From patchwork Fri Sep 18 20:14:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786017 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB56D618 for ; Fri, 18 Sep 2020 20:15:01 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id C91AB2311A for ; Fri, 18 Sep 2020 20:15:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="VAY1d+BK" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C91AB2311A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19917-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 12258 invoked by uid 550); 18 Sep 2020 20:14:53 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 12109 invoked from network); 18 Sep 2020 20:14:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=skSGpFbYMPCYyMt3xD2UXrEbXnhCXJcxNWr+Xyy+zNQ=; b=VAY1d+BKJBvFH1+plE6Ne6NojDosoRo9j26NV8dlVGXM//ycIlCDZru6h0GwYf6PGK oVDTueoqNoahOkpRrBlNbroVu/FB1veyRVPAgf/45GgzWqf6Xsq0Y+GXu2hi+twUmF4M UWlrMiOG7qzpx/rugvq9ImdavvJF+euLmvDRVYx6xTfAs6YbiMljlvnEF0AxzVWwqwE0 Wlnm4GTIQPvLwoJ7Q6dUKY/MHQfiWIXB6ndcTD3C4Ky4vDcOB9wdWqOfH1nmSHu8+xDC GmhmT101k2ut9EE13MQG/mtNTs23zRSYi6edJX+ofgh4sM6lA1iJVwk3pkcZdBV+lO+m xpbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=skSGpFbYMPCYyMt3xD2UXrEbXnhCXJcxNWr+Xyy+zNQ=; b=VTewMXedxKWO5CRsm8DeiGg79LKT8PIHjx6UO0BwQLIiv6DsQklOld2mZiMj9pgdUM IWdW2NFyyI3ME9oiixNOqO3fwNCVePKgfYLb2MslWUKkMiR1QABXZeUVmvgaBEtZ33zf TzwTn9hPuQ59IsOm90AOGfrIFgQtmIAApBuNCjSl7bDffsP2njybrNGFAUGwz1TEVH41 B1NbhEi+eFNakY7JOrPbF0U9IELChS042n7TmoJY7Qmpm7FJ5Bf7yHv7b+E0XAqX32fP ZzsIBQGgCUnI+odL+++g9phr9zv7yFVzuyg/hlu32RupcSrCcz1CEIDPegSsgd0R0nXN i9uQ== X-Gm-Message-State: AOAM532hsROg0Y3hinv4+QkcztQCNfgNTo9C/edSLiVKg7bt8N4qFP8g wYmhm/sx05i1+64FJVFr/cCuKtE9zVDXwFLO4qw= X-Google-Smtp-Source: ABdhPJzcj7wCxo8E12yukgL7sAuybdWWQ1AJ64l97WPGZG7w7s7z827ZYArDZS6m8vlRS9reaOndS152UiN0Two7+9I= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:6f89:: with SMTP id k131mr40244617ybc.214.1600460081050; Fri, 18 Sep 2020 13:14:41 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:07 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-2-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 01/30] lib/string.c: implement stpcpy From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen From: Nick Desaulniers LLVM implemented a recent "libcall optimization" that lowers calls to `sprintf(dest, "%s", str)` where the return value is used to `stpcpy(dest, str) - dest`. This generally avoids the machinery involved in parsing format strings. `stpcpy` is just like `strcpy` except it returns the pointer to the new tail of `dest`. This optimization was introduced into clang-12. Implement this so that we don't observe linkage failures due to missing symbol definitions for `stpcpy`. Similar to last year's fire drill with: commit 5f074f3e192f ("lib/string.c: implement a basic bcmp") The kernel is somewhere between a "freestanding" environment (no full libc) and "hosted" environment (many symbols from libc exist with the same type, function signature, and semantics). As H. Peter Anvin notes, there's not really a great way to inform the compiler that you're targeting a freestanding environment but would like to opt-in to some libcall optimizations (see pr/47280 below), rather than opt-out. Arvind notes, -fno-builtin-* behaves slightly differently between GCC and Clang, and Clang is missing many __builtin_* definitions, which I consider a bug in Clang and am working on fixing. Masahiro summarizes the subtle distinction between compilers justly: To prevent transformation from foo() into bar(), there are two ways in Clang to do that; -fno-builtin-foo, and -fno-builtin-bar. There is only one in GCC; -fno-buitin-foo. (Any difference in that behavior in Clang is likely a bug from a missing __builtin_* definition.) Masahiro also notes: We want to disable optimization from foo() to bar(), but we may still benefit from the optimization from foo() into something else. If GCC implements the same transform, we would run into a problem because it is not -fno-builtin-bar, but -fno-builtin-foo that disables that optimization. In this regard, -fno-builtin-foo would be more future-proof than -fno-built-bar, but -fno-builtin-foo is still potentially overkill. We may want to prevent calls from foo() being optimized into calls to bar(), but we still may want other optimization on calls to foo(). It seems that compilers today don't quite provide the fine grain control over which libcall optimizations pseudo-freestanding environments would prefer. Finally, Kees notes that this interface is unsafe, so we should not encourage its use. As such, I've removed the declaration from any header, but it still needs to be exported to avoid linkage errors in modules. Reported-by: Sami Tolvanen Suggested-by: Andy Lavr Suggested-by: Arvind Sankar Suggested-by: Joe Perches Suggested-by: Kees Cook Suggested-by: Masahiro Yamada Suggested-by: Rasmus Villemoes Signed-off-by: Nick Desaulniers Tested-by: Nathan Chancellor Cc: stable@vger.kernel.org Link: https://bugs.llvm.org/show_bug.cgi?id=47162 Link: https://bugs.llvm.org/show_bug.cgi?id=47280 Link: https://github.com/ClangBuiltLinux/linux/issues/1126 Link: https://man7.org/linux/man-pages/man3/stpcpy.3.html Link: https://pubs.opengroup.org/onlinepubs/9699919799/functions/stpcpy.html Link: https://reviews.llvm.org/D85963 --- lib/string.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/string.c b/lib/string.c index 6012c385fb31..4288e0158d47 100644 --- a/lib/string.c +++ b/lib/string.c @@ -272,6 +272,30 @@ ssize_t strscpy_pad(char *dest, const char *src, size_t count) } EXPORT_SYMBOL(strscpy_pad); +/** + * stpcpy - copy a string from src to dest returning a pointer to the new end + * of dest, including src's %NUL-terminator. May overrun dest. + * @dest: pointer to end of string being copied into. Must be large enough + * to receive copy. + * @src: pointer to the beginning of string being copied from. Must not overlap + * dest. + * + * stpcpy differs from strcpy in a key way: the return value is a pointer + * to the new %NUL-terminating character in @dest. (For strcpy, the return + * value is a pointer to the start of @dest). This interface is considered + * unsafe as it doesn't perform bounds checking of the inputs. As such it's + * not recommended for usage. Instead, its definition is provided in case + * the compiler lowers other libcalls to stpcpy. + */ +char *stpcpy(char *__restrict__ dest, const char *__restrict__ src); +char *stpcpy(char *__restrict__ dest, const char *__restrict__ src) +{ + while ((*dest++ = *src++) != '\0') + /* nothing */; + return --dest; +} +EXPORT_SYMBOL(stpcpy); + #ifndef __HAVE_ARCH_STRCAT /** * strcat - Append one %NUL-terminated string to another From patchwork Fri Sep 18 20:14:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786025 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A59392C for ; Fri, 18 Sep 2020 20:15:09 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 47B2D235FD for ; Fri, 18 Sep 2020 20:15:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SAoKEt/G" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 47B2D235FD Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19918-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 13468 invoked by uid 550); 18 Sep 2020 20:14:55 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13388 invoked from network); 18 Sep 2020 20:14:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=TqwpwA2qY0+meoCfIpHLXgNZtzIUgg9/FYqaJr/lHNY=; b=SAoKEt/G+wtGaNCEiPqBIUWaja1A3a5xAaghJ/k2HKUAWFgeK1QtV+lm2abWhnX5JD Lf1hWpMt0A3jqpXruVqakGZ4N4PzL5bDWgBRoB39cxdPpeOzfkkXXse9Da7EBLH6QszX yIQ4ps5QStAHLhzkW1GWCkPJtNZSS8s/HOHVJHh3mI37xrZXjV6JN7t2as4vjgpWd97H CN/1JCl9Z9jsIQ1IBYZGN/6gvrn4jzLfqwLse2ncX3sbW59FHzHrRf8VneE+RDy4N63e UjVJEfryi+4JjkhY1SGeecgO1nkIBXlZAGQENtM5mKEq9sThtpYLPTQWmgxN7MxHsXfh pLtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=TqwpwA2qY0+meoCfIpHLXgNZtzIUgg9/FYqaJr/lHNY=; b=AhLT+74/TSLKXeUwCJGDA2AxXQqBBjyNYQePLqVa3hP2aMDPBNXOJg6kaHcAJ2ItG7 /iJq1EsRJy+eNP1Mjq3LNJ2HjkAfylKo+Rr/sXCXEBgauHpH4CZBkK27Djqc7i9PN7H8 cCxxOEYmugcPMABeyU3rNc9a5fQaUQYJlNxOxxQ9NgOv5AVjDM/uNTXXOH8/B3bYtR3u aejQxWBblwIABnevI9vvRQNi4fyqZnXNpo6WTPdPVc5nK8m/9NnDzuUir5GKRaxFGA+K XuHsoCtO3LQfnEVaEmawhqZ4YBobBQbVrQZr/SWR/GURqzENJpbwRod4LAqrRwFwfc+Y k9cQ== X-Gm-Message-State: AOAM532sKkN1agaiypX7HVLlPd+4BPvsWqoazU9ggPOv8TL2diBsLun0 Ti1Iq/43PC0fVtOBdClSUMoV+B4M9KJgC504aXI= X-Google-Smtp-Source: ABdhPJzOup8sE7kVTU78SL83JQa8xb+w2NlpY7pFS1w2EC6IHmBL07qIyuYvXqVu343S5bZmQVA9R2tZ1tsrCw5cNVQ= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:73ca:: with SMTP id o193mr30862020ybc.224.1600460083214; Fri, 18 Sep 2020 13:14:43 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:08 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-3-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 02/30] RAS/CEC: Fix cec_init() prototype From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Luca Stefani , Sami Tolvanen From: Luca Stefani late_initcall() expects a function that returns an integer. Update the function signature to match. [ bp: Massage commit message into proper sentences. ] Fixes: 9554bfe403nd ("x86/mce: Convert the CEC to use the MCE notifier") Signed-off-by: Luca Stefani Signed-off-by: Borislav Petkov Reviewed-by: Sami Tolvanen Tested-by: Sami Tolvanen Link: https://lkml.kernel.org/r/20200805095708.83939-1-luca.stefani.ge1@gmail.com --- drivers/ras/cec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c index 569d9ad2c594..6939aa5b3dc7 100644 --- a/drivers/ras/cec.c +++ b/drivers/ras/cec.c @@ -553,20 +553,20 @@ static struct notifier_block cec_nb = { .priority = MCE_PRIO_CEC, }; -static void __init cec_init(void) +static int __init cec_init(void) { if (ce_arr.disabled) - return; + return -ENODEV; ce_arr.array = (void *)get_zeroed_page(GFP_KERNEL); if (!ce_arr.array) { pr_err("Error allocating CE array page!\n"); - return; + return -ENOMEM; } if (create_debugfs_nodes()) { free_page((unsigned long)ce_arr.array); - return; + return -ENOMEM; } INIT_DELAYED_WORK(&cec_work, cec_work_fn); @@ -575,6 +575,7 @@ static void __init cec_init(void) mce_register_decode_chain(&cec_nb); pr_info("Correctable Errors collector initialized.\n"); + return 0; } late_initcall(cec_init); From patchwork Fri Sep 18 20:14:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786037 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5BB1092C for ; Fri, 18 Sep 2020 20:15:17 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 618DB2311C for ; Fri, 18 Sep 2020 20:15:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kS9nJccC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 618DB2311C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19919-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 13675 invoked by uid 550); 18 Sep 2020 20:14:57 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13575 invoked from network); 18 Sep 2020 20:14:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=QG37uO1d4USzrK2i79mol19BZHF3voEs5YXCH0vFDXg=; b=kS9nJccCRITkbrAyCK9Hc7v1LETkgjrZzbCI78fOJk9GspwsE0lD6AsMWWG9e/Ya6w kQ7OAgO+NsJbiNEURN/xqwJc+nMm2JlmzicPoqTkbkTgYLChVmHJmFrbVcTMgiIM1LfM AMIn2fwD4sdTg9b5RFBa3v7hPzAOv72tQhHG2zedzbaGOgS5AllQnoGhiut1jy6gfUPb IHOl5kVpEYZmlx3J300NFEalCTngIq2wdGL7A0LMMidJtwteLyUB84t3JQdj/BGr11/r XP03Hd7VXorIrHoqHnVpAgFdqejQhRQlU/QiTZkkxeCP6z2bKBR11111wx5Cdsjef2hw h1Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=QG37uO1d4USzrK2i79mol19BZHF3voEs5YXCH0vFDXg=; b=IUrrE+G3kdvK94c4E+l2bKzDZqKDsSZOvMvxu0f8+0bpkmrnsHGULKfwM0TuUN+Y/G cJJaj7fCHB/pXx+yBx0wfAGYWHWD+L4hvnbhB+QDufnYw1vkdBqD4mVXXGG5M7npRROQ 878bMNz14MRzeWjO7k+zYUinVfB1YK4pZp0BEqTtM5ZAQ0UWRb8uIgFMW2GibQgFfPow Hetckyy7ygCXYB5A2vmV7z1FRrUw3d93ZITxYZm/ZIz58H+BB95rpVx7yrk+8CmN0RCl XIS9uOdQhT61lMiAZK+WzfLK5Z0PrF4lv5vyJIm9uJBOWLdK9LvQ4R493f3Rs9n9huO+ fv+g== X-Gm-Message-State: AOAM532xVPHUmcW5igc3vWwKRQHMY6xLbWwsGVzt0P1pRCayrip2HEl0 wh3cyY9SIXw0fs/XuNFjw1Qz7LisInwfT2BCJy4= X-Google-Smtp-Source: ABdhPJxOIBe5IUGDSTHVDRZfdndNloI1irNa0De5LGLJBg+ujXNg2cTfcMKCeIjDmjymnjpy+o5CvxVSn10XK63j+fc= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:3744:: with SMTP id e65mr19951166yba.275.1600460085079; Fri, 18 Sep 2020 13:14:45 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:09 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-4-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 03/30] x86/boot/compressed: Disable relocation relaxation From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Arvind Sankar From: Arvind Sankar The x86-64 psABI [0] specifies special relocation types (R_X86_64_[REX_]GOTPCRELX) for indirection through the Global Offset Table, semantically equivalent to R_X86_64_GOTPCREL, which the linker can take advantage of for optimization (relaxation) at link time. This is supported by LLD and binutils versions 2.26 onwards. The compressed kernel is position-independent code, however, when using LLD or binutils versions before 2.27, it must be linked without the -pie option. In this case, the linker may optimize certain instructions into a non-position-independent form, by converting foo@GOTPCREL(%rip) to $foo. This potential issue has been present with LLD and binutils-2.26 for a long time, but it has never manifested itself before now: - LLD and binutils-2.26 only relax movq foo@GOTPCREL(%rip), %reg to leaq foo(%rip), %reg which is still position-independent, rather than mov $foo, %reg which is permitted by the psABI when -pie is not enabled. - gcc happens to only generate GOTPCREL relocations on mov instructions. - clang does generate GOTPCREL relocations on non-mov instructions, but when building the compressed kernel, it uses its integrated assembler (due to the redefinition of KBUILD_CFLAGS dropping -no-integrated-as), which has so far defaulted to not generating the GOTPCRELX relocations. Nick Desaulniers reports [1,2]: A recent change [3] to a default value of configuration variable (ENABLE_X86_RELAX_RELOCATIONS OFF -> ON) in LLVM now causes Clang's integrated assembler to emit R_X86_64_GOTPCRELX/R_X86_64_REX_GOTPCRELX relocations. LLD will relax instructions with these relocations based on whether the image is being linked as position independent or not. When not, then LLD will relax these instructions to use absolute addressing mode (R_RELAX_GOT_PC_NOPIC). This causes kernels built with Clang and linked with LLD to fail to boot. Patch series [4] is a solution to allow the compressed kernel to be linked with -pie unconditionally, but even if merged is unlikely to be backported. As a simple solution that can be applied to stable as well, prevent the assembler from generating the relaxed relocation types using the -mrelax-relocations=no option. For ease of backporting, do this unconditionally. [0] https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/linker-optimization.tex#L65 [1] https://lore.kernel.org/lkml/20200807194100.3570838-1-ndesaulniers@google.com/ [2] https://github.com/ClangBuiltLinux/linux/issues/1121 [3] https://reviews.llvm.org/rGc41a18cf61790fc898dcda1055c3efbf442c14c0 [4] https://lore.kernel.org/lkml/20200731202738.2577854-1-nivedita@alum.mit.edu/ Reported-by: Nick Desaulniers Signed-off-by: Arvind Sankar Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Nick Desaulniers Cc: stable@vger.kernel.org --- arch/x86/boot/compressed/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 3962f592633d..ff7894f39e0e 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -43,6 +43,8 @@ KBUILD_CFLAGS += -Wno-pointer-sign KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables KBUILD_CFLAGS += -D__DISABLE_EXPORTS +# Disable relocation relaxation in case the link is not PIE. +KBUILD_CFLAGS += $(call as-option,-Wa$(comma)-mrelax-relocations=no) KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n From patchwork Fri Sep 18 20:14:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786041 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0BB6C92C for ; Fri, 18 Sep 2020 20:15:27 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 1368723119 for ; Fri, 18 Sep 2020 20:15:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LkhMujvC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1368723119 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19920-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 13927 invoked by uid 550); 18 Sep 2020 20:15:00 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13790 invoked from network); 18 Sep 2020 20:14:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=46CPzhkDZEHeVpITNsapIjJxI0GjMO0SMNC0C8zkP90=; b=LkhMujvCwkAUduIkDT6HnIktUCrB5Z/3D25w6G0QNw860IsQ40FImypNjlzxTcr/Au n+9fzi/agpuqfcXrcQ0fs9gpA6EUdSxDWeZLY+Wxjj2BNQ+BzNcCsZyFoGMw1SoQwEn7 Vky9ALkSplpzqGWE5ykTJHhmKQkB6SRsw37Q2teNcRRCdFq/BbTNSY0YT6cxl/Z8WsQt IkHTEo/6oT5i0M4N8CmxnPlDoqLO1RePr9TKMuxW0t+rJZ+H6sI7VXPD+4lmX8P4dGQf 2ba7OnV3lWFKvPMTDiYCW9d1dVAmP+S6qXdzk6tIQJuuHskbsLDbby7gT/dawv97DBLV kMuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=46CPzhkDZEHeVpITNsapIjJxI0GjMO0SMNC0C8zkP90=; b=WF0jzcSomboFyU+ltmI6xCAAkrANjS8ySYFbf4qhC/RQFINGR1/AaXtY/271vwm+Da e4zNHVJFn3aBMQiqIwp1hlUYTsl0GeZuE8gId4W2U2p/dOqFoYNC51IhnDoF33BQ2AnX go3JjMNPZaLwMAuvVTMMzvlBsrqch3eLl33GM0qsKOFTwouftUxSzGYvCGVv7fjoo1Ac hDzQPGNcCbNHXt2NFVo9qphZOzZcyoH1gNDSWaYUMoav/oBJtKXROhoaNCY6XjLcn5ar yaX2tlo2ifF5U734PPMVEFPDwPB9NM0l64PdICB574DcZ+bYpbEj51GO/IIcmQnUWJeU Hshw== X-Gm-Message-State: AOAM5319eEZd2nLImA9QuzGBi0cRecI9xzNJ621mfPdWIruEQMNy6YVE o1y5RCX0OOeQEd70fuNSvAv3+HcOhT+7dVhzgYY= X-Google-Smtp-Source: ABdhPJzkhvMi5i8NysjPP44Ym29blfdYM/w5M8ZctCd+TLmrbSAkk8b9xov7oP7EJd5gSzIpsOENgUxOQTCr56AGzHg= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a0c:d443:: with SMTP id r3mr35786354qvh.17.1600460087054; Fri, 18 Sep 2020 13:14:47 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:10 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 04/30] x86/asm: Replace __force_order with memory clobber From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Arvind Sankar From: Arvind Sankar The CRn accessor functions use __force_order as a dummy operand to prevent the compiler from reordering CRn reads/writes with respect to each other. The fact that the asm is volatile should be enough to prevent this: volatile asm statements should be executed in program order. However GCC 4.9.x and 5.x have a bug that might result in reordering. This was fixed in 8.1, 7.3 and 6.5. Versions prior to these, including 5.x and 4.9.x, may reorder volatile asm statements with respect to each other. There are some issues with __force_order as implemented: - It is used only as an input operand for the write functions, and hence doesn't do anything additional to prevent reordering writes. - It allows memory accesses to be cached/reordered across write functions, but CRn writes affect the semantics of memory accesses, so this could be dangerous. - __force_order is not actually defined in the kernel proper, but the LLVM toolchain can in some cases require a definition: LLVM (as well as GCC 4.9) requires it for PIE code, which is why the compressed kernel has a definition, but also the clang integrated assembler may consider the address of __force_order to be significant, resulting in a reference that requires a definition. Fix this by: - Using a memory clobber for the write functions to additionally prevent caching/reordering memory accesses across CRn writes. - Using a dummy input operand with an arbitrary constant address for the read functions, instead of a global variable. This will prevent reads from being reordered across writes, while allowing memory loads to be cached/reordered across CRn reads, which should be safe. Signed-off-by: Arvind Sankar Tested-by: Nathan Chancellor Tested-by: Sedat Dilek Reviewed-by: Miguel Ojeda Reviewed-by: Kees Cook Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82602 Link: