relocs */ + /* push arguments for extract_kernel: */ - pushl %ebp /* output address */ - - pushl $z_input_len /* input_len */ + pushl output_len@GOTOFF(%ebx) /* decompressed length, end of relocs */ + pushl %ebp /* output address */ + pushl input_len@GOTOFF(%ebx) /* input_len */ leal input_data@GOTOFF(%ebx), %eax - pushl %eax /* input_data */ + pushl %eax /* input_data */ leal boot_heap@GOTOFF(%ebx), %eax - pushl %eax /* heap area */ - pushl %esi /* real mode pointer */ - call extract_kernel /* returns kernel location in %eax */ + pushl %eax /* heap area */ + pushl %esi /* real mode pointer */ + call extract_kernel /* returns kernel location in %eax */ addl $24, %esp /* diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 11429092c224..9e46729cf162 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -534,9 +534,9 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) movq %rsi, %rdi /* real mode address */ leaq boot_heap(%rip), %rsi /* malloc area for uncompression */ leaq input_data(%rip), %rdx /* input_data */ - movl $z_input_len, %ecx /* input_len */ + movl input_len(%rip), %ecx /* input_len */ movq %rbp, %r8 /* output target address */ - movl $z_output_len, %r9d /* decompressed length, end of relocs */ + movl output_len(%rip), %r9d /* decompressed length, end of relocs */ call extract_kernel /* returns kernel location in %rax */ popq %rsi diff --git a/arch/x86/boot/compressed/mkpiggy.c b/arch/x86/boot/compressed/mkpiggy.c index 7e01248765b2..52aa56cdbacc 100644 --- a/arch/x86/boot/compressed/mkpiggy.c +++ b/arch/x86/boot/compressed/mkpiggy.c @@ -60,6 +60,12 @@ int main(int argc, char *argv[]) printf(".incbin \"%s\"\n", argv[1]); printf("input_data_end:\n"); + printf(".section \".rodata\",\"a\",@progbits\n"); + printf(".globl input_len\n"); + printf("input_len:\n\t.long %lu\n", ilen); + printf(".globl output_len\n"); + printf("output_len:\n\t.long %lu\n", (unsigned long)olen); + retval = 0; bail: if (f) From patchwork Fri Jul 31 23:07:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695559 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B76CB138A for ; Fri, 31 Jul 2020 23:09:41 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8F3F620836 for ; Fri, 31 Jul 2020 23:09:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="goPvHxzn"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="MLXUvi1E" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8F3F620836 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=mY+JKIDni5qZzfiJVtZGdy4DB6OkCwykYhAAg7Pic20=; b=goPvHxznRDIDFU2sAyK5YFKWo OPf9Gwo7SSJBJ+7k6fQnACVJwZMHdx2dVn/D9fYehDgZ6hfCMctdlymnXg5qb1SpkM2/J6FrUeBoL JGpXe6/JMe75VsI7FGJXrDPmqJE35snG5qzd39W/y+kFR/dmA2/PlyBEIK4xU5rVUhzWfjlxpuXZo XLoRs9Ieeg8ogy9+KKpv01v22xfYhO4owFYAJtPfwi8asb9cgaGOs8pGKK6UajA9EAPJ/k9SnmTNE 8DwlsfBJI5d4Qb/wE9X4Fkbhoe2z2QLcVknZnkUpHMEvKunXUuMZbsqJOmL1/on+wukR3i5kM7tu/ Wl491yWrw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9V-0008Pu-Rs; Fri, 31 Jul 2020 23:09:25 +0000 Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8n-000869-1t for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:50 +0000 Received: by mail-pf1-x42a.google.com with SMTP id l2so8848354pff.0 for ; Fri, 31 Jul 2020 16:08:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wOq+Y00LQi/3deraAM6kBuaQbRKnLYOHk6N+NuQVWdA=; b=MLXUvi1EuKG0FE+rIsbID9rRvyHhHP/bC/1H8WYBKVP5ZSFhWYwP+lP5XZpTQ06Bf0 wv4BfOauML6dkzya4CuKy7gALZ+W+9xqlhpjxWQqkL5+umqTPynzx2CVlkxuPT6WpFPO j+sa9r0Kjrijgwt3APFSfc7Wq1KUkGc2Bq+kU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wOq+Y00LQi/3deraAM6kBuaQbRKnLYOHk6N+NuQVWdA=; b=jUoiQzYCtb8oF9JIk0mCbaKlnwmG5SFsVQGiwQTofxEtS/WsEpUuc2MzujUKdMGHq3 hk7yXx/norhkc1icmHcIC+TTKvtF71FTwxIuYm1KLdg57x/qJYaH+gEkiNsemkoEZBbt xzWT4Hrs/U7JAdEzhn9rxLPO6HMRftU0il5xyjfSu0/GgnIphyIe06TTTWbxTVzF8f6A auae9neJxAUbKbM4jYPYITEy+uCPgDV6UKS+wzJEuS1Vzg5oJQICOYcGJ6Jq4Qbiq64M kGzxhb6tk1jnz1UdetZ+zCsKKSsrI92E7gdmDDIrf0NUMQ5v2sAVYl8KZtwrhRtEx/t1 bVVA== X-Gm-Message-State: AOAM5321a3nk6rJP1ZJ6sfgN7GIU4ThXyCbTi4oa+W1+5YECqI8gpe6u RdGwWNQxshbyAzzu4hXpqJjySA== X-Google-Smtp-Source: ABdhPJxilVrjiuHEI9OJNGFNpHOWI1BRRuP7pZ9ogDRckvVa3npz7ZCMJpdwxdsXaIoH3Zh78zy0uA== X-Received: by 2002:a65:620f:: with SMTP id d15mr5623976pgv.270.1596236918800; Fri, 31 Jul 2020 16:08:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m190sm9732049pfm.89.2020.07.31.16.08.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:35 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 07/36] x86/boot: Check that there are no run-time relocations Date: Fri, 31 Jul 2020 16:07:51 -0700 Message-Id: <20200731230820.1742553-8-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190841_434869_9E4700BE X-CRM114-Status: GOOD ( 18.29 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:42a listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi@vger.kernel.org, Catalin Marinas , Arvind Sankar , Ard Biesheuvel , linux-arch@vger.kernel.org, Fangrui Song , Masahiro Yamada , x86@kernel.org, Russell King , clang-built-linux@googlegroups.com, Ingo Molnar , Borislav Petkov , Kees Cook , Arnd Bergmann , Sedat Dilek , Nathan Chancellor , Peter Collingbourne , linux-arm-kernel@lists.infradead.org, Nick Desaulniers , linux-kernel@vger.kernel.org, James Morse Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Arvind Sankar Add a linker script check that there are no run-time relocations, and remove the old one that tries to check via looking for specially-named sections in the object files. Drop the tests for -fPIE compiler option and -pie linker option, as they are available in all supported gcc and binutils versions (as well as clang and lld). Tested-by: Nick Desaulniers Reviewed-by: Kees Cook Reviewed-by: Ard Biesheuvel Reviewed-by: Fangrui Song Reviewed-by: Sedat Dilek Tested-by: Sedat Dilek Signed-off-by: Arvind Sankar Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 28 +++----------------------- arch/x86/boot/compressed/vmlinux.lds.S | 8 ++++++++ 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 7db0102a573d..96d53e300ab6 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -29,7 +29,7 @@ targets := vmlinux vmlinux.bin vmlinux.bin.gz vmlinux.bin.bz2 vmlinux.bin.lzma \ vmlinux.bin.xz vmlinux.bin.lzo vmlinux.bin.lz4 KBUILD_CFLAGS := -m$(BITS) -O2 -KBUILD_CFLAGS += -fno-strict-aliasing $(call cc-option, -fPIE, -fPIC) +KBUILD_CFLAGS += -fno-strict-aliasing -fPIE KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING cflags-$(CONFIG_X86_32) := -march=i386 cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -51,7 +51,7 @@ UBSAN_SANITIZE :=n KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. -LDFLAGS_vmlinux := $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) LDFLAGS_vmlinux += -T hostprogs := mkpiggy @@ -86,30 +86,8 @@ vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a -# The compressed kernel is built with -fPIC/-fPIE so that a boot loader -# can place it anywhere in memory and it will still run. However, since -# it is executed as-is without any ELF relocation processing performed -# (and has already had all relocation sections stripped from the binary), -# none of the code can use data relocations (e.g. static assignments of -# pointer values), since they will be meaningless at runtime. This check -# will refuse to link the vmlinux if any of these relocations are found. -quiet_cmd_check_data_rel = DATAREL $@ -define cmd_check_data_rel - for obj in $(filter %.o,$^); do \ - $(READELF) -S $$obj | grep -qF .rel.local && { \ - echo "error: $$obj has data relocations!" >&2; \ - exit 1; \ - } || true; \ - done -endef - -# We need to run two commands under "if_changed", so merge them into a -# single invocation. -quiet_cmd_check-and-link-vmlinux = LD $@ - cmd_check-and-link-vmlinux = $(cmd_check_data_rel); $(cmd_ld) - $(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE - $(call if_changed,check-and-link-vmlinux) + $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S $(obj)/vmlinux.bin: vmlinux FORCE diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index a4a4a59a2628..29df99b6cc64 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -42,6 +42,12 @@ SECTIONS *(.rodata.*) _erodata = . ; } + .rel.dyn : { + *(.rel.*) + } + .rela.dyn : { + *(.rela.*) + } .got : { *(.got) } @@ -85,3 +91,5 @@ ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT en #else ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!") #endif + +ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!") From patchwork Fri Jul 31 23:07:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695567 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3FA48138A for ; Fri, 31 Jul 2020 23:11:11 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F09E0205CB for ; Fri, 31 Jul 2020 23:11:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="PQcucI1U"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="De36nKOt" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F09E0205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=C2wGw4NelcE4jgKdGhZIbA8HGEQ6xAv/y2dwgeTDqRM=; b=PQcucI1UJz6poZ8Pktvby/Lu1 V9DnFuvVqrcadq7DmC5s4Bu0J7ZRypD9Ykeil1W+1I5A00E8GC14w0AshR4IGQSj7Hrd8KFYRua5e mFdtac8XNyf5LtDe25SGqmrEoVhIROL+3Qitah/1moAanevh2DLRsiUqEy40NaKVLuEVYJ1a8GmRV 5AXjQa/mOeiLI0UBTcZfyQIjLiMMduLwuK1+Ly5vWrxM/JWcmh4JD1WUlHwCJUwZyAU2l9JKqkLN+ kgvTIA5N2PKTpzw+Y2ll+qn5OeYpJq8jQM3i0GADzUNWTfzjONHAMVzo5/xaiHxewXNIdNq+z2tkK 1C8rk9tow==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9G-0008KB-34; Fri, 31 Jul 2020 23:09:10 +0000 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8l-00085M-2B for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:45 +0000 Received: by mail-pf1-x443.google.com with SMTP id z188so7333588pfc.6 for ; Fri, 31 Jul 2020 16:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=trKW+y6QNGDib0LNTvVtHw5m6UTBgmGvLbmxtpBgaL0=; b=De36nKOtpwsMqO/u4tRAWqVBvir2dLkSaohu1f53IavT3wv9lR7e0hWZSL83j1HWKZ rY9B4gPBpbNmb8nPsaGi7A0vFOBYN9VMjC2dQMJB0cZqVHEEmlhv4MftBmYpUmCh97rG af7Dn2HaS1FdHmrNihpjv3LcQzJOvb78J2620= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=trKW+y6QNGDib0LNTvVtHw5m6UTBgmGvLbmxtpBgaL0=; b=r3jsUmShQ9kV/uoJQbnUcK9CGEG04IzEZCxHCqIUIOUlQsjW9fyJIQnvXXttwjjwBh mLCZPIlgctFnF0v1xluhe1rmdII69gPpAuug2e5hrLvBrtIF+P8JQhr6tX3VBHEvwBzp wznxsQ0Cn7hy9AQhbYY+OP5xTUULLZ2s9FMlXnvobRcbVs3m6QiwlAw8dOL77rTBpGSO nqrvQYWlVKk4F1pT69rQaac9IUePe+9x3U+ggH88cRxTM+fUUxcr6OD/uyS4hZmels3D wiJX8iJ6JDJqdrg1mNE23EGy7CmewVdmx1nR52Td7klEeYQTBbv+4+y5yW0Axkq/oDv5 kKgg== X-Gm-Message-State: AOAM533ifqmRCvKxHL1e2Lin7jicp05mw1qqsBBEokWgbz4V8jgbt4bi JitaAiN6/I2+74JE+EsDAvecrg== X-Google-Smtp-Source: ABdhPJxNYU1OV0bbGH5LVe0igil+VUHzo3wFC8ED7HbZKWsssjYo+rn362BnedNm2DgfjyOMkog94g== X-Received: by 2002:a05:6a00:2247:: with SMTP id i7mr5645713pfu.217.1596236917400; Fri, 31 Jul 2020 16:08:37 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p9sm11680681pgc.77.2020.07.31.16.08.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:35 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 08/36] vmlinux.lds.h: Create COMMON_DISCARDS Date: Fri, 31 Jul 2020 16:07:52 -0700 Message-Id: <20200731230820.1742553-9-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190839_247207_52F5EF1C X-CRM114-Status: GOOD ( 14.34 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:443 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Collect the common DISCARD sections for architectures that need more specialized discard control than what the standard DISCARDS section provides. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 052e0f05a984..ff65a20faf4c 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -930,13 +930,16 @@ EXIT_DATA #endif +#define COMMON_DISCARDS \ + *(.discard) \ + *(.discard.*) \ + *(.modinfo) + #define DISCARDS \ /DISCARD/ : { \ EXIT_DISCARDS \ EXIT_CALL \ - *(.discard) \ - *(.discard.*) \ - *(.modinfo) \ + COMMON_DISCARDS \ } /** From patchwork Fri Jul 31 23:07:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695573 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42AA6138A for ; Fri, 31 Jul 2020 23:11:56 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 00D7D2063A for ; Fri, 31 Jul 2020 23:11:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Aylt3YQf"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="QTiM18PS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 00D7D2063A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qZ6wFCYPodWTx8toeVMZgMuNsyq93pB/vKsJ5b2dpX4=; b=Aylt3YQf76i9Ep70uKF4+RINC aFvd2UeXwstiDqR8dPE3H7GZDJy59nPmF8r0IJIOsTr+p43MM1QyR+ZdMokV7t63SzouYqdJLpIHT IK3OzvS2hFpjvCGo5xl4sEyL25Zvwql1BtYMOL5fuiVI/5TCKqFLYISl9uRLmTqr74By/OAGYrYAB /GzZxPJMVg6Fkxl374QtTeq7cFMMwWtC4qMACbCJZGDL3cTuZG6X2/uf5wFehjvR4aDrOiLNj5oG5 RTyAIKA+l3Ba1jmCImxbVmPO2bncEzqzV8LEmN5eu4WiohQNCBzYfQ0vxeqnRgKC1dYKEM4Vj2/aG FjAyR2RuQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9d-0008T7-CK; Fri, 31 Jul 2020 23:09:33 +0000 Received: from mail-pj1-x1041.google.com ([2607:f8b0:4864:20::1041]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8o-00087E-Hg for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:53 +0000 Received: by mail-pj1-x1041.google.com with SMTP id k1so8063951pjt.5 for ; Fri, 31 Jul 2020 16:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=p43AFz9HRqud3tDDBCvs6KJ6+7J0/pvbtdYqvC8Rrnc=; b=QTiM18PSD/w0hkz6+49dNjYlKqnnSgsV4sS24WSmwXoRugebRp4LKDfQC7nvp6fYrV gdiv/4zaHnvqjw3K3WBfdnbxIUyxILgPC3YvpRxpOfsr4hPlZh8d1/YuXCwOkuk052/e SICsCW+maimc1NEbdloMesBJxS2DekZEi7UuM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p43AFz9HRqud3tDDBCvs6KJ6+7J0/pvbtdYqvC8Rrnc=; b=UQ6guOwok8Rv6ap8lRtTLplhzJTuBnLPgZpUb4ctUgFfzekeSWsXqG6qlDyzNOdmDi 19syDDg7cew8MFCrr9ADi07yR/pflwFnmfay4ufXE6VYuBHYbkmFnle84QurGqJwqc/R /1cPBs7qq1jF8yTKkXwTOvUFlkU6/NQBMj8CR+h6qyHajYL65HLKeJrDX+YrOZXLEqhJ vdGzP0EpvC1iY46ZXl9/Q+ls7yheHkW5AvGsiFYArrXBxwd9NBz4KF6qq7dxGikqHVhe 7cjGE376D9D2Bd0aZAYo4UjRSkM9qsoXdsxmfL0UOLqjkpRjN2OGQCn8w7YCbh57Pgv8 uPig== X-Gm-Message-State: AOAM533P1sR+cJQeHNbGNhfd+RC+McV+gdjDwdZB5zTI29w0rd72ycEq sWRKzoCR3narzqYREpcmxVXPvA== X-Google-Smtp-Source: ABdhPJzHq2tL5hzE6rKPhC7MtWzPIpAWUv5VmdLKt6SWnFsYwK4Xv7tulB57SY0c8ooBQQDIA3loyw== X-Received: by 2002:a17:902:8a85:: with SMTP id p5mr5440472plo.89.1596236920452; Fri, 31 Jul 2020 16:08:40 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e26sm7106873pfj.197.2020.07.31.16.08.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:36 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 09/36] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Date: Fri, 31 Jul 2020 16:07:53 -0700 Message-Id: <20200731230820.1742553-10-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190842_631960_73B03F0F X-CRM114-Status: GOOD ( 16.37 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1041 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Fangrui Song , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , Arnd Bergmann Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org For vmlinux linking, no architecture uses the .gnu.version* sections, so remove it via the COMMON_DISCARDS macro in preparation for adding --orphan-handling=warn more widely. This is a work-around for what appears to be a bug[1] in ld.bfd which warns for this synthetic section even when none is found in input objects, and even when no section is emitted for an output object[2]. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=26153 [2] https://lore.kernel.org/lkml/202006221524.CEB86E036B@keescook/ Reviewed-by: Fangrui Song Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index ff65a20faf4c..22985cf02130 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -933,7 +933,9 @@ #define COMMON_DISCARDS \ *(.discard) \ *(.discard.