https://lore.kernel.org/lkml/20200527135329.1172644-1-arnd@arndb.de/ --- arch/x86/boot/compressed/pgtable_64.c | 9 --------- arch/x86/include/asm/special_insns.h | 28 ++++++++++++++------------- arch/x86/kernel/cpu/common.c | 4 ++-- 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index c8862696a47b..7d0394f4ebf9 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -5,15 +5,6 @@ #include "pgtable.h" #include "../string.h" -/* - * __force_order is used by special_insns.h asm code to force instruction - * serialization. - * - * It is not referenced from the code, but GCC < 5 with -fPIE would fail - * due to an undefined symbol. Define it to make these ancient GCCs work. - */ -unsigned long __force_order; - #define BIOS_START_MIN 0x20000U /* 128K, less than this is insane */ #define BIOS_START_MAX 0x9f000U /* 640K, absolute maximum */ diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h index 59a3e13204c3..d6e3bb9363d2 100644 --- a/arch/x86/include/asm/special_insns.h +++ b/arch/x86/include/asm/special_insns.h @@ -11,45 +11,47 @@ #include /* - * Volatile isn't enough to prevent the compiler from reordering the - * read/write functions for the control registers and messing everything up. - * A memory clobber would solve the problem, but would prevent reordering of - * all loads stores around it, which can hurt performance. Solution is to - * use a variable and mimic reads and writes to it to enforce serialization + * The compiler should not reorder volatile asm statements with respect to each + * other: they should execute in program order. However GCC 4.9.x and 5.x have + * a bug (which was fixed in 8.1, 7.3 and 6.5) where they might reorder + * volatile asm. The write functions are not affected since they have memory + * clobbers preventing reordering. To prevent reads from being reordered with + * respect to writes, use a dummy memory operand. */ -extern unsigned long __force_order; + +#define __FORCE_ORDER "m"(*(unsigned int *)0x1000UL) void native_write_cr0(unsigned long val); static inline unsigned long native_read_cr0(void) { unsigned long val; - asm volatile("mov %%cr0,%0\n\t" : "=r" (val), "=m" (__force_order)); + asm volatile("mov %%cr0,%0\n\t" : "=r" (val) : __FORCE_ORDER); return val; } static __always_inline unsigned long native_read_cr2(void) { unsigned long val; - asm volatile("mov %%cr2,%0\n\t" : "=r" (val), "=m" (__force_order)); + asm volatile("mov %%cr2,%0\n\t" : "=r" (val) : __FORCE_ORDER); return val; } static __always_inline void native_write_cr2(unsigned long val) { - asm volatile("mov %0,%%cr2": : "r" (val), "m" (__force_order)); + asm volatile("mov %0,%%cr2": : "r" (val) : "memory"); } static inline unsigned long __native_read_cr3(void) { unsigned long val; - asm volatile("mov %%cr3,%0\n\t" : "=r" (val), "=m" (__force_order)); + asm volatile("mov %%cr3,%0\n\t" : "=r" (val) : __FORCE_ORDER); return val; } static inline void native_write_cr3(unsigned long val) { - asm volatile("mov %0,%%cr3": : "r" (val), "m" (__force_order)); + asm volatile("mov %0,%%cr3": : "r" (val) : "memory"); } static inline unsigned long native_read_cr4(void) @@ -64,10 +66,10 @@ static inline unsigned long native_read_cr4(void) asm volatile("1: mov %%cr4, %0\n" "2:\n" _ASM_EXTABLE(1b, 2b) - : "=r" (val), "=m" (__force_order) : "0" (0)); + : "=r" (val) : "0" (0), __FORCE_ORDER); #else /* CR4 always exists on x86_64. */ - asm volatile("mov %%cr4,%0\n\t" : "=r" (val), "=m" (__force_order)); + asm volatile("mov %%cr4,%0\n\t" : "=r" (val) : __FORCE_ORDER); #endif return val; } diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index c5d6f17d9b9d..178499f90366 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -359,7 +359,7 @@ void native_write_cr0(unsigned long val) unsigned long bits_missing = 0; set_register: - asm volatile("mov %0,%%cr0": "+r" (val), "+m" (__force_order)); + asm volatile("mov %0,%%cr0": "+r" (val) : : "memory"); if (static_branch_likely(&cr_pinning)) { if (unlikely((val & X86_CR0_WP) != X86_CR0_WP)) { @@ -378,7 +378,7 @@ void native_write_cr4(unsigned long val) unsigned long bits_changed = 0; set_register: - asm volatile("mov %0,%%cr4": "+r" (val), "+m" (cr4_pinned_bits)); + asm volatile("mov %0,%%cr4": "+r" (val) : : "memory"); if (static_branch_likely(&cr_pinning)) { if (unlikely((val & cr4_pinned_mask) != cr4_pinned_bits)) { From patchwork Fri Sep 18 20:14:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786051 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A65B8112E for ; Fri, 18 Sep 2020 20:15:35 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 858C020684 for ; Fri, 18 Sep 2020 20:15:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="any3V5lS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 858C020684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19921-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 14298 invoked by uid 550); 18 Sep 2020 20:15:03 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 14142 invoked from network); 18 Sep 2020 20:15:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=OUE+m0OGAklb8Nux4jCl1L3mjhO5wTbpcVUk0tOPDMA=; b=any3V5lSTFgH1kO1Kb1r9POezsMT5jetgUu93+kMtwxjLe+yldzyOcL47g330a2uXu AefEbd8yFwIlvM2LhWD+NYmoLM6Oi9XIU00YdQ3OSAwLmQHlX5vBXXtZ9NGoPRBdu1sL 6lQsJYfgHlJz38kKKI5MNdpjJ9n2LdOljnmMTLRbuUnvdJabNxPvQQNf2JvO2R/pms9X PkvzO4cJgPreY9lFHniVykHZKIoR2oq9C4AfyJ25VGmfuFgbSerf6csWSBZ7FOumotHu N72fT59M1+8V1KNBNdx5DNMG/BXwB/LlxVwhWlMaOw1X9OyoOh4u346cP5S8IeGIY/z4 4X7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=OUE+m0OGAklb8Nux4jCl1L3mjhO5wTbpcVUk0tOPDMA=; b=hrgkG8ijTeY9y1rlAVaPANxQvrt1AfWwKs3CHQVaNTVrud/UnjhqgRUc3VnUFTFLbY 1Kv/9olIBl95QNDOmRsGs6ivSmAWJMrwq7NplgG54AzNiKzCDz9uqeAL5uabNkAVKI5g re5NnqPH7L/O6Y551p5cDLtdICY5uWoXQODAajpepo7wWc7k+quNEVfzjykimGj6TqtX 5WhksY4lN7gThg5e44+wrye8WjcwHP5OZi2aiiz5QWj4dwsW+hQZsCFL0NUxEvltS9qB jKCo/ghfUw6QNXx5z2G215AByi9WNZSRlX50kXMInp9gcFL8eNPWedm8GUSKKalBeb4U b3dg== X-Gm-Message-State: AOAM530eT9hDh7h4+f931Te3lxb+qRuwWjloLnCxBTmlL1Ai5s6R4FRs QQnwtnY17PE+XXZ0nyE/X6PYSARItNBGKpOlukE= X-Google-Smtp-Source: ABdhPJxm2wzkamBTICVlX7I3G3Dw7xHBOdcrzc/iEeryuH+hzWqB4gX9PMxEOFyWobA/GRt9l/JLwhY3EWGqkRJmGUw= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a17:90b:4ac4:: with SMTP id mh4mr14973735pjb.224.1600460089349; Fri, 18 Sep 2020 13:14:49 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:11 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-6-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 05/30] kbuild: preprocess module linker script From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org From: Masahiro Yamada There was a request to preprocess the module linker script like we do for the vmlinux one. (https://lkml.org/lkml/2020/8/21/512) The difference between vmlinux.lds and module.lds is that the latter is needed for external module builds, thus must be cleaned up by 'make mrproper' instead of 'make clean'. Also, it must be created by 'make modules_prepare'. You cannot put it in arch/$(SRCARCH)/kernel/, which is cleaned up by 'make clean'. I moved arch/$(SRCARCH)/kernel/module.lds to arch/$(SRCARCH)/include/asm/module.lds.h, which is included from scripts/module.lds.S. scripts/module.lds is fine because 'make clean' keeps all the build artifacts under scripts/. You can add arch-specific sections in . Signed-off-by: Masahiro Yamada Tested-by: Jessica Yu Acked-by: Will Deacon Acked-by: Geert Uytterhoeven Acked-by: Palmer Dabbelt --- Makefile | 10 ++++++---- arch/arm/Makefile | 4 ---- .../{kernel/module.lds => include/asm/module.lds.h} | 2 ++ arch/arm64/Makefile | 4 ---- .../{kernel/module.lds => include/asm/module.lds.h} | 2 ++ arch/ia64/Makefile | 1 - arch/ia64/{module.lds => include/asm/module.lds.h} | 0 arch/m68k/Makefile | 1 - .../{kernel/module.lds => include/asm/module.lds.h} | 0 arch/powerpc/Makefile | 1 - .../{kernel/module.lds => include/asm/module.lds.h} | 0 arch/riscv/Makefile | 3 --- .../{kernel/module.lds => include/asm/module.lds.h} | 3 ++- arch/um/include/asm/Kbuild | 1 + include/asm-generic/Kbuild | 1 + include/asm-generic/module.lds.h | 10 ++++++++++ scripts/.gitignore | 1 + scripts/Makefile | 3 +++ scripts/Makefile.modfinal | 5 ++--- scripts/{module-common.lds => module.lds.S} | 3 +++ scripts/package/builddeb | 2 +- 21 files changed, 34 insertions(+), 23 deletions(-) rename arch/arm/{kernel/module.lds => include/asm/module.lds.h} (72%) rename arch/arm64/{kernel/module.lds => include/asm/module.lds.h} (76%) rename arch/ia64/{module.lds => include/asm/module.lds.h} (100%) rename arch/m68k/{kernel/module.lds => include/asm/module.lds.h} (100%) rename arch/powerpc/{kernel/module.lds => include/asm/module.lds.h} (100%) rename arch/riscv/{kernel/module.lds => include/asm/module.lds.h} (84%) create mode 100644 include/asm-generic/module.lds.h rename scripts/{module-common.lds => module.lds.S} (93%) diff --git a/Makefile b/Makefile index 19d012810fbb..24fd733c142e 100644 --- a/Makefile +++ b/Makefile @@ -505,7 +505,6 @@ KBUILD_CFLAGS_KERNEL := KBUILD_AFLAGS_MODULE := -DMODULE KBUILD_CFLAGS_MODULE := -DMODULE KBUILD_LDFLAGS_MODULE := -export KBUILD_LDS_MODULE := $(srctree)/scripts/module-common.lds KBUILD_LDFLAGS := CLANG_FLAGS := @@ -1384,7 +1383,7 @@ endif # using awk while concatenating to the final file. PHONY += modules -modules: $(if $(KBUILD_BUILTIN),vmlinux) modules_check +modules: $(if $(KBUILD_BUILTIN),vmlinux) modules_check modules_prepare $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost PHONY += modules_check @@ -1401,6 +1400,7 @@ targets += modules.order # Target to prepare building external modules PHONY += modules_prepare modules_prepare: prepare + $(Q)$(MAKE) $(build)=scripts scripts/module.lds # Target to install modules PHONY += modules_install @@ -1722,7 +1722,9 @@ help: @echo ' clean - remove generated files in module directory only' @echo '' -PHONY += prepare +# no-op for external module builds +PHONY += prepare modules_prepare + endif # KBUILD_EXTMOD # Single targets @@ -1755,7 +1757,7 @@ MODORDER := .modules.tmp endif PHONY += single_modpost -single_modpost: $(single-no-ko) +single_modpost: $(single-no-ko) modules_prepare $(Q){ $(foreach m, $(single-ko), echo $(extmod-prefix)$m;) } > $(MODORDER) $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 4e877354515f..a0cb15de9677 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -16,10 +16,6 @@ LDFLAGS_vmlinux += --be8 KBUILD_LDFLAGS_MODULE += --be8 endif -ifeq ($(CONFIG_ARM_MODULE_PLTS),y) -KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds -endif - GZFLAGS :=-9 #KBUILD_CFLAGS +=-pipe diff --git a/arch/arm/kernel/module.lds b/arch/arm/include/asm/module.lds.h similarity index 72% rename from arch/arm/kernel/module.lds rename to arch/arm/include/asm/module.lds.h index 79cb6af565e5..0e7cb4e314b4 100644 --- a/arch/arm/kernel/module.lds +++ b/arch/arm/include/asm/module.lds.h @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#ifdef CONFIG_ARM_MODULE_PLTS SECTIONS { .plt : { BYTE(0) } .init.plt : { BYTE(0) } } +#endif diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 130569f90c54..4e8bb73359c8 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -120,10 +120,6 @@ endif CHECKFLAGS += -D__aarch64__ -ifeq ($(CONFIG_ARM64_MODULE_PLTS),y) -KBUILD_LDS_MODULE += $(srctree)/arch/arm64/kernel/module.lds -endif - ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y) KBUILD_CPPFLAGS += -DCC_USING_PATCHABLE_FUNCTION_ENTRY CC_FLAGS_FTRACE := -fpatchable-function-entry=2 diff --git a/arch/arm64/kernel/module.lds b/arch/arm64/include/asm/module.lds.h similarity index 76% rename from arch/arm64/kernel/module.lds rename to arch/arm64/include/asm/module.lds.h index 22e36a21c113..691f15af788e 100644 --- a/arch/arm64/kernel/module.lds +++ b/arch/arm64/include/asm/module.lds.h @@ -1,5 +1,7 @@ +#ifdef CONFIG_ARM64_MODULE_PLTS SECTIONS { .plt (NOLOAD) : { BYTE(0) } .init.plt (NOLOAD) : { BYTE(0) } .text.ftrace_trampoline (NOLOAD) : { BYTE(0) } } +#endif diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile index 2876a7df1b0a..703b1c4f6d12 100644 --- a/arch/ia64/Makefile +++ b/arch/ia64/Makefile @@ -20,7 +20,6 @@ CHECKFLAGS += -D__ia64=1 -D__ia64__=1 -D_LP64 -D__LP64__ OBJCOPYFLAGS := --strip-all LDFLAGS_vmlinux := -static -KBUILD_LDS_MODULE += $(srctree)/arch/ia64/module.lds KBUILD_AFLAGS_KERNEL := -mconstant-gp EXTRA := diff --git a/arch/ia64/module.lds b/arch/ia64/include/asm/module.lds.h similarity index 100% rename from arch/ia64/module.lds rename to arch/ia64/include/asm/module.lds.h diff --git a/arch/m68k/Makefile b/arch/m68k/Makefile index 4438ffb4bbe1..ea14f2046fb4 100644 --- a/arch/m68k/Makefile +++ b/arch/m68k/Makefile @@ -75,7 +75,6 @@ KBUILD_CPPFLAGS += -D__uClinux__ endif KBUILD_LDFLAGS := -m m68kelf -KBUILD_LDS_MODULE += $(srctree)/arch/m68k/kernel/module.lds ifdef CONFIG_SUN3 LDFLAGS_vmlinux = -N diff --git a/arch/m68k/kernel/module.lds b/arch/m68k/include/asm/module.lds.h similarity index 100% rename from arch/m68k/kernel/module.lds rename to arch/m68k/include/asm/module.lds.h diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile index 3e8da9cf2eb9..8935658fcd06 100644 --- a/arch/powerpc/Makefile +++ b/arch/powerpc/Makefile @@ -65,7 +65,6 @@ UTS_MACHINE := $(subst $(space),,$(machine-y)) ifdef CONFIG_PPC32 KBUILD_LDFLAGS_MODULE += arch/powerpc/lib/crtsavres.o else -KBUILD_LDS_MODULE += $(srctree)/arch/powerpc/kernel/module.lds ifeq ($(call ld-ifversion, -ge, 225000000, y),y) # Have the linker provide sfpr if possible. # There is a corresponding test in arch/powerpc/lib/Makefile diff --git a/arch/powerpc/kernel/module.lds b/arch/powerpc/include/asm/module.lds.h similarity index 100% rename from arch/powerpc/kernel/module.lds rename to arch/powerpc/include/asm/module.lds.h diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index fb6e37db836d..8edaa8bd86d6 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -53,9 +53,6 @@ endif ifeq ($(CONFIG_CMODEL_MEDANY),y) KBUILD_CFLAGS += -mcmodel=medany endif -ifeq ($(CONFIG_MODULE_SECTIONS),y) - KBUILD_LDS_MODULE += $(srctree)/arch/riscv/kernel/module.lds -endif ifeq ($(CONFIG_PERF_EVENTS),y) KBUILD_CFLAGS += -fno-omit-frame-pointer endif diff --git a/arch/riscv/kernel/module.lds b/arch/riscv/include/asm/module.lds.h similarity index 84% rename from arch/riscv/kernel/module.lds rename to arch/riscv/include/asm/module.lds.h index 295ecfb341a2..4254ff2ff049 100644 --- a/arch/riscv/kernel/module.lds +++ b/arch/riscv/include/asm/module.lds.h @@ -1,8 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 */ /* Copyright (C) 2017 Andes Technology Corporation */ - +#ifdef CONFIG_MODULE_SECTIONS SECTIONS { .plt (NOLOAD) : { BYTE(0) } .got (NOLOAD) : { BYTE(0) } .got.plt (NOLOAD) : { BYTE(0) } } +#endif diff --git a/arch/um/include/asm/Kbuild b/arch/um/include/asm/Kbuild index 8d435f8a6dec..1c63b260ecc4 100644 --- a/arch/um/include/asm/Kbuild +++ b/arch/um/include/asm/Kbuild @@ -16,6 +16,7 @@ generic-y += kdebug.h generic-y += mcs_spinlock.h generic-y += mm-arch-hooks.h generic-y += mmiowb.h +generic-y += module.lds.h generic-y += param.h generic-y += pci.h generic-y += percpu.h diff --git a/include/asm-generic/Kbuild b/include/asm-generic/Kbuild index 74b0612601dd..7cd4e627e00e 100644 --- a/include/asm-generic/Kbuild +++ b/include/asm-generic/Kbuild @@ -40,6 +40,7 @@ mandatory-y += mmiowb.h mandatory-y += mmu.h mandatory-y += mmu_context.h mandatory-y += module.h +mandatory-y += module.lds.h mandatory-y += msi.h mandatory-y += pci.h mandatory-y += percpu.h diff --git a/include/asm-generic/module.lds.h b/include/asm-generic/module.lds.h new file mode 100644 index 000000000000..f210d5c1b78b --- /dev/null +++ b/include/asm-generic/module.lds.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef __ASM_GENERIC_MODULE_LDS_H +#define __ASM_GENERIC_MODULE_LDS_H + +/* + * can specify arch-specific sections for linking modules. + * Empty for the asm-generic header. + */ + +#endif /* __ASM_GENERIC_MODULE_LDS_H */ diff --git a/scripts/.gitignore b/scripts/.gitignore index 0d1c8e217cd7..a6c11316c969 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -8,3 +8,4 @@ asn1_compiler extract-cert sign-file insert-sys-cert +/module.lds diff --git a/scripts/Makefile b/scripts/Makefile index bc018e4b733e..b5418ec587fb 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -29,6 +29,9 @@ endif # The following programs are only built on demand hostprogs += unifdef +# The module linker script is preprocessed on demand +targets += module.lds + subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins subdir-$(CONFIG_MODVERSIONS) += genksyms subdir-$(CONFIG_SECURITY_SELINUX) += selinux diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal index 411c1e600e7d..ae01baf96f4e 100644 --- a/scripts/Makefile.modfinal +++ b/scripts/Makefile.modfinal @@ -33,11 +33,10 @@ quiet_cmd_ld_ko_o = LD [M] $@ cmd_ld_ko_o = \ $(LD) -r $(KBUILD_LDFLAGS) \ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ - $(addprefix -T , $(KBUILD_LDS_MODULE)) \ - -o $@ $(filter %.o, $^); \ + -T scripts/module.lds -o $@ $(filter %.o, $^); \ $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) -$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) FORCE +$(modules): %.ko: %.o %.mod.o scripts/module.lds FORCE +$(call if_changed,ld_ko_o) targets += $(modules) $(modules:.ko=.mod.o) diff --git a/scripts/module-common.lds b/scripts/module.lds.S similarity index 93% rename from scripts/module-common.lds rename to scripts/module.lds.S index d61b9e8678e8..69b9b71a6a47 100644 --- a/scripts/module-common.lds +++ b/scripts/module.lds.S @@ -24,3 +24,6 @@ SECTIONS { __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) } } + +/* bring in arch-specific sections */ +#include diff --git a/scripts/package/builddeb b/scripts/package/builddeb index 6df3c9f8b2da..44f212e37935 100755 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -55,7 +55,7 @@ deploy_kernel_headers () { cd $srctree find . arch/$SRCARCH -maxdepth 1 -name Makefile\* find include scripts -type f -o -type l - find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform + find arch/$SRCARCH -name Kbuild.platforms -o -name Platform find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f ) > debian/hdrsrcfiles From patchwork Fri Sep 18 20:14:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786055 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E292092C for ; Fri, 18 Sep 2020 20:15:44 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id EC95120684 for ; Fri, 18 Sep 2020 20:15:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vLxQSiTd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EC95120684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19922-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 15496 invoked by uid 550); 18 Sep 2020 20:15:05 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15367 invoked from network); 18 Sep 2020 20:15:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=SmkRBXA7nybVMgRFHrOcpVUvMfefLOj3bIKZYl6feRQ=; b=vLxQSiTdO6kx7x/Kg/wNk4XkNMo14CL+DN6ttIvF2JonRyj1oK9XqFWKvvfgZK4Mmh HN+/aMca8Jx8U+3rMZJB+YDPmWFRPK12zeQKwH+WGQeH/c24C/e6itsBsxAeiS+l+vnI kvttaEcXAfrUxun0RBcRM5rVl4lLPcUMETTEDtPRsb8ebkJAInD9/COrBs8wZvoDPEh2 GhGMctwfhnFVytooium0mYCB4O3YSpfb1rIx8elZ0BLfobR4pKcG7h4BhPaZOJp4kRFJ lHn12+OcXav8iIixDR/qz7cHvzsM29SRysxUKhyIItLmT8nW1nDSJozvxnVmac7/8ZaS rmEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=SmkRBXA7nybVMgRFHrOcpVUvMfefLOj3bIKZYl6feRQ=; b=AJxi80nAXmvJIX4iJMF8ZkbXw/Hjy2w4kbcLGptkKsDl1Scvg33yhc04GkMf9stQgn tERLM2mLQSxVZYvcNV6m7ZzYgltkB6ih3eDTt+BwRb9yJJOlHLn0UTz/YfTo3OXrKl1b kWiZ7FIW43DpcbIxCm8hZoswNZ/r7Z9c20SK+8ObnW0JjPaTK3B/tdlC8CFxMWRff8T5 QbxVFzORNNNx8hdGhe+wTG33X3yT9lpZpakfQF/2hDMkbQOj5WWvdcUIFFrDW96omrvh p+MDC+G+XFXgAzDK52Ez6CqgV0Bp+uGoWLM/u7vvQf3wh+0GUYrepkA0DD5sMnl65nGk Frfg== X-Gm-Message-State: AOAM532PfBIotq7Vq4h0RK924Fi/Lw7fr82hTPl9nJt8lKk0FMKUO9S+ GKcmEVrtt/h1+BInr66Xc0S/Xjw3ZRj4cRL5qko= X-Google-Smtp-Source: ABdhPJxfxPARsXBGl9SON0cI+m+7JzZPmj/JlXCHFsIm1Q/huE0VddyqnW5/FMDpRgWVWHnqCpuDeLjffHea689ZMyc= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:bfcf:: with SMTP id q15mr21002279ybm.133.1600460092312; Fri, 18 Sep 2020 13:14:52 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:12 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-7-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 06/30] objtool: Add a pass for generating __mcount_loc From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen From: Peter Zijlstra Add the --mcount option for generating __mcount_loc sections needed for dynamic ftrace. Using this pass requires the kernel to be compiled with -mfentry and CC_USING_NOP_MCOUNT to be defined in Makefile. Link: https://lore.kernel.org/lkml/20200625200235.GQ4781@hirez.programming.kicks-ass.net/ Signed-off-by: Peter Zijlstra [Sami: rebased to mainline, dropped config changes, fixed to actually use --mcount, and wrote a commit message.] Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- tools/objtool/builtin-check.c | 3 +- tools/objtool/builtin.h | 2 +- tools/objtool/check.c | 83 +++++++++++++++++++++++++++++++++++ tools/objtool/check.h | 1 + tools/objtool/objtool.h | 1 + 5 files changed, 88 insertions(+), 2 deletions(-) diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index 7a44174967b5..71595cf4946d 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -18,7 +18,7 @@ #include "builtin.h" #include "objtool.h" -bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, validate_dup, vmlinux; +bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, validate_dup, vmlinux, mcount; static const char * const check_usage[] = { "objtool check [] file.o", @@ -35,6 +35,7 @@ const struct option check_options[] = { OPT_BOOLEAN('s', "stats", &stats, "print statistics"), OPT_BOOLEAN('d', "duplicate", &validate_dup, "duplicate validation for vmlinux.o"), OPT_BOOLEAN('l', "vmlinux", &vmlinux, "vmlinux.o validation"), + OPT_BOOLEAN('M', "mcount", &mcount, "generate __mcount_loc"), OPT_END(), }; diff --git a/tools/objtool/builtin.h b/tools/objtool/builtin.h index 85c979caa367..94565a72b701 100644 --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -8,7 +8,7 @@ #include extern const struct option check_options[]; -extern bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, validate_dup, vmlinux; +extern bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats, validate_dup, vmlinux, mcount; extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); diff --git a/tools/objtool/check.c b/tools/objtool/check.c index e034a8f24f46..6e0b478dc065 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -433,6 +433,65 @@ static int add_dead_ends(struct objtool_file *file) return 0; } +static int create_mcount_loc_sections(struct objtool_file *file) +{ + struct section *sec, *reloc_sec; + struct reloc *reloc; + unsigned long *loc; + struct instruction *insn; + int idx; + + sec = find_section_by_name(file->elf, "__mcount_loc"); + if (sec) { + INIT_LIST_HEAD(&file->mcount_loc_list); + WARN("file already has __mcount_loc section, skipping"); + return 0; + } + + if (list_empty(&file->mcount_loc_list)) + return 0; + + idx = 0; + list_for_each_entry(insn, &file->mcount_loc_list, mcount_loc_node) + idx++; + + sec = elf_create_section(file->elf, "__mcount_loc", sizeof(unsigned long), idx); + if (!sec) + return -1; + + reloc_sec = elf_create_reloc_section(file->elf, sec, SHT_RELA); + if (!reloc_sec) + return -1; + + idx = 0; + list_for_each_entry(insn, &file->mcount_loc_list, mcount_loc_node) { + + loc = (unsigned long *)sec->data->d_buf + idx; + memset(loc, 0, sizeof(unsigned long)); + + reloc = malloc(sizeof(*reloc)); + if (!reloc) { + perror("malloc"); + return -1; + } + memset(reloc, 0, sizeof(*reloc)); + + reloc->sym = insn->sec->sym; + reloc->addend = insn->offset; + reloc->type = R_X86_64_64; + reloc->offset = idx * sizeof(unsigned long); + reloc->sec = reloc_sec; + elf_add_reloc(file->elf, reloc); + + idx++; + } + + if (elf_rebuild_reloc_section(file->elf, reloc_sec)) + return -1; + + return 0; +} + /* * Warnings shouldn't be reported for ignored functions. */ @@ -784,6 +843,22 @@ static int add_call_destinations(struct objtool_file *file) insn->type = INSN_NOP; } + if (mcount && !strcmp(insn->call_dest->name, "__fentry__")) { + if (reloc) { + reloc->type = R_NONE; + elf_write_reloc(file->elf, reloc); + } + + elf_write_insn(file->elf, insn->sec, + insn->offset, insn->len, + arch_nop_insn(insn->len)); + + insn->type = INSN_NOP; + + list_add_tail(&insn->mcount_loc_node, + &file->mcount_loc_list); + } + /* * Whatever stack impact regular CALLs have, should be undone * by the RETURN of the called function. @@ -2791,6 +2866,7 @@ int check(const char *_objname, bool orc) INIT_LIST_HEAD(&file.insn_list); hash_init(file.insn_hash); + INIT_LIST_HEAD(&file.mcount_loc_list); file.c_file = !vmlinux && find_section_by_name(file.elf, ".comment"); file.ignore_unreachables = no_unreachable; file.hints = false; @@ -2838,6 +2914,13 @@ int check(const char *_objname, bool orc) warnings += ret; } + if (mcount) { + ret = create_mcount_loc_sections(&file); + if (ret < 0) + goto out; + warnings += ret; + } + if (orc) { ret = create_orc(&file); if (ret < 0) diff --git a/tools/objtool/check.h b/tools/objtool/check.h index 061aa96e15d3..b62afd3d970b 100644 --- a/tools/objtool/check.h +++ b/tools/objtool/check.h @@ -22,6 +22,7 @@ struct insn_state { struct instruction { struct list_head list; struct hlist_node hash; + struct list_head mcount_loc_node; struct section *sec; unsigned long offset; unsigned int len; diff --git a/tools/objtool/objtool.h b/tools/objtool/objtool.h index 528028a66816..427806079540 100644 --- a/tools/objtool/objtool.h +++ b/tools/objtool/objtool.h @@ -16,6 +16,7 @@ struct objtool_file { struct elf *elf; struct list_head insn_list; DECLARE_HASHTABLE(insn_hash, 20); + struct list_head mcount_loc_list; bool ignore_unreachables, c_file, hints, rodata; }; From patchwork Fri Sep 18 20:14:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786063 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 744E5139A for ; Fri, 18 Sep 2020 20:15:53 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id B173320684 for ; Fri, 18 Sep 2020 20:15:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kOFoCTd2" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B173320684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19923-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 15749 invoked by uid 550); 18 Sep 2020 20:15:07 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15641 invoked from network); 18 Sep 2020 20:15:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=TOBnIZLn7hTmqm3x2JBReVnrcc+31akc4aFm1uMW9E4=; b=kOFoCTd2FrUUKnCgnEw8fv7o1qa+wmfRKSJE7DESuzOriLdT6KRMVuJelBjZTPWmjv hcDMZ6eRTe3iEYXYYraJYirqopgmczBB1BvP5hOrngWEf/fJbpBz7Sj2ruTbsoRETl29 O7E7brX0kO22gIX86Vdn9SrCa3mebEscFAw0lojJhTqtnAkLGvP02ofXmERBjubIHHQK t7UD4ZZSX0u9/8uvxMAjisPSz3BRkcsoaicvmVdgo3PttZXSpnN03wSqMqeZkfmkBk2J sEFprVm9QM8nc23vRgjZ+UPh4svXmTbLma/ZToJN6dcDACCd3xjRpcEHrZhhhibZCAUO 2qfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=TOBnIZLn7hTmqm3x2JBReVnrcc+31akc4aFm1uMW9E4=; b=Tt0mfTzpxj3R9r7ciAYF0W8+qQDmnNJU6mRZZ3v4n0ljpGtlOb8wCowvA6MQBYucg2 EXYDSeYKgT8b8xARDNP6cuc0bANpu9QZU6O2sl5dBCftFY2sNXoxXDiqvuPaHQ7kyjGy uJqtXqHILVNVmRqlXJWN9OSy9mVkoZ9QeNoUpK2BZycM7xoCBo3KBeNtZRNrblyZdnoL i8zr212E+rYUPZzsBYdGAFeNsvHKPBZ/w+9CChLQ1CcJqj/PUp2FZcU69y2Qv3bSFJFm h8ShdxcH1mTdjVdBxiDTuicb1+97xn2zh/ngQzcO7pChWswAxRwe/ZFrGVmLGAlIkY8Y SUZQ== X-Gm-Message-State: AOAM530nwi9k1znYC5Y3FrpvQKgY67YmU+f7Q9Bk2OgHi4T5VTgGWWP6 7KR/EQghKgK+53VxdSnt1rInwyBtcPNk0U2zWZs= X-Google-Smtp-Source: ABdhPJwPfv5GKIky8nZ4/qO1HfgSl+GRdDXQT/EDjzvo193fwzx6dbwv1k7QAc3pOuPuB6s1Frhn6PBXdOnzsCVgbLU= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:be13:: with SMTP id h19mr55802534ybk.50.1600460094899; Fri, 18 Sep 2020 13:14:54 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:13 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 07/30] objtool: Don't autodetect vmlinux.o From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, we run objtool on vmlinux.o, but don't want noinstr validation. This change requires --vmlinux to be passed to objtool explicitly. Suggested-by: Peter Zijlstra Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/link-vmlinux.sh | 2 +- tools/objtool/builtin-check.c | 10 +--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index e6e2d9e5ff48..372c3719f94c 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -64,7 +64,7 @@ objtool_link() local objtoolopt; if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then - objtoolopt="check" + objtoolopt="check --vmlinux" if [ -z "${CONFIG_FRAME_POINTER}" ]; then objtoolopt="${objtoolopt} --no-fp" fi diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index 71595cf4946d..eaa06eb18690 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -41,18 +41,10 @@ const struct option check_options[] = { int cmd_check(int argc, const char **argv) { - const char *objname, *s; - argc = parse_options(argc, argv, check_options, check_usage, 0); if (argc != 1) usage_with_options(check_usage, check_options); - objname = argv[0]; - - s = strstr(objname, "vmlinux.o"); - if (s && !s[9]) - vmlinux = true; - - return check(objname, false); + return check(argv[0], false); } From patchwork Fri Sep 18 20:14:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786073 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E2AEA112E for ; Fri, 18 Sep 2020 20:16:02 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id E71A02074B for ; Fri, 18 Sep 2020 20:16:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BHDVtSDH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E71A02074B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19924-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 16035 invoked by uid 550); 18 Sep 2020 20:15:10 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15900 invoked from network); 18 Sep 2020 20:15:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=0FkP4B0/Lnp0DM8m5kyaL0nHymB5hvp+911UgypF4fg=; b=BHDVtSDHetldKKo2hdUPaejxOUg5e/yc8Cf5jPF8KvuEYU3GPeekWljxiMYHIrEQq0 SlyjQ7nTB2hb4xCe7jrH9NeG7+TDkN36Iz/j80rDR1o/RiwSrjXAJOEYsiCKVTp1EsS6 kPHqV1oAHjGCvpXDEdRkyfZWKXgLztHP1xvR0z0sbav9R8NYsmyZq8qKO5Ia151oKysY OCZWaSCUeytDPg1IKXVAcTOAuX1oTxatIgD0DWK0uypAG8DRSWlWJ4vJsZUQFtoH7CT/ NjL3ZYY2wH7uPQXbbCEmQSU4LkhsBSSMBwvyPvVqydWk1LcDUSp0FxblKNC9q59gwKrA ljEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=0FkP4B0/Lnp0DM8m5kyaL0nHymB5hvp+911UgypF4fg=; b=ipGEW7YdQ3ifjSXUF/6a0c+yr5fUiEtFASV2CrRCFK5aPS6odPNKZ2SB2BmIowKU/m ++iCjPIVHJz3lBZFnmm6C3iqfUBhQxsFJUwFXimTc7tieQUWdBhiETz0siUR9V8xbVJN v1vLNs8LEFxJmtvGi+wfnzAZxoxHVNt1Zx/MyL9vMCj4/DlDKs7tpA00tb2mHD7B2K2I LWGxt3mSeWfCQ+MLnMUuFoLMXzKZkh+efeUfIx8rp7NkTC9/QQ+Lo/E95CoqbLCbNEFW P/bbu4CgNWC/Cp65A7fPFMjFQ+GRz1a7C1cAmU8Frk9tPmm074ce62M52ijXE681RX2J /8Fg== X-Gm-Message-State: AOAM533PcxE/KZhoZ0+QAksy+Dwc7XQc42cDHoISbeB2z9U3b577nSXK s+Q1IAi7LY9ehRlsEPitDm+URwqRi6TedOWOmPQ= X-Google-Smtp-Source: ABdhPJwQq1wvH1AAA6gtJNKkwcmiCxJWA5rmyg/i+mPJ3ehFUf0yVGK9jkmjYXbCBq8XTq/g+Yqu8LuBqPuiMAszYNA= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:cf15:: with SMTP id f21mr5192645ybg.408.1600460097335; Fri, 18 Sep 2020 13:14:57 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:14 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-9-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 08/30] kbuild: add support for objtool mcount From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen This change adds build support for using objtool to generate __mcount_loc sections. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- Makefile | 38 ++++++++++++++++++++++++++++++-------- kernel/trace/Kconfig | 5 +++++ scripts/Makefile.build | 9 +++++---- 3 files changed, 40 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 24fd733c142e..d2fb3cd0f506 100644 --- a/Makefile +++ b/Makefile @@ -858,17 +858,34 @@ ifdef CONFIG_HAVE_FENTRY ifeq ($(call cc-option-yn, -mfentry),y) CC_FLAGS_FTRACE += -mfentry CC_FLAGS_USING += -DCC_USING_FENTRY + export CC_USING_FENTRY := 1 endif endif export CC_FLAGS_FTRACE -KBUILD_CFLAGS += $(CC_FLAGS_FTRACE) $(CC_FLAGS_USING) -KBUILD_AFLAGS += $(CC_FLAGS_USING) ifdef CONFIG_DYNAMIC_FTRACE - ifdef CONFIG_HAVE_C_RECORDMCOUNT - BUILD_C_RECORDMCOUNT := y - export BUILD_C_RECORDMCOUNT - endif + ifndef CC_USING_RECORD_MCOUNT + ifndef CC_USING_PATCHABLE_FUNCTION_ENTRY + # use objtool or recordmcount to generate mcount tables + ifdef CONFIG_HAVE_OBJTOOL_MCOUNT + ifdef CC_USING_FENTRY + USE_OBJTOOL_MCOUNT := y + CC_FLAGS_USING += -DCC_USING_NOP_MCOUNT + export USE_OBJTOOL_MCOUNT + endif + endif + ifndef USE_OBJTOOL_MCOUNT + USE_RECORDMCOUNT := y + export USE_RECORDMCOUNT + ifdef CONFIG_HAVE_C_RECORDMCOUNT + BUILD_C_RECORDMCOUNT := y + export BUILD_C_RECORDMCOUNT + endif + endif + endif + endif endif +KBUILD_CFLAGS += $(CC_FLAGS_FTRACE) $(CC_FLAGS_USING) +KBUILD_AFLAGS += $(CC_FLAGS_USING) endif # We trigger additional mismatches with less inlining @@ -1213,11 +1230,16 @@ uapi-asm-generic: PHONY += prepare-objtool prepare-resolve_btfids prepare-objtool: $(objtool_target) ifeq ($(SKIP_STACK_VALIDATION),1) +objtool-lib-prompt := "please install libelf-dev, libelf-devel or elfutils-libelf-devel" +ifdef USE_OBJTOOL_MCOUNT + @echo "error: Cannot generate __mcount_loc for CONFIG_DYNAMIC_FTRACE=y, $(objtool-lib-prompt)" >&2 + @false +endif ifdef CONFIG_UNWINDER_ORC - @echo "error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 + @echo "error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, $(objtool-lib-prompt)" >&2 @false else - @echo "warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 + @echo "warning: Cannot use CONFIG_STACK_VALIDATION=y, $(objtool-lib-prompt)" >&2 endif endif diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig index a4020c0b4508..b510af5b216c 100644 --- a/kernel/trace/Kconfig +++ b/kernel/trace/Kconfig @@ -56,6 +56,11 @@ config HAVE_C_RECORDMCOUNT help C version of recordmcount available? +config HAVE_OBJTOOL_MCOUNT + bool + help + Arch supports objtool --mcount + config TRACER_MAX_TRACE bool diff --git a/scripts/Makefile.build b/scripts/Makefile.build index a467b9323442..6ecf30c70ced 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -178,8 +178,7 @@ cmd_modversions_c = \ fi endif -ifdef CONFIG_FTRACE_MCOUNT_RECORD -ifndef CC_USING_RECORD_MCOUNT +ifdef USE_RECORDMCOUNT # compiler will not generate __mcount_loc use recordmcount or recordmcount.pl ifdef BUILD_C_RECORDMCOUNT ifeq ("$(origin RECORDMCOUNT_WARN)", "command line") @@ -206,8 +205,7 @@ recordmcount_source := $(srctree)/scripts/recordmcount.pl endif # BUILD_C_RECORDMCOUNT cmd_record_mcount = $(if $(findstring $(strip $(CC_FLAGS_FTRACE)),$(_c_flags)), \ $(sub_cmd_record_mcount)) -endif # CC_USING_RECORD_MCOUNT -endif # CONFIG_FTRACE_MCOUNT_RECORD +endif # USE_RECORDMCOUNT ifdef CONFIG_STACK_VALIDATION ifneq ($(SKIP_STACK_VALIDATION),1) @@ -230,6 +228,9 @@ endif ifdef CONFIG_X86_SMAP objtool_args += --uaccess endif +ifdef USE_OBJTOOL_MCOUNT + objtool_args += --mcount +endif # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file From patchwork Fri Sep 18 20:14:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786081 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 49DDE139A for ; Fri, 18 Sep 2020 20:16:12 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 82C662344C for ; Fri, 18 Sep 2020 20:16:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jYUGHI1s" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 82C662344C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19925-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 16273 invoked by uid 550); 18 Sep 2020 20:15:12 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 16113 invoked from network); 18 Sep 2020 20:15:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=I0YLtwhWjc07CuFqeB5q66ZrbEvcoZ20B6+f9QGQIyM=; b=jYUGHI1s8CrS/sSNFTlA7rmGo0aE0IxsOvco8+3mbGmxJ9XXGBu6oJrmFB8WRKT0qU zy//LwT+zYYBdAukM8OYIDIlT0g/nSfyiohg2buo5UUTX5oxMiibN0IAZdFZeUFX43do J75Ez99j+amuAzoOHQ0FFpTbHxdaoahEQ7mXskyDoQ20jhkMYFi95nSwiM3fgkSylPUu CgNcTGMuPTBF1DZs6+MnIXUHE0THEx4HxmF1Qc5rm1DW1zfnCq0VNXbuVkgxBrHhGtkl Jtq5TVNiA8w8V4hj/3o5nuATv73gM7CpTJhyuPWJPzpN9VmwWFkxnAAGfCAkUKsGwXZb /0Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=I0YLtwhWjc07CuFqeB5q66ZrbEvcoZ20B6+f9QGQIyM=; b=opZWVyDrsbMn59SO5C1s6Ic8NUQwcAE9h25sDxJYA/eobsOpBy/cNnp6EOripFMVWt OqBKGpnEFjAOMic9/WUw7lcswyWcGbaPK8R8JHkw7vL51xa8sCOGWQzp/+oQovFW+5cm uEZUCBmZUkzIhL5jvTnSjI40GfkbWi0+hmDjUV0mmbmFJdSYUSzekFBI46nv1G1KFvC7 /ZA9nTahCiE3KbM9fPil4rKKmeKAix4BSZvxkinIhKqnzPoSb6ARG77hwJsQQKKFt20E 3MrACYILpPydJtZOYM6CdW0bvQeB74OMrZ2EC356boYRx7H4enxKjtS4S8hHCeLpODFN OrWQ== X-Gm-Message-State: AOAM530M9c1oabpLFinK9zqqlHXYkQKLKBqS967OHdxjYlRQc+n2X/lN Dj1Qp3qvqyFj6YrFFLH7ZUA/CvuW2CUfpuU0s40= X-Google-Smtp-Source: ABdhPJz8YsEPOq657LzaNLkjWdjXppy9+ITNLo8GCqthbQa6sHwPiOQhQjOantZ7VXaLO7lFT1ulWYm9Ne5qkWpjkw4= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:5a0e:: with SMTP id ei14mr20723233qvb.15.1600460099899; Fri, 18 Sep 2020 13:14:59 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:15 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-10-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 09/30] x86, build: use objtool mcount From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Select HAVE_OBJTOOL_MCOUNT if STACK_VALIDATION is selected to use objtool to generate __mcount_loc sections for dynamic ftrace with Clang and gcc <5 (later versions of gcc use -mrecord-mcount). Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7101ac64bb20..6de2e5c0bdba 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -163,6 +163,7 @@ config X86 select HAVE_CMPXCHG_LOCAL select HAVE_CONTEXT_TRACKING if X86_64 select HAVE_C_RECORDMCOUNT + select HAVE_OBJTOOL_MCOUNT if STACK_VALIDATION select HAVE_DEBUG_KMEMLEAK select HAVE_DMA_CONTIGUOUS select HAVE_DYNAMIC_FTRACE From patchwork Fri Sep 18 20:14:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786097 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D634112E for ; Fri, 18 Sep 2020 20:16:21 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 74745207D3 for ; Fri, 18 Sep 2020 20:16:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QatnRemB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 74745207D3 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19926-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 17552 invoked by uid 550); 18 Sep 2020 20:15:15 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17430 invoked from network); 18 Sep 2020 20:15:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=8Z9k7hZvEPmq++QcMDZiZsWcl46Vj1BocbQ0cOU/FNM=; b=QatnRemB8cKq9+uR9uPhgVc2Bc6FwkGBsqtwIjGXf6ksklkrNv4kL3LeGcIpnb3kJD +VwOOFb1L9qdjGWufD737L0mHuhxu80I2Ipso4IMvzIJas82S09muHkdzoE5crcC0K4X jHnkPNr0LNFGuuBIJcIPGhqG0P+7+VZZuQ3chCGeXzDp4qjhYbwW4Yvw5E4Lq+DHRE2x +SvZeCiBoXRrsWh3eS0wWEht2cZnd0r3e6+aOgBH5CI14gyZ1vwHI2sjtDN3qmhUcK4j NDhnu6OrCJmznwP7zF474cCOa4gKRKf9OVdwozqYVkj615Ymd9ke7k8+4OAc2VqFRZta u5VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=8Z9k7hZvEPmq++QcMDZiZsWcl46Vj1BocbQ0cOU/FNM=; b=qviyZaaAxZMzdwuAMjHpxPV9f5bgmsfjWoEMQebZZrR4Yc0EYZHvd4BenDWZX42BJd vTcwydn/J7Tf0Z6lK9eSnaRpYU9pKMr75FNF3RZ5zMzSbTEtLHJiBJiFpFNGhIgV4lwo NPRs2/abzR7H2xWo4HOFWWDhONqrae83xI2FfVDtIK/aWKd9zjkN5FdzOEPg0L17BJaS 8lx9WO8ny7aWTSrP1Igix/l5vc2DRx7KYKgRe1+/WhYQQvpwd6QXP0IigkXlX7ZBWyEN B4il0E0oLCWtkaURo1ryx0Pg/XDxJ8h55YC68cslDvFBOS39ELImLQLKLR0/7saeIxWR wxkg== X-Gm-Message-State: AOAM531+AwP2MHR7iWY6/228FBbD4iWH4jXZ5B5OoCApq9BiTYb16E2j GytJmNSckh/lAccfMoHEGMENPAJr0i6RwFfxEqY= X-Google-Smtp-Source: ABdhPJz+7Css5KK1OpZUjZgXWLDi39JN/gWO7PRZZDMxz/EqUbcEpWKFi5QyByaFuSTBObLpkxNksopPJp16SrRkt4s= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a0c:e152:: with SMTP id c18mr18505590qvl.41.1600460102349; Fri, 18 Sep 2020 13:15:02 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:16 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-11-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 10/30] treewide: remove DISABLE_LTO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen This change removes all instances of DISABLE_LTO from Makefiles, as they are currently unused, and the preferred method of disabling LTO is to filter out the flags instead. Suggested-by: Kees Cook Signed-off-by: Sami Tolvanen --- arch/arm64/kernel/vdso/Makefile | 1 - arch/sparc/vdso/Makefile | 2 -- arch/x86/entry/vdso/Makefile | 2 -- kernel/Makefile | 3 --- scripts/Makefile.build | 2 +- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile index 45d5cfe46429..e836e300440f 100644 --- a/arch/arm64/kernel/vdso/Makefile +++ b/arch/arm64/kernel/vdso/Makefile @@ -31,7 +31,6 @@ ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18 ccflags-y += -DDISABLE_BRANCH_PROFILING CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) -KBUILD_CFLAGS += $(DISABLE_LTO) KASAN_SANITIZE := n UBSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y diff --git a/arch/sparc/vdso/Makefile b/arch/sparc/vdso/Makefile index f44355e46f31..476c4b315505 100644 --- a/arch/sparc/vdso/Makefile +++ b/arch/sparc/vdso/Makefile @@ -3,8 +3,6 @@ # Building vDSO images for sparc. # -KBUILD_CFLAGS += $(DISABLE_LTO) - VDSO64-$(CONFIG_SPARC64) := y VDSOCOMPAT-$(CONFIG_COMPAT) := y diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 215376d975a2..ecc27018ae13 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -9,8 +9,6 @@ ARCH_REL_TYPE_ABS := R_X86_64_JUMP_SLOT|R_X86_64_GLOB_DAT|R_X86_64_RELATIVE| ARCH_REL_TYPE_ABS += R_386_GLOB_DAT|R_386_JMP_SLOT|R_386_RELATIVE include $(srctree)/lib/vdso/Makefile -KBUILD_CFLAGS += $(DISABLE_LTO) - # Sanitizer runtimes are unavailable and cannot be linked here. KASAN_SANITIZE := n UBSAN_SANITIZE := n diff --git a/kernel/Makefile b/kernel/Makefile index 9a20016d4900..347254f07dab 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -38,9 +38,6 @@ KASAN_SANITIZE_kcov.o := n KCSAN_SANITIZE_kcov.o := n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector -# cond_syscall is currently not LTO compatible -CFLAGS_sys_ni.o = $(DISABLE_LTO) - obj-y += sched/ obj-y += locking/ obj-y += power/ diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 6ecf30c70ced..ed2b8ce9d4c2 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -111,7 +111,7 @@ endif # --------------------------------------------------------------------------- quiet_cmd_cc_s_c = CC $(quiet_modtag) $@ - cmd_cc_s_c = $(CC) $(filter-out $(DEBUG_CFLAGS), $(c_flags)) $(DISABLE_LTO) -fverbose-asm -S -o $@ $< + cmd_cc_s_c = $(CC) $(filter-out $(DEBUG_CFLAGS), $(c_flags)) -fverbose-asm -S -o $@ $< $(obj)/%.s: $(src)/%.c FORCE $(call if_changed_dep,cc_s_c) From patchwork Fri Sep 18 20:14:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786107 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BBAD9112E for ; Fri, 18 Sep 2020 20:16:30 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 9CA862074B for ; Fri, 18 Sep 2020 20:16:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Y55TEexD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9CA862074B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19927-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 17909 invoked by uid 550); 18 Sep 2020 20:15:18 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17782 invoked from network); 18 Sep 2020 20:15:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=F4YsUyyY+lfZwAlDWD29ZNpEsB79sBxYUrqgeaDTPjE=; b=Y55TEexDRXoxBNxer6juOtiWzY5CnZDFJq6KXKS5uqrCm550vghltW9kgqD6ino9og kK7RkFR8JcflwbH65wcOdRQYvacCLPQEbLAM0G0LNVhAV3kciT8s+x8Ic4fwXmXSE5mT BM2HWHzZuOfM61voEb2jqRCqUbn7CI7DB7DI4C34ZaaZX9FX0rry1UstGXaEt10m93qD TfMs8pP2a2E17oIyQlU6IQCtD+ps+Bj2hTsVABVOFqXuobD1170FwEHStejEqvCelegk psrYK+gvJpEHxMF9jdw88QtJu7B/NrJEO4B0zOzz8uImgBW9jwrNx7ghMMCoesdCZNR6 Q6CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=F4YsUyyY+lfZwAlDWD29ZNpEsB79sBxYUrqgeaDTPjE=; b=HA2GtdjiHO1fyp5WYbQNNPXKkf57jl9IZKz8ai+Y9+ccXko2+eCFDx81AowtD/Dtro nI9dN/j62z077Sq2ndy1cRYA2xaORkioRM3h+Cgb8Q8CqiplMkGrTPJxgrV2cN4/X83J jVw6oHYR4q9oSqvxL0AwODjfr/VhkLYD23KIDziYChbJu5sWnUxo4OJGibHUL/efbT/X 5jbTdqMZbpJPaKh64jJ2AKv2soihNnSVWddfLrPkx0ADm7B1+G6f45HTeuhTt9Kb10Cl RQ4ptLK/trEnBEujy3Z+NuylgI3AjZnaHFSaw3nD16hCd4dc5YHLVE8QQPelzQMzkJjS 9ROQ== X-Gm-Message-State: AOAM533fu2zSZSjJjyKXR+NwE2hyYbbRj1BhRQhIcmsF6fQGVHCUF7hg 2k7Z757xPPF4vK0bPRlDj1AW1gR5Z3e/5yEYBho= X-Google-Smtp-Source: ABdhPJzTiLJ/RKh7eYUGbRKfhePljJjMajqX0t90daZIEb7Wp13dFpcpE1JYFNcSXvT9x1rmFLm0wy697vMkWyr4/NE= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:1585:b029:142:2501:35ed with SMTP id u5-20020a056a001585b0290142250135edmr17861208pfk.77.1600460104946; Fri, 18 Sep 2020 13:15:04 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:17 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 11/30] kbuild: add support for Clang LTO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen This change adds build system support for Clang's Link Time Optimization (LTO). With -flto, instead of ELF object files, Clang produces LLVM bitcode, which is compiled into native code at link time, allowing the final binary to be optimized globally. For more details, see: https://llvm.org/docs/LinkTimeOptimization.html The Kconfig option CONFIG_LTO_CLANG is implemented as a choice, which defaults to LTO being disabled. To use LTO, the architecture must select ARCH_SUPPORTS_LTO_CLANG and support: - compiling with Clang, - compiling inline assembly with Clang's integrated assembler, - and linking with LLD. While using full LTO results in the best runtime performance, the compilation is not scalable in time or memory. CONFIG_THINLTO enables ThinLTO, which allows parallel optimization and faster incremental builds. ThinLTO is used by default if the architecture also selects ARCH_SUPPORTS_THINLTO: https://clang.llvm.org/docs/ThinLTO.html To enable LTO, LLVM tools must be used to handle bitcode files. The easiest way is to pass the LLVM=1 option to make: $ make LLVM=1 defconfig $ scripts/config -e LTO_CLANG $ make LLVM=1 Alternatively, at least the following LLVM tools must be used: CC=clang LD=ld.lld AR=llvm-ar NM=llvm-nm To prepare for LTO support with other compilers, common parts are gated behind the CONFIG_LTO option, and LTO can be disabled for specific files by filtering out CC_FLAGS_LTO. Note that support for DYNAMIC_FTRACE and MODVERSIONS are added in follow-up patches. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- Makefile | 20 ++++++++- arch/Kconfig | 69 +++++++++++++++++++++++++++++++ include/asm-generic/vmlinux.lds.h | 11 +++-- scripts/Makefile.build | 9 +++- scripts/Makefile.modfinal | 9 +++- scripts/Makefile.modpost | 18 +++++++- scripts/link-vmlinux.sh | 32 ++++++++++---- 7 files changed, 150 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index d2fb3cd0f506..be923c18421a 100644 --- a/Makefile +++ b/Makefile @@ -904,6 +904,21 @@ KBUILD_CFLAGS += $(CC_FLAGS_SCS) export CC_FLAGS_SCS endif +ifdef CONFIG_LTO_CLANG +ifdef CONFIG_THINLTO +CC_FLAGS_LTO += -flto=thin -fsplit-lto-unit +KBUILD_LDFLAGS += --thinlto-cache-dir=$(extmod-prefix).thinlto-cache +else +CC_FLAGS_LTO += -flto +endif +CC_FLAGS_LTO += -fvisibility=default +endif + +ifdef CONFIG_LTO +KBUILD_CFLAGS += $(CC_FLAGS_LTO) +export CC_FLAGS_LTO +endif + ifdef CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_32B KBUILD_CFLAGS += -falign-functions=32 endif @@ -1495,7 +1510,7 @@ MRPROPER_FILES += include/config include/generated \ *.spec # Directories & files removed with 'make distclean' -DISTCLEAN_FILES += tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS +DISTCLEAN_FILES += tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS .thinlto-cache # clean - Delete most, but leave enough to build external modules # @@ -1732,7 +1747,8 @@ _emodinst_post: _emodinst_ $(call cmd,depmod) clean-dirs := $(KBUILD_EXTMOD) -clean: rm-files := $(KBUILD_EXTMOD)/Module.symvers $(KBUILD_EXTMOD)/modules.nsdeps +clean: rm-files := $(KBUILD_EXTMOD)/Module.symvers $(KBUILD_EXTMOD)/modules.nsdeps \ + $(KBUILD_EXTMOD)/.thinlto-cache PHONY += help help: diff --git a/arch/Kconfig b/arch/Kconfig index af14a567b493..0742ec643d79 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -552,6 +552,75 @@ config SHADOW_CALL_STACK reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks. +config LTO + bool + +config ARCH_SUPPORTS_LTO_CLANG + bool + help + An architecture should select this option if it supports: + - compiling with Clang, + - compiling inline assembly with Clang's integrated assembler, + - and linking with LLD. + +config ARCH_SUPPORTS_THINLTO + bool + help + An architecture should select this option if it supports Clang's + ThinLTO. + +config THINLTO + bool "Clang ThinLTO" + depends on LTO_CLANG && ARCH_SUPPORTS_THINLTO + default y + help + This option enables Clang's ThinLTO, which allows for parallel + optimization and faster incremental compiles. More information + can be found from Clang's documentation: + + https://clang.llvm.org/docs/ThinLTO.html + +choice + prompt "Link Time Optimization (LTO)" + default LTO_NONE + help + This option enables Link Time Optimization (LTO), which allows the + compiler to optimize binaries globally. + + If unsure, select LTO_NONE. Note that LTO is very resource-intensive + so it's disabled by default. + +config LTO_NONE + bool "None" + +config LTO_CLANG + bool "Clang's Link Time Optimization (EXPERIMENTAL)" + # Clang >= 11: https://github.com/ClangBuiltLinux/linux/issues/510 + depends on CC_IS_CLANG && CLANG_VERSION >= 110000 && LD_IS_LLD + depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm) + depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm) + depends on ARCH_SUPPORTS_LTO_CLANG + depends on !FTRACE_MCOUNT_RECORD + depends on !KASAN + depends on !GCOV_KERNEL + depends on !MODVERSIONS + select LTO + help + This option enables Clang's Link Time Optimization (LTO), which + allows the compiler to optimize the kernel globally. If you enable + this option, the compiler generates LLVM bitcode instead of ELF + object files, and the actual compilation from bitcode happens at + the LTO link step, which may take several minutes depending on the + kernel configuration. More information can be found from LLVM's + documentation: + + https://llvm.org/docs/LinkTimeOptimization.html + + To select this option, you also need to use LLVM tools to handle + the bitcode by passing LLVM=1 to make. + +endchoice + config HAVE_ARCH_WITHIN_STACK_FRAMES bool help diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 5430febd34be..c1f0d58272bd 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -89,15 +89,18 @@ * .data. We don't want to pull in .data..other sections, which Linux * has defined. Same for text and bss. * + * With LTO_CLANG, the linker also splits sections by default, so we need + * these macros to combine the sections during the final link. + * * RODATA_MAIN is not used because existing code already defines .rodata.x * sections to be brought in with rodata. */ -#ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION +#if defined(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION) || defined(CONFIG_LTO_CLANG) #define TEXT_MAIN .text .text.[0-9a-zA-Z_]* -#define DATA_MAIN .data .data.[0-9a-zA-Z_]* .data..LPBX* +#define DATA_MAIN .data .data.[0-9a-zA-Z_]* .data..L* .data..compoundliteral* #define SDATA_MAIN .sdata .sdata.[0-9a-zA-Z_]* -#define RODATA_MAIN .rodata .rodata.[0-9a-zA-Z_]* -#define BSS_MAIN .bss .bss.[0-9a-zA-Z_]* +#define RODATA_MAIN .rodata .rodata.[0-9a-zA-Z_]* .rodata..L* +#define BSS_MAIN .bss .bss.[0-9a-zA-Z_]* .bss..compoundliteral* #define SBSS_MAIN .sbss .sbss.[0-9a-zA-Z_]* #else #define TEXT_MAIN .text diff --git a/scripts/Makefile.build b/scripts/Makefile.build index ed2b8ce9d4c2..cab9d1024c23 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -111,7 +111,7 @@ endif # --------------------------------------------------------------------------- quiet_cmd_cc_s_c = CC $(quiet_modtag) $@ - cmd_cc_s_c = $(CC) $(filter-out $(DEBUG_CFLAGS), $(c_flags)) -fverbose-asm -S -o $@ $< + cmd_cc_s_c = $(CC) $(filter-out $(DEBUG_CFLAGS) $(CC_FLAGS_LTO), $(c_flags)) -fverbose-asm -S -o $@ $< $(obj)/%.s: $(src)/%.c FORCE $(call if_changed_dep,cc_s_c) @@ -428,8 +428,15 @@ $(obj)/lib.a: $(lib-y) FORCE # Do not replace $(filter %.o,^) with $(real-prereqs). When a single object # module is turned into a multi object module, $^ will contain header file # dependencies recorded in the .*.cmd file. +ifdef CONFIG_LTO_CLANG +quiet_cmd_link_multi-m = AR [M] $@ +cmd_link_multi-m = \ + rm -f $@; \ + $(AR) cDPrsT $@ $(filter %.o,$^) +else quiet_cmd_link_multi-m = LD [M] $@ cmd_link_multi-m = $(LD) $(ld_flags) -r -o $@ $(filter %.o,$^) +endif $(multi-used-m): FORCE $(call if_changed,link_multi-m) diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal index ae01baf96f4e..2cb9a1d88434 100644 --- a/scripts/Makefile.modfinal +++ b/scripts/Makefile.modfinal @@ -6,6 +6,7 @@ PHONY := __modfinal __modfinal: +include $(objtree)/include/config/auto.conf include $(srctree)/scripts/Kbuild.include # for c_flags @@ -29,6 +30,12 @@ quiet_cmd_cc_o_c = CC [M] $@ ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) +ifdef CONFIG_LTO_CLANG +# With CONFIG_LTO_CLANG, reuse the object file we compiled for modpost to +# avoid a second slow LTO link +prelink-ext := .lto +endif + quiet_cmd_ld_ko_o = LD [M] $@ cmd_ld_ko_o = \ $(LD) -r $(KBUILD_LDFLAGS) \ @@ -36,7 +43,7 @@ quiet_cmd_ld_ko_o = LD [M] $@ -T scripts/module.lds -o $@ $(filter %.o, $^); \ $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) -$(modules): %.ko: %.o %.mod.o scripts/module.lds FORCE +$(modules): %.ko: %$(prelink-ext).o %.mod.o scripts/module.lds FORCE +$(call if_changed,ld_ko_o) targets += $(modules) $(modules:.ko=.mod.o) diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost index f54b6ac37ac2..66e0c256403c 100644 --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -102,12 +102,26 @@ $(input-symdump): @echo >&2 'WARNING: Symbol version dump "$@" is missing.' @echo >&2 ' Modules may not have dependencies or modversions.' +ifdef CONFIG_LTO_CLANG +# With CONFIG_LTO_CLANG, .o files might be LLVM bitcode, so we need to run +# LTO to compile them into native code before running modpost +prelink-ext = .lto + +quiet_cmd_cc_lto_link_modules = LTO [M] $@ +cmd_cc_lto_link_modules = $(LD) $(ld_flags) -r -o $@ --whole-archive $^ + +%.lto.o: %.o + $(call if_changed,cc_lto_link_modules) +endif + +modules := $(sort $(shell cat $(MODORDER))) + # Read out modules.order to pass in modpost. # Otherwise, allmodconfig would fail with "Argument list too long". quiet_cmd_modpost = MODPOST $@ - cmd_modpost = sed 's/ko$$/o/' $< | $(MODPOST) -T - + cmd_modpost = sed 's/\.ko$$/$(prelink-ext)\.o/' $< | $(MODPOST) -T - -$(output-symdump): $(MODORDER) $(input-symdump) FORCE +$(output-symdump): $(MODORDER) $(input-symdump) $(modules:.ko=$(prelink-ext).o) FORCE $(call if_changed,modpost) targets += $(output-symdump) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 372c3719f94c..ebb9f912aab6 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -56,6 +56,14 @@ modpost_link() ${KBUILD_VMLINUX_LIBS} \ --end-group" + if [ -n "${CONFIG_LTO_CLANG}" ]; then + # This might take a while, so indicate that we're doing + # an LTO link + info LTO ${1} + else + info LD ${1} + fi + ${LD} ${KBUILD_LDFLAGS} -r -o ${1} ${objects} } @@ -103,13 +111,22 @@ vmlinux_link() fi if [ "${SRCARCH}" != "um" ]; then - objects="--whole-archive \ - ${KBUILD_VMLINUX_OBJS} \ - --no-whole-archive \ - --start-group \ - ${KBUILD_VMLINUX_LIBS} \ - --end-group \ - ${@}" + if [ -n "${CONFIG_LTO_CLANG}" ]; then + # Use vmlinux.o instead of performing the slow LTO + # link again. + objects="--whole-archive \ + vmlinux.o \ + --no-whole-archive \ + ${@}" + else + objects="--whole-archive \ + ${KBUILD_VMLINUX_OBJS} \ + --no-whole-archive \ + --start-group \ + ${KBUILD_VMLINUX_LIBS} \ + --end-group \ + ${@}" + fi ${LD} ${KBUILD_LDFLAGS} ${LDFLAGS_vmlinux} \ ${strip_debug#-Wl,} \ @@ -274,7 +291,6 @@ fi; ${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init need-builtin=1 #link vmlinux.o -info LD vmlinux.o modpost_link vmlinux.o objtool_link vmlinux.o From patchwork Fri Sep 18 20:14:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786121 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CD97F92C for ; Fri, 18 Sep 2020 20:16:40 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id E1D4123119 for ; Fri, 18 Sep 2020 20:16:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="W2h/XnuG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E1D4123119 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19928-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 18040 invoked by uid 550); 18 Sep 2020 20:15:20 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17925 invoked from network); 18 Sep 2020 20:15:18 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=D6tDM47xuke5ysE5WIIDa5rp1LAjlEXtWPHN9k1Y8+8=; b=W2h/XnuGzNlKV5NdC0adWKa37kl3xmgZiDqkHmcnEkH94kFjcNL9vASQEpry+o2tlh SfBC+DPIuAYiWU8pBcYhnBkk4MYMSQRxr8vnp5P4hse97LNHXff1HXT35d3k/6a2XuiT eFQ65bo3PHYA7ZULXIlrNE7ssaJVXvCHdWIs+w/N0bZjj4lG2tqKCTllU5W+bHP/uz3K qkChF8ODGR3zGLdbJMA86AqPoAhtjbqY74f8cX4z9omNFOlRGFgXhKC5HHQta0ZlGQBH vhvzn8bkpPjmmImHGKDSv1Gxy6AGXkufMcQ4EpIviMGuJbclkq23h5JjEGAU9g2QcPcL eVBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=D6tDM47xuke5ysE5WIIDa5rp1LAjlEXtWPHN9k1Y8+8=; b=Kq4C13axyLKYvzbk0DhvK/XNW4E5x6JwtgICzTAPLgGSip9PcWi1X2Zq+kHIuGh1sP LeIAI8lTb2mAPok09HwEwIKMAsCJ6ynnaAVUFMOOgwnaSQcGuVvnt1rW472ij9De1uSn Mn893P8eAJGNf5to1LekvMOmX760CAdZSGDiLNZbQxcj79cyS6KExfXQRv31akxHTkfq ctD//Sui/qBETIuPt7/RgnOs+boK7Oiq+nwqDUvlCpsJDelBV87uPSyIoQaItGxWHlj7 Ix0SAZiMy6ly7VgDts9C/rT7Brr0EHrXxvkLYuu7GER1hOe7JNzDyveTNVcQNnRZW51J XeMg== X-Gm-Message-State: AOAM5321rFQR+p8GHnW+vpCilIMYY2NmVifciZyXoOs7GSQOb6cquJRh ebeFxryWz7ANdEeQnMgfzqPspzixaaNkjd3Jx8s= X-Google-Smtp-Source: ABdhPJwIKm2mW/7B7okzAhOoDkKFEdpCgso3ba9La2/d/DUtgiXB+PAEgrZZLuGQAGZ/+GH6mv8G2aj/fuFfm+e2Dis= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:bc46:: with SMTP id d6mr41185316ybk.511.1600460106948; Fri, 18 Sep 2020 13:15:06 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:18 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-13-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 12/30] kbuild: lto: fix module versioning From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With CONFIG_MODVERSIONS, version information is linked into each compilation unit that exports symbols. With LTO, we cannot use this method as all C code is compiled into LLVM bitcode instead. This change collects symbol versions into .symversions files and merges them in link-vmlinux.sh where they are all linked into vmlinux.o at the same time. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- .gitignore | 1 + Makefile | 3 ++- arch/Kconfig | 1 - scripts/Makefile.build | 33 +++++++++++++++++++++++++++++++-- scripts/Makefile.modpost | 6 +++++- scripts/link-vmlinux.sh | 25 ++++++++++++++++++++++++- 6 files changed, 63 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 162bd2b67bdf..06e76dc39ffe 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ *.so.dbg *.su *.symtypes +*.symversions *.tab.[ch] *.tar *.xz diff --git a/Makefile b/Makefile index be923c18421a..629d4b18e413 100644 --- a/Makefile +++ b/Makefile @@ -1845,7 +1845,8 @@ clean: $(clean-dirs) -o -name '.tmp_*.o.*' \ -o -name '*.c.[012]*.*' \ -o -name '*.ll' \ - -o -name '*.gcno' \) -type f -print | xargs rm -f + -o -name '*.gcno' \ + -o -name '*.*.symversions' \) -type f -print | xargs rm -f # Generate tags for editors # --------------------------------------------------------------------------- diff --git a/arch/Kconfig b/arch/Kconfig index 0742ec643d79..520e900efc75 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -603,7 +603,6 @@ config LTO_CLANG depends on !FTRACE_MCOUNT_RECORD depends on !KASAN depends on !GCOV_KERNEL - depends on !MODVERSIONS select LTO help This option enables Clang's Link Time Optimization (LTO), which diff --git a/scripts/Makefile.build b/scripts/Makefile.build index cab9d1024c23..44b6d964bcad 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -166,6 +166,15 @@ ifdef CONFIG_MODVERSIONS # the actual value of the checksum generated by genksyms # o remove .tmp_.o to .o +ifdef CONFIG_LTO_CLANG +# Generate .o.symversions files for each .o with exported symbols, and link these +# to the kernel and/or modules at the end. +cmd_modversions_c = \ + if $(NM) $@ 2>/dev/null | grep -q __ksymtab; then \ + $(call cmd_gensymtypes_c,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \ + > $@.symversions; \ + fi; +else cmd_modversions_c = \ if $(OBJDUMP) -h $@ | grep -q __ksymtab; then \ $(call cmd_gensymtypes_c,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \ @@ -177,6 +186,7 @@ cmd_modversions_c = \ rm -f $(@D)/.tmp_$(@F:.o=.ver); \ fi endif +endif ifdef USE_RECORDMCOUNT # compiler will not generate __mcount_loc use recordmcount or recordmcount.pl @@ -393,6 +403,18 @@ $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler $(subdir-builtin): $(obj)/%/built-in.a: $(obj)/% ; $(subdir-modorder): $(obj)/%/modules.order: $(obj)/% ; +# combine symversions for later processing +quiet_cmd_update_lto_symversions = SYMVER $@ +ifeq ($(CONFIG_LTO_CLANG) $(CONFIG_MODVERSIONS),y y) + cmd_update_lto_symversions = \ + rm -f $@.symversions \ + $(foreach n, $(filter-out FORCE,$^), \ + $(if $(wildcard $(n).symversions), \ + ; cat $(n).symversions >> $@.symversions)) +else + cmd_update_lto_symversions = echo >/dev/null +endif + # # Rule to compile a set of .o files into one .a file (without symbol table) # @@ -400,8 +422,11 @@ $(subdir-modorder): $(obj)/%/modules.order: $(obj)/% ; quiet_cmd_ar_builtin = AR $@ cmd_ar_builtin = rm -f $@; $(AR) cDPrST $@ $(real-prereqs) +quiet_cmd_ar_and_symver = AR $@ + cmd_ar_and_symver = $(cmd_update_lto_symversions); $(cmd_ar_builtin) + $(obj)/built-in.a: $(real-obj-y) FORCE - $(call if_changed,ar_builtin) + $(call if_changed,ar_and_symver) # # Rule to create modules.order file @@ -421,8 +446,11 @@ $(obj)/modules.order: $(obj-m) FORCE # # Rule to compile a set of .o files into one .a file (with symbol table) # +quiet_cmd_ar_lib = AR $@ + cmd_ar_lib = $(cmd_update_lto_symversions); $(cmd_ar) + $(obj)/lib.a: $(lib-y) FORCE - $(call if_changed,ar) + $(call if_changed,ar_lib) # NOTE: # Do not replace $(filter %.o,^) with $(real-prereqs). When a single object @@ -431,6 +459,7 @@ $(obj)/lib.a: $(lib-y) FORCE ifdef CONFIG_LTO_CLANG quiet_cmd_link_multi-m = AR [M] $@ cmd_link_multi-m = \ + $(cmd_update_lto_symversions); \ rm -f $@; \ $(AR) cDPrsT $@ $(filter %.o,$^) else diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost index 66e0c256403c..753725b88683 100644 --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -108,7 +108,11 @@ ifdef CONFIG_LTO_CLANG prelink-ext = .lto quiet_cmd_cc_lto_link_modules = LTO [M] $@ -cmd_cc_lto_link_modules = $(LD) $(ld_flags) -r -o $@ --whole-archive $^ +cmd_cc_lto_link_modules = \ + $(LD) $(ld_flags) -r -o $@ \ + $(shell [ -s $(@:.lto.o=.o.symversions) ] && \ + echo -T $(@:.lto.o=.o.symversions)) \ + --whole-archive $^ %.lto.o: %.o $(call if_changed,cc_lto_link_modules) diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index ebb9f912aab6..3e99a19b9195 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -43,11 +43,28 @@ info() fi } +# If CONFIG_LTO_CLANG is selected, collect generated symbol versions into +# .tmp_symversions.lds +gen_symversions() +{ + info GEN .tmp_symversions.lds + rm -f .tmp_symversions.lds + + for a in ${KBUILD_VMLINUX_OBJS} ${KBUILD_VMLINUX_LIBS}; do + for o in $(${AR} t $a 2>/dev/null); do + if [ -f ${o}.symversions ]; then + cat ${o}.symversions >> .tmp_symversions.lds + fi + done + done +} + # Link of vmlinux.o used for section mismatch analysis # ${1} output file modpost_link() { local objects + local lds="" objects="--whole-archive \ ${KBUILD_VMLINUX_OBJS} \ @@ -57,6 +74,11 @@ modpost_link() --end-group" if [ -n "${CONFIG_LTO_CLANG}" ]; then + if [ -n "${CONFIG_MODVERSIONS}" ]; then + gen_symversions + lds="${lds} -T .tmp_symversions.lds" + fi + # This might take a while, so indicate that we're doing # an LTO link info LTO ${1} @@ -64,7 +86,7 @@ modpost_link() info LD ${1} fi - ${LD} ${KBUILD_LDFLAGS} -r -o ${1} ${objects} + ${LD} ${KBUILD_LDFLAGS} -r -o ${1} ${lds} ${objects} } objtool_link() @@ -242,6 +264,7 @@ cleanup() { rm -f .btf.* rm -f .tmp_System.map + rm -f .tmp_symversions.lds rm -f .tmp_vmlinux* rm -f System.map rm -f vmlinux From patchwork Fri Sep 18 20:14:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786127 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2A6E7112E for ; Fri, 18 Sep 2020 20:16:52 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 3DFBA20684 for ; Fri, 18 Sep 2020 20:16:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="O4aL90Tv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3DFBA20684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19929-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 18264 invoked by uid 550); 18 Sep 2020 20:15:22 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 18158 invoked from network); 18 Sep 2020 20:15:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=K8zImTLReF05TErj4+HOAXGu6YGSM1wWftERjd6zSXY=; b=O4aL90TvE4llVBU6Z0ndgSX9n+HK3JOWxE5fYd3jLf4UdRHgOfxM4GokiDr2rHZQ5Y 2S1tWqXy6QXI6V8BRIFCAB8inlLLGlunaNqAEEl+V3RYk+xBOCzHwaLFTJskZ3r5xQeG wRfGL7JUNWS2RBdp3cUVMwbgcfUnmvGH8Yh4sqEmk/tTvERZk06+UvODsTGPhyR2vXe3 RA2SqSl1Q0ZSdldYyKcvOMbw7bcksln+yDchPN4jXuGZ6/U+52OB8u5thT98yesgNfnz NVoM2Cu1Sfwc+jcRvFiw4KDwMGrLIyh7i3P37FphlI6sRP8YVrv4+R99WOGRu6gEUYRu 0AKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=K8zImTLReF05TErj4+HOAXGu6YGSM1wWftERjd6zSXY=; b=TuGnLU0ZTNYmHuKZwC+MA9tY4Y9TtCGWSi62GRyB3e1NK3skodhmRuxe7O4orUFzL+ xLtNehFd4sKb+25/UwR7CWBk7sPM/SA2+69ENe2EFE4jQ/rQj8++7vQA/1/JiINlBzOm UxEQMwvqK/t7gNWhaHTDrKL+sdNSxIsztgubJamFCZuFqqseMWcXLup7uTrzy4J8nLp8 nf5LZz7uYwAJuYAbhcU4RSv8/kIvMea622Jo0iDUJhifc1HUb/WU6H2rY9Oibvd1hnA2 qhw3q0K2tbAq01qqXYT0YSy961dWEug5FD69N5nrLkMmNoIkwPNlqgTpGgVoTCvj7Gqh YzHg== X-Gm-Message-State: AOAM530YG1K6a/p99X2EQ/7HNlttS1D3W735ikzXkxiYUQ4EoCRmgqug G0yc5KBixG2+K+Gypa08RPsnJCi7RgRsqjMh3LY= X-Google-Smtp-Source: ABdhPJzlGWM/RB0RyiyE2KM3MIKE1UtXk00h26ZK1WTewpuCN9eJRsYcziyZsYst8dQvQffxBp2wtJk2sL6MXkU8ehs= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a17:90a:cb0f:: with SMTP id z15mr13951080pjt.76.1600460109195; Fri, 18 Sep 2020 13:15:09 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:19 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-14-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 13/30] kbuild: lto: postpone objtool From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, LLVM bitcode won't be compiled into native code until modpost_link, or modfinal for modules. This change postpones calls to objtool until after these steps, and moves objtool_args to Makefile.lib, so the arguments can be reused in Makefile.modfinal. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/Kconfig | 2 +- scripts/Makefile.build | 22 ++-------------------- scripts/Makefile.lib | 11 +++++++++++ scripts/Makefile.modfinal | 19 ++++++++++++++++--- scripts/link-vmlinux.sh | 23 ++++++++++++++++++++++- 5 files changed, 52 insertions(+), 25 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 520e900efc75..727be15ba19e 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -600,7 +600,7 @@ config LTO_CLANG depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm) depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm) depends on ARCH_SUPPORTS_LTO_CLANG - depends on !FTRACE_MCOUNT_RECORD + depends on HAVE_OBJTOOL_MCOUNT || !(X86_64 && DYNAMIC_FTRACE) depends on !KASAN depends on !GCOV_KERNEL select LTO diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 44b6d964bcad..541dbe791743 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -218,30 +218,11 @@ cmd_record_mcount = $(if $(findstring $(strip $(CC_FLAGS_FTRACE)),$(_c_flags)), endif # USE_RECORDMCOUNT ifdef CONFIG_STACK_VALIDATION +ifndef CONFIG_LTO_CLANG ifneq ($(SKIP_STACK_VALIDATION),1) __objtool_obj := $(objtree)/tools/objtool/objtool -objtool_args = $(if $(CONFIG_UNWINDER_ORC),orc generate,check) - -objtool_args += $(if $(part-of-module), --module,) - -ifndef CONFIG_FRAME_POINTER -objtool_args += --no-fp -endif -ifdef CONFIG_GCOV_KERNEL -objtool_args += --no-unreachable -endif -ifdef CONFIG_RETPOLINE - objtool_args += --retpoline -endif -ifdef CONFIG_X86_SMAP - objtool_args += --uaccess -endif -ifdef USE_OBJTOOL_MCOUNT - objtool_args += --mcount -endif - # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file @@ -253,6 +234,7 @@ objtool_obj = $(if $(patsubst y%,, \ $(__objtool_obj)) endif # SKIP_STACK_VALIDATION +endif # CONFIG_LTO_CLANG endif # CONFIG_STACK_VALIDATION # Rebuild all objects when objtool changes, or is enabled/disabled. diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 3d599716940c..745d88172bc7 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -216,6 +216,17 @@ dtc_cpp_flags = -Wp,-MMD,$(depfile).pre.tmp -nostdinc \ $(addprefix -I,$(DTC_INCLUDE)) \ -undef -D__DTS__ +# Objtool arguments are also needed for modfinal with LTO, so we define +# then here to avoid duplication. +objtool_args = \ + $(if $(CONFIG_UNWINDER_ORC),orc generate,check) \ + $(if $(part-of-module), --module,) \ + $(if $(CONFIG_FRAME_POINTER), --no-fp,) \ + $(if $(CONFIG_GCOV_KERNEL), --no-unreachable,) \ + $(if $(CONFIG_RETPOLINE), --retpoline,) \ + $(if $(CONFIG_X86_SMAP), --uaccess,) \ + $(if $(USE_OBJTOOL_MCOUNT), --mcount,) + # Useful for describing the dependency of composite objects # Usage: # $(call multi_depend, multi_used_targets, suffix_to_remove, suffix_to_add) diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal index 2cb9a1d88434..1bd2953b11c4 100644 --- a/scripts/Makefile.modfinal +++ b/scripts/Makefile.modfinal @@ -9,7 +9,7 @@ __modfinal: include $(objtree)/include/config/auto.conf include $(srctree)/scripts/Kbuild.include -# for c_flags +# for c_flags and objtool_args include $(srctree)/scripts/Makefile.lib # find all modules listed in modules.order @@ -34,10 +34,23 @@ ifdef CONFIG_LTO_CLANG # With CONFIG_LTO_CLANG, reuse the object file we compiled for modpost to # avoid a second slow LTO link prelink-ext := .lto -endif + +# ELF processing was skipped earlier because we didn't have native code, +# so let's now process the prelinked binary before we link the module. + +ifdef CONFIG_STACK_VALIDATION +ifneq ($(SKIP_STACK_VALIDATION),1) +cmd_ld_ko_o += \ + $(objtree)/tools/objtool/objtool $(objtool_args) \ + $(@:.ko=$(prelink-ext).o); + +endif # SKIP_STACK_VALIDATION +endif # CONFIG_STACK_VALIDATION + +endif # CONFIG_LTO_CLANG quiet_cmd_ld_ko_o = LD [M] $@ - cmd_ld_ko_o = \ + cmd_ld_ko_o += \ $(LD) -r $(KBUILD_LDFLAGS) \ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ -T scripts/module.lds -o $@ $(filter %.o, $^); \ diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 3e99a19b9195..a352a5ad9ef7 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -93,8 +93,29 @@ objtool_link() { local objtoolopt; + if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then + # Don't perform vmlinux validation unless explicitly requested, + # but run objtool on vmlinux.o now that we have an object file. + if [ -n "${CONFIG_UNWINDER_ORC}" ]; then + objtoolopt="orc generate" + else + objtoolopt="check" + fi + + if [ -n ${USE_OBJTOOL_MCOUNT} ]; then + objtoolopt="${objtoolopt} --mcount" + fi + fi + if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then - objtoolopt="check --vmlinux" + if [ -z "${objtoolopt}" ]; then + objtoolopt="check --vmlinux" + else + objtoolopt="${objtoolopt} --vmlinux" + fi + fi + + if [ -n "${objtoolopt}" ]; then if [ -z "${CONFIG_FRAME_POINTER}" ]; then objtoolopt="${objtoolopt} --no-fp" fi From patchwork Fri Sep 18 20:14:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786151 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1D4CE92C for ; Fri, 18 Sep 2020 20:17:03 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 585A72074B for ; Fri, 18 Sep 2020 20:17:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pyxY37Ar" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 585A72074B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19930-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 19476 invoked by uid 550); 18 Sep 2020 20:15:24 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 18354 invoked from network); 18 Sep 2020 20:15:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=AuswF6CKDN8dO1xH74r4m5G29uexAro1Nb2/kCMl6ng=; b=pyxY37ArYBcWk0pTveeYem7o3r7m0QxYR7o9ddMazv3C4wUXpf2wO5JjRX0hn4D99a ZfGgMQ7Y6Q0IcMD2Az+PMWVEf1UQD0bMp5UvODjcuy5A+HFY6tfMzIjH2TOqDSGxfrkm bzhUpRLa1APdzJJuc3rFYJAUGU6Q8y3Q93uvmCIMm/1oh0Z+W85oIwCWP5Q55yaYOmbE gk8wLX192p13Gd0rr4JArg+R3FEIeSJsV0U3a+yj521FBPN70Pf7378jB++mxf7g6bky 21wEGkI2GQeXxYFaCDkQXFqja2UN6FX7KM68hCqpPYC8vhf6aqeVZ+IoZbZQITt213Zj ebpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=AuswF6CKDN8dO1xH74r4m5G29uexAro1Nb2/kCMl6ng=; b=O1omMV4vvCJMcJOJ0tSGgM9wxbCSfbJ4T28m2373wqn15DcYurhH8w50vrGbE94s7s t8Z1OBIUdbHjrJ+LztfJOb7wMd2iBh/LVjzMQQnqZGj8cStY8EtHBJ/AHB42iVEhfEl5 012efuqoyTnbTdvW6bZVucei3ODRhRyiU71r552sAI7GtLCPUvEf0Ml6ReXl93ZJWU/d F0bnP6EPg5t2PZgC5fP76YzFDnJwUyoV0ZlPCFLQhM42y197p3fbEe8lu5/9wrpYtAoW x/mCeKlRjHFYqdknHx3NIZLNn/KW/tthm0fGXLJDo0LrsjCmRf3gh7oAR2kkqP2A4qJY CyZA== X-Gm-Message-State: AOAM532FwpmZ3wP2oX/RTFZgb899fDixsp9rDDWSrilYUgQx0ipU+Mmd FS+T/DbKe1Ekd0cS6Ji8gHgeqJi4rmWtjOD+d5I= X-Google-Smtp-Source: ABdhPJxzZeQUOl2JhbPGv5v7ZLZFcYcdjlAn8PduxMhR73rTNKLtzUhom6BcaktSr/Lr+jGrmaYuXtBeO2vdou5k7ZQ= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a17:902:d70e:b029:d1:e626:d12f with SMTP id w14-20020a170902d70eb02900d1e626d12fmr17241070ply.74.1600460111357; Fri, 18 Sep 2020 13:15:11 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:20 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-15-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 14/30] kbuild: lto: limit inlining From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen This change limits function inlining across translation unit boundaries in order to reduce the binary size with LTO. The -import-instr-limit flag defines a size limit, as the number of LLVM IR instructions, for importing functions from other TUs, defaulting to 100. Based on testing with arm64 defconfig, we found that a limit of 5 is a reasonable compromise between performance and binary size, reducing the size of a stripped vmlinux by 11%. Suggested-by: George Burgess IV Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 629d4b18e413..973155c24711 100644 --- a/Makefile +++ b/Makefile @@ -912,6 +912,9 @@ else CC_FLAGS_LTO += -flto endif CC_FLAGS_LTO += -fvisibility=default + +# Limit inlining across translation units to reduce binary size +KBUILD_LDFLAGS += -mllvm -import-instr-limit=5 endif ifdef CONFIG_LTO From patchwork Fri Sep 18 20:14:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786163 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 45CC2112E for ; Fri, 18 Sep 2020 20:17:13 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 820E8207D3 for ; Fri, 18 Sep 2020 20:17:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sk1n8gFB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 820E8207D3 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19931-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 19710 invoked by uid 550); 18 Sep 2020 20:15:26 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 19611 invoked from network); 18 Sep 2020 20:15:25 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=sDhFGpvlf4HylY15zQIKyDPQxuNLHaPJE4lahmB/U3o=; b=sk1n8gFBPt/lpLBQ+GOEZFF5kf8UOnntxOTB32HnkQWAWrSaStYhtRE7qWdbcSLxg4 Gg9GXRGdMLUsdCB/c8c7q8AGDDfB/5JLmacB5t9QnbyA5wUTdMVAdy75TO8BlVneBzVp lSI/Cl7ny5ny1K6+J3oitNwzfaSptJ76VcMWpOgVfjxm3SIpHxo4N7r4B3FBuFcxcDvy /qw4ESM9nEFmfuEfRVkLCqb7J/wr+gTYbwx15VUb419uhouvZ7OLiu3JBT/XiuB7nklt UMu9qGA0f4VwicJFQUJEGU3naFOTNsTQSVhBYOgrLyZldxhatmDZWt2FeBBqcQGwQmbr piUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=sDhFGpvlf4HylY15zQIKyDPQxuNLHaPJE4lahmB/U3o=; b=lb6+33zdF36SimoPtDDGGeqbRh1NOTcF0K6+TdnySFScX+gp9o6vLSGaLQEWwpccEj TX6CyFe2+RU9FMw+YEsG9vD2E44ErHPvc/w4VPYAygkc44v3mewNqPzUSKN96hiTJPSk Hed6YrCfZ+kdkEBA/Tzm+vZHRwEgLmoj+LUfcxAkWKCKy4u9lLbEJCxMAjllAFR+531A lbBFPK1SJqa1B3Nb2vBERi+SDj441spFLy2theCn4rRfqeQ7Ma+iAE5kcVO8F0YlqIli vkT400mrmQLoubSi2fOksA1rcKglxBko3mvpjUQ4JdmT5vpO+HStvOlazvrNYk18uEuv oAfg== X-Gm-Message-State: AOAM530E7tzQiDiQO7MkGitfbg/GGTc0e16YHp7AFaGEOa/1MrvKbIhG jAGYg7gWSf6Ei0WdsgA7snMEk1muxjV7f25py2k= X-Google-Smtp-Source: ABdhPJzcLc2Llf2NYvBudjp2BIXvLbxitZeqdCSBF9rMkMxLi5VdEAKNXht5tAMiNUsnOx/RDEKyI2Da9coZSC3R4XU= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a0c:9d04:: with SMTP id m4mr18731516qvf.50.1600460113739; Fri, 18 Sep 2020 13:15:13 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:21 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-16-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 15/30] kbuild: lto: merge module sections From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen LLD always splits sections with LTO, which increases module sizes. This change adds linker script rules to merge the split sections in the final module. Suggested-by: Nick Desaulniers Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/module.lds.S | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 69b9b71a6a47..037120173a22 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -25,5 +25,33 @@ SECTIONS { __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) } } +#ifdef CONFIG_LTO_CLANG +/* + * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and + * -ffunction-sections, which increases the size of the final module. + * Merge the split sections in the final binary. + */ +SECTIONS { + __patchable_function_entries : { *(__patchable_function_entries) } + + .bss : { + *(.bss .bss.[0-9a-zA-Z_]*) + *(.bss..L*) + } + + .data : { + *(.data .data.[0-9a-zA-Z_]*) + *(.data..L*) + } + + .rodata : { + *(.rodata .rodata.[0-9a-zA-Z_]*) + *(.rodata..L*) + } + + .text : { *(.text .text.