*) \ - *(.modinfo) + *(.modinfo) \ + /* ld.bfd warns about .gnu.version* even when not emitted */ \ + *(.gnu.version*) \ #define DISCARDS \ /DISCARD/ : { \ From patchwork Fri Jul 31 23:07:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695577 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1123914B7 for ; Fri, 31 Jul 2020 23:12:35 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DF88D2063A for ; Fri, 31 Jul 2020 23:12:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="FVKKt6mI"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="fsdMY+h/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DF88D2063A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=WxDz3lO52W7zJ/E4FJO6ZVbibfUFc+DrVUbdGHWePbc=; b=FVKKt6mIVSykeucceldJ7FrJp 8QtO8oEUFJpZ6rzr6WwOGgrbHj883osRKkU1Gv2ZB5E9rSmVyYBgBKWr6uoyno6oxNhs/RwohxJ+Z Az3YSJcp4btKjg2rNH2VHERNVs7KHJSPlLziaKJCnm55WKJpQ0esTgvV73AupX2rtDhpv8/0J+Okk 55sec6Tg4Acnusv2UdHML4GWMvjZ0PpdpewovQNMDb/DdG+CnaKjfKa8hilctNIgQxxI68r2pjbO5 grIhmax9SrecGOhEuMOve+9KpyGhp/2M+DNHwsgYm6X1cusAxR1E9MPr84NrXR7TJSpuyx35ehgjE 5dlZsRNUQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eAI-0000HV-9I; Fri, 31 Jul 2020 23:10:14 +0000 Received: from mail-pj1-x1041.google.com ([2607:f8b0:4864:20::1041]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8o-00087j-QG for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:55 +0000 Received: by mail-pj1-x1041.google.com with SMTP id c6so8077914pje.1 for ; Fri, 31 Jul 2020 16:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KU7M7UNmTUanucRcVkgs3oof+flMLCjuo6z/HYA95R0=; b=fsdMY+h/HCrYg4s8js10KsjHgwZ/i2Vg6ElsNO+/5Zg2zIx4wvLEGL4/ETWMpuY8J2 o+9UZBPQ7ltcKYO+s4x4Ikr8sgtWBgda8uqQnEdYp395MQkyy9U4jdZbNXuXAWEcZT52 2LAHpspS3nzF4NKUhFVimmKrwzLeIv271myqM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KU7M7UNmTUanucRcVkgs3oof+flMLCjuo6z/HYA95R0=; b=ls4LcOQLW/tq3PLzprceUv3Qf7GjRwcEQ3YTsRSOHGexBGC+ssDS6WstlSpiLYtRXZ PRNvbGX9UCoouUJv3RqSG/wIc1TSQY2DeBfZXkMgdwOp7vJIhIj81wNnu/xdZnuRsf12 necNn6eHMofDU2hyq05AzeaaIYdjYcuoS1f/JOSNNQKdU8zaQ2TjLHxupgBqozdgCcIP sfBZ3sO/yitwfedkULlaWId3kSl6S575ylaaX5CgfWLYwzwYV5/wotYQ7zXl4m5oMmxp X+JBEzThFy2DkGpgWB2+TFxXjC5fdmGvPLehgkSo4dq0Bsiplq1n8h/zDQacwYr1iX7p 9M+w== X-Gm-Message-State: AOAM532ZS/MNdp6rDvL6fcs2W+QlY8veFFb8goayd2HAzL9oKsnSdfbZ 7lwbTJK4FDeQ6V4psQQXx3Xb5w== X-Google-Smtp-Source: ABdhPJzKgSd5o5SkMdibqlFZcnSauPEvdVFKBx4sb7CWulX3P8bH0S9YNVBj9d8bmnzdlj8aFKQVbQ== X-Received: by 2002:a17:902:221:: with SMTP id 30mr5688593plc.222.1596236921012; Fri, 31 Jul 2020 16:08:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 17sm9984876pjl.30.2020.07.31.16.08.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:36 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 10/36] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Date: Fri, 31 Jul 2020 16:07:54 -0700 Message-Id: <20200731230820.1742553-11-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190842_915840_B4FBBA19 X-CRM114-Status: GOOD ( 13.86 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1041 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, Marco Elver , linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread) produce unwanted[1] .eh_frame and .init_array.* sections. Add them to COMMON_DISCARDS, except with CONFIG_CONSTRUCTORS, which wants to keep .init_array.* sections. [1] https://bugs.llvm.org/show_bug.cgi?id=46478 Tested-by: Marco Elver Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 22985cf02130..f236cf0fa779 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -930,7 +930,27 @@ EXIT_DATA #endif +/* + * Clang's -fsanitize=kernel-address and -fsanitize=thread produce + * unwanted sections (.eh_frame and .init_array.*), but + * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections. + * https://bugs.llvm.org/show_bug.cgi?id=46478 + */ +#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) +# ifdef CONFIG_CONSTRUCTORS +# define SANITIZER_DISCARDS \ + *(.eh_frame) +# else +# define SANITIZER_DISCARDS \ + *(.init_array) *(.init_array.*) \ + *(.eh_frame) +# endif +#else +# define SANITIZER_DISCARDS +#endif + #define COMMON_DISCARDS \ + SANITIZER_DISCARDS \ *(.discard) \ *(.discard.*) \ *(.modinfo) \ From patchwork Fri Jul 31 23:07:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695575 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 516B4138A for ; Fri, 31 Jul 2020 23:12:32 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1D50920791 for ; Fri, 31 Jul 2020 23:12:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="i9OY5gOl"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="A63cd838" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1D50920791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Zk/RFYbVf+lckVhZZqFruOvA3YK8gvz4UWraNUWNb2I=; b=i9OY5gOlBOP42o2ic/PI0ND6A tmTnLRb9B+HlWJuqG/UCsJdr5xiJkIxyy7pGQ23ADLARgqTQcEUlwXwVsmDIveLusX1F0YkSHKCxE SeUqJkpsX1keT6r916Dho05/UU/t9WBtYNAidZ1SSYcs+oLFqh35wG5GWSxvtnqWKV1YTPx4NcCqk hUzyDVfmi8KXs1Hlv18iJev55W7XX04QABKXbopSEjb6EWeEIzezS3YQ1FTyqD9t0OkqY/4BdQdw0 KxiMRwceQcKibOKKbSco9RFm2Rq7wHz7JKOlgHGYmukYG1dE14c8V8k9JzUVB25XeffOmLt0tt+mT IkG8+P/fA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCB-00018E-CQ; Fri, 31 Jul 2020 23:12:11 +0000 Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8q-00089N-35 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:01 +0000 Received: by mail-pj1-x1043.google.com with SMTP id c6so8077939pje.1 for ; Fri, 31 Jul 2020 16:08:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=o+ddCiDhuNFGc5utBQHqB8G42WH9oIwzI7MN1raBTAA=; b=A63cd838UMnMErrtr599yRMtQbFBGxTxPbbXWY0fMXelNnJyLpMT6YCPIzX7swPqii NBiqlL0JUTiOA2DOwvNL5ueQB4j6bEaWt4WQJ6MegP6v+bIS4jvtKO+0W9xjngLccexd zp9XV9yEKOX/2ahtTlXubV7At5I4RBeJRmfUc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=o+ddCiDhuNFGc5utBQHqB8G42WH9oIwzI7MN1raBTAA=; b=PJjgh3v17fKnMeH75yhD34B8ZT2JSlsR0NdgkaFCq5jgTYkMJ+z5H2xcTx3YE5HvFo nk4/A8fYvGvkJvI1/vfOjd97CO5/Xsux1UDtSm8wmyQJyoYBPu4JAd0FyD2Y08Y1b7ym i3YQpWtKvjlbJvT+o3yjn6AmqNOKiRSlB7tBzZtNjL7bU3aoCHJPPpoQV2T782GHeFPo qGBxZz4/deD/FM1qTzzxknpkcJAoyss9kCXJFKD6hxxIsYXFew8acN62xJNCdvoVvVYH CJWgH7DjtebjOc0nDZ7JOOmJyml4UQCyHbeJ2iGqJsZf4O7nRvdlVBweD28Y3zi/FCFa CyBA== X-Gm-Message-State: AOAM533RibKbvMK4E6Fy/UPUhjBggfNkvl2tID2EdN7x1RReuLI/uz96 fd9XTPry2H4SkR9W2/MG4AUArQ== X-Google-Smtp-Source: ABdhPJx9ov1CyAmJFnwebYroExpPSldkTMZFhcvOoiRSn3hO9JWkg9k5asQ1hxcSFtmWDI4tKXCBUA== X-Received: by 2002:a17:90b:255:: with SMTP id fz21mr2155161pjb.50.1596236922268; Fri, 31 Jul 2020 16:08:42 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 3sm3730734pjo.40.2020.07.31.16.08.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:36 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 11/36] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Date: Fri, 31 Jul 2020 16:07:55 -0700 Message-Id: <20200731230820.1742553-12-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190844_214390_92CAEFEF X-CRM114-Status: GOOD ( 16.74 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The .comment section doesn't belong in STABS_DEBUG. Split it out into a new macro named ELF_DETAILS. This will gain other non-debug sections that need to be accounted for when linking with --orphan-handling=warn. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 1 + arch/arc/kernel/vmlinux.lds.S | 1 + arch/arm/kernel/vmlinux-xip.lds.S | 1 + arch/arm/kernel/vmlinux.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/csky/kernel/vmlinux.lds.S | 1 + arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/kernel/vmlinux.lds.S | 1 + arch/mips/kernel/vmlinux.lds.S | 1 + arch/nds32/kernel/vmlinux.lds.S | 1 + arch/nios2/kernel/vmlinux.lds.S | 1 + arch/openrisc/kernel/vmlinux.lds.S | 1 + arch/parisc/boot/compressed/vmlinux.lds.S | 1 + arch/parisc/kernel/vmlinux.lds.S | 1 + arch/powerpc/kernel/vmlinux.lds.S | 2 +- arch/riscv/kernel/vmlinux.lds.S | 1 + arch/s390/kernel/vmlinux.lds.S | 1 + arch/sh/kernel/vmlinux.lds.S | 1 + arch/sparc/kernel/vmlinux.lds.S | 1 + arch/um/kernel/dyn.lds.S | 2 +- arch/um/kernel/uml.lds.S | 2 +- arch/unicore32/kernel/vmlinux.lds.S | 1 + arch/x86/boot/compressed/vmlinux.lds.S | 2 ++ arch/x86/kernel/vmlinux.lds.S | 1 + include/asm-generic/vmlinux.lds.h | 8 ++++++-- 25 files changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index bc6f727278fd..5b78d640725d 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -72,6 +72,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index 54139a6f469b..33ce59d91461 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -122,6 +122,7 @@ SECTIONS _end = . ; STABS_DEBUG + ELF_DETAILS DISCARDS .arcextmap 0 : { diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 6d2be994ae58..3d4e88f08196 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -152,6 +152,7 @@ SECTIONS _end = .; STABS_DEBUG + ELF_DETAILS } /* diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 7f24bc08403e..5592f14b7e35 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -151,6 +151,7 @@ SECTIONS _end = .; STABS_DEBUG + ELF_DETAILS } #ifdef CONFIG_STRICT_KERNEL_RWX diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 5423ffe0a987..df2916b25ee0 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -242,6 +242,7 @@ SECTIONS _end = .; STABS_DEBUG + ELF_DETAILS HEAD_SYMBOLS } diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S index f05b413df328..f03033e17c29 100644 --- a/arch/csky/kernel/vmlinux.lds.S +++ b/arch/csky/kernel/vmlinux.lds.S @@ -109,6 +109,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S index 0ca2471ddb9f..35b18e55eae8 100644 --- a/arch/hexagon/kernel/vmlinux.lds.S +++ b/arch/hexagon/kernel/vmlinux.lds.S @@ -67,5 +67,6 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS } diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index d259690eb91a..9b265783be6a 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -218,6 +218,7 @@ SECTIONS { STABS_DEBUG DWARF_DEBUG + ELF_DETAILS /* Default discards */ DISCARDS diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S index f185a85a27c1..5e97e9d02f98 100644 --- a/arch/mips/kernel/vmlinux.lds.S +++ b/arch/mips/kernel/vmlinux.lds.S @@ -202,6 +202,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS /* These must appear regardless of . */ .gptab.sdata : { diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S index 7a6c1cefe3fe..6a91b965fb1e 100644 --- a/arch/nds32/kernel/vmlinux.lds.S +++ b/arch/nds32/kernel/vmlinux.lds.S @@ -64,6 +64,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S index c55a7cfa1075..126e114744cb 100644 --- a/arch/nios2/kernel/vmlinux.lds.S +++ b/arch/nios2/kernel/vmlinux.lds.S @@ -58,6 +58,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S index 60449fd7f16f..d287dbb84d0f 100644 --- a/arch/openrisc/kernel/vmlinux.lds.S +++ b/arch/openrisc/kernel/vmlinux.lds.S @@ -115,6 +115,7 @@ SECTIONS /* Throw in the debugging sections */ STABS_DEBUG DWARF_DEBUG + ELF_DETAILS /* Sections to be discarded -- must be last */ DISCARDS diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S index 2ac3a643f2eb..ab7b43990857 100644 --- a/arch/parisc/boot/compressed/vmlinux.lds.S +++ b/arch/parisc/boot/compressed/vmlinux.lds.S @@ -84,6 +84,7 @@ SECTIONS } STABS_DEBUG + ELF_DETAILS .note 0 : { *(.note) } /* Sections to be discarded */ diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 53e29d88f99c..2769eb991f58 100644 --- a/arch/parisc/kernel/vmlinux.lds.S +++ b/arch/parisc/kernel/vmlinux.lds.S @@ -164,6 +164,7 @@ SECTIONS _end = . ; STABS_DEBUG + ELF_DETAILS .note 0 : { *(.note) } /* Sections to be discarded */ diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 326e113d2e45..e0548b4950de 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -360,8 +360,8 @@ SECTIONS PROVIDE32 (end = .); STABS_DEBUG - DWARF_DEBUG + ELF_DETAILS DISCARDS /DISCARD/ : { diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index e6f8016b366a..00a325289a26 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -97,6 +97,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 37695499717d..177ccfbda40a 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -181,6 +181,7 @@ SECTIONS /* Debugging sections. */ STABS_DEBUG DWARF_DEBUG + ELF_DETAILS /* Sections to be discarded */ DISCARDS diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S index bde7a6c01aaf..3161b9ccd2a5 100644 --- a/arch/sh/kernel/vmlinux.lds.S +++ b/arch/sh/kernel/vmlinux.lds.S @@ -76,6 +76,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S index f99e99e58075..d55ae65a07ad 100644 --- a/arch/sparc/kernel/vmlinux.lds.S +++ b/arch/sparc/kernel/vmlinux.lds.S @@ -187,6 +187,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S index f5001481010c..dacbfabf66d8 100644 --- a/arch/um/kernel/dyn.lds.S +++ b/arch/um/kernel/dyn.lds.S @@ -164,8 +164,8 @@ SECTIONS PROVIDE (end = .); STABS_DEBUG - DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S index 3b6dab3d4501..45d957d7004c 100644 --- a/arch/um/kernel/uml.lds.S +++ b/arch/um/kernel/uml.lds.S @@ -108,8 +108,8 @@ SECTIONS PROVIDE (end = .); STABS_DEBUG - DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/arch/unicore32/kernel/vmlinux.lds.S b/arch/unicore32/kernel/vmlinux.lds.S index 6fb320b337ef..22eb642c7280 100644 --- a/arch/unicore32/kernel/vmlinux.lds.S +++ b/arch/unicore32/kernel/vmlinux.lds.S @@ -54,6 +54,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS /* Exit code and data */ } diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 29df99b6cc64..3c2ee9a5bf43 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -82,6 +82,8 @@ SECTIONS . = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */ _end = .; + ELF_DETAILS + DISCARDS } diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 9a03e5b23135..0cc035cb15f1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -411,6 +411,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG + ELF_DETAILS DISCARDS } diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index f236cf0fa779..22c9a68c02ae 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -34,6 +34,7 @@ * * STABS_DEBUG * DWARF_DEBUG + * ELF_DETAILS * * DISCARDS // must be the last * } @@ -787,14 +788,17 @@ .debug_macro 0 : { *(.debug_macro) } \ .debug_addr 0 : { *(.debug_addr) } - /* Stabs debugging sections. */ +/* Stabs debugging sections. */ #define STABS_DEBUG \ .stab 0 : { *(.stab) } \ .stabstr 0 : { *(.stabstr) } \ .stab.excl 0 : { *(.stab.excl) } \ .stab.exclstr 0 : { *(.stab.exclstr) } \ .stab.index 0 : { *(.stab.index) } \ - .stab.indexstr 0 : { *(.stab.indexstr) } \ + .stab.indexstr 0 : { *(.stab.indexstr) } + +/* Required sections not related to debugging. */ +#define ELF_DETAILS \ .comment 0 : { *(.comment) } #ifdef CONFIG_GENERIC_BUG From patchwork Fri Jul 31 23:07:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695563 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6B371138A for ; Fri, 31 Jul 2020 23:10:53 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2291A205CB for ; Fri, 31 Jul 2020 23:10:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="aziGJ/EA"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="UOmfMzCm" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2291A205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=hFwbh4q5MMcCe7rmFcs3LXMbt9m+BSjgGMLELxDzdJc=; b=aziGJ/EA44b9wT/1zc/GoCQ94 Ks/24NG4xCt0Ewj+EwrGvbZYPQZnvcMyVPI1DKbouUf8wFUufOyBCdozOLubGIvwCRpWW5wZ6+m5g ZR5vBQCSsy7itrgGb9KqvImuXo5LeREqj46KbUQ/B+XNY3IYX06BPFCBqMUu7mlrzuF5rQ5/+dsBb 7SpTc2WODe/XPHaCtHhU5y9cRnDkkFupT/XHqGFdxsVvKfNkWLfIS4dqjkl3FMGm8oSEBU0qeL2qd a5YTm2UmomRckT3sSZjMWY4lfv9UzD6KjsPB4oSEhmDCZDIiMHmfVTzSuUK2NM75uQNdMlgrJJPyo o6my8fHyA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eAb-0000Qw-7g; Fri, 31 Jul 2020 23:10:33 +0000 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8p-00088e-I7 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:56 +0000 Received: by mail-pf1-x443.google.com with SMTP id u185so15191247pfu.1 for ; Fri, 31 Jul 2020 16:08:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/xo3Q84YrxwUiWcBw2aOaAxjUU+KH/ct5i4ArRZb6NA=; b=UOmfMzCmziqUvRhPYa+yYqVSk1m4tQNkydUKWMwHOqa9jOGpy2SdYgaJLcq/mHaWXh zacXLwriPv2Ri+BNefUVSy7N+waQxDV79aIcfmEBlB5x2MgmKl6KXLtRXHiNRlOgfhju VFSHbOijca+jat3MDYqe3dO3/6omRradiMlw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/xo3Q84YrxwUiWcBw2aOaAxjUU+KH/ct5i4ArRZb6NA=; b=udloFocuea7GCi0NWf7f3f/PoUretxw8BlthCS6bI4tJJ1X5Hjfr/Z5hZJC1OnzTB7 dSMDAIO6w3NmJPq+gGtL7+akfQWA4fP8O0je9psSBJgfb2e6AWl/fvDhgawSrHbWelKH mNS6w72Bdg04sbbXWg5uS5sNTlAXJ64dhWZWbTjAFYILSbfrZ2psmh1D47LvrWvfsOMp V9pKDwK8wHEcLRoYeKcA0/YRLQvSSSYEu0LjGLIRtVsJ1QSETwZffoyB6+uVjMbNTf9M iZbgqK5OesaXssrvb3LVDvS/I5ZDhyz67b3Wsl90MXn5DlSVbbOWixm94WIZ9oRsCJe9 L0sQ== X-Gm-Message-State: AOAM530Cf+iHSJjpGWg15IV7b+PC0XfldVkeKRh8LZOL2mZkqJWmHFkw 6I2wrilKnqZIjSJkOcoofMnmZA== X-Google-Smtp-Source: ABdhPJzj+UXk+6XOR8nQ2GzywdieZm9fcrAxd+t6miZrKiy5n0SgtqPnKj/QvJ0LP/t472pshpKEKA== X-Received: by 2002:a05:6a00:22c4:: with SMTP id f4mr5321141pfj.273.1596236921685; Fri, 31 Jul 2020 16:08:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id i13sm9909036pjd.33.2020.07.31.16.08.