[0-9a-zA-Z_]*) } +} +#endif + /* bring in arch-specific sections */ #include From patchwork Fri Sep 18 20:14:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786165 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 595EF92C for ; Fri, 18 Sep 2020 20:17:23 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 9792220684 for ; Fri, 18 Sep 2020 20:17:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mPsAHQEX" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9792220684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19932-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 19951 invoked by uid 550); 18 Sep 2020 20:15:28 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 19865 invoked from network); 18 Sep 2020 20:15:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=H5U0Hz5E6z5ldjvQ4xJDZFkCK4qV/McKETGlhtu7sL8=; b=mPsAHQEXqvNlGarzu6iBRQPA6ECa8TLJT1//z5ygvSXXqueGgBTsUBMgdhH3MoF60t ZhVFIxUiDXEpZ89jhGqvkk+xwepAhB4h8zd+bjJyvbcb5izzUs/Tg/9RldZdUROXbjeI BxVX/BdnoiStlDzxH6+NO+6HwWWfNd4qZM0lZORWe65ACPTad8UErkxRWB5rEkhp08DZ 0KGl75iSGd/JKl1QjNefLbTEyfWqmsoCEu++j8qCHyYi8XPRYhVdpn0nAEZ8fdky4y7y S1k0KQu3X95IfiUivguLiKYbpdCh3C48qnuiieKQ7b0xjFzd4Be04GxhMxIhkfZAaqOO 4wGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=H5U0Hz5E6z5ldjvQ4xJDZFkCK4qV/McKETGlhtu7sL8=; b=uNNqu+z16CWF3KO9JOPHTfDUR1gd2kt/MtkEiUiOGPiRRTBkOcrpewxt+dfAjffyPn ktO7rxiv6vb33E4nFMxs3uIQaMJTF3w0ZSmi2XhLMOZRSBerMVv6nf4qpqkRE8wxiRZc AHMTVmm7fjoNOisNXytHxBNKaKYWW4xvJuoKUnLVe6lhrWVoBS46zBUxqSRsCVgmG8Ww SwLJVuxWUhSl7BPHBd/IyolL6HoBluV1gyTIm2K+tLGonXkwIhsvtqpontLu5+Wz89E2 AODhGukfUd8HTyFLp0I3NJ2IM3GRAusUpCLq/wl+weLOoKjaye1JMNrOApQ2l9wh/yaw n1rg== X-Gm-Message-State: AOAM5315bES8UKZjtIZgO/7+RkJ0doKUvQcVC3sRKfWdYgiZCiVZ/REo nSWyb3QTYpRBNZBsXMBQvK/7okwyBfeCcMqWBP0= X-Google-Smtp-Source: ABdhPJw8z6vjGGaGGnrlRrziyohZvVfic1DZGt/qPzbkK2DflW6NVM+pA6gyTB+Ke9wzzcJbF1DtstV10V20omnh/NQ= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:47cc:: with SMTP id p12mr34218336qvw.25.1600460116095; Fri, 18 Sep 2020 13:15:16 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:22 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-17-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 16/30] kbuild: lto: remove duplicate dependencies from .mod files From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, llvm-nm prints out symbols for each archive member separately, which results in a lot of duplicate dependencies in the .mod file when CONFIG_TRIM_UNUSED_SYMS is enabled. When a module consists of several compilation units, the output can exceed the default xargs command size limit and split the dependency list to multiple lines, which results in used symbols getting trimmed. This change removes duplicate dependencies, which will reduce the probability of this happening and makes .mod files smaller and easier to read. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/Makefile.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 541dbe791743..b417c697536e 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -266,7 +266,7 @@ endef # List module undefined symbols (or empty line if not enabled) ifdef CONFIG_TRIM_UNUSED_KSYMS -cmd_undef_syms = $(NM) $< | sed -n 's/^ *U //p' | xargs echo +cmd_undef_syms = $(NM) $< | sed -n 's/^ *U //p' | sort -u | xargs echo else cmd_undef_syms = echo endif From patchwork Fri Sep 18 20:14:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786173 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E2AC792C for ; Fri, 18 Sep 2020 20:17:33 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id C03A7207D3 for ; Fri, 18 Sep 2020 20:17:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bypA/Z7p" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C03A7207D3 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19933-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 20238 invoked by uid 550); 18 Sep 2020 20:15:31 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 20120 invoked from network); 18 Sep 2020 20:15:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=elKx10PKhtUKECecvjo4xZARYYlgkNIYKswvgswhwZE=; b=bypA/Z7pJhCkYbkyCzDnhFowKj238dw2Bo7mfY1j0CVF0cTeV9MsPzvljt+hDTamj5 S9fAqX5HQDb/+07LwYFXnE9N5D80+N9xV0JY/Y9VaprAVhBGi7YErW5KeIHavDHLdXHw YI7uMVr2XswXqQk2EHA6DyaCgIh/3wSY6pa7PNXvF5j7ap5ljELAU5fqzUBspzuRZ1Fk JvaMfTkbHpEevBDhFk26t9Vsv/13tHFfxo1arvajU8cv/cQc6ezCKr9aqvpqUsSOnvAQ 5ABuKSV7H8AYNFQ6rkD5XIw3NfxUKcR4lHHVLr5BWNTYYs82sOsb7rkpMIBvlr+YRpNI 0BCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=elKx10PKhtUKECecvjo4xZARYYlgkNIYKswvgswhwZE=; b=qfodefFpctyc8HsiPZ+7PXh+bj0TK+koRFO5KgvGDe271W0bAV/bBJeUnjKvyPIILB KxGUKt5pOONMlBYOM5H5iB9rM0xm0efehL0i7egLHXMs0CL/pXyU9Vh7Vxoa/xJOJbbW +SUqcc9DeVsGTXXrhFI8Iw1q3Xx7F4oc5So2wFOgGOJD2IFKoVk64/9+cqTEfS8nf5PO mIi8E8UKGCPRkatI4ouWxz6yLytuggTkq6bJQB7KjVmJ3Ii3jk31jdGNlVuPe5D02Kbd R2iuhWNyNr1VCjaIHMd/Cv7TCKkVCgY3qCLQ/BZe8Sqjs3Nkrd6xcpYlmvNBvV9FYI9e S7pA== X-Gm-Message-State: AOAM532qQxQU+IM+/QyEnZXXMRUF5J4lIH3Dp9elSeyLel2DtbG71Jc6 FpQjClOqyHjQQ4iGxts2Ivi76cdCmHQHV6YdsdI= X-Google-Smtp-Source: ABdhPJyVPT73JEW9Hdr8ZAdQNDCLPtDjbCDcjjizUZc13W9cYfnOMrkXDus9CLZwKgB00o+mEJLZUKEmJecYtv1IPuQ= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a5b:d09:: with SMTP id y9mr20482912ybp.258.1600460118877; Fri, 18 Sep 2020 13:15:18 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:23 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-18-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 17/30] init: lto: ensure initcall ordering From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, the compiler doesn't necessarily obey the link order for initcalls, and initcall variables need globally unique names to avoid collisions at link time. This change exports __KBUILD_MODNAME and adds the initcall_id() macro, which uses it together with __COUNTER__ and __LINE__ to help ensure these variables have unique names, and moves each variable to its own section when LTO is enabled, so the correct order can be specified using a linker script. The generate_initcall_ordering.pl script uses nm to find initcalls from the object files passed to the linker, and generates a linker script that specifies the same order for initcalls that we would have without LTO. With LTO enabled, the script is called in link-vmlinux.sh through jobserver-exec to limit the number of jobs spawned. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/init.h | 52 +++++- scripts/Makefile.lib | 6 +- scripts/generate_initcall_order.pl | 270 +++++++++++++++++++++++++++++ scripts/link-vmlinux.sh | 15 ++ 4 files changed, 334 insertions(+), 9 deletions(-) create mode 100755 scripts/generate_initcall_order.pl diff --git a/include/linux/init.h b/include/linux/init.h index 212fc9e2f691..af638cd6dd52 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -184,19 +184,57 @@ extern bool initcall_debug; * as KEEP() in the linker script. */ +/* Format: ____ */ +#define __initcall_id(fn) \ + __PASTE(__KBUILD_MODNAME, \ + __PASTE(__, \ + __PASTE(__COUNTER__, \ + __PASTE(_, \ + __PASTE(__LINE__, \ + __PASTE(_, fn)))))) + +/* Format: ____ */ +#define __initcall_name(prefix, __iid, id) \ + __PASTE(__, \ + __PASTE(prefix, \ + __PASTE(__, \ + __PASTE(__iid, id)))) + +#ifdef CONFIG_LTO_CLANG +/* + * With LTO, the compiler doesn't necessarily obey link order for + * initcalls. In order to preserve the correct order, we add each + * variable into its own section and generate a linker script (in + * scripts/link-vmlinux.sh) to specify the order of the sections. + */ +#define __initcall_section(__sec, __iid) \ + #__sec ".init.." #__iid +#else +#define __initcall_section(__sec, __iid) \ + #__sec ".init" +#endif + #ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS -#define ___define_initcall(fn, id, __sec) \ +#define ____define_initcall(fn, __name, __sec) \ __ADDRESSABLE(fn) \ - asm(".section \"" #__sec ".init\", \"a\" \n" \ - "__initcall_" #fn #id ": \n" \ + asm(".section \"" __sec "\", \"a\" \n" \ + __stringify(__name) ": \n" \ ".long " #fn " - . \n" \ ".previous \n"); #else -#define ___define_initcall(fn, id, __sec) \ - static initcall_t __initcall_##fn##id __used \ - __attribute__((__section__(#__sec ".init"))) = fn; +#define ____define_initcall(fn, __name, __sec) \ + static initcall_t __name __used \ + __attribute__((__section__(__sec))) = fn; #endif +#define __unique_initcall(fn, id, __sec, __iid) \ + ____define_initcall(fn, \ + __initcall_name(initcall, __iid, id), \ + __initcall_section(__sec, __iid)) + +#define ___define_initcall(fn, id, __sec) \ + __unique_initcall(fn, id, __sec, __initcall_id(fn)) + #define __define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id) /* @@ -236,7 +274,7 @@ extern bool initcall_debug; #define __exitcall(fn) \ static exitcall_t __exitcall_##fn __exit_call = fn -#define console_initcall(fn) ___define_initcall(fn,, .con_initcall) +#define console_initcall(fn) ___define_initcall(fn, con, .con_initcall) struct obs_kernel_param { const char *str; diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 745d88172bc7..f7daa59ff14f 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -117,9 +117,11 @@ target-stem = $(basename $(patsubst $(obj)/%,%,$@)) # These flags are needed for modversions and compiling, so we define them here # $(modname_flags) defines KBUILD_MODNAME as the name of the module it will # end up in (or would, if it gets compiled in) -name-fix = $(call stringify,$(subst $(comma),_,$(subst -,_,$1))) +name-fix-token = $(subst $(comma),_,$(subst -,_,$1)) +name-fix = $(call stringify,$(call name-fix-token,$1)) basename_flags = -DKBUILD_BASENAME=$(call name-fix,$(basetarget)) -modname_flags = -DKBUILD_MODNAME=$(call name-fix,$(modname)) +modname_flags = -DKBUILD_MODNAME=$(call name-fix,$(modname)) \ + -D__KBUILD_MODNAME=kmod_$(call name-fix-token,$(modname)) modfile_flags = -DKBUILD_MODFILE=$(call stringify,$(modfile)) _c_flags = $(filter-out $(CFLAGS_REMOVE_$(target-stem).o), \ diff --git a/scripts/generate_initcall_order.pl b/scripts/generate_initcall_order.pl new file mode 100755 index 000000000000..1a88d3f1b913 --- /dev/null +++ b/scripts/generate_initcall_order.pl @@ -0,0 +1,270 @@ +#!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 +# +# Generates a linker script that specifies the correct initcall order. +# +# Copyright (C) 2019 Google LLC + +use strict; +use warnings; +use IO::Handle; +use IO::Select; +use POSIX ":sys_wait_h"; + +my $nm = $ENV{'NM'} || die "$0: ERROR: NM not set?"; +my $objtree = $ENV{'objtree'} || '.'; + +## currently active child processes +my $jobs = {}; # child process pid -> file handle +## results from child processes +my $results = {}; # object index -> [ { level, secname }, ... ] + +## reads _NPROCESSORS_ONLN to determine the maximum number of processes to +## start +sub get_online_processors { + open(my $fh, "getconf _NPROCESSORS_ONLN 2>/dev/null |") + or die "$0: ERROR: failed to execute getconf: $!"; + my $procs = <$fh>; + close($fh); + + if (!($procs =~ /^\d+$/)) { + return 1; + } + + return int($procs); +} + +## writes results to the parent process +## format: +sub write_results { + my ($index, $initcalls) = @_; + + # sort by the counter value to ensure the order of initcalls within + # each object file is correct + foreach my $counter (sort { $a <=> $b } keys(%{$initcalls})) { + my $level = $initcalls->{$counter}->{'level'}; + + # section name for the initcall function + my $secname = $initcalls->{$counter}->{'module'} . '__' . + $counter . '_' . + $initcalls->{$counter}->{'line'} . '_' . + $initcalls->{$counter}->{'function'}; + + print "$index $level $secname\n"; + } +} + +## reads a result line from a child process and adds it to the $results array +sub read_results{ + my ($fh) = @_; + + # each child prints out a full line w/ autoflush and exits after the + # last line, so even if buffered I/O blocks here, it shouldn't block + # very long + my $data = <$fh>; + + if (!defined($data)) { + return 0; + } + + chomp($data); + + my ($index, $level, $secname) = $data =~ + /^(\d+)\ ([^\ ]+)\ (.*)$/; + + if (!defined($index) || + !defined($level) || + !defined($secname)) { + die "$0: ERROR: child process returned invalid data: $data\n"; + } + + $index = int($index); + + if (!exists($results->{$index})) { + $results->{$index} = []; + } + + push (@{$results->{$index}}, { + 'level' => $level, + 'secname' => $secname + }); + + return 1; +} + +## finds initcalls from an object file or all object files in an archive, and +## writes results back to the parent process +sub find_initcalls { + my ($index, $file) = @_; + + die "$0: ERROR: file $file doesn't exist?" if (! -f $file); + + open(my $fh, "\"$nm\" --defined-only \"$file\" 2>/dev/null |") + or die "$0: ERROR: failed to execute \"$nm\": $!"; + + my $initcalls = {}; + + while (<$fh>) { + chomp; + + # check for the start of a new object file (if processing an + # archive) + my ($path)= $_ =~ /^(.+)\:$/; + + if (defined($path)) { + write_results($index, $initcalls); + $initcalls = {}; + next; + } + + # look for an initcall + my ($module, $counter, $line, $symbol) = $_ =~ + /[a-z]\s+__initcall__(\S*)__(\d+)_(\d+)_(.*)$/; + + if (!defined($module)) { + $module = '' + } + + if (!defined($counter) || + !defined($line) || + !defined($symbol)) { + next; + } + + # parse initcall level + my ($function, $level) = $symbol =~ + /^(.*)((early|rootfs|con|[0-9])s?)$/; + + die "$0: ERROR: invalid initcall name $symbol in $file($path)" + if (!defined($function) || !defined($level)); + + $initcalls->{$counter} = { + 'module' => $module, + 'line' => $line, + 'function' => $function, + 'level' => $level, + }; + } + + close($fh); + write_results($index, $initcalls); +} + +## waits for any child process to complete, reads the results, and adds them to +## the $results array for later processing +sub wait_for_results { + my ($select) = @_; + + my $pid = 0; + do { + # unblock children that may have a full write buffer + foreach my $fh ($select->can_read(0)) { + read_results($fh); + } + + # check for children that have exited, read the remaining data + # from them, and clean up + $pid = waitpid(-1, WNOHANG); + if ($pid > 0) { + if (!exists($jobs->{$pid})) { + next; + } + + my $fh = $jobs->{$pid}; + $select->remove($fh); + + while (read_results($fh)) { + # until eof + } + + close($fh); + delete($jobs->{$pid}); + } + } while ($pid > 0); +} + +## forks a child to process each file passed in the command line and collects +## the results +sub process_files { + my $index = 0; + my $njobs = $ENV{'PARALLELISM'} || get_online_processors(); + my $select = IO::Select->new(); + + while (my $file = shift(@ARGV)) { + # fork a child process and read it's stdout + my $pid = open(my $fh, '-|'); + + if (!defined($pid)) { + die "$0: ERROR: failed to fork: $!"; + } elsif ($pid) { + # save the child process pid and the file handle + $select->add($fh); + $jobs->{$pid} = $fh; + } else { + # in the child process + STDOUT->autoflush(1); + find_initcalls($index, "$objtree/$file"); + exit; + } + + $index++; + + # limit the number of children to $njobs + if (scalar(keys(%{$jobs})) >= $njobs) { + wait_for_results($select); + } + } + + # wait for the remaining children to complete + while (scalar(keys(%{$jobs})) > 0) { + wait_for_results($select); + } +} + +sub generate_initcall_lds() { + process_files(); + + my $sections = {}; # level -> [ secname, ...] + + # sort results to retain link order and split to sections per + # initcall level + foreach my $index (sort { $a <=> $b } keys(%{$results})) { + foreach my $result (@{$results->{$index}}) { + my $level = $result->{'level'}; + + if (!exists($sections->{$level})) { + $sections->{$level} = []; + } + + push(@{$sections->{$level}}, $result->{'secname'}); + } + } + + die "$0: ERROR: no initcalls?" if (!keys(%{$sections})); + + # print out a linker script that defines the order of initcalls for + # each level + print "SECTIONS {\n"; + + foreach my $level (sort(keys(%{$sections}))) { + my $section; + + if ($level eq 'con') { + $section = '.con_initcall.init'; + } else { + $section = ".initcall${level}.init"; + } + + print "\t${section} : {\n"; + + foreach my $secname (@{$sections->{$level}}) { + print "\t\t*(${section}..${secname}) ;\n"; + } + + print "\t}\n"; + } + + print "}\n"; +} + +generate_initcall_lds(); diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index a352a5ad9ef7..688182293527 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -43,6 +43,17 @@ info() fi } +# Generate a linker script to ensure correct ordering of initcalls. +gen_initcalls() +{ + info GEN .tmp_initcalls.lds + + ${PYTHON} ${srctree}/scripts/jobserver-exec \ + ${PERL} ${srctree}/scripts/generate_initcall_order.pl \ + ${KBUILD_VMLINUX_OBJS} ${KBUILD_VMLINUX_LIBS} \ + > .tmp_initcalls.lds +} + # If CONFIG_LTO_CLANG is selected, collect generated symbol versions into # .tmp_symversions.lds gen_symversions() @@ -74,6 +85,9 @@ modpost_link() --end-group" if [ -n "${CONFIG_LTO_CLANG}" ]; then + gen_initcalls + lds="-T .tmp_initcalls.lds" + if [ -n "${CONFIG_MODVERSIONS}" ]; then gen_symversions lds="${lds} -T .tmp_symversions.lds" @@ -285,6 +299,7 @@ cleanup() { rm -f .btf.* rm -f .tmp_System.map + rm -f .tmp_initcalls.lds rm -f .tmp_symversions.lds rm -f .tmp_vmlinux* rm -f System.map From patchwork Fri Sep 18 20:14:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786175 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF487112E for ; Fri, 18 Sep 2020 20:17:44 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 17A8C207D3 for ; Fri, 18 Sep 2020 20:17:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DmFIi1OV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 17A8C207D3 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19934-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 20464 invoked by uid 550); 18 Sep 2020 20:15:33 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 20377 invoked from network); 18 Sep 2020 20:15:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=XxAfB/P/jhgYhoVgUFO0krm50APtT+WWyqbk+4ioXTk=; b=DmFIi1OVxsFoFg92oFWH2VPRTDu4wE9Rmg6s0bvmp2TuRAbHoKv6/fPJl1fuBdrjn7 VWzTK0IQDIyNMi23xcASGWrTPyHk0S7e0w5yoc9SZ/pQdToneOnD9OdIiO2v+KW9gj7y 9zlTW9p+FprZHdCq5rpUHZD/0n8xUda24onsLXZ66jqtU8LkEkm1FqYFsbOXQY9gVmIy ib61pYrKwyraXm+h5krhXzdEdTlzkFDCT45b4X7mDBl5iBONcOD1ksa0s/BExbykYGIB wn/5Ms/kn3W2LpKihjogJj5qO+B0a2gDh6bG4SxQfn0sDbgdsmBBEBBNuSsdj96B5Er/ uLBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=XxAfB/P/jhgYhoVgUFO0krm50APtT+WWyqbk+4ioXTk=; b=A8d/7HqscrJ4Spb/4eHMHAZLUt5jMF6oshbNkGQp/epgTIqkf9D0HT/N049OGDq5XQ NR4o3W7f2gK27LNhXFT/hUChMxKZNvup2h4XnypPjByr5SFkoJsA67BXKXHYB9ni1LJX 6nebUZ0tjfxbZk9XlByLkMsA+qXKkbNyBaFAYt4yZ4rxW6hchWgvgI6VjoNLt05Vb1VF xNV5qyVWEOXTlNnMci3KdWiaU9cJJ3rLamxYoqrXzvjfGk2wRODXSHQbEdNwXHkIr9ZT nRXHhHxHHI96pkGpZlpC+nEH2FhNv+JbXAZO/K0LwNBwMVgR10E6iP13fAIFXky9+Hsx 8yNQ== X-Gm-Message-State: AOAM532Z+j5n+ik+LMBqoWVM0trXjfz6ol4x3VeEyEarupxI331iTyzs OnmVKrdn+H0C+XKEfE8oEnZhNxyDipMP0WxkPac= X-Google-Smtp-Source: ABdhPJy2KjHLDlLlwF3FZGYG4YjeDAk7DNS4RO40Qo5O+7UwvN2wgXBj6NsmIvpwMLwrVraEYVu5qDWHVwe1uVR3arc= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:e009:: with SMTP id x9mr6392448ybg.373.1600460121392; Fri, 18 Sep 2020 13:15:21 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:24 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-19-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 18/30] init: lto: fix PREL32 relocations From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, the compiler can rename static functions to avoid global naming collisions. As initcall functions are typically static, renaming can break references to them in inline assembly. This change adds a global stub with a stable name for each initcall to fix the issue when PREL32 relocations are used. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/init.h | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/include/linux/init.h b/include/linux/init.h index af638cd6dd52..cea63f7e7705 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -209,26 +209,49 @@ extern bool initcall_debug; */ #define __initcall_section(__sec, __iid) \ #__sec ".init.." #__iid + +/* + * With LTO, the compiler can rename static functions to avoid + * global naming collisions. We use a global stub function for + * initcalls to create a stable symbol name whose address can be + * taken in inline assembly when PREL32 relocations are used. + */ +#define __initcall_stub(fn, __iid, id) \ + __initcall_name(initstub, __iid, id) + +#define __define_initcall_stub(__stub, fn) \ + int __init __stub(void); \ + int __init __stub(void) \ + { \ + return fn(); \ + } \ + __ADDRESSABLE(__stub) #else #define __initcall_section(__sec, __iid) \ #__sec ".init" + +#define __initcall_stub(fn, __iid, id) fn + +#define __define_initcall_stub(__stub, fn) \ + __ADDRESSABLE(fn) #endif #ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS -#define ____define_initcall(fn, __name, __sec) \ - __ADDRESSABLE(fn) \ +#define ____define_initcall(fn, __stub, __name, __sec) \ + __define_initcall_stub(__stub, fn) \ asm(".section \"" __sec "\", \"a\" \n" \ __stringify(__name) ": \n" \ - ".long " #fn " - . \n" \ + ".long " __stringify(__stub) " - . \n" \ ".previous \n"); #else -#define ____define_initcall(fn, __name, __sec) \ +#define ____define_initcall(fn, __unused, __name, __sec) \ static initcall_t __name __used \ __attribute__((__section__(__sec))) = fn; #endif #define __unique_initcall(fn, id, __sec, __iid) \ ____define_initcall(fn, \ + __initcall_stub(fn, __iid, id), \ __initcall_name(initcall, __iid, id), \ __initcall_section(__sec, __iid)) From patchwork Fri Sep 18 20:14:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786179 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 130A292C for ; Fri, 18 Sep 2020 20:17:55 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 4EDC22074B for ; Fri, 18 Sep 2020 20:17:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Qgpy+pbz" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4EDC22074B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19935-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 21741 invoked by uid 550); 18 Sep 2020 20:15:36 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21662 invoked from network); 18 Sep 2020 20:15:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=iG8c4IVmV6SAigaVNA/2Da1zni30786ipLEHlcLZdp4=; b=Qgpy+pbznAwuGgS1UcHWV2+GgEBqJBW/QXwkjniAUgd0yEt/iVnU3kXXwNdozhgQzz MZzhTSncTCZS90D0o8lSwmN7wmdlvsaE1QWRoTj6Wbe2nae8ffdijksuNQIIVYs/eybZ PhIUX9y2TjqMSdsaiGH0h2KtARkrrLOZf/w8Sm2VeQum5NJG1Sy6tVoqsuv4aAwEG7YK 02eRqNOcpZQaCeV7Ckrk7WrJ5FjODwlvlNCDUQkrG9fITgVhDbllmG+pZNctstR4JiRy rA0r42k8E4pddkc8iQa3ov74ZrsmEOgVOhRYMv7EwvJEm2M2DLQUQBG2GyMEcM38Vad0 xDlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=iG8c4IVmV6SAigaVNA/2Da1zni30786ipLEHlcLZdp4=; b=Zot3WPvdDuXeIQExdQU7OHMcZcnvr3j8a/xLaVvX0InroG4auTyHzVd/Z9IG+J299q /3MzlSiimY6QnD/T0KKI+B7oAQcU8Kf7PvVck3+4mmtBA6CeHw/lwh9jdpN2WQBJpBa6 zR7Ls/KY/AHgQW0OTLEAi1vH/9HN14mNRQRfRmXeakkPtf/feJ7FjjCGfDv2CtEI2LRE IpnQx+cbJ/eM6vHlJ31ec0fNxs1Mj7WAurV8n9PmRDVCL2IT3Gzy6DaVkWQVbA09tQQd GgXugXKNho33gPO0VjMJCBrZFGfw/3Aw612T7ItuKaFOAIPdFzcCkh+6hm4i3brE7kbV Phxw== X-Gm-Message-State: AOAM53150cuDBt8iowpBMxsuBshXg1beBcihxKYRdweKkcexTGE45Zfv 4HlnFk2TOa38Ra6RqWkBmtmcEhci3AKHNe18c5c= X-Google-Smtp-Source: ABdhPJyAaI/eiFtDj86m6e83BVMlPsjdMZNZWL0L4WJ70VEUwFhQzIrnfngpXkviQEnEmXABI7Y2dHDcYxV6d7VeWCU= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:58c7:: with SMTP id dh7mr8337663qvb.20.1600460123968; Fri, 18 Sep 2020 13:15:23 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:25 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-20-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 19/30] PCI: Fix PREL32 relocations for LTO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With Clang's Link Time Optimization (LTO), the compiler can rename static functions to avoid global naming collisions. As PCI fixup functions are typically static, renaming can break references to them in inline assembly. This change adds a global stub to DECLARE_PCI_FIXUP_SECTION to fix the issue when PREL32 relocations are used. Signed-off-by: Sami Tolvanen Acked-by: Bjorn Helgaas Reviewed-by: Kees Cook --- include/linux/pci.h | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/include/linux/pci.h b/include/linux/pci.h index 835530605c0d..4e64421981c7 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -1909,19 +1909,28 @@ enum pci_fixup_pass { }; #ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS -#define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ - class_shift, hook) \ - __ADDRESSABLE(hook) \ +#define ___DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ + class_shift, hook, stub) \ + void stub(struct pci_dev *dev); \ + void stub(struct pci_dev *dev) \ + { \ + hook(dev); \ + } \ asm(".section " #sec ", \"a\" \n" \ ".balign 16 \n" \ ".short " #vendor ", " #device " \n" \ ".long " #class ", " #class_shift " \n" \ - ".long " #hook " - . \n" \ + ".long " #stub " - . \n" \ ".previous \n"); + +#define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ + class_shift, hook, stub) \ + ___DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ + class_shift, hook, stub) #define DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ class_shift, hook) \ __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ - class_shift, hook) + class_shift, hook, __UNIQUE_ID(hook)) #else /* Anonymous variables would be nice... */ #define DECLARE_PCI_FIXUP_SECTION(section, name, vendor, device, class, \ From patchwork Fri Sep 18 20:14:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786181 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA01092C for ; Fri, 18 Sep 2020 20:18:07 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2E04520684 for ; Fri, 18 Sep 2020 20:18:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bUS9jAgi" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2E04520684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19936-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 22026 invoked by uid 550); 18 Sep 2020 20:15:39 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21909 invoked from network); 18 Sep 2020 20:15:38 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=8lEX8dhcXccIUepNU1SEoCt6plyxV6wLvpdFoemo79Y=; b=bUS9jAgi/132eC2JXmXVaOGX5cLLbckvGufmxI44RyqSyijqoxymHFZKHTY4QKqUWn JZzyyQQyPOeyAB7WnMYxNQTmxtjglzkhrl8ulRLEEbjVlwVzF7diBx2otZU49x2IXBy2 co+YT2lrE8KpeesfRNW8cKsLLM86m2CFK0eSmAsAPXufo+5rYg3FA9kBPohZ1NgV0EaA LnZfw6PALKKAclvHbVHc9MptSA4aLLvKdW6gApRLHVah/9fPGksyPaQZL+IPWMQyzoOB rrqLl29+OU1RGaoeD9FR2Vyb0aLYQDqH9OpyYwmNpW2e2QBA+p1vmSjIEg0en7V4iK0R OhaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=8lEX8dhcXccIUepNU1SEoCt6plyxV6wLvpdFoemo79Y=; b=kXsaWR+Cw7X5N8XaNBxi/iy3+oA9rw+w2ls7f43xOCuJbTe6wUXh6Py4qMe8xrtKNP 9foYFGb4U7DwW24CU2pYB3zrfeC2fQO/dndabBEkm/GSY/nOKC2/kBRBsPSMkHb+6m38 H3xO9TPkjiWj/UV6eKeY8pN5Ks21rj+z5Rr1buOFi8x8W96atRTM8UOV8JmZW/ePyUai k12fuyXcb7bOFigZBLgn5dSmStDnqi4EXwgbUoQCZs2ItvsHePCiOxj1RckYDeeplkCu yJsFzG2jSsGUYj//qdZxd7U4t0P6n1oXewDfq7oaq7Ql5nlArwhQAHb+7+Xaw+p5XobW fB1Q== X-Gm-Message-State: AOAM533/BRQ/wZYRCnGHUNsau0zY8K7hlfj04uLsp306qHCgnWr9OfTJ TV5M2AUdcC7XqY7UPp0ufdiDF+cJlCqXym+aUcM= X-Google-Smtp-Source: ABdhPJxvjx1bmj7Cp0aVz2H1UJR3LkO2WNClVAnJIbW9tZ58+17Ee06aPFUwJNBWfpBxBWpNmGts9z7gqVsMYgq1pT4= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:cf13:: with SMTP id f19mr8568269ybg.386.1600460126530; Fri, 18 Sep 2020 13:15:26 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:26 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-21-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 20/30] modpost: lto: strip .lto from module names From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With LTO, everything is compiled into LLVM bitcode, so we have to link each module into native code before modpost. Kbuild uses the .lto.o suffix for these files, which also ends up in module information. This change strips the unnecessary .lto suffix from the module name. Suggested-by: Bill Wendling Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/mod/modpost.c | 16 +++++++--------- scripts/mod/modpost.h | 9 +++++++++ scripts/mod/sumversion.c | 6 +++++- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 69341b36f271..5a329df55cc3 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -17,7 +17,6 @@ #include #include #include -#include #include #include "modpost.h" #include "../../include/linux/license.h" @@ -80,14 +79,6 @@ modpost_log(enum loglevel loglevel, const char *fmt, ...) exit(1); } -static inline bool strends(const char *str, const char *postfix) -{ - if (strlen(str) < strlen(postfix)) - return false; - - return strcmp(str + strlen(str) - strlen(postfix), postfix) == 0; -} - void *do_nofail(void *ptr, const char *expr) { if (!ptr) @@ -1984,6 +1975,10 @@ static char *remove_dot(char *s) size_t m = strspn(s + n + 1, "0123456789"); if (m && (s[n + m] == '.' || s[n + m] == 0)) s[n] = 0; + + /* strip trailing .lto */ + if (strends(s, ".lto")) + s[strlen(s) - 4] = '\0'; } return s; } @@ -2007,6 +2002,9 @@ static void read_symbols(const char *modname) /* strip trailing .o */ tmp = NOFAIL(strdup(modname)); tmp[strlen(tmp) - 2] = '\0'; + /* strip trailing .lto */ + if (strends(tmp, ".lto")) + tmp[strlen(tmp) - 4] = '\0'; mod = new_module(tmp); free(tmp); } diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h index 3aa052722233..fab30d201f9e 100644 --- a/scripts/mod/modpost.h +++ b/scripts/mod/modpost.h @@ -2,6 +2,7 @@ #include #include #include +#include #include #include #include @@ -180,6 +181,14 @@ static inline unsigned int get_secindex(const struct elf_info *info, return info->symtab_shndx_start[sym - info->symtab_start]; } +static inline bool strends(const char *str, const char *postfix) +{ + if (strlen(str) < strlen(postfix)) + return false; + + return strcmp(str + strlen(str) - strlen(postfix), postfix) == 0; +} + /* file2alias.c */ extern unsigned int cross_build; void handle_moddevtable(struct module *mod, struct elf_info *info, diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c index d587f40f1117..760e6baa7eda 100644 --- a/scripts/mod/sumversion.c +++ b/scripts/mod/sumversion.c @@ -391,10 +391,14 @@ void get_src_version(const char *modname, char sum[], unsigned sumlen) struct md4_ctx md; char *fname; char filelist[PATH_MAX + 1]; + int postfix_len = 1; + + if (strends(modname, ".lto.o")) + postfix_len = 5; /* objects for a module are listed in the first line of *.mod file. */ snprintf(filelist, sizeof(filelist), "%.*smod", - (int)strlen(modname) - 1, modname); + (int)strlen(modname) - postfix_len, modname); buf = read_text_file(filelist); From patchwork Fri Sep 18 20:14:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786185 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E129692C for ; Fri, 18 Sep 2020 20:18:16 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 3084320684 for ; Fri, 18 Sep 2020 20:18:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="m59NkH3j" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3084320684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19937-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 22250 invoked by uid 550); 18 Sep 2020 20:15:42 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 22139 invoked from network); 18 Sep 2020 20:15:41 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=6wkvNORTwM39S5uL0TTc53qeLnDmqjDSKMDvKwEqUnA=; b=m59NkH3jdBVGi3dXc89rIxXW0NE7GMfjZfL5ODM7hicbW9tRbSExno6sIVoWVPk/b2 6ew8lrdf0hw7stNFVAv/okktVg/LjpO4I7jNzt6a8VoaOl/pRpNH1xks4v9BW7bxD/Sr i6vq8H7yjf2sd8Aini4O9MK38tgJzNMOIkbJl3sG/G/kVyi9tS3kdWyXupCYVuHY/tg6 KLw2X/vONosgXWGz3RGoeu4MpReDPfkBwBqpqDUmYFeEC91faan+J54tUJcmpgPMtnOY BvbaH2KVwWvnm9Y2AQvGn+V2h5meg1oOgj2ERRg9cb5ebYhX4XX5VX8BZKgVsjjWQeQu IcZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=6wkvNORTwM39S5uL0TTc53qeLnDmqjDSKMDvKwEqUnA=; b=GKYsi9NCkJ2HG6+CBrMQJ64lurUaXirliAHzOHMOAC7ksA3hZgq8MRQhVrojAtkF7d uliBD1Fb0ik2ClfFJJyg862IQ+eTgz/wBuWN0Tzrap+KT4KuWOhoScMnwJ1xc/xq96Tj Jp6f/qOBTwZuroH/QaoasyBC8FFsNv3DAOVizyRSn5juaUu6cd4vCLc5S75N31uxpS3B LaeI8lsm3Xde12h0sLD5FEqNUgCfGI76rBD+8f2930Tqrc20PVcDguP3Pl/vx3arw2kM PlyGCgS1sbaEzQfMpFh53zR4ERRINCfiGa991PicdN0eyVijUZnGhO0D/Xx8lUIk3gKB yIuQ== X-Gm-Message-State: AOAM530KJ2eU4PK3rgToRh9JTJbqgQIU395+6shLT41r92p7QV8fhddH dD8u3wacWT/DDjjO63i+VsXalvI3Qx65RkwvBSs= X-Google-Smtp-Source: ABdhPJyhl0O3HrtpwK2+/eq92loT21+CwrJm1w5RAc9ZKC6o0au3sfzPs9arIL72JQf6OFaC7oO4rGV/iT2i5XrFZMM= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:57cc:: with SMTP id y12mr19090228qvx.48.1600460129171; Fri, 18 Sep 2020 13:15:29 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:27 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-22-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 21/30] scripts/mod: disable LTO for empty.c From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With CONFIG_LTO_CLANG, clang generates LLVM IR instead of ELF object files. As empty.o is used for probing target properties, disable LTO for it to produce an object file instead. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/mod/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/mod/Makefile b/scripts/mod/Makefile index 78071681d924..c9e38ad937fd 100644 --- a/scripts/mod/Makefile +++ b/scripts/mod/Makefile @@ -1,5 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 OBJECT_FILES_NON_STANDARD := y +CFLAGS_REMOVE_empty.o += $(CC_FLAGS_LTO) hostprogs-always-y += modpost mk_elfconfig always-y += empty.o From patchwork Fri Sep 18 20:14:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786187 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E5A29112E for ; Fri, 18 Sep 2020 20:18:27 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2CEF220684 for ; Fri, 18 Sep 2020 20:18:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UfHLbm8n" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2CEF220684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19938-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 23557 invoked by uid 550); 18 Sep 2020 20:15:44 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 22414 invoked from network); 18 Sep 2020 20:15:43 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=X2rJBbb/dAb+yfnrEjkjEFh1Qlc3T9c6r5OVY+2F28Q=; b=UfHLbm8nbc7nF4Jo2yUgHO34FEnYwaE+D6WpRyYM9fua/f1c+fZ8kF6HsVdGT3ZStz DIioQeeYjH1vQBjYBq6RWn1tj8Ze0d8QdJv/5ZoCfD/OJopHg281EA0NzxBu0bnxaWZh gx+JUnvc4+vXR4wjKioKlFelZxpe0ui4Lh1MT956XxN4Ky84dI7eVbp7usD/4ORebyXi CldVhYDtXNAYA4NGIwtBdJpXhE9cy2RjWHBM1Uc8TjKab8xO1nXAuOuk6CkQAwAWw4AW +5M/W/XGQlX5ApQtgCjOdjNKX53WnhGd309U+vDRlJPdbYtPQkUcz7FocAivoRqNyi4G Nh3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=X2rJBbb/dAb+yfnrEjkjEFh1Qlc3T9c6r5OVY+2F28Q=; b=A6akzRPDx1PdBGvNd2v7JECwS+BPAPVaIajfNpCDA1WE/cqOGwiWGSQAQlEv7KOKkL daK52nFZGDzmcr84HqnIejjKR6zbgUtBLSOwL4HZaA0g1i27sj2svflOqlb8XhFURZjV SH80qIZ1ZokXv3v217WEdFCoVLHduKrTyG9ynRKRSrGHPhXpAj1NyPRyATA5EmkEF1w4 ENfTz8eVonGGCHQOoxx/0KJ/EmseFJ/V17K6QlWTMWREVMWocTJ2y7FfMi93MGOJ8UTU /b1gbTLR3TzrWTeyFcmtdi/R+B9n/myR825v4JXMZk0y2ogqA1t3eEZbvjrWppb0PT/c xyVg== X-Gm-Message-State: AOAM530bh5MvTCKgISn5LNArSDya8cCv5/4ensY5zzHx9ueD+X9PMtSs e0hnMQP6BLeajIsZ/86Nr/hpH37JLyZkq0oANMQ= X-Google-Smtp-Source: ABdhPJzo4LTM6y/+DCzOvBKNO4aVvzGwT/r1d/eIrsPqlXmeiMn37vjIcaP3n6Xyzc5vYh3xJFK8sACdwTT13Li7Iew= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:5a0e:: with SMTP id ei14mr20725499qvb.15.1600460131755; Fri, 18 Sep 2020 13:15:31 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:28 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-23-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 22/30] efi/libstub: disable LTO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen With CONFIG_LTO_CLANG, we produce LLVM bitcode instead of ELF object files. Since LTO is not really needed here and the Makefile assumes we produce an object file, disable LTO for libstub. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- drivers/firmware/efi/libstub/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 296b18fbd7a2..0ea5aa52c7fa 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -35,6 +35,8 @@ KBUILD_CFLAGS := $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \ # remove SCS flags from all objects in this directory KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +# disable LTO +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO), $(KBUILD_CFLAGS)) GCOV_PROFILE := n # Sanitizer runtimes are unavailable and cannot be linked here. From patchwork Fri Sep 18 20:14:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786191 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0ECA4112E for ; Fri, 18 Sep 2020 20:18:39 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 4C9E820684 for ; Fri, 18 Sep 2020 20:18:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YYDR5W+p" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4C9E820684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19939-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 23750 invoked by uid 550); 18 Sep 2020 20:15:46 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 23662 invoked from network); 18 Sep 2020 20:15:45 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=Aq4KaYtXPvsIFu2w9Cb9+vNMYXxmfrCDkI2ZzAJ/U8w=; b=YYDR5W+pWvCCMlsLuxLz2kP7xV+uq2FmsovV4iGNvno67WC358C4PSNmTbdGHW6cZy Xr2bfek6oOyIlLCqqcmz58AwsnwR59RRO+p9vcpDdt33YhN8IrJ/O6OhGAnZkSzVXUBi juaZEaotR1IoDS52HcVfmR1tV9lf6hMZtKDYu+gLSSBc5p2YM9N18q2UMIgXTdzr3uIq Fm8Rp3KBn78V9C/U0MxUKT6AZU9wjegUqE9FD6bezlPI8xyTBnsPinaduX3IiPx/NQx9 CiLebwGjfIl4ZFQ0mM3lJvlbPYemZFWx56rfr5kUCzWThPFDwAshAHrFrPtMZk+I/w6c LAyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Aq4KaYtXPvsIFu2w9Cb9+vNMYXxmfrCDkI2ZzAJ/U8w=; b=iYVXfhwRmoUg3AD8S+qeUmhmgFcB123HuQxeydH/aw1CJ6cvmI8wDUyz/7f4VjcSy1 sfYZ3a7Cj96iZNkdcGDJSHaoLsBom28JaN+aldI7/NRGIQqpQ6bDSZOqSxSPLfUdUGHC 5u2Y2lKnYu0jUSARDzjUCbRkEEhWjfFDLgJghVGhoG/yHx+WKUO9BblwmfPlOW+0Df+2 LVE0+z+JLS+a6awWEgWiTjC/P5vgYHnysCwpxL/oxI7H6jRCMkzZNjhrajmxt5UsJfNX RHBa93gn1Ljp0MSbRDUqjxxGup2iUFVMtXJ6UMEtmzg+iOBJxTNmmto2w117tAWHpywa MA7w== X-Gm-Message-State: AOAM531EwPcdhneTljGTIJ1W+pP50vhscFTw8FFfwDipB5KIDA36wQYn BiZsURUpQvSL0Y5ZBX456ba6XCqGMCY/EnG5kno= X-Google-Smtp-Source: ABdhPJzXb8qZ74hw7N+WHo8RG9mWCgQryKG+Dq+aV9VBYLvnlICCRjFkSfcNOp4lq06uZySFvKcVSM3OKhDJkRKVbys= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:4d87:: with SMTP id cv7mr19182556qvb.49.1600460134116; Fri, 18 Sep 2020 13:15:34 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:29 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-24-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 23/30] drivers/misc/lkdtm: disable LTO for rodata.o From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Disable LTO for rodata.o to allow objcopy to be used to manipulate sections. Signed-off-by: Sami Tolvanen Acked-by: Kees Cook --- drivers/misc/lkdtm/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile index c70b3822013f..dd4c936d4d73 100644 --- a/drivers/misc/lkdtm/Makefile +++ b/drivers/misc/lkdtm/Makefile @@ -13,6 +13,7 @@ lkdtm-$(CONFIG_LKDTM) += cfi.o KASAN_SANITIZE_stackleak.o := n KCOV_INSTRUMENT_rodata.o := n +CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO) OBJCOPYFLAGS := OBJCOPYFLAGS_rodata_objcopy.o := \ From patchwork Fri Sep 18 20:14:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786195 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 688D6112E for ; Fri, 18 Sep 2020 20:18:50 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id B062620684 for ; Fri, 18 Sep 2020 20:18:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ObhRsoWs" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B062620684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19940-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 23992 invoked by uid 550); 18 Sep 2020 20:15:49 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 23925 invoked from network); 18 Sep 2020 20:15:48 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=/0ldiyB2nVfkSW+Z4ZqugZ1I2eeQ0sdYMfFHH6J6dWM=; b=ObhRsoWs56/ckOGNxhhvSliY51cEtV0g/uMSUnztF/O7z31SMtCH/329m8ibTSKZpG fiez3GHcBYfc9o5RBx52gPxMzE2kT7BpfP1ZD4q5GKOuEItaIBhl8DMnx+NNI8ef7ycs b8R96aDxgD2UiGsnLon+7daf2qTD2JY7NXxEElaPkmsOHkoKvbT8QFHFiJaUXRtTLxH0 55yHN4z3tf4xECFWt3X9nwCecG7xNYuYAMLaw4tETvqQQGxC0C2DOdr9nz2poaLSjtvv 1tZdTBVYTcwfiT3/yI4GgTADGX+HKVoqImsQX1FHpwsSfHwO0fR0fgmBvCx0ByfTr/Ho 8lWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=/0ldiyB2nVfkSW+Z4ZqugZ1I2eeQ0sdYMfFHH6J6dWM=; b=TQohQHD2FyAchPtq8EVcnSzuGy1CdRBhi5C/glKcqjN5pOFl6IzdsIen9In1WszpK9 g39MR4X+2OJgwJWF4LLrcrIOknIg2VeakDZL6euoV2Sv75yvxjU6QIPFoOUTLJm6le0m fb41Ct7EKKsYPEPAq0f6aOqXAQSzRIDrgvxH5gY3K3t0N9XEaTFTM3oWAZJqVWxkFJsG FCTKTSHhhHaHh3i/NHnNzQyNHnvRDDIeOESDouFVB7bUY6QRLo7T2VTTW3W7H0BgFXmS tqfrESnQjIwuhf8RweadRjwdyCt2ZRPjO7MVipo3ZtaCjxUvPOarOTHRjtR3E4pdZiM8 bQ8A== X-Gm-Message-State: AOAM531IB6D2PBt+Kqc4k4jMGBzf+PZDPWHdw5z+a6ui7QXE9A3vu8fq gX3Z1GPLx9FtLbEUWY3aThXaZADXFM6B1KLL0WU= X-Google-Smtp-Source: ABdhPJzlCcwfWl9pGOxTGz2mpuA0ZcI0OzyXT/6tCo4MOeFDLBSH0AjygGOTnITZPst0myY84qe7t61m7gd1U0GYQLc= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a0c:8b02:: with SMTP id q2mr19161266qva.48.1600460136604; Fri, 18 Sep 2020 13:15:36 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:30 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-25-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 24/30] arm64: export CC_USING_PATCHABLE_FUNCTION_ENTRY From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Since arm64 does not use -pg in CC_FLAGS_FTRACE with DYNAMIC_FTRACE_WITH_REGS, skip running recordmcount by exporting CC_USING_PATCHABLE_FUNCTION_ENTRY. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 4e8bb73359c8..57b875099b17 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -123,6 +123,7 @@ CHECKFLAGS += -D__aarch64__ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y) KBUILD_CPPFLAGS += -DCC_USING_PATCHABLE_FUNCTION_ENTRY CC_FLAGS_FTRACE := -fpatchable-function-entry=2 + export CC_USING_PATCHABLE_FUNCTION_ENTRY := 1 endif # Default value From patchwork Fri Sep 18 20:14:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786197 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D65FE92C for ; Fri, 18 Sep 2020 20:19:01 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2A69F20684 for ; Fri, 18 Sep 2020 20:19:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lu5o9R8g" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2A69F20684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19941-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 24258 invoked by uid 550); 18 Sep 2020 20:15:51 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 24145 invoked from network); 18 Sep 2020 20:15:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=TqIl0XsuMws2W7SAyTGgPlMUxJpmV31lTKH8j5/4FZ8=; b=lu5o9R8gm3jqcUgmwu4AY/DoLfD5wt5MOlJd0k40tfngeaf8Nt07Vk6ePP9t8NlEZN IVqlDHPcBWhQmmotn4u+3EefhUJi4+cheG5oC6RvYmB7RkBMe7EstPG5yMRAIDKgu2g4 axLl7OmVkBvP92Q0Qbvl1A+S7pF0924SmotebecxUz5whagk2WPh1iNdxekOtLgSwwwo 0Ns1oRsUkHTg+U1kphL0FSFJspdH6IcYbg1jpew7/hIrVEFAzVHH8yr+R74J5oNr2P3K IdJppxeqyy0BnWW1z/jWEr6bH3y/3VeXHdJFclXUQXKes6i8fQsPsWgt1B/kImbNCuTX cjBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=TqIl0XsuMws2W7SAyTGgPlMUxJpmV31lTKH8j5/4FZ8=; b=FdyV8WaYzqD7UwIJI9oMJQ/3WZxq1n3y7tEpbZd19YG7Gg+hLFFkGIPdEVrOtpMmd0 hTajbjCWnTUENcMhfD8uexVVM+V0XdP49pXWGxkNFTQumeF9oMiC8GgZCMNz33PInhtQ qLrgv28DZH/8YOrBH0DY7k95swEdd7+m3qLqbrZEB3oZjTh5a615sgi7Oqo9tDCIdD9n FRCFtI4CAoubSDJRvJWvaA3zxFC3qd/MOttEP1CcMBLYFcB7WKxDWCqZHY9k+1XVQtet 2DlCnbBlMmXsrU/V7rnGpC6JvHkLfDYcqQcmbFS/SHiNQFiXFywghDF5tvVCRLjAV/Lw VyaQ== X-Gm-Message-State: AOAM533nDnENA/kElqRdA/8R+7VYHJtQP188htS9irnFyH+wIwzs1IP2 28NSMUZniMKJLhOerkpqw7kEgDchF01wxv1ZY9w= X-Google-Smtp-Source: ABdhPJzM+bDDdhQ1yuvEohGu3NxsCeWWPsxJypy/LfG2x1PLzd9dzX2AyM5yRCrQ0RzzRR4VA988AWIJ4v9Gjkgti5E= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:58e7:: with SMTP id di7mr18639207qvb.36.1600460139023; Fri, 18 Sep 2020 13:15:39 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:31 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-26-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 25/30] arm64: vdso: disable LTO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Disable LTO for the vDSO by filtering out CC_FLAGS_LTO, as there's no point in using link-time optimization for the small about of C code. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/kernel/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile index e836e300440f..aa47070a3ccf 100644 --- a/arch/arm64/kernel/vdso/Makefile +++ b/arch/arm64/kernel/vdso/Makefile @@ -30,7 +30,8 @@ ldflags-y := -shared -nostdlib -soname=linux-vdso.so.1 --hash-style=sysv \ ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18 ccflags-y += -DDISABLE_BRANCH_PROFILING -CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) +CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) \ + $(CC_FLAGS_LTO) KASAN_SANITIZE := n UBSAN_SANITIZE := n OBJECT_FILES_NON_STANDARD := y From patchwork Fri Sep 18 20:14:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786199 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6732092C for ; Fri, 18 Sep 2020 20:19:13 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id A754420684 for ; Fri, 18 Sep 2020 20:19:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="REd95VnF" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A754420684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19942-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 24496 invoked by uid 550); 18 Sep 2020 20:15:53 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 24402 invoked from network); 18 Sep 2020 20:15:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=oXJMXy02LqTQDpBkn8PPtjYwJPq4evUojZhZLMc3uvo=; b=REd95VnFXwmD3ND7Lapf6wTEKHlyfaSDlXa6A5g8OMe6rD7mXFuEioeTzTVuP+wKYy krseyNRuMtJa9ctfWr2TjaEjNcbStkBCBOxYrTttidotv9Qbdv5f70T8rfirifUlhiGO fbpwKXewIVSjSWcELClY8rHyvPgkF2XdC/QZF4KVfiVKi0xCd18r7fnei+hqOeW0nZel JhxqIwpbgtSIJrJ5e9QQl5CT7x9s7Yh2DeXazsVf3ebafU4M8/COaXTHkTmNbs2X65vv uvYLZii0pQgCywSqGr9bhM6Jz3cwSDm+sYfUU2OyMAh4+XaJbe4V1f+DGOyRxBJY+8Ct N4eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=oXJMXy02LqTQDpBkn8PPtjYwJPq4evUojZhZLMc3uvo=; b=gIC4DDR805bcnubODdeESWmN8BhrHpPkQNj0ruWPLCNkKyq1qMaeydKCJIUGpIdRHs 2xyHTSCjWMd9Oko/kAQWtSC7j1msjlYedxclk33yWo83NVVBFBzbswv0MKjD3dutqrmM wGe4Q5jQq+l3/0bcEa6aQQQs8AkZMydXgnrtQoy9tDoFw1ww0ZP+wPi1n6TGxIfbqhrn ZkyguWQJaiurfetZNY4RqCMbDbpl2rYv4Fed3IrDURWj7aCDDzfJ1WLDUgKvgNGHIaO7 q7ezGNxuuh9AUl+Rgob9Rq7DMBepExe60HQrOri5KIsDaJ16GC18MAsUg/hHOx14MW8B dxIQ== X-Gm-Message-State: AOAM531HcKPhibwapsgaRN7tEqpRO/V28P4dAmrrMBUIu9NDNXlsENXd /Zcp/oP+sdOouLp4t/nGZZaNV6PWSiUp7kabnmw= X-Google-Smtp-Source: ABdhPJxMyDngZuNnNx1wL9/fMd7ntfJVtVGTW6/hjVnBGEbXwyy4OggBNEJrH2U3qB1vnImsc26NsteebpxVgOTzfOI= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:14c4:: with SMTP id 187mr54928163ybu.449.1600460141424; Fri, 18 Sep 2020 13:15:41 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:32 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-27-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 26/30] KVM: arm64: disable LTO for the nVHE directory From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen We use objcopy to manipulate ELF binaries for the nVHE code, which fails with LTO as the compiler produces LLVM bitcode instead. Disable LTO for this code to allow objcopy to be used. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/kvm/hyp/nvhe/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index aef76487edc2..c903c8f31280 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -45,9 +45,9 @@ quiet_cmd_hypcopy = HYPCOPY $@ --rename-section=.text=.hyp.text \ $< $@ -# Remove ftrace and Shadow Call Stack CFLAGS. +# Remove ftrace, LTO, and Shadow Call Stack CFLAGS. # This is equivalent to the 'notrace' and '__noscs' annotations. -KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_LTO) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) # KVM nVHE code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may From patchwork Fri Sep 18 20:14:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786201 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 370A792C for ; Fri, 18 Sep 2020 20:19:24 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 7294720684 for ; Fri, 18 Sep 2020 20:19:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qivt17C4" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7294720684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19943-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 25746 invoked by uid 550); 18 Sep 2020 20:15:56 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 25669 invoked from network); 18 Sep 2020 20:15:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=vY4wvL91lX+XoPJtjETBJ0Jod2fr7hSe9gEwviH1PQg=; b=qivt17C4c3k3DwY8yxkDax/XSYLbBnJNnBYPw2ZM9Gn/ZE0fIpcsHSVm+mQlhKjakH ACLHPBDSrN9QhIs+2oMundPSpouSZPRbj9HW414qGcxUL8RP/Qw81qBg3hFyQmOJVd70 36vk+fW3SMvGQBxWNMXr5dCR/MCgbY301VpVmDNnr0VCgN2sZLUw+BrVWaduLhzw5SZv rv8S8puJ+RnceNDh0B4fMoiQfngBeVpOdbwRVQ/hhKlaWSqX5BsgHyNznIZZ8LnydZBh YrVXnwczP2gFi6vqoYxTjLvwOSb3+MWNcxlFSbiyja8iKC/0zZ8liDgrrBt8Hk4cr/64 UQCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=vY4wvL91lX+XoPJtjETBJ0Jod2fr7hSe9gEwviH1PQg=; b=goLaVP/IQIkyiQ8KE5QzC6c+d0NpXw6SOCQ8FE5Gw703C1OFSdG/JOZ7agSK3XIET/ 7/R69SGM5dEicxNZBdlqkznlMdIboZTtOM9XYKU+u5PsUfLuqGxVg26kBVbURewVp7f9 oKVgGvLYJAKw+Wjnz9hAchy2XokoTvoOhPGQXkPPhNMltEEYEY/FormMLDYQhKNayRZB A+AMFnNJgZMeqvgraGOFFlKt0+Yy70mjujRuJAnz/qlENL8gpZQwMN8EZJCyr2bh6U1K qa3yKqK6Tre/1KftHmN6QlblEndXsTTNb95bKVj/z9Er8Lk4UwKPvNLKKIqAH2flVIVI pcRg== X-Gm-Message-State: AOAM530Uym7pl4PN5AjzobTGRfqQpqJeiK/CE4FrNv4ZeqHwk3w0eExx P+2tcWh9tFSb9O1YGQ15nBLtfzVqmlQ5b6dOgK8= X-Google-Smtp-Source: ABdhPJxx/ZB+iAIYYGWthfZ5MCRw4ljJiAxyhQbM9fSoZJcW8J3//Xuvzi/v3xFDYUKOn6kD1n3mDEB16b4Qbpmiyyg= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:55ec:: with SMTP id bu12mr35584454qvb.0.1600460143930; Fri, 18 Sep 2020 13:15:43 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:33 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-28-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 27/30] arm64: allow LTO_CLANG and THINLTO to be selected From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Allow CONFIG_LTO_CLANG and CONFIG_THINLTO to be enabled. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6d232837cbee..2699fc5d332e 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -72,6 +72,8 @@ config ARM64 select ARCH_USE_SYM_ANNOTATIONS select ARCH_SUPPORTS_MEMORY_FAILURE select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK + select ARCH_SUPPORTS_LTO_CLANG + select ARCH_SUPPORTS_THINLTO select ARCH_SUPPORTS_ATOMIC_RMW select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 && (GCC_VERSION >= 50000 || CC_IS_CLANG) select ARCH_SUPPORTS_NUMA_BALANCING From patchwork Fri Sep 18 20:14:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786203 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6FC1E92C for ; Fri, 18 Sep 2020 20:19:35 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id AB2D120684 for ; Fri, 18 Sep 2020 20:19:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OCV4Zse7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AB2D120684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19944-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 25953 invoked by uid 550); 18 Sep 2020 20:15:58 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 25866 invoked from network); 18 Sep 2020 20:15:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=EemRcLRZpf4yhUCeConvvCXzQf4ZIu8nUiUP+DipgvE=; b=OCV4Zse7oPgDcT96RPBXKapnnI9L/7OK6JFTGp6JDIVB8reBmtTJ8x+TgIHV1bQNT1 yODGYby9kVyQ8p61SLU/yg6HA3AOyBDoEQN4GCtsWbyfUxYsi9LakuSQeiu8C00FOlZC nXQlthrKXhecqdBCG42wjEu4ZA8UwNU7ri1WD8DdF01m27taT1VRMqPpDB7d1xzavjQ8 MAseVvLfwDnKz7Gcqkbl036OnUwQ4zBvKuexGNe7hy44z1WPbLj+0871OLhE9gceGoVn 2klPRgv3y+JB0+4x23CmEway5+Cp0Bo479FvHgqkdJAIc2SvpuGCJORrGOpziKgZ24iA XC5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=EemRcLRZpf4yhUCeConvvCXzQf4ZIu8nUiUP+DipgvE=; b=O/MUWnhgETKLWiO+lt1sO+BvhmpmceCfjTnP1axEbVYM/iOpoaOJ5ipKhpw6KeF3UE G7fJLFsGizNiVhRX8iE5zc/1nHy1DlnZ5tA+m5RJIImV0ub28DFQ3IgHyiTc6+99MQQa g0g041zmYN+yiL4P0F+fmjwlIs2cvuvr+plEoRGSROjKPgy/5W6Dl7slxlKix1vp7+eI /8puXgN0SfchrKvk7Pp3e4KglxMZG3YjM2+Y35kIr9NIPaexbnwBRRZUpKhJgPgAbTxC a6sPii0M1FYR1W5LszAbPY9IIQ/+VHg5LNI0EUjcC7jgxEKr2GO0WHgbueTDR+rcsLbL agBg== X-Gm-Message-State: AOAM530Ec5Roy4TJAqwX4IU/Qcsxio00/dglIrK24c9yGg4B/pjbD6zf v0CkVec1ShP1rRCBhqp6hqwZbE3nvzmr77ICdo4= X-Google-Smtp-Source: ABdhPJy7xp/LOuFwPpGGCHEVYRylz0MppKOo/jERMBhhbHtsIbQOQ34wy2DpN2K3SkM1Tla+jQrOeY2Z0njz9hLTvIY= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:4891:: with SMTP id bv17mr34873677qvb.20.1600460146163; Fri, 18 Sep 2020 13:15:46 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:34 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-29-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 28/30] x86, vdso: disable LTO only for vDSO From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Disable LTO for the vDSO. Note that while we could use Clang's LTO for the 64-bit vDSO, it won't add noticeable benefit for the small amount of C code. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/entry/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index ecc27018ae13..9b742f21d2db 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -90,7 +90,7 @@ ifneq ($(RETPOLINE_VDSO_CFLAGS),) endif endif -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -148,6 +148,7 @@ KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += -fno-stack-protector KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) From patchwork Fri Sep 18 20:14:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786207 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AB7A112E for ; Fri, 18 Sep 2020 20:19:46 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 5948620684 for ; Fri, 18 Sep 2020 20:19:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TVxfXnF4" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5948620684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19945-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 26306 invoked by uid 550); 18 Sep 2020 20:16:02 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 26203 invoked from network); 18 Sep 2020 20:16:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=FDO+ZF09uotnTu6WM5EnkpUkRKmQDNuzRpzleKkQ7Yo=; b=TVxfXnF4QbOPDMOs+zqprMl2MzHgkD6GHCP7JmlPrBoZmOkVnQx/H8w57iWBE6jaYf 6+KkRK3tQNrNeiix7gFvoYRY8m013PG2qHvBhB7usMFzmH6as/mPJIJ0i1xJYkR6xOcN NBHnEyx+G51AeSvmq8253zxiLfvPoAtayITYFw57JnKIYoHuBvQlTEjn3JLNIpdkKk/R wAJfJUuh6er8cS8DBKpDt+WcOB99abRnmwdIFbnaz0FqbKU/UIqZu02x2Ix+ynYt2cU+ uk5Y9gomclggvJtQ/OeFZIMHKEYveSFAxG5tPl5ZC3h8ga6eKx8TJpzeEBbhGIGPyZ1F 9rHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=FDO+ZF09uotnTu6WM5EnkpUkRKmQDNuzRpzleKkQ7Yo=; b=EUr8u2fZ/NsW2N8TlsbZVE9mve4nf1b9OmF2e6eoun7NsHRdL1lLZUHeOtGh+XHz2a d+2bb+dGSyKQSG4KO7ofwJVLIsVX93jlrxM8vNaU2a6ndvvT7HuTqNrgYcZXxW9n4Lm+ P8M0PbrC37o0vf84at67z6nz+G0mvMTSedirIih9dng2FDz+tsHCB9f8NyhWfrk9W2MI viO8+a24CBaoC5dbEUXq8nKVb83mDK4VpdJuAU4mkgvhifMX8yx6ww6FwiEmbkm+wL4P ynM5298jegOOKP2ix+kGbs5c9s2fs3sWJpIwYaFEHlkSW4xeGzffcxIDexQgDSqwTJeN 80Lg== X-Gm-Message-State: AOAM531M/SnWGhVWcl1sS4xYRK8d5xPHuCuAprmCyn/fPDEjk2P1RdEz HL/ewDtBHzskVh+nInZQbR33edp9JD7cNQyPFdM= X-Google-Smtp-Source: ABdhPJze5jMIoa5F5/UqpO3D/iFpSGC3f1kIVz5ZhEpSgtL6QfaALCSDHhqVkIqGdPsyHGP7v5lpZGVr0MzGMD5vThc= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:5653:: with SMTP id bl19mr34387705qvb.7.1600460148677; Fri, 18 Sep 2020 13:15:48 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:35 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-30-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 29/30] x86, cpu: disable LTO for cpu.c From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Clang incorrectly inlines functions with differing stack protector attributes, which breaks __restore_processor_state() that relies on stack protector being disabled. This change disables LTO for cpu.c to work aroung the bug. Link: https://bugs.llvm.org/show_bug.cgi?id=47479 Suggested-by: Nick Desaulniers Signed-off-by: Sami Tolvanen --- arch/x86/power/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile index 6907b523e856..5f711a441623 100644 --- a/arch/x86/power/Makefile +++ b/arch/x86/power/Makefile @@ -5,5 +5,9 @@ OBJECT_FILES_NON_STANDARD_hibernate_asm_$(BITS).o := y # itself be stack-protected CFLAGS_cpu.o := -fno-stack-protector +# Clang may incorrectly inline functions with stack protector enabled into +# __restore_processor_state(): https://bugs.llvm.org/show_bug.cgi?id=47479 +CFLAGS_REMOVE_cpu.o := $(CC_FLAGS_LTO) + obj-$(CONFIG_PM_SLEEP) += cpu.o obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o hibernate.o From patchwork Fri Sep 18 20:14:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11786209 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6F2B692C for ; Fri, 18 Sep 2020 20:19:57 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id AA1F720684 for ; Fri, 18 Sep 2020 20:19:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BCRPev+r" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AA1F720684 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19946-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 26547 invoked by uid 550); 18 Sep 2020 20:16:04 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 26447 invoked from network); 18 Sep 2020 20:16:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=o2DL67IOGBCnkKLJVmvx6mUhLGuExASqR4QZ4OZyxOY=; b=BCRPev+rE/eCdhTRad14OxKPRC759YffFhBrw/j99zRl+XMk2SeRH2Ro57Q+fpYAoY 41dQCr5nRdN1nuAqPl79eRYF7Et/K4hrYua59TnFUm5Qft7hifOftA32AELoX+E867b9 2jVvQFpvTUQ2M35PWVTe002iSNw0bKhWwMU3J5xh89MftQHJTF8aTjqfy5S8odXPfmkR B2V75MstoeJ9GqBepGfubW5/qhE+jhI/WYG/r7dM4O293zVEla547bOEPQpSKmz7YdJU wGZC1Jet9cEIKlifpza3a2tLHND8kbzGrtrT3REGXctWnfeV7IsjeRGJP72+hJcsyY8w zCoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=o2DL67IOGBCnkKLJVmvx6mUhLGuExASqR4QZ4OZyxOY=; b=YR3ktjxeqRIn2Qj1+N4QKd5nkcgW6IAykNXHnmrlGyCu0+X0KyPVZaaC0P3tIQ10hA y7gr9RR4mpBFkL3IdrV+ZF2BaWgMDuIHcD1i3hhRLl9NlMdPF6wfUOCyfqubSYUWPBxj /kDCy5UJQNA1sk0OgTQBJIXntUVEApUsONis6Zdpb/MhiogeaXF513YmG/N9+5Dq38MD iJ0uLQWWXONt2mKxOj/G1pVNBrtMo8Ii56CKd6Bugu3Vy3+TBnJCqqkBsUBR8pHth6vN Gy8t3/eKj/uzspjNYsxmmd+dLQ9GEedsIHmgfJGfiwA5lgaP3iRT9B9qQzPnNA4ueNGg 4esQ== X-Gm-Message-State: AOAM531Jkpcy7oi+4CDgTPuXcDcmm+uLS/0Bh5Dnx9IYErJI+e9TPih7 DiUKXnhbsGaxwYsWFSbgex1tqHj+R4GcP9ytA30= X-Google-Smtp-Source: ABdhPJwrzpZNvpYit1QmzfPWE8TC9Luw0JQEd0AJRVJCA8aClr3KtmTNrVIGHe8CNeT/kpakU/IVCxd5qz42yc0kkDA= Sender: "samitolvanen via sendgmr" X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a25:887:: with SMTP id 129mr35650576ybi.513.1600460151944; Fri, 18 Sep 2020 13:15:51 -0700 (PDT) Date: Fri, 18 Sep 2020 13:14:36 -0700 In-Reply-To: <20200918201436.2932360-1-samitolvanen@google.com> Message-Id: <20200918201436.2932360-31-samitolvanen@google.com> Mime-Version: 1.0 References: <20200918201436.2932360-1-samitolvanen@google.com> X-Mailer: git-send-email 2.28.0.681.g6f77f65b4e-goog Subject: [PATCH v3 30/30] x86, build: allow LTO_CLANG and THINLTO to be selected From: Sami Tolvanen To: Masahiro Yamada , Will Deacon Cc: Peter Zijlstra , Steven Rostedt , Greg Kroah-Hartman , "Paul E. McKenney" , Kees Cook , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, x86@kernel.org, Sami Tolvanen Pass code model and stack alignment to the linker as these are not stored in LLVM bitcode, and allow both CONFIG_LTO_CLANG and CONFIG_THINLTO to be selected. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/Kconfig | 2 ++ arch/x86/Makefile | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 6de2e5c0bdba..0a49008c2363 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -92,6 +92,8 @@ config X86 select ARCH_SUPPORTS_ACPI select ARCH_SUPPORTS_ATOMIC_RMW select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 + select ARCH_SUPPORTS_LTO_CLANG if X86_64 + select ARCH_SUPPORTS_THINLTO if X86_64 select ARCH_USE_BUILTIN_BSWAP select ARCH_USE_QUEUED_RWLOCKS select ARCH_USE_QUEUED_SPINLOCKS diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 4346ffb2e39f..49e3b8674eb5 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -173,6 +173,11 @@ ifeq ($(ACCUMULATE_OUTGOING_ARGS), 1) KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args,) endif +ifdef CONFIG_LTO_CLANG +KBUILD_LDFLAGS += -plugin-opt=-code-model=kernel \ + -plugin-opt=-stack-alignment=$(if $(CONFIG_X86_32),4,8) +endif + # Workaround for a gcc prelease that unfortunately was shipped in a suse release KBUILD_CFLAGS += -Wno-sign-compare #