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:36 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 12/36] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Date: Fri, 31 Jul 2020 16:07:56 -0700 Message-Id: <20200731230820.1742553-13-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190843_707306_0CCA8CE0 X-CRM114-Status: GOOD ( 14.59 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:443 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Fangrui Song , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , Arnd Bergmann Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org When linking vmlinux with LLD, the synthetic sections .symtab, .strtab, and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section so there will be no warnings when --orphan-handling=warn is used more widely. (They are added above comment as it is the more common order[1].) ld.lld: warning: :(.symtab) is being placed in '.symtab' ld.lld: warning: :(.shstrtab) is being placed in '.shstrtab' ld.lld: warning: :(.strtab) is being placed in '.strtab' [1] https://lore.kernel.org/lkml/20200622224928.o2a7jkq33guxfci4@google.com/ Reported-by: Fangrui Song Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 22c9a68c02ae..2593957f6e8b 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -799,7 +799,10 @@ /* Required sections not related to debugging. */ #define ELF_DETAILS \ - .comment 0 : { *(.comment) } + .comment 0 : { *(.comment) } \ + .symtab 0 : { *(.symtab) } \ + .strtab 0 : { *(.strtab) } \ + .shstrtab 0 : { *(.shstrtab) } #ifdef CONFIG_GENERIC_BUG #define BUG_TABLE \ From patchwork Fri Jul 31 23:07:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695591 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42837138A for ; Fri, 31 Jul 2020 23:15:09 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CB836206DA for ; Fri, 31 Jul 2020 23:15:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KgLgHHM4"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="IPdfxoRv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CB836206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=UGV+/NirDax2UQZeVCodPut1MACd0oYYZBtvgwVs0Gw=; b=KgLgHHM4GeVGYqcDs41KgiuBu ShusfEfo4g2CeTLcO8+gkYyLDc+LKJYajY+u4mISzeDxTUm9naoAfUuFxFEQpNN8+Pp8q3PxIGv4N V3/QX+EHJpeqs+225UNiCVqa/zMl8aotCBEBN2Jso8+oDpzmovrcwcbmQamPh/3UwaZeBxcp5sgkp dkYiVIy/wroLqZIJ0lXPBIV9sLnFVnFRV/N6vHsNH3++sRw5n4hQ0XaYniHiDdFxhyIaFPjUgwhsH sKaNK21uCFEtyZ2rt1S/7BmklYbT2KMO5uJUeO4fZNmHGH4XUIt2D7C5enU7VvqI/20Ocn4jACTN8 Ls7xK2Q2A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eBw-0000xj-DA; Fri, 31 Jul 2020 23:11:56 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8t-0008An-H9 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:00 +0000 Received: by mail-pf1-x442.google.com with SMTP id j20so15179171pfe.5 for ; Fri, 31 Jul 2020 16:08:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wsZ5gbKBfJpS0kEAhEgSsyY+vol7k0zdc2IVxjvZo+s=; b=IPdfxoRvS6R1x5paoBrA7xxYsYLtGQVxRFU7dvuKabenpplKg1IEjvbhFySTmU+Zh2 pNWc8NWMXSOA09JW8gD/0su2yMzSuM6k8hmeNUhvpGyiw2SmpiBLNR4PFrXPpgojBRMR hbzjAFfKzFOv7KayapCPYkLupuCPvPBt2/X9g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wsZ5gbKBfJpS0kEAhEgSsyY+vol7k0zdc2IVxjvZo+s=; b=nIJtH7P97L8RaSE6xsyFRVy+T26UR+Adt9pI9atQetM3yBuiLmQ5E2NWFyTq0920n1 ckHLh+bqUDbCO0rmFCv0AZNBBqtc2+n6P5ekLssnvqKrZ/ISggWyiWRh1hhSLYzxZAFc cl3vVacG2853aCAT5N7ArrKFhIDU0oEg1cyOgABNRrGeAyAQrqVyQiX9mFMZzWJgRGHx GAMV00qhVJ7Q6EszgBYlzBg7kkAUyTkcDT34ogYyVFUPpJqOs66tjUBCb3uXZxL6Xj6Z V1yaUHoPYVSz9eu9xZkzK+UyHyzdWPS6rdCFl7e9bjX1pnFRLex+V3FXSR83Z69l8Imr cfYw== X-Gm-Message-State: AOAM531Y2+HDMtdhY7bhds+YNgi5jx1zKqGQoWma+kZ7MHvSpqRmKbYm wQR1WUeffbMXBToua7McfMUS1g== X-Google-Smtp-Source: ABdhPJw+P56sPmrzKAh4KNkCFVEtBiUO7T0C8QAnvabXluMUkrjDoDQBKdjDkoM7tlMAV3f0yil7bg== X-Received: by 2002:a63:9246:: with SMTP id s6mr5522207pgn.22.1596236924597; Fri, 31 Jul 2020 16:08:44 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x9sm10524734pgr.57.2020.07.31.16.08.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:39 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections Date: Fri, 31 Jul 2020 16:07:57 -0700 Message-Id: <20200731230820.1742553-14-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190847_668510_7AD40598 X-CRM114-Status: GOOD ( 19.97 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi@vger.kernel.org, Catalin Marinas , Arvind Sankar , Manoj Gupta , Ard Biesheuvel , linux-arch@vger.kernel.org, =?utf-8?b?RsSBbmctcnXDrCBTw7JuZw==?= , Masahiro Yamada , x86@kernel.org, Russell King , clang-built-linux@googlegroups.com, Ingo Molnar , Luis Lozano , Borislav Petkov , Kees Cook , Arnd Bergmann , Jian Cai , Nathan Chancellor , Peter Collingbourne , linux-arm-kernel@lists.infradead.org, Nick Desaulniers , linux-kernel@vger.kernel.org, stable@vger.kernel.org, James Morse Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Nick Desaulniers Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too. When compiling with profiling information (collected via PGO instrumentations or AutoFDO sampling), Clang will separate code into .text.hot, .text.unlikely, or .text.unknown sections based on profiling information. After D79600 (clang-11), these sections will have a trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown.. When using -ffunction-sections together with profiling infomation, either explicitly (FGKASLR) or implicitly (LTO), code may be placed in sections following the convention: .text.hot., .text.unlikely., .text.unknown. where , , and are functions. (This produces one section per function; we generally try to merge these all back via linker script so that we don't have 50k sections). For the above cases, we need to teach our linker scripts that such sections might exist and that we'd explicitly like them grouped together, otherwise we can wind up with code outside of the _stext/_etext boundaries that might not be mapped properly for some architectures, resulting in boot failures. If the linker script is not told about possible input sections, then where the section is placed as output is a heuristic-laiden mess that's non-portable between linkers (ie. BFD and LLD), and has resulted in many hard to debug bugs. Kees Cook is working on cleaning this up by adding --orphan-handling=warn linker flag used in ARCH=powerpc to additional architectures. In the case of linker scripts, borrowing from the Zen of Python: explicit is better than implicit. Also, ld.bfd's internal linker script considers .text.hot AND .text.hot.* to be part of .text, as well as .text.unlikely and .text.unlikely.*. I didn't see support for .text.unknown.*, and didn't see Clang producing such code in our kernel builds, but I see code in LLVM that can produce such section names if profiling information is missing. That may point to a larger issue with generating or collecting profiles, but I would much rather be safe and explicit than have to debug yet another issue related to orphan section placement. Reported-by: Jian Cai Suggested-by: Fāng-ruì Sòng Tested-by: Luis Lozano Tested-by: Manoj Gupta Acked-by: Kees Cook Cc: stable@vger.kernel.org Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655 Link: https://reviews.llvm.org/D79600 Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760 Debugged-by: Luis Lozano Signed-off-by: Nick Desaulniers Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 2593957f6e8b..af5211ca857c 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -561,7 +561,10 @@ */ #define TEXT_TEXT \ ALIGN_FUNCTION(); \ - *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \ + *(.text.hot .text.hot.*) \ + *(TEXT_MAIN .text.fixup) \ + *(.text.unlikely .text.unlikely.*) \ + *(.text.unknown .text.unknown.*) \ NOINSTR_TEXT \ *(.text..refcount) \ *(.ref.text) \ From patchwork Fri Jul 31 23:07:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695571 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 389AC14B7 for ; Fri, 31 Jul 2020 23:11:53 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D99DA205CB for ; Fri, 31 Jul 2020 23:11:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="a6ovTMrD"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="R0afgxMV"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="eXzbc1BP" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D99DA205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=F55fS79iV//Tleh9405tSmma8yPXs9HNrMf3GmRUl1M=; b=a6ovTMrDXTQ3Mieih2O5taruM r1N/Na7E+s2LuldsjqmmPSjmeuWpZIAse3ISzDzqWQP11sBvMhspUvwC9rcjmt74eR9L23BGgKdkM quAU3e2pcncXl1TIL/LO4ITPSJBQl/8Quf3zBHE49jU8e6kpN1VySpny4ydSS4P1tYIl6VYjtpXJB ygqBtbaXwZn2tdRkGNI7tDupqSvYMaf2vylLFdHbQ85Qu+ZgbG0fietexCs1Zq8c8khC85ic+DaP8 bP7SNYlbHhmiCGOIT/1YHuMEFxtHW4g6WFGfCZfhpf/ncvHgKh8XOAMVJuWo1oX/a4f5XkKu+5t43 b+WV1gsAw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eBN-0000l1-N0; Fri, 31 Jul 2020 23:11:22 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e94-0008GI-VP for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:08:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=GiVQAgnHSmh3I5R0gtbyLBJa4hDaxzbWftSOld1BSI0=; b=R0afgxMVksk9EPQCqj2QcREPZp 5hMg/jq65U3ZQwpKXKFHtJittfDE+lnWSEReSTOmp5xvtJgRJwbIo29CC5qBpG5odhlKBd8qjFktv OMxKGkjoaPPj0/l5ajsdmaalxnz/pFKdzmS3kf/1EXlAE8+kJrc3918e5cCeJe4okCIPIBQKyTP9N M5OUbO3+IskOjiXFwZ0u0IYIMrQURoFBHwykCEemT6jYAR7LbA1v33Xn7qoADVWLYRYmP5uoFXbv8 VTBy5rfOtr+Maq26KeMTk0oPZ8UB3TYe7VxEWw/K5BLILPyk/UC28aldEwarcPQqf7sCLpFCZcAlF 59dlaEYQ==; Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8s-0000Z6-Pb for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:57 +0000 Received: by mail-pf1-x442.google.com with SMTP id s26so15178495pfm.4 for ; Fri, 31 Jul 2020 16:08:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=GiVQAgnHSmh3I5R0gtbyLBJa4hDaxzbWftSOld1BSI0=; b=eXzbc1BPKkTHPMZyF8VMqMXApjwlt+Z0Q4rDhEXSO/t0UYVMGhVF2JvNEDOO9RLwvH 2iTlarNmR2z09AgsvCjkYUsb5PlzXqXLkM6GENu0SdaRyStQUuDsuPkPWsufjYyiDb2N XwF2edaq78XYfUe1PD8t2h2H1ccKfVc9P+lhk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=GiVQAgnHSmh3I5R0gtbyLBJa4hDaxzbWftSOld1BSI0=; b=lsf3ciSS/tzyfjkg/fyVHlWIZVDnlEzMuuNpjbTrDBzsJA5mx05wk7vNE9UGcvcqrV hiDkGlG47ynG8B1oEf1WMyNrua8/LC059xiIjK1OQqn10X0a7nZha7cWdBQEtmhMC4Tc EYg4z/l+lXp3iUm2eTFlCUP4hykvjjSWV+sGa8ESlP7cNVeMwZGNKYhixVTSw4CZYTIM J4RAa/P4Qy5PMsX18RKG1oqNSW9e7byBRw3bxMRTesaTAJ9zmdcTzhKJY435bfEcGgo6 i15CTD5cB6pU5Q73/tQeQrP32cwjb2HswJOszW9ZEJLFU7sydZ3Jxbw7PFO0ikQO+ZIM SPPA== X-Gm-Message-State: AOAM532cYXzyvkqbXzvRFNzvnnMepyoE8RDKsw9fZq3g8hBAip/GHChw GQI+a5zdW7dwX+LRAkowSODV3g== X-Google-Smtp-Source: ABdhPJyRco/+NDd+heFvXx5i5JyQetAJX+BYme+lc8pixFz7LH/UuTvXw+HXPYf+c6sJEWtGbRKmtQ== X-Received: by 2002:a63:6ca:: with SMTP id 193mr5786021pgg.269.1596236924037; Fri, 31 Jul 2020 16:08:44 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id o23sm12166552pfd.126.2020.07.31.16.08.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:39 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 14/36] efi/libstub: Disable -mbranch-protection Date: Fri, 31 Jul 2020 16:07:58 -0700 Message-Id: <20200731230820.1742553-15-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000848_401845_648D62EB X-CRM114-Status: GOOD ( 16.15 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , clang-built-linux@googlegroups.com, Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, Atish Patra , Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for adding --orphan-handling=warn to more architectures, disable -mbranch-protection, as EFI does not yet support it[1]. This was noticed due to it producing unwanted .note.gnu.property sections (prefixed with .init due to the objcopy build step). However, we must also work around a bug in Clang where the section is still emitted for code-less object files[2], so also remove the section during the objcopy. [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com [2] https://bugs.llvm.org/show_bug.cgi?id=46480 Cc: Arvind Sankar Cc: Atish Patra Cc: linux-efi@vger.kernel.org Acked-by: Ard Biesheuvel Reviewed-by: Nick Desaulniers Signed-off-by: Kees Cook --- drivers/firmware/efi/libstub/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index b4f8c80cc591..d7d395ede89f 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -18,7 +18,8 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \ # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly # disable the stackleak plugin cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ - -fpie $(DISABLE_STACKLEAK_PLUGIN) + -fpie $(DISABLE_STACKLEAK_PLUGIN) \ + $(call cc-option,-mbranch-protection=none) cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ -fno-builtin -fpic \ $(call cc-option,-mno-single-pic-base) @@ -66,6 +67,12 @@ lib-$(CONFIG_X86) += x86-stub.o CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) +# Even when -mbranch-protection=none is set, Clang will generate a +# .note.gnu.property for code-less object files (like lib/ctype.c), +# so work around this by explicitly removing the unwanted section. +# https://bugs.llvm.org/show_bug.cgi?id=46480 +STUBCOPY_FLAGS-y += --remove-section=.note.gnu.property + # # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the # .bss section, so the .bss section of the EFI stub needs to be included in the From patchwork Fri Jul 31 23:07:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695615 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C4A3138C for ; Fri, 31 Jul 2020 23:21:05 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D937920791 for ; Fri, 31 Jul 2020 23:21:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Kt8lwAoW"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="XZ/hdSqG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D937920791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=AHDFOZY/oGSS6OXRVDgaMaSJd6fvYfMsRZZGfk5r1Q0=; b=Kt8lwAoWqWhLv876MZ9cjx5nM aJPgW4hrFGmr+s+f/xGQR3yFh3jvSaRHMwuDa3oYoX4fAfXigf18iQP26tNqhfyliRbGhTNDQdZQa rBK1QbEvH2zJ6yyRjQJ+Ha2VwU2yYeKSnP1cpsN8L8iVqZI6d1eI4cRj+kqb8d5wqqIntQvZdGWZI jfMpmAv/FaGS8i52Tm7cy1GF5vh0DyexlcIhCOJ8h3n14RowwrOrrS0UM6N1X2SiIY6sQCNGSXPDd Ow//pwez9s47sQom6P56rtljp0EyzPXvRmP4fXZ5cVGl8un2e2E06dvD2J0fpGEU9nUJHAv0IcDgt IpxQff6/w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIz-0001CR-Dh; Fri, 31 Jul 2020 23:19:13 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI5-0000kU-OT for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:20 +0000 Received: by mail-pl1-x644.google.com with SMTP id q17so18093488pls.9 for ; Fri, 31 Jul 2020 16:18:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dTlH0MxU2Zy7x/fgIfuiZYJNDywGHlIxz6xu6/7rQq0=; b=XZ/hdSqGOXxtc3cUCRpcO3X+flbjfzVQ9wRzdah5JRxSjtKauEC+KmC6JKLNVw6K0I 0odKqTFybGrYU3HrvRFA6uTa+ZpJfhVd4ftn5sSo4zWNF0KyI4iOS2pUVCJ6VEYKS+Za zJ5gM/J22lvp+RGJ6myvn1iQm4hMGsG/qPnG8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dTlH0MxU2Zy7x/fgIfuiZYJNDywGHlIxz6xu6/7rQq0=; b=YGgp38C3+AXk4H2G2pEEz1zI1Ert7+bIC9ZoRuMM/cAyBabhzPr4dTLs2kN7qVbpmv aawpbLQSBSn//IwRjJ20BDcOZPzqaWzPn5BIIC1r0jF9XOzdN+Xjf8CLxq48rp5FA8WK LBzbyms714i06izVQq4ROUWHN9YNYvkPf7sfy8TRIHSQULuQBb8EFRl/r+W702bJ+lVr 3IF4aEF9qqrXRl3sPWuluU4GjtDQ2HPxRZUjGE6/mB9zbfjGi9ihhufrECVtQZCD5wM4 5C0lGRNAuS5cdaGMjsBz5ubIQSeFKL3xOmAKBSSSrxKArzMGqNXeaGDNAX/QyK7644O2 Im8w== X-Gm-Message-State: AOAM531aQXEqzx+poKTCGqbVanGU8YdAjbezg/Iwq8/u+9ygS2+tLvFw 0dT4IAbpyL2nzyt1Zif8+yE/4w== X-Google-Smtp-Source: ABdhPJzf0olkAIljTwX2os818gCPZMZcjJOtgbWSTwGCt5MV/6unatQm6z/7QVNN+viuWaDDBfNmHQ== X-Received: by 2002:a17:902:6904:: with SMTP id j4mr5716481plk.198.1596237496047; Fri, 31 Jul 2020 16:18:16 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id mj6sm10153236pjb.15.2020.07.31.16.18.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:14 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 15/36] arm64/mm: Remove needless section quotes Date: Fri, 31 Jul 2020 16:07:59 -0700 Message-Id: <20200731230820.1742553-16-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191817_899307_4C67E7E9 X-CRM114-Status: GOOD ( 14.76 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Fix a case of needless quotes in __section(), which Clang doesn't like. Acked-by: Will Deacon Reviewed-by: Nick Desaulniers Signed-off-by: Kees Cook --- arch/arm64/mm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 1df25f26571d..dce024ea6084 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -42,7 +42,7 @@ u64 idmap_t0sz = TCR_T0SZ(VA_BITS); u64 idmap_ptrs_per_pgd = PTRS_PER_PGD; -u64 __section(".mmuoff.data.write") vabits_actual; +u64 __section(.mmuoff.data.write) vabits_actual; EXPORT_SYMBOL(vabits_actual); u64 kimage_voffset __ro_after_init; From patchwork Fri Jul 31 23:08:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695587 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C254161F for ; Fri, 31 Jul 2020 23:13:19 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0051A205CB for ; Fri, 31 Jul 2020 23:13:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="cq6pjeST"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="frsRNHX4"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="klOQguEy" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0051A205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=4Riqd+Fl9IQTFPJY+2tqtPMcsxCiTdjlQmxGMvC9NuA=; b=cq6pjeSTZJM9WQn9l2j6hApSN eONfZZB5esvOS8IU968bNnj2RPGXt5Ktt8ZgBcjEglW65D3YO6TEFoaFrESuqxPBcJWJUtSthSISZ /6HwGHjkY66M7Vi3srmMTny6aEbRJ1BFy8g1Ox0ki38rgkXG4GR1e2/PGsAW71zHIaTs4EUMVTTZk UQoC+LD+owZ7+PyBfntldjF5TOlxD3vW+/OWL8k8XwOnmM/YlbT3vAh4KdpcfuNE7xsH7bt+vQWY8 nWuDCjpy6RIcZirS/GqIQKkZ1b5GQajsPFbL/ZzCBSBU6j8716L8ZzlK6dTw0XL1ez6Fwt/ASHkr3 6PgXeQmAA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eAq-0000Wi-Ug; Fri, 31 Jul 2020 23:10:49 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e93-0008G1-W9 for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:08:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=Y6H7F3yYvyF+nG4ZythWO1q4A4EGexkc0hsQxsFmb9Y=; b=frsRNHX4SiCTvsoRjO2VirbO0T xQ4Mp/chhjzByw6qYCqiLFlLfNuNULzSI4OJcL7fCv5YyacmBBrx+3WYQ1+F5GJs5sU6t9u2FpIzZ f+1rkN3EoMyL1kPsf2FxL157VtjB4sWlbl6N/TyWcN7suNG0qUwa3aQSoOidbBbIf/9B0zUVIPgHS 3ZOpDR4tIcm7sHWCVQatNGc7IDGSihj3Le2mGL2PgzqSH3ZnPUretc5mMNidZMWZ1rF1J01n6gVNj dpbqw0UbUBeT62pkdzY/9Dhr7pettET7+HNs7+cMj1t1vvPDjxFXvPecqavezFqaaYzxMQk5duu4F FxxmaswA==; Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8s-0000Yu-N2 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:08:55 +0000 Received: by mail-pg1-x541.google.com with SMTP id z5so16793042pgb.6 for ; Fri, 31 Jul 2020 16:08:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Y6H7F3yYvyF+nG4ZythWO1q4A4EGexkc0hsQxsFmb9Y=; b=klOQguEyjL+W3pS7h757dA97Jss1XwCr9uiod+TUnQnifo+W8HZxqnhpghrEPuhfhz orOov5palRtEjwarVacfnfixNz/3aBq8qsEHACSBEYKMfnct6CzEpn+hdJxpAimvvV6n TfN5kHYecvHl4EkWHkAnabuO4KrAoCTvFJ6U4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Y6H7F3yYvyF+nG4ZythWO1q4A4EGexkc0hsQxsFmb9Y=; b=NcRPWYTFwQVZqJWFc2qNonUoaPmWsdPPYtKDp65WLUJMcok1CB63lyjC+Z4laYdqC6 Oi9/NXK8vkgp0ICaG76ZZNbWHZHX5xZKIEtrlQvsah6znqoSov+a8B6zYIReWlIW0GVX 2hAjQydr23qxK9swzYAzwRkF9en9KDptrSv7FHxzOd6I4bUCu2bSCRos/D+mA0h73DVt 3pcNPnu/ck5p1NDm8YCK/rJbrUr8V2aDUh4AwczCS141kdPUr7uLqPJoh06f39dDJ2br i8woZEEpVDVL+3Hzf2/atf1Asd88Ri/SQZs3JnFhtrhjY9+nNo+nfBX5p+CrYLMtLijM bF9w== X-Gm-Message-State: AOAM533a0yVqwovVITTkyhp2LbI3GCmgpCdPS0ryMENpOjua/fKSYJ0x krkGM1jjgTV6ZBjzpxPa762gVA== X-Google-Smtp-Source: ABdhPJz/K7Q0NhIe2TN23D0lBoo8o7R9UHhN6RM4BLn3KCwsvDLXrhht2x1eWmeoEfDbj/ppP75PXg== X-Received: by 2002:a65:408b:: with SMTP id t11mr5660099pgp.407.1596236922651; Fri, 31 Jul 2020 16:08:42 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m31sm10905376pjb.52.2020.07.31.16.08.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:42 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 16/36] arm64/kernel: Remove needless Call Frame Information annotations Date: Fri, 31 Jul 2020 16:08:00 -0700 Message-Id: <20200731230820.1742553-17-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000848_032410_4B2B9504 X-CRM114-Status: GOOD ( 11.78 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:541 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Remove last instance of an .eh_frame section by removing the needless Call Frame Information annotations which were likely leftovers from 32-bit arm. Suggested-by: Ard Biesheuvel Acked-by: Will Deacon Signed-off-by: Kees Cook --- arch/arm64/kernel/smccc-call.S | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 1f93809528a4..d62447964ed9 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -9,7 +9,6 @@ #include .macro SMCCC instr - .cfi_startproc \instr #0 ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] @@ -21,7 +20,6 @@ b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] 1: ret - .cfi_endproc .endm /* From patchwork Fri Jul 31 23:08:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695607 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E69A8722 for ; Fri, 31 Jul 2020 23:20:24 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BF7A32072A for ; Fri, 31 Jul 2020 23:20:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="dVYxHOMW"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="gQ2kBPm9" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BF7A32072A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dnd5uIigQqmW5kny4MwpjNGEn9kcXuw5yASb6X7NeDY=; b=dVYxHOMWz2iScKobeYPZEGEet 1sHViASz5cydU3ZFn6Ob78OLKW+NMV+j/NZLsg06AWHE5ZHkHS5TriKKRwn3aC6OLW99kGD7POg+h niaPZry7nfunO+mMOCoVtTzKoMZFPvtyP7XC6gU5cNj+TA/eP3w5azQndty23NvB7Nc0BeIL8bGt6 JV5M3irquKM5I6UZZayU/VIHVAqALJPFMzfeBc+R6/YNpYlZeij6k42GmuqwOfpy+OqD3sD/JpXDC l+vRsLBsk0GjLyJ7rGTLO0tOQIiyfyi653USGmCIzOaAFd8vwfJ491ulg4s9nKRhzP3QTqAv9YyKI /KPfRbaJg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eJx-0001c1-3E; Fri, 31 Jul 2020 23:20:13 +0000 Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI6-0000ku-Kk for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:22 +0000 Received: by mail-pf1-x441.google.com with SMTP id u185so15200120pfu.1 for ; Fri, 31 Jul 2020 16:18:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dCXoZ6vwcRTLoMlYpWHYOqZEmN50vC99VSBByVG6tNg=; b=gQ2kBPm9q0b4ouhPZ6T6zt99vNNF0eP14E7gJXRtWUIvU4j82+oxEfdDO2Pf/0XU4P w09ztBEuvHLJCydLNM91dJEnFqfK0fQKKtDUFCjJ+figlvB7P/2cn3GD7GZ1HNX+R4jA H1vOnXWTO7NByBLNOYfBGd1Dt2p269tjKBwrg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dCXoZ6vwcRTLoMlYpWHYOqZEmN50vC99VSBByVG6tNg=; b=mO6OkbHmHRATr2W+KD6UltOFSTfFhxYF8MvQRemoTLQx2zPLo/A9SvhWy5GT/cJdVt qXg4lTYt87ZturV3+PXdOSipykdonbtE6D37dmebun07BtT3EVTiA2BMRdHtealzY8y2 mHVcrKIY1AL22WXacySYyVHPh0ElH3Rm13e5khzZpGrdIBRFDiIK/1W9rcmVjrYXKJqC VtgirhW82wvYgAxMj8HpfDRmIQIdKb/PkHHPCKZudZMyRuid9DM7rQqOogtirpJVCftB eiP8+XMOXy/av0R8Z23dD5br7srbPVOjtUT2mZU3N09jpIMSt8ywIIoMpo2ME4HbbHyz prnQ== X-Gm-Message-State: AOAM531H0EAnV3HNEyPas0kp3WIe8BsXyjJSngTGPeyXDD7dbK5nrOz8 T2XqIaNSXVmMofDoGw6K/9IYbw== X-Google-Smtp-Source: ABdhPJxykfNbyUgTzEuAmMvQ2SlDq9N1S3QBPoWqnwl2G3pY+OaKurGdTDKceGp+pjJPCmAQjYtSBA== X-Received: by 2002:a65:5c43:: with SMTP id v3mr5559806pgr.214.1596237496666; Fri, 31 Jul 2020 16:18:16 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z11sm10923285pfk.46.2020.07.31.16.18.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:14 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 17/36] arm64/build: Remove .eh_frame* sections due to unwind tables Date: Fri, 31 Jul 2020 16:08:01 -0700 Message-Id: <20200731230820.1742553-18-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191818_848544_E7251487 X-CRM114-Status: GOOD ( 13.33 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS contain -fno-asychronous-unwind-tables and -fno-unwind-tables. With all sources of .eh_frame now removed from the build, drop this DISCARD so we can be alerted in the future if it returns unexpectedly once orphan section warnings have been enabled. Suggested-by: Ard Biesheuvel Acked-by: Will Deacon Signed-off-by: Kees Cook --- arch/arm64/Makefile | 5 ++++- arch/arm64/kernel/vmlinux.lds.S | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 70f5905954dd..35de43c29873 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -47,13 +47,16 @@ endif KBUILD_CFLAGS += -mgeneral-regs-only \ $(compat_vdso) $(cc_has_k_constraint) -KBUILD_CFLAGS += -fno-asynchronous-unwind-tables KBUILD_CFLAGS += $(call cc-disable-warning, psabi) KBUILD_AFLAGS += $(compat_vdso) KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) +# Avoid generating .eh_frame* sections. +KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables +KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables + ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) prepare: stack_protector_prepare stack_protector_prepare: prepare0 diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index df2916b25ee0..b29081d16a70 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -95,7 +95,6 @@ SECTIONS *(.discard.*) *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) - *(.eh_frame) } . = KIMAGE_VADDR + TEXT_OFFSET; From patchwork Fri Jul 31 23:08:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695605 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 99FA0138C for ; Fri, 31 Jul 2020 23:19:53 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5EA8120672 for ; Fri, 31 Jul 2020 23:19:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="V1CxYzxC"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="d74fEfH+" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5EA8120672 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iS3edhJTVtsfCO6w83E9cAHv4k3BVuIcHHZMXE1yrG4=; b=V1CxYzxC7hrH8YOPTB8JHLISR cBaX5XW2HWaHj8ZndzJQ7KMjgJ9LOQOkvw8qBHGr+oLm9oaqsxJWgV7UeEFVKUq+hD7c7xRF2A2Tt ZPdUNDvxEyswE1MPdUlnN/yv5YZX+Matr2H/NI143XdOMtbIrhq1bXlFm+ReGHQ2mRpuSFVnLQw+m 72Ox7iHyoPu96AlyG2IXRg9GxQdbK3ccEfET3bql+ruCA8q+AHhRUpnBg/Oz+WGUo+nRSbH4IuIE+ NdfNMAx0FGXOcBgp1HmSo3J1H3rtjjuMmLUgvmJMyV8chVav/v2cT9wmxMiCGOtaeW+xAr4kD1HeL I/1k85ijw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eJD-0001In-EH; Fri, 31 Jul 2020 23:19:27 +0000 Received: from mail-pj1-x1044.google.com ([2607:f8b0:4864:20::1044]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI4-0000im-D5 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:20 +0000 Received: by mail-pj1-x1044.google.com with SMTP id t15so8525670pjq.5 for ; Fri, 31 Jul 2020 16:18:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rx9BNhtOHihN4cC/yR211OAq+faeKI6Zes69oCeQM6w=; b=d74fEfH+AJT4QLl/pweek9M8JQU04VeKWDA6U2gixgr/mciheG5Ezlv7MgN6Rb1HWY 2OBg7xnc3sUVIMCFnR1Y+igiUqbxr8jaR2zt1f0TV1ldOv8LhbyjysXpqao6LAEOouE3 Rwi1z6MIeG7fXDb29GK8Dc5L/EDvqKHqNhytQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rx9BNhtOHihN4cC/yR211OAq+faeKI6Zes69oCeQM6w=; b=pbJ5mx4HX8IAvPAnqXh83APfk2GmtKrnEFuflJRGaEXEaPehGAGUP5ZHFVBAq0ziY+ 3tej9qYCs/vOWfKi/vKxxVoxo7QTeF7UO6J+aNoo3Y76Xqftj/Jgz0VFaowBtw3P8cpA /JzHGHrSREbfEa3tMwfAe6k/hRgY7kQzgEGRSLVFdphi/+da9m7H9dVZIFdxNvb88IX9 lO1VLJYMslZJh/qPATGPS8P2otn/axTqLNX3I1HJrWrnbplc+nQnHimbMkf6MjfYxI0p /3XqpuscVZcy9d7RpTfyvKAMbAQGVEJJuqRRGONFBHocD5yk/xyi513pi+4FeRRE3YvC RFiw== X-Gm-Message-State: AOAM530xfQiEJt8mksAvykN955Hj7UGaTAiuPzHTpgVeG5vSmbHWXuIq PvZtsCinWK4ibIYCgFmkgtdr5l0CYq8= X-Google-Smtp-Source: ABdhPJy/UWkqz0kX/iI9reViU3q1mzpCLU62ykzIRw2Fvekz5tfwEf5puBHtXUakR6EdYyybPNSt/w== X-Received: by 2002:a17:902:b101:: with SMTP id q1mr5482552plr.136.1596237494096; Fri, 31 Jul 2020 16:18:14 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z19sm11621350pfa.9.2020.07.31.16.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:11 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 18/36] arm64/build: Use common DISCARDS in linker script Date: Fri, 31 Jul 2020 16:08:02 -0700 Message-Id: <20200731230820.1742553-19-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191816_494005_A1C5B3E9 X-CRM114-Status: GOOD ( 13.98 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1044 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Use the common DISCARDS rule for the linker script in an effort to regularize the linker script to prepare for warning on orphaned sections. Additionally clean up left-over no-op macros. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index b29081d16a70..5c1960406b08 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -6,6 +6,7 @@ */ #define RO_EXCEPTION_TABLE_ALIGN 8 +#define RUNTIME_DISCARD_EXIT #include #include @@ -89,10 +90,8 @@ SECTIONS * matching the same input section name. There is no documented * order of matching. */ + DISCARDS /DISCARD/ : { - EXIT_CALL - *(.discard) - *(.discard.*) *(.interp .dynamic) *(.dynsym .dynstr .hash .gnu.hash) } From patchwork Fri Jul 31 23:08:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695611 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0E7A0722 for ; Fri, 31 Jul 2020 23:20:40 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DAFE72072A for ; Fri, 31 Jul 2020 23:20:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="LEz3H/Rl"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="mhl2cYQ2" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DAFE72072A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VpCVqQDx88xN9tjZ1K3Z544Mebj4caBk077VEs5Hz+E=; b=LEz3H/RlDfIEjHyzz0+DTsWGc ZOiFhRlB53pnqF8Xh14DtAA9+8NDADcnwOigsGHgqQIs7UMRTzxGIiaybiLAcnMSwx1CoB0FyhNVi ZyiZoaF9dZ1QnPEnMXMu2qzuWhSdOFHcoMVsJ5i5mCCbVmXUxUWzhnWhAenHi83LBxW+ZuaJz+x+I 5ygEmomVDVZYSW2R38D13ellCEdBxqEkde5Hgm5eP3o4QTsPvh1RGvKoHD6rjnVkSJ/Xb3/BTC3Bx bJID1G2UH/bGWVvJNbn/bkX0yR6tH+uUmI3U87K/enXMPHcOS117mR989n7bdZ/wO4rh/1nmosZ4j aI1u+C1XA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eII-0000r4-F9; Fri, 31 Jul 2020 23:18:30 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI2-0000hJ-Kb for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:18 +0000 Received: by mail-pl1-x644.google.com with SMTP id bh1so5009512plb.12 for ; Fri, 31 Jul 2020 16:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OztuNRy+U3SEjaM8AjX3NHKuvNzCSaFSb4g4nlKxjN8=; b=mhl2cYQ2YEfGFzqu0lUm7PTEdf3xYEpybnJ2cfLPuY6LR4v/YBY5dJ0ivTK2K5UAQM 0k9arXuQB4cv1bpNG0r3VncPs3HFypojskLqEB3mHI/LVxckqJONf2cBzIIP4It97oIL ccOz8l1eiz5ARWhIbuGZYnApCYc1UDxK86u0k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OztuNRy+U3SEjaM8AjX3NHKuvNzCSaFSb4g4nlKxjN8=; b=rpzqe08kqEk58f+edtCreLR8FYLB+80qce+xFfN8fdB/xTYUJ0hGvtXVtsnAm+UxEX dlKJlih9fFrJ83Qw1W5CzZZniU+MqQOSELpnSVMxCdytXkHw+pBvjetnBnhqeCzoPl22 Q+Swh59yRq6DsRCptahNGdZnrgLjJJtKYddjPmHKn3THtW8/yqN/sniruUEwEimPMVe2 +9+sclWv4SaeTPh9D8d1yjhz5mD0eN5jVyQJO+2cey+MbBogdiyb+tyaIaOwNDp8uOTN PIyVibm+czYXfCEYkO74Ter+Xqtzqbz/+7uXbXXda6Aif/AF66C3AqwwIiMguOqM7JwF eK+w== X-Gm-Message-State: AOAM533aawaYHWEz7S8AtiDGdDMfrOChy4xMGTa9gyvkxPnwXxT9e17q yEw2dliu+TSZYS0h6Zz+C3jaFg== X-Google-Smtp-Source: ABdhPJy7boJ2rVpqxGdhrmjmUcJo5jNiV0bmJoTaMG0L5+Tg8lheY4n/pMplx9rYVCtqWI1ZntGMZg== X-Received: by 2002:a17:90a:6c97:: with SMTP id y23mr6284010pjj.28.1596237492647; Fri, 31 Jul 2020 16:18:12 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z9sm11932082pgh.94.2020.07.31.16.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:11 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 19/36] arm64/build: Add missing DWARF sections Date: Fri, 31 Jul 2020 16:08:03 -0700 Message-Id: <20200731230820.1742553-20-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191814_766778_C1E1E1E7 X-CRM114-Status: GOOD ( 13.86 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Explicitly include DWARF sections when they're present in the build. Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 5c1960406b08..4cf825301c3a 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -240,6 +240,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG ELF_DETAILS HEAD_SYMBOLS From patchwork Fri Jul 31 23:08:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695649 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3A9AC14B7 for ; Sat, 1 Aug 2020 00:56:43 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 018A220663 for ; Sat, 1 Aug 2020 00:56:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="AkIc0zu2"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="aAYyzLqR" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 018A220663 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=t48VomV04r0m5wUvUrLbhcjWS5gB656TAakMpVKVkyw=; b=AkIc0zu2ehHhmpyse3lw/ka3e vex2Yv+uc5n7TtQQLqr8+Si5u0oEKp2fuM/k/F5U6VkRHj4yGHHgeaLW9kX8MfoeDMcxYtA88D+80 9t6rzEBKIQCG64GXNlgIA1KeNiUzztlPu+GLQLMkDau8Sp2wXoottrTvh1lLGsi4fygylNO16gI8S q1PXix6XwD+kA8MrO9HgeNSCcwicLdKBO+JN+GqObY82chVXDUaSNxQ7xoLKtiqQA/T80oDieTB/9 3wVTFivWQhn1En/IquH4SckWShl5adGkJOtD1idCsoUGn7cRsCShjjy/Uci7StmgAzvZn/Xee75cP zohebrjcQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCM-0001EE-G8; Fri, 31 Jul 2020 23:12:22 +0000 Received: from mail-pj1-x1041.google.com ([2607:f8b0:4864:20::1041]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8u-0008Ba-PF for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:01 +0000 Received: by mail-pj1-x1041.google.com with SMTP id lx9so8520364pjb.2 for ; Fri, 31 Jul 2020 16:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fvfmv1pkeySd5rhFrbyIXZ4JfyCoyCYJFNM80B3DKYE=; b=aAYyzLqRht0RjACUdgP4u4orVtT1N+9rM+6wDYOhAO8J3OrIgLuULyOqBdQF2jB9u9 3UO2dmOZtBDJjKgmNGFBoyyWmY1ZZ+KzUszzWaodH4ILF4Yam9LnrhKqQtFufR2rFdXK mwdnqkVbzqxdoZYqTw/yCO05qmIRW7P9N7lvs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fvfmv1pkeySd5rhFrbyIXZ4JfyCoyCYJFNM80B3DKYE=; b=NAz3CG6iTcSdmxg4sRUv6FpToTQHJ1xKWTX6YDMChrQZFAw3koDM8dgd/U5z40947j Ff8BQTS0NsBsLwq8Wv3jqoZKILlLRC8mVnCi8ZzoT8iwZr27YqfQob0v2y2yiWV3TuYN u7QcMk02GXvzpPHnOq5tojTaWgFwB0vLPh9ZGnB3ZnMHOF6DNo+P8d191s1HkqqECRDB LQU73VCe1RShYpw8/W6g93ZaN9lUBQ/LapL6Ziu2M40rf46KBbW5RhI4QTDGCsHBDS2g n4/nY4rKM4dc0p5DM7kSiK5AJhW8uV3V1p5vs3I2qWqKbxAgZvCuoty0LMwerQ/yr+gc vzbw== X-Gm-Message-State: AOAM532Cso0kv8YgexMJ94i1FSh3J1sh8MrOhA3zWrGx5F1K6WIdxqdI gL9Sb7Yac7nD7w3lWUGuadViqQ== X-Google-Smtp-Source: ABdhPJyTbjxU6udMes1jYiYIIX7MKKjWY1Mw3PPzC4UzPfsmw/m6MU0LN/hYrEpFJNIw2rm417Cx7g== X-Received: by 2002:a17:90a:e96:: with SMTP id 22mr6250841pjx.135.1596236926893; Fri, 31 Jul 2020 16:08:46 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id f89sm10357189pje.11.2020.07.31.16.08.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 20/36] arm64/build: Assert for unwanted sections Date: Fri, 31 Jul 2020 16:08:04 -0700 Message-Id: <20200731230820.1742553-21-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190848_950556_2314AB19 X-CRM114-Status: GOOD ( 16.44 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1041 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for warning on orphan sections, discard unwanted non-zero-sized generated sections, and enforce other expected-to-be-zero-sized sections (since discarding them might hide problems with them suddenly gaining unexpected entries). Suggested-by: Ard Biesheuvel Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 4cf825301c3a..01485941ed35 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -122,6 +122,14 @@ SECTIONS *(.got) /* Global offset table */ } + /* + * Make sure that the .got.plt is either completely empty or it + * contains only the lazy dispatch entries. + */ + .got.plt : { *(.got.plt) } + ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, + "Unexpected GOT/PLT entries detected!") + . = ALIGN(SEGMENT_ALIGN); _etext = .; /* End of text section */ @@ -244,6 +252,18 @@ SECTIONS ELF_DETAILS HEAD_SYMBOLS + + /* + * Sections that should stay zero sized, which is safer to + * explicitly check instead of blindly discarding. + */ + .plt (NOLOAD) : { + *(.plt) *(.plt.*) *(.iplt) *(.igot) + } + ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!") + + .data.rel.ro (NOLOAD) : { *(.data.rel.ro) } + ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!") } #include "image-vars.h" From patchwork Fri Jul 31 23:08:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695579 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42DD1138A for ; Fri, 31 Jul 2020 23:12:46 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BEA9A206DA for ; Fri, 31 Jul 2020 23:12:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="kebPjqPu"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="EZmZ49NG"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="HwWUijwC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BEA9A206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=/SLaIhFf0AHGUBrckyHsNCxWBb1e17egVLN5P8Gxbqg=; b=kebPjqPuy4jEmoluu+ZmGtXOC DJiKvqHkmbSY3aCXi6j8+mejGpBIK7UCuMSnlol+Lcs6g42n2/764KQWwiB4dvGpdrGIM+E8+hlNE QWE/ig18Epdg6FKUKyjr5FMn8thVdsfCxjkEpvQ/J/p+c4747pLeTvSj6HAqX+za2FGpIQ9T1+kwR 3Qb3qyLBE4UUxcLfMShhsY6piyqtJdJmZOLSwIbrt3n3lLVTdZRJt2Yg79tYy8y0TqRpfaydNRjnY ckkeyRLpQl3zC1OSAh3o+oTNxGmo2xXWBHhO/ggo346ymAxdN5KH4eZzT1ZAGFysvD52apP9kyUU0 hOD2BHS0A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCR-0001Gp-3f; Fri, 31 Jul 2020 23:12:27 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e97-0008HI-MI for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:09:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=gw0qFrlLAeGFNQICDxZAEcvNQljVuXBAcUPpDFT6mlY=; b=EZmZ49NGJ1sm+s/3mNm2p2IsCR iGXtvQf+ayk3xFG0gU+IPJRd9DRxbkOzh71kndjgQOM8sg8eH8Ok1axGMSpSMv29lj2e/kCpIVAW+ oJ4DgAeFnuKPFbTqZXfbq0TFSe+uieZnfTSIvJXzFgYkOopRzt5sN3XZtdvnRwzhBs2Qx6OfieaQW kTEkSJI34FvpedC+ZRre6tcjLJjhSLz7z+x327SRcxI5bnJMFx9lMWHZwktH/RudZK9+E+F+O4flr EMf0tJKZLhdKmj71V15BgfbFTmdpqvjwO9Kf4e/tD/0QwVn3EMQSM38GTzAxDjR16J0td+IBTeSRJ CDvvQmJA==; Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8t-0000ZL-Pw for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:00 +0000 Received: by mail-pj1-x1043.google.com with SMTP id c6so8077985pje.1 for ; Fri, 31 Jul 2020 16:08:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gw0qFrlLAeGFNQICDxZAEcvNQljVuXBAcUPpDFT6mlY=; b=HwWUijwCN1yHVvMTBcWpAPeJzy4e7bIML4GGEjnycX031r9VYKdxWVfS6nNaj90cTh WCgBr3fpJFTJ9DUUwuFweceKIqpoU17PdRLq9usS711E+wIEnR2UVx9rK2Jqm12MH2Ly leK+goXQHjXkoEk8FTiq2zz0QFdbtKl/unv3M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gw0qFrlLAeGFNQICDxZAEcvNQljVuXBAcUPpDFT6mlY=; b=fE9D5Dvnl8XQr698KuykBR/SBK3D6DK8uKEFfJggn1rDSHMRPLnXG+K9Ak3slbzFel 6YqiAP93h28e2Thd2cX/4vUS7KYvIPUHFkJiKVoBKfPw+vw+bTuSVPWXQZny2Hnmn4Uj JeMGGadS3r0DVLyE9DGyT/G7sTgSOGYrnDfOVQT0MOoZB6CLIFGSmOOfHrxUSwQd2dBt CcdjJ6hgFG+EsaR7mbuoVndogav15whSCBihJx7eFS4EgbqD3nc00EY7NBXmG+Z0HUMC DYLCqUiQwEO8zlz1jSqQXI9aLmKpYCG4fBF7U9Gy38eAvJ7agrtA7Jz6Kwq9gwlBELnn 98SQ== X-Gm-Message-State: AOAM532k5/nJVV/ZzJ9BOVqoW1nJzoKU12mIQK3JGxTQLc+GLEvdrLRt 8sY5Lbkz9tpkTRmB328l44u/1Q== X-Google-Smtp-Source: ABdhPJz6/VTMQ01SrfhMQ/SLXbQUnTuGTkQpv8usqAy0lJH0IrS74Nhjz+iAd2EIkwdY4wSBBsMY5A== X-Received: by 2002:a17:90a:5d15:: with SMTP id s21mr6354051pji.154.1596236925542; Fri, 31 Jul 2020 16:08:45 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id j20sm3120709pjy.51.2020.07.31.16.08.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 21/36] arm64/build: Warn on orphan section placement Date: Fri, 31 Jul 2020 16:08:05 -0700 Message-Id: <20200731230820.1742553-22-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000848_633026_25B806ED X-CRM114-Status: GOOD ( 12.25 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. With all sections now handled, enable orphan section warnings. Acked-by: Will Deacon Signed-off-by: Kees Cook --- arch/arm64/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 35de43c29873..b8a3142db0dd 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -29,6 +29,10 @@ LDFLAGS_vmlinux += --fix-cortex-a53-843419 endif endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y) ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y) $(warning LSE atomics not supported by binutils) From patchwork Fri Jul 31 23:08:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695623 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4F785722 for ; Fri, 31 Jul 2020 23:23:37 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 257E620791 for ; Fri, 31 Jul 2020 23:23:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="wfSNY2V2"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="V7pRW5Z7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 257E620791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2q/cP5jG+NOJ4txNGngd6la+Qhg373Hxu7L80nbp25Q=; b=wfSNY2V2xjU/LNSjeHtl5jAim Q0rHo50YPjXAj7hv6oVfSxPyFURKzHGSzyToVcRpKI07+dyc3s0/u4ihW/lg/u+GljvTSveSKHU2z nyfjyhoNdkDYB05+zKjBsBBMu6ZYiRTNYQiKIQPuv4phCJfQrzSqOtSi3OwSWrap5BPzKs0T4bHuD qpxN/65jR5HJpAdfxfnn2iKhymvl86+e7UUxYnJ7vkWwP7xqgAkXcsYfqS9qWyKuqC7hPj1u3/cQl OB0ULtuElnpw35S/ZuqqeOCu/4/ACVz8LJSWtswAo+15FYFr4rh/aI5ywAV0QRlh6Sl+awgk06yLK ymO/Y91Bg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eKC-0001lu-GX; Fri, 31 Jul 2020 23:20:29 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIA-0000oQ-2T for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:25 +0000 Received: by mail-pf1-x442.google.com with SMTP id f193so4780142pfa.12 for ; Fri, 31 Jul 2020 16:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aNMQ3F5q4g/Uk/+s5Q6WGurCwVwunmhXKYzGhkTYsIo=; b=V7pRW5Z7AEZ48SyrjJClnXGtKhu5EXaa5sPdFxXji+oSze06iySj2l5uugTpF2w+s6 /0KYMS5jXvAmb+nfHzJpH6+Sv4YKDO9YCEORcsU3J8MUXjDft+0+ROx3pCqSgYEc/2eY VTjWB8RxvO2SCARRO2VidQkHRol/MW6eL3Ot8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aNMQ3F5q4g/Uk/+s5Q6WGurCwVwunmhXKYzGhkTYsIo=; b=Hd/dxT+cteoUG6JXrNI6l0gOPLsofYZK+OGMFyLxD25J2Fyne2m+8lO2HtYVge0SBp LHCugd3WV8EEotqO7KS18KxStsszAcEcRZ4A2bwfWEJKmn52XhecU83V90O3GmkYzKDi gUyTyiVXaCirdOfQfy2TxFsXKAWf3ZZAeieQaypqFMI8GJPlT17HLerCRDOiOyeJlona pRso6Ael+KXR+HJ6T6Cq4pCuZVRxMS4TsPvrJLEbjYgm++g4tYZFpvR7syFuvxV+DElt BZpgSpNtznKntHGksEnkIKyazM5msUqqosQdyrZoDcXAnV6uTjs0vwULg70XuFRQOAFP /QBA== X-Gm-Message-State: AOAM531C94WjJcTmTfRJWK8Ga72M85diUJXDZiUleVSe0/2PIiaOBQB6 V3fnOd3xvFrTBMhZbmhK/IsxSQ== X-Google-Smtp-Source: ABdhPJwpWbjUhT+v4CQ5bd/TwU+co0ff+/inssnW2ZyhULRWFzBupBOYdq2zOKBoVuGo6SeuhSgvkA== X-Received: by 2002:a63:3c55:: with SMTP id i21mr5799731pgn.93.1596237500020; Fri, 31 Jul 2020 16:18:20 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id c134sm11221511pfc.115.2020.07.31.16.18.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:16 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 22/36] arm/build: Refactor linker script headers Date: Fri, 31 Jul 2020 16:08:06 -0700 Message-Id: <20200731230820.1742553-23-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191822_245014_06C639EA X-CRM114-Status: GOOD ( 15.44 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for adding --orphan-handling=warn, refactor the linker script header includes, and extract common macros. Signed-off-by: Kees Cook --- arch/arm/{kernel => include/asm}/vmlinux.lds.h | 13 ++++++++----- arch/arm/kernel/vmlinux-xip.lds.S | 4 +--- arch/arm/kernel/vmlinux.lds.S | 4 +--- 3 files changed, 10 insertions(+), 11 deletions(-) rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (96%) diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h similarity index 96% rename from arch/arm/kernel/vmlinux.lds.h rename to arch/arm/include/asm/vmlinux.lds.h index 381a8e105fa5..a08f4301b718 100644 --- a/arch/arm/kernel/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -1,4 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#include #ifdef CONFIG_HOTPLUG_CPU #define ARM_CPU_DISCARD(x) @@ -49,8 +50,12 @@ EXIT_CALL \ ARM_MMU_DISCARD(*(.text.fixup)) \ ARM_MMU_DISCARD(*(__ex_table)) \ - *(.discard) \ - *(.discard.*) + COMMON_DISCARDS + +#define ARM_STUBS_TEXT \ + *(.gnu.warning) \ + *(.glue_7) \ + *(.glue_7t) #define ARM_TEXT \ IDMAP_TEXT \ @@ -64,9 +69,7 @@ CPUIDLE_TEXT \ LOCK_TEXT \ KPROBES_TEXT \ - *(.gnu.warning) \ - *(.glue_7) \ - *(.glue_7t) \ + ARM_STUBS_TEXT \ . = ALIGN(4); \ *(.got) /* Global offset table */ \ ARM_CPU_KEEP(PROC_INFO) diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 3d4e88f08196..904c31fa20ed 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -9,15 +9,13 @@ #include -#include +#include #include #include #include #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 5592f14b7e35..bb950c896a67 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -9,15 +9,13 @@ #else #include -#include +#include #include #include #include #include #include -#include "vmlinux.lds.h" - OUTPUT_ARCH(arm) ENTRY(stext) From patchwork Fri Jul 31 23:08:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695609 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B617C138C for ; Fri, 31 Jul 2020 23:20:37 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8A4F72076B for ; Fri, 31 Jul 2020 23:20:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ztunXLe1"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="lnbNKX0y" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8A4F72076B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IMvLs0ls4dk+3PFSQxiTu8/BZ9jSP3eH4rd6L37I6Pw=; b=ztunXLe1byo4dyl/EzvqlSUs9 GoVjkT0Oq8icw5Zu1OtSYVuOLYh0fSJjEUGhOYyNKTkCwaG+vqMOdkgiqUqBOHKDXI0YNvrUtHU0h b6KuzFmSN71yrf74g/hPvHgrva+Ei00ItkwgI5/hhsCF/cfY3VXuE/6XwqUWwrSLrRggum4W5tlGK FUj1vnsPWugsZwVmwxt71ma1ijTzyzF5xgfgpvxpUpOWbDwwf8kZDH2y2bNiCwb+e56uTuLGn4i0t t1QMs5N+QkR6e+xpPKF3czRvnwcnUsExpyjQX7MwlE+HXMFdQyqU1eq7uNfGrqHmQyOGGhznD8wkJ g4nEyupJw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eK8-0001iQ-D4; Fri, 31 Jul 2020 23:20:24 +0000 Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI8-0000nL-VU for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:25 +0000 Received: by mail-pj1-x1043.google.com with SMTP id t15so8525732pjq.5 for ; Fri, 31 Jul 2020 16:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SkeFoLe4SBoT15Xnwf3OcmbBPE6+tbLBkxS1vM74EoU=; b=lnbNKX0yrfuIRdUZJkjGlbRNTiMhvfwxVpXDYRKv1uYsZkZJQBZ1H1ftIvtEueMK4i EZzAYJIVCHb4H0GrV5BR0w8igFvwwXmNSxL7atkIcoZ9mdukob58OhhDld9wiWglZIS7 sG3JyHqFSitYo4Uw21wClTSyR/gc5iFGYXNV0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SkeFoLe4SBoT15Xnwf3OcmbBPE6+tbLBkxS1vM74EoU=; b=K0g9SG6G8KMvWOjitrs5JZUk6oVqbEjkl/2IRQ5O0JhIEykw73khKCdhlkGbBPuhfG DFqdwsCcXEt8dYPl9GvrGrl1HlXtRVcYutubRcCkpkQCJv7hlH6tZgddUQasmQ5jSWkJ lWl6ypXc7oO6os7gIzlLPUd5WtAp70v0m0S199IqlN6xWnemX2WbTkUsjTgM8O0UoQUw 0xQlh4dOWCbVqOpBNfW5K+Czd3c8+PeF+Ovrigw6N9yhEoeFHezU0J+BVa+L9MQrXgkd q+wNt0krAy+J0HXVrS2fEFBnS+r+XK9U0EBqteSYeSFjO5Y5En5fRQnjaVmin8a62zuu vfOg== X-Gm-Message-State: AOAM530leiwqJvmxOsOfnbgnLVglIhdflPT11IeNwgzECI2BJKoHK9u8 aT4+w7SzHxc316H1J2hxsTDC2g== X-Google-Smtp-Source: ABdhPJxILplFvERkTSctzaRflUxc3IVVLOxINDM9NY6mYXCEnZnb7CLsaGfG3zaF7BD2qx8JDb7lTw== X-Received: by 2002:a17:902:a610:: with SMTP id u16mr3670388plq.197.1596237498722; Fri, 31 Jul 2020 16:18:18 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id g15sm4473924pfh.70.2020.07.31.16.18.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:15 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections Date: Fri, 31 Jul 2020 16:08:07 -0700 Message-Id: <20200731230820.1742553-24-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191821_066317_1033868E X-CRM114-Status: GOOD ( 15.92 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for adding --orphan-handling=warn, explicitly keep the .ARM.attributes section by expanding the existing ELF_DETAILS macro into ARM_DETAILS. Suggested-by: Nick Desaulniers Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/ Signed-off-by: Kees Cook Reviewed-by: Fangrui Song --- arch/arm/include/asm/vmlinux.lds.h | 4 ++++ arch/arm/kernel/vmlinux-xip.lds.S | 2 +- arch/arm/kernel/vmlinux.lds.S | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index a08f4301b718..c4af5182ab48 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -52,6 +52,10 @@ ARM_MMU_DISCARD(*(__ex_table)) \ COMMON_DISCARDS +#define ARM_DETAILS \ + ELF_DETAILS \ + .ARM.attributes 0 : { *(.ARM.attributes) } + #define ARM_STUBS_TEXT \ *(.gnu.warning) \ *(.glue_7) \ diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 904c31fa20ed..57fcbf55f913 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -150,7 +150,7 @@ SECTIONS _end = .; STABS_DEBUG - ELF_DETAILS + ARM_DETAILS } /* diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index bb950c896a67..1d3d3b599635 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -149,7 +149,7 @@ SECTIONS _end = .; STABS_DEBUG - ELF_DETAILS + ARM_DETAILS } #ifdef CONFIG_STRICT_KERNEL_RWX From patchwork Fri Jul 31 23:08:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695617 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0F6DF722 for ; Fri, 31 Jul 2020 23:21:05 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DB1E6207EA for ; Fri, 31 Jul 2020 23:21:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="myf8VMmy"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="l7LKCHfL"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="d1nsCRiV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DB1E6207EA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fQraj4PUthaQbt/UfIzLEwmEBM2sv2xCJsskufKRIks=; b=myf8VMmySDv2AQbUy2+J0y/2B C646JEEgnZLCOAsTnf27BbpJ5/sYbQ0XvC8sZJ1Ro/21sxIRlocfm4EJBiuhZv9Rvlsr0e+UNkjgo 7X5ledXswPU0ht0I4zwvWDsVqYIK0lYIZ/kfpnRk24/0lB5hVL6kLtIW9j5ajolzc6j2OlJLmDELH bxLScijMC64r9bJUdiDsKYnXQ9V3tZ9ajIG/Pj94XVpawi04J+RqWivCDn8aEPHikt5Dw86lvu5ft rw0igDrf6J9cQgUW9UcRXPT5WR/Z1Jp5FrtX1hw/+AWS8IBgn5w1ArND6C3934kLRTA1UOHTwKoEt a4JelyQ4w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eKP-0001sm-4X; Fri, 31 Jul 2020 23:20:41 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIE-0000rX-D9 for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:18:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=j7Lys61YjFpfMX3OTBjlFH6rsXYj3ZGDYGY4DwTK5Rs=; b=l7LKCHfL+Ud3u2uO5ra7Z9iMag yc0eXpHfEU44+pprGmPPYU4qyAUAmOEWLUNSvHnpsr1nEPEu9/D0xDulKLZ1S906PNmaO7kC8gMxC CQewTW5dd8bCLW83tVUcojKJkg3vxdxk8PUAVvXrLN/jY3U9LftlE4ToNWwxip8DxzGiqrLrci3zA KG7E+QN9H4Ru2Rhp+glh5+38Zm/ZLR6dYhxBQ6R9X6p/uICFo8q/PuVXgdWoF2Jd0PaC4AVUgEWNY QGcVsU8BEeuvfS/iDop1WaKZR7kiG4oa5X81L+hKHPp2VuqIseo+fNn39N553S+cuYSVBZsFFgc9i 7Ky/Lu7w==; Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIA-0001Gv-5R for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:24 +0000 Received: by mail-pf1-x443.google.com with SMTP id w126so15017384pfw.8 for ; Fri, 31 Jul 2020 16:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j7Lys61YjFpfMX3OTBjlFH6rsXYj3ZGDYGY4DwTK5Rs=; b=d1nsCRiVeR5V7xSyyra8TUXkzVGGZyVGicIMpvsBxz4UYBltmv2pChbuD9HAWx1JRZ nTzgrAEI4ydMYR6/86qDA5RBERE0C3DwH6MGQ/ocUxKfyvRkYDsOGgPU8V7aUbsGFQfr K/ypLFr1ufBcI2TdFJYN71D2tSdiicMgRSswc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j7Lys61YjFpfMX3OTBjlFH6rsXYj3ZGDYGY4DwTK5Rs=; b=lOGW65BTNZ1AF9MtsSLEAVGaoWG0f/MhwkzoSEYh+I0ObgDNnrVqhu5Lco0RtTcfy5 M96rZRO9WkuyRMIK7GnJIVvmjVoIbEdUyKZ1bqb6vPhbDuLRWnfYrgJp0bDHFawEbuhP LV0Pe82msUREVZNNH4e965wcscG4jW1pUiFF+W7bMkMQrMY9XBPNhIAtdZsJ9ifC4OsL ckchCTwjE4D+gtjGMrOx7bwpMdutGk4672lSfLfh4Cx7TSqZIQaN4SUKSu2NGD7lM3C1 nhWodCYikhe5hP4V3xKj06XTry+nbszNaTJWu/Ev6uKjxVGjZwPl2uNT04tUSdBjNjR3 i79A== X-Gm-Message-State: AOAM533f095eSFcdO+jUXhieXPtGBP6w7Fq5NmlmA1JeeuLRZnj5g1c8 KP2JAPHwYhZ1/vAb+ZYwb0EUkQ== X-Google-Smtp-Source: ABdhPJylqiQpL9f/Meacfle4u2dUrOQCvbKxNn7AAVKGg1HE/JSZSV2cXWPDWp4nKgsIRycs40SrKA== X-Received: by 2002:a62:2546:: with SMTP id l67mr5959404pfl.154.1596237499260; Fri, 31 Jul 2020 16:18:19 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id c2sm11380501pgb.52.2020.07.31.16.18.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:15 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 24/36] arm/build: Add missing sections Date: Fri, 31 Jul 2020 16:08:08 -0700 Message-Id: <20200731230820.1742553-25-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_001822_758769_2CFB810E X-CRM114-Status: GOOD ( 14.25 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:443 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Add missing text stub sections .vfp11_veneer and .v4_bx, as well as missing DWARF sections, when present in the build. Reviewed-by: Nick Desaulniers Signed-off-by: Kees Cook --- arch/arm/include/asm/vmlinux.lds.h | 4 +++- arch/arm/kernel/vmlinux-xip.lds.S | 1 + arch/arm/kernel/vmlinux.lds.S | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index c4af5182ab48..6624dd97475c 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -59,7 +59,9 @@ #define ARM_STUBS_TEXT \ *(.gnu.warning) \ *(.glue_7) \ - *(.glue_7t) + *(.glue_7t) \ + *(.vfp11_veneer) \ + *(.v4_bx) #define ARM_TEXT \ IDMAP_TEXT \ diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 57fcbf55f913..11ffa79751da 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -150,6 +150,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG ARM_DETAILS } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 1d3d3b599635..dc672fe35de3 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -149,6 +149,7 @@ SECTIONS _end = .; STABS_DEBUG + DWARF_DEBUG ARM_DETAILS } From patchwork Fri Jul 31 23:08:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695621 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 530BC722 for ; Fri, 31 Jul 2020 23:22:25 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 22E3D20791 for ; Fri, 31 Jul 2020 23:22:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="2Kz79NhE"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="PtKKgTcc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 22E3D20791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=gARRgWP1crhfEfVBjLm5rLv2R6rvvK0H2dAPweN+tzs=; b=2Kz79NhEuB7qyp3mcP5nld0/K iYaXtuUfmsLoky6qniLcHAI+xRnlpS4fO67isIp4ThkcoheARUNvl+nQ/iFl3seWmknbK/FRcM91k TQsxHejxzO//Db62cWR08ASc1goVVTmAlkJ9wq2T0YZNlJIM3u6+UWGaOzTHpj/BL9fuoKFJmqnwM 2+osO0ljC5/I0UlGyhLHD9d5k5jzlz/UC4XV4x1o0EaM9hyo6eZqo1nNWDxmzur+8rmLn82IXSVXn DciyHJGxWiNdPVfiZcz2iruePy7EX7a/RV9KjD+hWjWB9Mz+tAxRjoo6cGR8btHKeSltm0qUg9PRn DD0XSljpQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eK2-0001f6-53; Fri, 31 Jul 2020 23:20:18 +0000 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI8-0000lq-5P for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:24 +0000 Received: by mail-pl1-x643.google.com with SMTP id d1so18101546plr.8 for ; Fri, 31 Jul 2020 16:18:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=FPxMtdaVEuf/TmmMX8wDVhETGtH9LgUyfSDjSNQd8LQ=; b=PtKKgTcchPWFwmNHCOELBCbedImXn8QMPZUx6BmT8IS2wiMXkAnvVSwandzH318pso Hjyv+KSkEYyXk4GV2I31Nrts7XxM6cf+zk2+8PSOG4M9OnwOvFGW0i2HmWqrqkC4EY2C U/pecA93OxRO8DIbgvcfQD7SYw3Ny8vnG8WlQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FPxMtdaVEuf/TmmMX8wDVhETGtH9LgUyfSDjSNQd8LQ=; b=d3kNay5Plo7lOGponT7Tp7FzwSBtVSCfefqmf0VsxfCTvtTw5SU8gUj5KVnxCyEtEp 9Ic+9knTzLKdCsP2DNQuourz4UPfPqLUGSz7BM4SlaakKH8mkITQwkyCWA7FleWXKBsP FA0nnCw+51qkBJpny6a/e0cB6chs+4crBdErXWpq3xJf/BWIua7a26pou+9aPDe8YJcC AxyPj8H3rmOCHxuHG/2XB30P2p8AQtTg3exFo+tDHADEPAKG5xpjZ70QFAZtPzdk1kf7 JWhRrxhwi/gDtvfDVNy29hNDqKCcGs+tD6mrZOKKaGGWiuADNTLMuzKe9Fbwem/KAZHT 5H2w== X-Gm-Message-State: AOAM533X0SBGWupwM9TtLbGtxnrGUOhO63yVztY3gHVX8yuEdK1Ij6g+ dK2vS2w0xZzSPOJqSraS+MKPYw== X-Google-Smtp-Source: ABdhPJznb0jB8vv08BLZve0OvcyfCLdlXMgQKl4ItQYtZUCrXVmc6VSnzMZBZfdW62Kpwqwn9GzGMA== X-Received: by 2002:a17:902:9a96:: with SMTP id w22mr5577756plp.172.1596237497869; Fri, 31 Jul 2020 16:18:17 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id t1sm11510899pgq.66.2020.07.31.16.18.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:14 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 25/36] arm/build: Warn on orphan section placement Date: Fri, 31 Jul 2020 16:08:09 -0700 Message-Id: <20200731230820.1742553-26-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191820_284055_5BBA175D X-CRM114-Status: GOOD ( 12.75 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:643 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Specifically, this would have made a recently fixed bug very obvious: ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup' With all sections handled, enable orphan section warning. Reviewed-by: Nick Desaulniers Signed-off-by: Kees Cook --- arch/arm/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 59fde2d598d8..e414e3732b3a 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -16,6 +16,10 @@ LDFLAGS_vmlinux += --be8 KBUILD_LDFLAGS_MODULE += --be8 endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + ifeq ($(CONFIG_ARM_MODULE_PLTS),y) KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds endif From patchwork Fri Jul 31 23:08:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695619 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 228ED722 for ; Fri, 31 Jul 2020 23:21:40 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EF88E20791 for ; Fri, 31 Jul 2020 23:21:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fNSCB++5"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CBwwwhRe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF88E20791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2WXPGIJU8qpSSFBdu3WOPVu61xwF7Cd+3jVKNr+mhU4=; b=fNSCB++5nhRtM50nRnScSqyWT 5FtnMIFzlHcolS69HEQkC78qZj89hq56WJB641bT6JTzkn/so/Uc1kU2HA1PVBuONR9lMrV2PTQ0d 8YF12ZrYpViJjsYpXz+HUw0lSzoLJE43v5OUetH1nqL4szkvkfEhT2bg4AG2TcLdX9rrkDaSJ3qLH Ot0W+6UvJ2/VC+e4fnj16lbtwToQRhToUxnrBr9fyv+tOHWXuyPOS9dDtHR12/wlRG7xiWubacevL F1g7xmetO56A8KLVepPo4ktFwspf4est//sKlhY0QCzj9bq3Gx9Tq4HOPx9KkrgIfyRUhcMZHS7Gk Cpii8S44g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eJZ-0001Q5-SD; Fri, 31 Jul 2020 23:19:50 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI7-0000lI-2g for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:22 +0000 Received: by mail-pl1-x644.google.com with SMTP id b9so18106512plx.6 for ; Fri, 31 Jul 2020 16:18:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ASfOQ/kuJ12Krf5ZSehq5O7QSVOARTcDMayUR4wNtMg=; b=CBwwwhReWppNNFxkvHvxRIhoW1Pgu8rHz+Qem7CAjWQdaO5/GhluYGmbCsExNeTCUF GWVGhVmhGtziej1K0jwGNK4TJgftLk6BkDTi/Z0ZxQWg/3ennjOq71gQNscUJvF+p4mD yI8Dj9rogIG8+VxEZn7maN5u3Fg4sY5VJnsxM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ASfOQ/kuJ12Krf5ZSehq5O7QSVOARTcDMayUR4wNtMg=; b=S9yRNLS8bqkYmHGTgirslykNefNDp6hrkaG9nu7qyDCITHLSW78JrEJ6FHsKOkvLne FIGEk6AspDCoNWEelIObIifqvh0Chf+FHRK85nYtat7q2vmAgaUBPk+vsQjAgZhsPIoE d1zftKVj4dcL3Oo0M7wz79Qx+KyR8i/5C2hD394jKDjXeInvxpZwEbXPZxATPAtB12qC eJEXyKbKwQura3cmGJwJwNoeaUoG9K04krX/fT2YCnU8nsSGD52ptH9Yv9z0PyNfX5om dos41VWw96RAfjDJipa/WpZ119t9e5qxv0tGmfa+VqJazQ7vlMX6ARlucuB3nluoyERl XEmQ== X-Gm-Message-State: AOAM5300FbNSc+k4R1RZrzk9vfqshcSuOQEq86X8qSPyuU7QkkwBhQBH Jess8Dsj2MTFnbwP84j80/srnQ== X-Google-Smtp-Source: ABdhPJznKgXN1lBTUHP4lNeyH9aApE9G8kuG5iWIGXTxrA6qwoEEfymIgb4tSDTdVf2K5qllv9bpTQ== X-Received: by 2002:a17:90b:196:: with SMTP id t22mr6432467pjs.13.1596237497321; Fri, 31 Jul 2020 16:18:17 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id l16sm10621043pff.167.2020.07.31.16.18.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:14 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 26/36] arm/boot: Handle all sections explicitly Date: Fri, 31 Jul 2020 16:08:10 -0700 Message-Id: <20200731230820.1742553-27-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191819_314531_A647978B X-CRM114-Status: GOOD ( 14.71 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for warning on orphan sections, use common macros for debug sections, discards, and text stubs. Add discards for unwanted .note, and .rel sections. Signed-off-by: Kees Cook --- arch/arm/boot/compressed/vmlinux.lds.S | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S index 09ac33f52814..b914be3a207b 100644 --- a/arch/arm/boot/compressed/vmlinux.lds.S +++ b/arch/arm/boot/compressed/vmlinux.lds.S @@ -2,6 +2,7 @@ /* * Copyright (C) 2000 Russell King */ +#include #ifdef CONFIG_CPU_ENDIAN_BE8 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \ @@ -17,8 +18,11 @@ ENTRY(_start) SECTIONS { /DISCARD/ : { + COMMON_DISCARDS *(.ARM.exidx*) *(.ARM.extab*) + *(.note.*) + *(.rel.*) /* * Discard any r/w data - this produces a link error if we have any, * which is required for PIC decompression. Local data generates @@ -36,9 +40,7 @@ SECTIONS *(.start) *(.text) *(.text.*) - *(.gnu.warning) - *(.glue_7t) - *(.glue_7) + ARM_STUBS_TEXT } .table : ALIGN(4) { _table_start = .; @@ -128,12 +130,10 @@ SECTIONS PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data)); PROVIDE(__pecoff_end = ALIGN(512)); - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + STABS_DEBUG + DWARF_DEBUG + ARM_DETAILS + + ARM_ASSERTS } ASSERT(_edata_real == _edata, "error: zImage file size is incorrect"); From patchwork Fri Jul 31 23:08:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695603 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 386FC138C for ; Fri, 31 Jul 2020 23:19:17 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1073F20672 for ; Fri, 31 Jul 2020 23:19:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HJbxwQ3S"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="DMIGjUeC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1073F20672 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=DRigsLV1M1iWituanlgvBnmbK1aUGRI121RtHg24POM=; b=HJbxwQ3SEeZGRyzYK+/YOIPiY U0JEw/1UF1gs+A0LpAQ4U3Zju4Laa9qT0axhp/NUy1jecw/+OLFpL6I2UZrj0Ju4QPCl+YQfD/nR9 2nb9aO1iCccQkrBxWgJrxISWpK9Ei8NkN9SFnsYBlGH3drR5s0yW4xhVnVizcbOuWcFFdYtqwHOjE 10/QF/E0vS6prVTlBMs30q/KjjOs7G7DoCJow1TFFaS9j7QWXs1r2uAFjqAxvIlo/zKIxLysfbvTV i2y8XKFJYXUxuG1+AaGgzn1Bv36lrY8AIY0u9q7M3Q0Ve0+Pq4dMVFStUh1zn4sOWiocTr9EnqXbJ dPgbgI2vw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIn-00016Y-BH; Fri, 31 Jul 2020 23:19:01 +0000 Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI4-0000j7-RN for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:20 +0000 Received: by mail-pf1-x441.google.com with SMTP id y206so4899775pfb.10 for ; Fri, 31 Jul 2020 16:18:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CCrf0JNZv+v7XnAC2zXNDLnfzhwewMny4SzCwBazlpk=; b=DMIGjUeCu7WS1yf3tO/ZSurFXxQBrmrk+d4SNtYg3Zx4gCqGr5TRspd1Co3OvHWOuD HgP0Q2MhZC5ng5TdGuBK1N01WZRuRbuL0sGEYmgyIAQ/nfOQmSKgbXe+WhGM7kP/jalx nJM2JxLFu2JgqXahVDnFg8bR+aSG0MSFz/IAE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CCrf0JNZv+v7XnAC2zXNDLnfzhwewMny4SzCwBazlpk=; b=NqoJHHGRicHIbKekZr/UHeHXdx2KrbMaHqSHj9TtdRugV2LKv74Chf8ye2+6vL4lVF mnemQsPccif5eMBLk3IbhumLpJ3671TSgu6bqT9xwdQcyJWlU9s2rSgRHlPW5NnZPAQH sfd69/DYRlM+kqheYgFPwRBQCzm2rNotX1HmuhSr+2RgJorSy4DocKl7hZ4VoPQGInyW epKTR2s1egF3uZu9ahAO5syS1RbsXxGsLWNDSUdM+rpoDcfhk8b2PQzVAFdYNCrGxCLt vu5o6xjPlPoOzaeVWkIl2B/1xGclMq45TgkYn1wTNEYDNwrYcVHGMc6KB9j3ACC96rSP my9g== X-Gm-Message-State: AOAM532hljbfukks7V4GZwKSBbZ3GRDDD+rCDAC9YUjvWHZdzMtaCKTf FFYiLuJJ4cGKbxc4S6bACKObhQ== X-Google-Smtp-Source: ABdhPJzxG26pp/QHLf5eE3Hfqcu8R6vyN4v2osnuJzxCtSaiYaQfi+Blj9rxPYtcQ07RmWuKHr521Q== X-Received: by 2002:aa7:947b:: with SMTP id t27mr5503555pfq.117.1596237494645; Fri, 31 Jul 2020 16:18:14 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id i1sm11609642pfo.212.2020.07.31.16.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:11 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 27/36] arm/boot: Warn on orphan section placement Date: Fri, 31 Jul 2020 16:08:11 -0700 Message-Id: <20200731230820.1742553-28-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191816_918781_39694826 X-CRM114-Status: GOOD ( 13.33 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. With all sections now handled, enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/boot/compressed/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index 00602a6fba04..b8a97d81662d 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -128,6 +128,8 @@ endif LDFLAGS_vmlinux += --no-undefined # Delete all temporary local symbols LDFLAGS_vmlinux += -X +# Report orphan sections +LDFLAGS_vmlinux += --orphan-handling=warn # Next argument is a linker script LDFLAGS_vmlinux += -T From patchwork Fri Jul 31 23:08:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695601 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 078ED138C for ; Fri, 31 Jul 2020 23:18:55 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D2C5621744 for ; Fri, 31 Jul 2020 23:18:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Jv3txlxy"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="XLAgtFMg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D2C5621744 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zmNXEUGtbGsQgXh326H81l4pRWmAuS8Ol7HwfBXDF4I=; b=Jv3txlxytqFPNVqt5ampLKoUQ upgSkt3jbqrQ3KOVLvQH+wRNqdzEc8ImlOP9Dd43LDxRtuxrufDn39pL2eS5XSRXjsTuFxwd85w+t 6D35Xm7G7O9YkxJDRGLy6vIjl0AP9wjaO5duq2mDj3qlct9ZSVXRmbiDAWK/8z8JRpff2a/4o6fSW kEEK1P9KbQW/iNc8KjejyG10LlEi7ytL2lRu4f8pzfDwYeSUec7J86Zp019hroWPDdJRxZ7OUk9Et t7JhZkzrmO/90D9/juAIRCikr7D90KyxvGde8LjOo8jj1PooIFyM7dAp7Rw8GmBujsqs/y0B0j+2E d1+HUnqlA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIR-0000wk-9r; Fri, 31 Jul 2020 23:18:39 +0000 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI2-0000h0-KF for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:18 +0000 Received: by mail-pf1-x443.google.com with SMTP id l2so8857176pff.0 for ; Fri, 31 Jul 2020 16:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=GYWiGkzrodMZw8E6moJnKNf+2pJurSr6gU0bXIJriLs=; b=XLAgtFMgltivYzdrmr7mPeCf/STVStGznvQ9AetuyotpG77ihapGJPSOw6e/9bGeJC hnPfgK4hvRPSwIXsU3jsGjxizKoPAk/GU0DAj6GDqHdxtQmLultetRDJHUsYBQ5wLmRe GyZCYcSM9scCXDQH2r7rsPLe7prnm0EXpd4kU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=GYWiGkzrodMZw8E6moJnKNf+2pJurSr6gU0bXIJriLs=; b=WwqSs0bslJzVx0/iTRR05hyb05KsWiPGOvXNjhftxI/6WzUOoYg+o2/O8k2/iIgvqg prre3P8JK9YHPLkbWdf9K+hpdmdCgtDfCQ0eaB/FjZu+gcDtSXVfm6g0Rti7gvZR8lxG NlEXckKseNE3YcaRLySNqLKN3XdOvuG2zH0TM5IdFBJcltLV/o0ZwT33oXJaSelpGxb8 hTXwFTLFJce9wLl60bXP2zHeUgoFo6uHiY4MHGgymeKPBiWMnPYBYSOHw5aeXj/HVmW8 2myjlhhNWsuW9gt3j3EAB1701tL0ckmJEeOqaumHwpyPrS8l61aFVBNgUQHxKUIgsKah bQ2A== X-Gm-Message-State: AOAM532UpYnCMdNxvwe/iOK2WFzgf/F2D6/fmkjdjS1F08ZRSmH2NWIo axHexYV59sa7Yh8ISv7uMqAdDQ== X-Google-Smtp-Source: ABdhPJwz7lNV75l53ANINXJYmgu5YglRuap1WdUm9GJ6Hh16kc46QlK2SQ2/0EKz7ozsRQIWIWRvRg== X-Received: by 2002:a62:1c8b:: with SMTP id c133mr5904939pfc.134.1596237492142; Fri, 31 Jul 2020 16:18:12 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q7sm6300502pfl.156.2020.07.31.16.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:11 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 28/36] x86/asm: Avoid generating unused kprobe sections Date: Fri, 31 Jul 2020 16:08:12 -0700 Message-Id: <20200731230820.1742553-29-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191814_767717_613E90C5 X-CRM114-Status: GOOD ( 13.33 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:443 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org When !CONFIG_KPROBES, do not generate kprobe sections. This makes sure there are no unexpected sections encountered by the linker scripts. Signed-off-by: Kees Cook --- arch/x86/include/asm/asm.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h index 0f63585edf5f..92feec0f0a12 100644 --- a/arch/x86/include/asm/asm.h +++ b/arch/x86/include/asm/asm.h @@ -138,11 +138,15 @@ # define _ASM_EXTABLE_FAULT(from, to) \ _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault) -# define _ASM_NOKPROBE(entry) \ +# ifdef CONFIG_KPROBES +# define _ASM_NOKPROBE(entry) \ .pushsection "_kprobe_blacklist","aw" ; \ _ASM_ALIGN ; \ _ASM_PTR (entry); \ .popsection +# else +# define _ASM_NOKPROBE(entry) +# endif #else # define _EXPAND_EXTABLE_HANDLE(x) #x From patchwork Fri Jul 31 23:08:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695613 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0D02A138C for ; Fri, 31 Jul 2020 23:20:48 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DAAA220791 for ; Fri, 31 Jul 2020 23:20:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="vQzVdZqW"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Acdhtx1t" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DAAA220791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=oBM2ibAvoElr4f6CmXYlFcqHYPZFb9SrAx9rxopsWnU=; b=vQzVdZqWKG55PNx8gssYvgJsz 543C4FO4B1SH62jcFuOEEZybm+kl+/0PQI2T+qOPWUlWmbfpmHwsyUKt8iJIbbhQG4aej6eSBnnI9 70C3OzxD+VN68yVEZs1PLzRwYSotupuFYtIPBha+M0ouK/TKmKJJ0VUHOuuwrE4U7aaS/uiV5D0wz MhGop4Z/17jbw7Uhiskz96ayPW6hnGkxJUWeW6UJNoOJ/ZrB+gSa4m+jO1jS1F216//Bx/wF3cuXK jt+Di1VmHJ0BH0WkHPQLrciJ7eqvqlpuPkVxp0WQJ5O1jVMPqVKl9b950gs0MDmxqAN7t+rrbp13Y 4Otl535Sw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eIY-0000zc-PC; Fri, 31 Jul 2020 23:18:46 +0000 Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eI3-0000hb-D7 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:18:19 +0000 Received: by mail-pj1-x1042.google.com with SMTP id f9so8522994pju.4 for ; Fri, 31 Jul 2020 16:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DcAsy2Kya2vQqvsN7ZPWA8EbcQkwVEcJexXEETLKJik=; b=Acdhtx1taL3cJ0UonSyJvk6bfFnzMNMb/OtYeoW8WVgIkiBmz9TPNPTuYBMmsdYmlO sAcW9XztYuDymTfimZLg8+HmpaYdTmmT8tF/BpBGfhsLUyvDHTtHASScwa7qJiTP1nko Qv/5rrTmKuRHOM+nwd77xCgRKODhxuUNBL7Ro= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DcAsy2Kya2vQqvsN7ZPWA8EbcQkwVEcJexXEETLKJik=; b=dFcUkAgaspj1SzSm7xjb5wN7ae1Pmd5HkHW1miWAV5EPx0x3qHLQ7z0FyvIEXa3vDC jHIQDOrrLz5a/iwZaf/Usbn4DTrrgpPWzyeQoipR+wNmWHfxo2VM9kqgkXjlHMT58ec3 DNvQaybOBbjEwoRsXAKUph9TtxpmF9SQbDfTRMAq57C02DyqK1YNDpWjBMh/cjiR6Y0o LGxYdehm1cs6PasqChmLgVnCbeaRREoE3fbvkzEw/iKSB5J0NMoA5dyJ+W2AAJgMtnQ5 +KtEReKuaNtTsn/FMqT+ew5acSX4cl3dnCndI5BA+Wj3PdyCL6bJvD6SpYHU0RhIkHpB 9qxA== X-Gm-Message-State: AOAM530iewi0lA3TrKV+J2vdt7akNSnSX5hYv8+yyJ7CTCuQh2wRLJl1 5O/BHMrBV/Q5UT20RfsbU3UZyg== X-Google-Smtp-Source: ABdhPJyzzUS6jU3nY40Z2QdxjoOaZJ0MXEzHC7GLhL52i5IAnjsxzb7V9wPgftjtuphwT5Pu7c20Lw== X-Received: by 2002:a17:90a:8d06:: with SMTP id c6mr6370143pjo.137.1596237493405; Fri, 31 Jul 2020 16:18:13 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b21sm11163353pfp.172.2020.07.31.16.18.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:18:11 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section Date: Fri, 31 Jul 2020 16:08:13 -0700 Message-Id: <20200731230820.1742553-30-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_191815_547123_6A299485 X-CRM114-Status: GOOD ( 16.23 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1042 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The .got.plt section should always be zero (or filled only with the linker-generated lazy dispatch entry). Enforce this with an assert and mark the section as NOLOAD. This is more sensitive than just blindly discarding the section. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 0cc035cb15f1..7faffe7414d6 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -414,8 +414,20 @@ SECTIONS ELF_DETAILS DISCARDS -} + /* + * Make sure that the .got.plt is either completely empty or it + * contains only the lazy dispatch entries. + */ + .got.plt (NOLOAD) : { *(.got.plt) } + ASSERT(SIZEOF(.got.plt) == 0 || +#ifdef CONFIG_X86_64 + SIZEOF(.got.plt) == 0x18, +#else + SIZEOF(.got.plt) == 0xc, +#endif + "Unexpected GOT/PLT entries detected!") +} #ifdef CONFIG_X86_32 /* From patchwork Fri Jul 31 23:08:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695583 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87583138A for ; Fri, 31 Jul 2020 23:12:55 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5F4B8205CB for ; Fri, 31 Jul 2020 23:12:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="av3D6qdL"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="LqmTDvOW"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="JOAqMVCW" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5F4B8205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=or4zVA+GFHdfblcIgHVIWssC6XBh5veakQngM4JPyTs=; b=av3D6qdLHBdV+/rmuIW8EqHpQ XM0Nmr6yVHo/P5sbDh+iMGrZbPZZouvoVvZBbBus4y3KVaWT6/7+a/jpgXytOL1p7TjhynDor+vxO As7tT4lRdL61MdkT0uw1u/hRWYpW+uGcZka61ACd/5OavityIf9FGQOMQagAfak21szaJ/4c3sbGB Z4Y0rMkn92SG9M4Lm1SPtYUBegrFPYA+e7LaZiusinKAIJBDyiAlJnrezMBUEPbOaVjr3ScqjphW2 1Gf1QmseJ1wNHvdHDF1NatYuM6yEfr3S8rB8xmNyo0hIiJtcmEYDA69mHvPWK/lMIJHtZFP6tX22X IP520pucw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCa-0001NB-AD; Fri, 31 Jul 2020 23:12:36 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e98-0008Hd-Fa for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:09:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=nwDvJc+EBCTytPh4qqWJPqBQ1Pj/7rvDlMkI2+6l3fI=; b=LqmTDvOWCukpMofm2DoQdRID/3 eCx+ZjbedbCC1AGuNvNoRxxEXWUhuFlbtAn30tn7JDucyl/P7eefgyFrAKoNl/rHEPHn90+dV4CUL SvFfreOX8GAo04ILDw+FLabiyPsWSLh4IF4kHdTJnhwgwQL+KVj01kqpdtpnepBPQV9a4k41eEdAD EkapvBgZjzq2PWezL755c+I+mjUeBXARkgEeFTISHrlx4sYuq15alfL4r+6iM9qoGR8WmJkYjnwKI vHGpaD+fmNAYC8zJRMD4hI6wQzDx9C4r0/sB2JHymCNa0pR1hyztMwXD/IcIkPj4ZA6zNopH/Mlb6 hdBNq/mg==; Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8u-0000ZO-Ls for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:01 +0000 Received: by mail-pl1-x643.google.com with SMTP id m16so18096520pls.5 for ; Fri, 31 Jul 2020 16:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nwDvJc+EBCTytPh4qqWJPqBQ1Pj/7rvDlMkI2+6l3fI=; b=JOAqMVCWrPdajqN1Taychqd0iPhCdsc/6VYR99HVk3JsgeEiGpgjg2Z9E7W4gFUUmF ee4C8x8jOufyDVX5njp8VPjBuIasRahkVmjaxpNMFWb6v49ohzPS9pBDXECueYvkiEJ/ W9bbijKixILXX2dC5o0Yg3bGNPJac4Scw7dkk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nwDvJc+EBCTytPh4qqWJPqBQ1Pj/7rvDlMkI2+6l3fI=; b=Axha4ozN2iu7fjaXvxTxY9KjHmNzUxBD8aewrc1SUfXkb+oXL69tTbpIjdPgF5jeqK 8+rIv5JRKvpgT0RgigkVL1rHopG7dfWSI57rJ5F2NwhzAzIIXixqrjnJqcHVb+Kahrys 5EW+ewCQoCvyVnjv0SyFx/c7TdibcUpd0V3z+C0MbnVCD2uBXPdlIS3UBfPlDKxtNbV0 aA5+LOgioZ8RVLJG1TYoxhZdubuGb4DubhcbSqUDgMM/Ahr/EMJojgEl3QqcIpgE8lUY /w8HiJ/2oxJOjiAg4WqLf4Dn1ApOj8iiEgL0tavht23c1Z7qKZHUBe+YRSwJpYarL4yJ aZZQ== X-Gm-Message-State: AOAM5302vdLIeSX99eQ+vOJwkaBDfn6c14H2V4EV+M2zkouvIf3tcApt 1lsiesZfVPZjoIsGqUtyQGmY5A== X-Google-Smtp-Source: ABdhPJyd3PIVImTfcm8vqmhCuvx32RaOUUUS9YkPvP10EV/gwv2je3TLyVou0UCk4tW9MggDonnqiA== X-Received: by 2002:a17:90b:514:: with SMTP id r20mr6354230pjz.82.1596236926030; Fri, 31 Jul 2020 16:08:46 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h12sm7292673pfr.143.2020.07.31.16.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 30/36] x86/build: Assert for unwanted sections Date: Fri, 31 Jul 2020 16:08:14 -0700 Message-Id: <20200731230820.1742553-31-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000851_717550_B4E0B74A X-CRM114-Status: GOOD ( 13.62 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:643 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for warning on orphan sections, enforce other expected-to-be-zero-sized sections (since discarding them might hide problems with them suddenly gaining unexpected entries). Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 7faffe7414d6..d8792f9c536f 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -415,6 +415,15 @@ SECTIONS DISCARDS + /* + * Sections that should stay zero sized, which is safer to + * explicitly check instead of blindly discarding. + */ + .got (NOLOAD) : { + *(.got) *(.igot.*) + } + ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!") + /* * Make sure that the .got.plt is either completely empty or it * contains only the lazy dispatch entries. @@ -427,6 +436,21 @@ SECTIONS SIZEOF(.got.plt) == 0xc, #endif "Unexpected GOT/PLT entries detected!") + + .plt (NOLOAD) : { + *(.plt) *(.plt.*) *(.iplt) + } + ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!") + + /* ld.lld does not like .rel* sections being made "NOLOAD". */ + .rel.dyn : { + *(.rel.*) *(.rel_*) + } + ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!") + .rela.dyn : { + *(.rela.*) *(.rela_*) + } + ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") } #ifdef CONFIG_X86_32 From patchwork Fri Jul 31 23:08:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695645 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2A1A614B7 for ; Sat, 1 Aug 2020 00:28:21 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F0BF12087C for ; Sat, 1 Aug 2020 00:28:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="uPK71+2u"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="kXpcLutZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F0BF12087C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qmXDbhz1gvLuzSy+OiQkR9ZAPG8xWsmpAbU4owm3x5U=; b=uPK71+2uwgVl17s4FEabKWRCi EOoWhj++SxZvQ/1L9G2Ob6tUStqn1EmvXvxWCKiTEdDyfbgCxKcFxbxb5OZo16bAa8bqnETodw2vH uR+zUr6KcQHoa/0mzvhrOhif57IG7oOsSLxCLVFhaeiu6G8OQIITgmAUkyYTVgwZK9Tpzl3edpoxa 1BcXSw3oKkCHZvm/GlD4ryIhAxrlDoiGdcrorrcaDy2eWUErceb1SRWC4YCdvDP85jiHF7rXgZ9P6 l1kAnP5CRJn5OvfIQ4cMfg5WGeSY+l0pmw8hZ/BmzcBDNYZknk6H7wpySr3uFr8Wdt/ChyrJ2OIkD 8gMtUW9Jw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCU-0001JJ-UG; Fri, 31 Jul 2020 23:12:30 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8v-0008C4-CJ for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:02 +0000 Received: by mail-pf1-x442.google.com with SMTP id f193so4771258pfa.12 for ; Fri, 31 Jul 2020 16:08:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0GUjcxjsZxZ8lM3nHzNDLygJ5FIXra6/aspJ0PfOUm4=; b=kXpcLutZEBDIK8r/VrXM0/S/M66OR5FIx7eppKkF/v1AAyqoIG1EcJSK+MAUIX1GFO +VctBRcweBl+L7+RbRpkCnLdW+eB6f/AB/C7ovm8+db2FE3qYt6eJuyH5G4NG9EB2Nqy kXp3k3nuHXo+uMdBCXjaRxsfyYI9gbQEgrOEY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0GUjcxjsZxZ8lM3nHzNDLygJ5FIXra6/aspJ0PfOUm4=; b=eR2cK5omqRs9yCQAhY7k9YsXDhRNJEKl7MAhZ2wyTlJ+rloKwisqLI+dppXJUlEhjg kY/YbLDr/StmGJFWV1O7IUATF7jyC/PDzYDAgtA/K+JwkYx4nMWaoJ5Wu/G+FwjDbJOG WlX4HERYl1i0lBMbnrcP9f8+n5UvWwUbXQbcH9lhET5X4gHfqRT+2JeVPpu6nMmTjRzc KMPzsSNhg6G10fXHNmWVHiQ7Zc1qdbbemaqI2eq7QJ+2cLx0UUkTJZ/h0s/HChHYmBsV /4lxzpOOCZ0ENk2vh0WpUnImgqwra1WOiS3giUVSoxvxmUmUQHpqmKBoWCOrtQCA322q CJHA== X-Gm-Message-State: AOAM531EL7DFWk6fmzRx6fXLdKU5Yb2YrYtzXe/Qj5Rdjyd5IUpbLXXj DVmMEOCoQK5BKMhqbEmRXilHlQ== X-Google-Smtp-Source: ABdhPJwiN0XXHdkflMLnP3OGR+ZptMLbM44ofV7XUW+Prs0tZqxumVQ+EVPIU7ICfg7NjYmYai6cfw== X-Received: by 2002:a63:4f1b:: with SMTP id d27mr5466462pgb.389.1596236927556; Fri, 31 Jul 2020 16:08:47 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 75sm649022pfx.187.2020.07.31.16.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 31/36] x86/build: Warn on orphan section placement Date: Fri, 31 Jul 2020 16:08:15 -0700 Message-Id: <20200731230820.1742553-32-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190849_469591_2320AB0B X-CRM114-Status: GOOD ( 12.57 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:442 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Now that all sections are explicitly handled, enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 00e378de8bc0..f8a5b2333729 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -51,6 +51,10 @@ ifdef CONFIG_X86_NEED_RELOCS LDFLAGS_vmlinux := --emit-relocs --discard-none endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + # # Prevent GCC from generating any FP code by mistake. # From patchwork Fri Jul 31 23:08:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695589 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 93893138C for ; Fri, 31 Jul 2020 23:15:06 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6C81E206DA for ; Fri, 31 Jul 2020 23:15:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="CA71qxVT"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="E16hD+pF"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dE/Lv+CU" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6C81E206DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=gBpGviUHhyHhc991q1BJ4X0sFK3EY0o/OmDGy0uagdI=; b=CA71qxVTf/YW9FIS64J/tVato vl+N5z8ssbP6C6NH/6hx0wDq86N6wM/MyZamCfwSYjy/vRiSMVTjemlJNiBhrqyWwvwoPRavG1xiT jdSeYu4MsVRNKiIJrtaHhZ7MzkaRMgzRpZcnTp35dxyW4XcXVGKM/DU6mHaT7iyRZ+UsM+wokOfJY gymMGLoxJil+B0kpR9Mpp6qXO0hge/ZZ77JctexPTgf9LWl8pABcepKttN9CGsyI6YllAFqELWFJL Cy2ml9MYAjx/Un1dxIwNZKT8yT0Lef7c0U0dVjw9uuN0tInvcMHMQFu9LAabhYPi2UYVjNBiFHvCr z2WFdIKfA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eE2-00027P-5h; Fri, 31 Jul 2020 23:14:07 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9C-0008Iw-0V for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:09:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=jrAblmr6ozIS72tPylywn6+f+xtS4UhaP8bWtW4yv24=; b=E16hD+pFhqkhoFptwdctDnj6/H 9ee2w0mKhxOlC+1t6NOS6zThp0bU+PHAXTAqnodVTAkjOouxAUUhg0CRWka4IlHTu9S+AJ6jjp3Fb sAsVHV2HptggViz44qlypLAE6e6zHoYqXAyjGqYWQhCOq+7ntRkAZ3jlpkXH5EVWLq0wpeGuusnly LtytYxfMH9kEOmCjeUyWBDhRBx3hqt30+QNwDraqXtwLEe1+CunUvCALjpKFN5MRqXMX7buCyWpu8 yBGfxrnfF3v5w+0ol8BRBEQ9nIgrnid06HViAVMfoAs2YRMnDoQlv/RXQ+PzY8WA9f2oPUmfsHmkk iIyk6DjQ==; Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8y-0000aI-Q8 for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:04 +0000 Received: by mail-pf1-x441.google.com with SMTP id s26so15178568pfm.4 for ; Fri, 31 Jul 2020 16:08:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=jrAblmr6ozIS72tPylywn6+f+xtS4UhaP8bWtW4yv24=; b=dE/Lv+CUA/T7hFTSyS/prDIBwKu/ji5fc0y2Bvs2zCPUa36aaYuKYtGCWE1TiPc+U5 VmeZKoRZYCjcKC45iW2ezGMhW8mV6FXFni0hFNHu5kzRpTCuDIkn88ZAPH+X6Su8OTPX dsyMxubhpOlOMQIDeQNqP4d+u9LhnVaPCznvQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jrAblmr6ozIS72tPylywn6+f+xtS4UhaP8bWtW4yv24=; b=BFBLVedC3fAlGSGM1KuaHlYvu8GmWmyRhEYLi6XRE5iMj8mPTGUbTdxn8xRoWKB0s8 NWGBMSC8MScEdcx+sv6ygjNZLju4WQDLze12N6flDhAr2XQ1Qvp3jH22+dIacn7sXqhe pMo2gen0iEHBBZqQzPsjErfsrgtw+xabSst+0+oJC7liFfpp5r6kgskjIMEZsgFGYLxG q9lJUPbDWuFlKrT7ksgJsOId9jgwetDB5PXCDixaucNwlc2y/Uwxj9GaA10VXMz/02/p GHL+nATHMAVwsrzRjVXWSlxSF9c2mVZHnVo4BbZZIXMCwg1CudSlm1C+LojoXtUYedYB D2UQ== X-Gm-Message-State: AOAM531h+8xvWQsxvH08WjxtCZ+fwpTG0BH3LtKAV/7Z9jh2neRuGfZl lXfrIEsuSy27s2zQQxPtRn9fSCtTFsg= X-Google-Smtp-Source: ABdhPJyu/p7gfXhwLLFTUjqcKNpeho/cbat9YHoxOtNjsvvByKqqv61amhieFG04PGKt/BiiHt+iFQ== X-Received: by 2002:a62:6083:: with SMTP id u125mr5816247pfb.286.1596236928921; Fri, 31 Jul 2020 16:08:48 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id k4sm7192916pjg.48.2020.07.31.16.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts Date: Fri, 31 Jul 2020 16:08:16 -0700 Message-Id: <20200731230820.1742553-33-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000853_836620_F5689A76 X-CRM114-Status: GOOD ( 12.66 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org For readability, move the zero-sized sections to the end after DISCARDS and mark them NOLOAD for good measure. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/vmlinux.lds.S | 42 +++++++++++++++----------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 3c2ee9a5bf43..42dea70a5091 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -42,18 +42,16 @@ SECTIONS *(.rodata.*) _erodata = . ; } - .rel.dyn : { - *(.rel.*) - } - .rela.dyn : { - *(.rela.*) - } - .got : { - *(.got) - } .got.plt : { *(.got.plt) } + ASSERT(SIZEOF(.got.plt) == 0 || +#ifdef CONFIG_X86_64 + SIZEOF(.got.plt) == 0x18, +#else + SIZEOF(.got.plt) == 0xc, +#endif + "Unexpected GOT/PLT entries detected!") .data : { _data = . ; @@ -85,13 +83,23 @@ SECTIONS ELF_DETAILS DISCARDS -} -ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!") -#ifdef CONFIG_X86_64 -ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!") -#else -ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!") -#endif + /* + * Sections that should stay zero sized, which is safer to + * explicitly check instead of blindly discarding. + */ + .got (NOLOAD) : { + *(.got) + } + ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!") -ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!") + /* ld.lld does not like .rel* sections being made "NOLOAD". */ + .rel.dyn : { + *(.rel.*) + } + ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!") + .rela.dyn : { + *(.rela.*) + } + ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") +} From patchwork Fri Jul 31 23:08:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695651 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D885E1575 for ; Sat, 1 Aug 2020 01:05:48 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B14FA2076B for ; Sat, 1 Aug 2020 01:05:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="cAxucMP1"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="F+PwLeUK"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="erx5/Jpq" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B14FA2076B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=GKwgcLF1y0aEAnfQyi8KoTeD1PAgPCxSE0+X4MbAWAQ=; b=cAxucMP1JQJuNqQaq70eZrQP+ WiR/VOzJ+/K78SoIYZwuJWsXrRzID9P0DJ3+XXks45j3ke5mm9UL7henHrHmQsNOTASjbSX08U1tX 9uKG1WagZHGuwjsDpc0sEd2z3XBbxu30KM4uLhDD8+aZ4rT3ENAIb/QOdUYEjJ0IuUWYvb36F7GXS 8MwNeFqYTFDFt2RPUdR3ocsAhrP3npFqHqgF9kU0oqUyAgvqejvG3bhg9sPIAt3zFOKw5ZuUVSl5/ mafI899ngZ62uTYqyxh54lB/G7moUJ4GWxmvcOp+eZ8c/9BHDpw1fVWIgw6xAvnTTX/KHeG0OOKFv 3fywYdwlQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eDB-0001eg-BP; Fri, 31 Jul 2020 23:13:13 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e99-0008I8-Ig for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:09:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=8vhxEY/3GLUdito3wLDKhA5WtBC+SXdkXa/hytPCigE=; b=F+PwLeUKK8YlB+UWdepcbl8BNz Up40wGrYEjzLw/iuxJ1slgcLpLJVizWxIrev4G8eLJGRTCvTUy7kgW358mMhXkY+HBhMAdYJjEwEf C1vlzN5mEKr3D2698ni4H9WcgHKhvdazqcbKHzf3o9bWYILPcXJZK+tM+6DPVSwElsZGaaxtrRNvj z1xAMWa/1bF3DW9KChNK7qvg9kAQGr7i3FEEgaGMi/RgYVuYEKxMVQU7o452fJtpyZnZ9o9rjEluQ vKZwnnLPfKHcjjjWwHB7rqlVQISmFO9j5EPwzDdxhpKrJPFzWPRHqx9GJxYkmjRV49nDNsDkjmVqx NTwufMrw==; Received: from mail-pf1-x42b.google.com ([2607:f8b0:4864:20::42b]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8y-0000aA-9a for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:02 +0000 Received: by mail-pf1-x42b.google.com with SMTP id m8so8322510pfh.3 for ; Fri, 31 Jul 2020 16:08:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8vhxEY/3GLUdito3wLDKhA5WtBC+SXdkXa/hytPCigE=; b=erx5/JpqhPcqTt2NRt7KYL2WjFYzLuGG8P3y0Er3rEKdM9crkTPu/ZeFlU0GCIVOMc DiuJnOx0TWdOG3xCGBDcbldLx8jiF9vR+PM5/8GcMbuuzJl25XeRIG6137MXRlGMlfwL YRvGL0llW8thsScXCRcN7FWXAu5q57sDHshm8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8vhxEY/3GLUdito3wLDKhA5WtBC+SXdkXa/hytPCigE=; b=Pu34dnMai1YsJ1o0vf+D+Z/aVTzcUoLZPsT9QhaNpR74o6rRlS0UVy9vawjIooiKk2 Qu0sEbicNueItvqyQM6XY8xo2fQTgVtWpC7iLl2f0+hbdIs4bQj+eQgu+f2T46hwqH1T FAOzDYNC1mnqAdP3mDzkAQXjbxO1HzUB49iX1L7CDE/eEJs3JKVdQ1Op+K7BkXNBbywV IXrrzabyq8bxRpJ+a+Q2VnYgukd/ajtxytPwaNMTLE8vkzFMZ+P0IzlrHcX23966W8On oIPf9NJUq3WgyeTRrdY6xpdX9Th9EPomuqqnhYJf600pT2JJO45yJEvVq6V7JD0iHqyj ttNw== X-Gm-Message-State: AOAM533DhxvnLfbgUZJwVwiiejlCtdzrHR8D+dUUQQZ1jhLVyBJyXml5 ZMghxCbQ+RvdD3uAAYrtkcvJdA== X-Google-Smtp-Source: ABdhPJyLpLDveshlbN8sTzxQNU2pIN2ioMmjwXEATDhMsYZvm7qIKteqmlw+pfo4TpnxoNFX69boWQ== X-Received: by 2002:a65:6644:: with SMTP id z4mr5848694pgv.391.1596236928153; Fri, 31 Jul 2020 16:08:48 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id k21sm8098390pgl.0.2020.07.31.16.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 33/36] x86/boot/compressed: Remove, discard, or assert for unwanted sections Date: Fri, 31 Jul 2020 16:08:17 -0700 Message-Id: <20200731230820.1742553-34-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000853_189398_FDEF30D3 X-CRM114-Status: GOOD ( 14.70 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:42b listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for warning on orphan sections, stop the linker from generating the .eh_frame* sections, discard unwanted non-zero-sized generated sections, and enforce other expected-to-be-zero-sized sections (since discarding them might hide problems with them suddenly gaining unexpected entries). Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/vmlinux.lds.S | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 96d53e300ab6..43b49e1f5b6d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -49,6 +49,7 @@ GCOV_PROFILE := n UBSAN_SANITIZE :=n KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) +KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 42dea70a5091..1fb9809a9e61 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -83,6 +83,11 @@ SECTIONS ELF_DETAILS DISCARDS + /DISCARD/ : { + *(.dynamic) *(.dynsym) *(.dynstr) *(.dynbss) + *(.hash) *(.gnu.hash) + *(.note.*) + } /* * Sections that should stay zero sized, which is safer to @@ -93,13 +98,18 @@ SECTIONS } ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!") + .plt (NOLOAD) : { + *(.plt) *(.plt.*) + } + ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!") + /* ld.lld does not like .rel* sections being made "NOLOAD". */ .rel.dyn : { - *(.rel.*) + *(.rel.*) *(.rel_*) } ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!") .rela.dyn : { - *(.rela.*) + *(.rela.*) *(.rela_*) } ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") } From patchwork Fri Jul 31 23:08:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695647 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4762E1392 for ; Sat, 1 Aug 2020 00:42:59 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 16CF820829 for ; Sat, 1 Aug 2020 00:42:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="nQTX4ozO"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="NSM4iLNC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 16CF820829 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=4zVnLUd9sbOEpVwrZ88WtvgPHBCx+DsWdPoWcotA2VA=; b=nQTX4ozOHIGrf6yySwGhUWorn wbKaf2NJuPT5DeK9/3hogNWNCyGkQau+r/MOCbS3lqxAWpUc1fBoDOMoZCf0GsSl4qRp4sMo3MIpc TfLBzg82dk5VsR8+jhxgh85zkDf0by/6ZfLo41heh9yIO4Vx3H21YnYkZKatWU9/5+MP1bFWzbCdq /lhCs/ktA2hYu8lC42leH1HRqp+/XycxtEMPMDwDBEMpdb0Xgk9Oyn8GVWOrT8wFUUgxkUbJ4IGua XTlMVETr336fxgq0LqvMaLJsWY9doxcxlfaZ1fAqmk1+dSYe78RAl+t8vqA1aDtSROu+/RUBI47uY dLlBmZkHg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCq-0001Td-Gw; Fri, 31 Jul 2020 23:12:52 +0000 Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8x-0008DI-LM for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:02 +0000 Received: by mail-pj1-x1042.google.com with SMTP id mt12so8076071pjb.4 for ; Fri, 31 Jul 2020 16:08:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PuSQYLk8rDTcldYHXnDKkaosbMzbCM9W/MwjNJB3VcU=; b=NSM4iLNCt+PSZ5hBbvabEzpJMd1hF6J/aIjXJAdH5r95qlIezJOL072waTPx269b/t VJ+YGliWX0o2ljvRIiFg0BXQ8UsnDJZGud3+eV+6jqhaEi2NoGhj3XMvM1zGexRcCA8N FCSROmuOt7+fbj9lG4wnKvZY3Nzk/gWgfpQUA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PuSQYLk8rDTcldYHXnDKkaosbMzbCM9W/MwjNJB3VcU=; b=J093Uc2/h8nmIS8tqodMmxeEHNQem/IRTtid6afp1NIkB/S8UhOvf1ZEqUydtcCKaE foQho7KkLt8APUCgz49M2Iua4qZvhUTBPV+sKJDVz67wAhlPwGAgysqlhIsFagSqg8Ck OfOp0Y1pgTD8nhkMpEsrpxwX/DVJf364v49Tb3uF+baEsTRV0OjPMNUEywwnZvXpoEQp 0gqgzB2vZSxAo1nFeqvUcjGBR+HXQNFhb6EFoPyA4J8Tuas1I8DLYQD1cXjhAb8Wbwxo LMj4rcw65QQw3iPYZGYNJtap/LAOn60yFPRaZ+CBHxAiYSa8DQpbDNFokZnkIfaIIGsB d0PQ== X-Gm-Message-State: AOAM531T3LzO/8hW+anrxapjq1+rVb0aFQGjf17leZinL5XDS/s2wZy1 rPwPue9zCOvuSOczt7vO2hAPKA== X-Google-Smtp-Source: ABdhPJzXJUWqCrkj1WaxJQEgHP2rE3r7Clf90BCuwH6WeoGyW0Z+5DDM353CVntBZ2TEmf3Y7y3zVg== X-Received: by 2002:a17:90a:18c:: with SMTP id 12mr6239206pjc.74.1596236929572; Fri, 31 Jul 2020 16:08:49 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x18sm3935045pfm.201.2020.07.31.16.08.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:44 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 34/36] x86/boot/compressed: Add missing debugging sections to output Date: Fri, 31 Jul 2020 16:08:18 -0700 Message-Id: <20200731230820.1742553-35-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190852_374924_406516FF X-CRM114-Status: GOOD ( 14.32 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1042 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Include the missing DWARF and STABS sections in the compressed image, when they are present. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/vmlinux.lds.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 1fb9809a9e61..a7a68415b999 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -80,6 +80,8 @@ SECTIONS . = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */ _end = .; + STABS_DEBUG + DWARF_DEBUG ELF_DETAILS DISCARDS From patchwork Fri Jul 31 23:08:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695597 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B99F8138A for ; Fri, 31 Jul 2020 23:18:40 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 93E722076B for ; Fri, 31 Jul 2020 23:18:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="f+h9tsfA"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="X38w8FM1"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Lr9or3Hp" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 93E722076B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=/EoQfMF8ZZCWnHABFgHCQ6gw3sG0oK31SL118jZBPhw=; b=f+h9tsfAYWkpbzC+W8N46I4fF jzX+0Rxtby2JmzYM6LNxfN6fBai1Y4ky9cNM9zjbuKqtWxHbHyZLjB/ThON5bqvNAXX9lxCSXYQD4 NEniF6n17SQeWC0mr/578iuNwq0UbereC58U/CqPymo24Hn2HrJq5X/TSCKs0U//tPhTWQzxUymfj WT210nviieXlFDF/74r7WuXJq0y8n/mrOz+oNdILpPPKfMxgnmKzWEuIM9CM06+w7h3NyyGhBB0Rv MrhaplfofRF95ltZH44TC5WwgmSNkwtRkytpMdbmX5qgc6gR85D8aikmp+f3d4QVMOykBJ5uwdAgE UFVP+2Dtg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eGd-0000JH-OU; Fri, 31 Jul 2020 23:16:47 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e9s-00008B-B8 for linux-arm-kernel@merlin.infradead.org; Fri, 31 Jul 2020 23:09:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=84268jPgmFqAzbh6kvNmngGGyveZ3rMo3Gva+KPIY/c=; b=X38w8FM16UlPbgSzfJ8YsaQHSt OrGMGACdW6gccLlE0gtbpoYjQjxAn/BYB11oFO6Zb0h4gl55JZrwgOOwIgMoi+bMmV3wmGCjQNodo f0x7N1lbR4bz3ponqzzKdh4SpDEJLVyNtQWgM4PhZMh7MvB8fJlIAMIvllzxjxrc1Hkn6B6WcZUpl twGrR3oK52KdjDgxQVFkdfK81WJFTVY4ePnxxe8vbS7/BUT/pxJHeEdwQ5znSwV0nFooLaBP2ydPz zX99ASpSBPYBjCXrCj4geqVVSn6a7Dth61rOaF4E46fMCmHSpzXZG3bdL8ERo6QcsBD6Shys+h3NG si+yYNsw==; Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8z-0000b0-Ot for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:46 +0000 Received: by mail-pj1-x1042.google.com with SMTP id lx9so8520415pjb.2 for ; Fri, 31 Jul 2020 16:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=84268jPgmFqAzbh6kvNmngGGyveZ3rMo3Gva+KPIY/c=; b=Lr9or3Hp0DSvQYElAg+xki465Vdb1uAtDe85PRDbs1d8wZ08VYB9OlhllbtENPVieR V70iE3+WoadE5MGnu8i8GLUrfRA1t5+LbrYMwG75g0Vr4sqB1S8u5be8NrKejxdMS7gm byUy6rMjO1J+JL4A2Xwyw8hGAHymoJEGFEhIc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=84268jPgmFqAzbh6kvNmngGGyveZ3rMo3Gva+KPIY/c=; b=F2JzZNH4WjUdvXCncxVfox5ytVHcCMH1mS60r5iRQinJoe9K2zWd5VaJy/Yks3EN9g 4PHH5k55TlcJOmqKcxKe5gPWC0ANxqN8AIGkDPQxSIRVFcvJlF//kqbmr6YnhwRDO2ck yb+oV2vZBUgSYbqCwiUJ/z0IhvbDH6Be9KV7E/pBwJLYiqcXmbukOokKepBm2yA/6CMW cRlr4QeDlPcqIEzooSu7yfJByVe9Zgb8BM70nnG/HK5sJAuZLWtYtLicWZddMSLC558w dS3t4yDhq6tAfITEnjl0fJbm+uKPY+AKK8JDtCST9fn5HY2MRZGIPhM65qRt/I2a7iDK zrIw== X-Gm-Message-State: AOAM531ZvuF9r2Pha6no3vnSmFEXjyAgaMeI25uGjKrcc5juyyqvJOIW xia9i7Vms5POU9JEj2ZtMsxnjQ== X-Google-Smtp-Source: ABdhPJwhHCIH/rXPbloue7Ao7LwdLWcpC7pKCtwRdsLSguHj3gdxjmuhn4CNI2OYzSlwA+KLPraTmQ== X-Received: by 2002:a17:90a:d252:: with SMTP id o18mr3631713pjw.146.1596236931297; Fri, 31 Jul 2020 16:08:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y18sm11218113pff.10.2020.07.31.16.08.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:49 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 35/36] x86/boot/compressed: Warn on orphan section placement Date: Fri, 31 Jul 2020 16:08:19 -0700 Message-Id: <20200731230820.1742553-36-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200801_000855_092398_9E116A17 X-CRM114-Status: GOOD ( 12.74 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1042 listed in] [list.dnswl.org] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Now that all sections are explicitly handled, enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 43b49e1f5b6d..f8270d924858 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -53,6 +53,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux += --orphan-handling=warn LDFLAGS_vmlinux += -T hostprogs := mkpiggy From patchwork Fri Jul 31 23:08:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11695585 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6A57B138A for ; Fri, 31 Jul 2020 23:13:18 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3FA65205CB for ; Fri, 31 Jul 2020 23:13:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="k5DqZ4wG"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="JAuYbSst" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3FA65205CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+3IkmeCk24lBJol0STyN/yK7DK8Q+i7VA7k0k2s32tg=; b=k5DqZ4wG+rOT35gE+zgYoBRN/ H8XJdM2NtkVeD27t1z+D/qcPC4CgB8R74o2mup4xv8JQii+O92Gu+maa1cu41xJ7hxsOFJd7Mc9I0 tCzUXC+flGje6qlyarw4onfpH0UkA5bEXdMDyGf/CEKtTQ+jzhlUUGJZo6Dg1OaJXBPvfDctQkwEW F73lbVE1Ee407iT2CBvcmZfL4A2Ix50uYceVJLbCE6IAOKnvd/71fslHTr6ptGrgbielKd+mtNJTd 89N5S8JPuhzmCwmdvlSwE+OCdWlP2vwPZCGiRX2KFdkPmRDHxpbou9jVk7xJ7VQczjYFv+sU+tZBY 04PXtBCCw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1eCx-0001Xu-L4; Fri, 31 Jul 2020 23:13:01 +0000 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k1e8y-0008DW-MY for linux-arm-kernel@lists.infradead.org; Fri, 31 Jul 2020 23:09:03 +0000 Received: by mail-pl1-x643.google.com with SMTP id d1so18093831plr.8 for ; Fri, 31 Jul 2020 16:08:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1/odabPwHQ2/Ek+CjiibQWaFn9uH/zMNlMmZjncvN+I=; b=JAuYbSstQfukYE+Gb0Ne3AWJsz3y+BlIBQzjuLdwl34WW/5cbPcD0t5CHhdrnYt4P3 xCUUA6EqSYHRyEaYtQDNEDCQom38Ssx+gnWJzailUIVVZGprbqvIEm49kDNsHFrs+06/ VGIh/ScEhC/6EEEQyATwr44GVOS6GPHdqpL10= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1/odabPwHQ2/Ek+CjiibQWaFn9uH/zMNlMmZjncvN+I=; b=GzPLAZFTSCQ2exV3ikemqojLgyEH+kTTraWoBzBVHUZvZfvKu6tavq/RBlmzF06cjH qahw+hqpJNi0sgdKdmnnXgIeTydBY4BEdppQoRqcJhIDh8RUZOHv6gJv8KgvWSFUVlwV WVoXsA1DgOYD4S2EdMyYhmN0krDyxxcwaGjZuX4NC13byplbgwb3rohpms1J5iXJ8K4J slXvvZrYnzdRUxbjpufWQA4eLARDvbzxV92CMzh5Hn0fYm4TiPJKoAjyXAGV+BLrp3px mSYLdQRtQKt3YZpP9v3UEbNCZhNrCdJZmLaeZFV48ca0hjo07y7tTowAXmPIk/A9tvY8 fcJg== X-Gm-Message-State: AOAM532ynZyh9m11864tQzVoYtWpfavgAGbKkbkTZdrpF5NzJ2s4vWB0 AU61fDrKFlDe5XRdoQhDrRXQZg== X-Google-Smtp-Source: ABdhPJxMsEgUP85f2oRI5I8YFPTSXC9amM4W7Q94F6/Za32NnrZP42b5jtXzGrIuUujHM4rhfoKpRQ== X-Received: by 2002:a17:90a:dc06:: with SMTP id i6mr5914699pjv.161.1596236930832; Fri, 31 Jul 2020 16:08:50 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b20sm4306905pfo.88.2020.07.31.16.08.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 16:08:49 -0700 (PDT) From: Kees Cook To: Thomas Gleixner , Will Deacon Subject: [PATCH v5 36/36] arm/build: Assert for unwanted sections Date: Fri, 31 Jul 2020 16:08:20 -0700 Message-Id: <20200731230820.1742553-37-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200731230820.1742553-1-keescook@chromium.org> References: <20200731230820.1742553-1-keescook@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200731_190852_836425_35813CFD X-CRM114-Status: GOOD ( 15.02 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:643 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Kees Cook , Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Borislav Petkov , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org In preparation for warning on orphan sections, enforce expected-to-be-zero-sized sections (since discarding them might hide problems with them suddenly gaining unexpected entries). Signed-off-by: Kees Cook --- arch/arm/include/asm/vmlinux.lds.h | 10 ++++++++++ arch/arm/kernel/vmlinux-xip.lds.S | 2 ++ arch/arm/kernel/vmlinux.lds.S | 2 ++ 3 files changed, 14 insertions(+) diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index 6624dd97475c..e0d49fd756f7 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -52,6 +52,16 @@ ARM_MMU_DISCARD(*(__ex_table)) \ COMMON_DISCARDS +/* + * Sections that should stay zero sized, which is safer to explicitly + * check instead of blindly discarding. + */ +#define ARM_ASSERTS \ + .plt (NOLOAD) : { \ + *(.iplt) *(.rel.iplt) *(.iplt) *(.igot.plt) \ + } \ + ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!") + #define ARM_DETAILS \ ELF_DETAILS \ .ARM.attributes 0 : { *(.ARM.attributes) } diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 11ffa79751da..50136828f5b5 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -152,6 +152,8 @@ SECTIONS STABS_DEBUG DWARF_DEBUG ARM_DETAILS + + ARM_ASSERTS } /* diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index dc672fe35de3..5f4922e858d0 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -151,6 +151,8 @@ SECTIONS STABS_DEBUG DWARF_DEBUG ARM_DETAILS + + ARM_ASSERTS } #ifdef CONFIG_STRICT_KERNEL_RWX