From: Kees Cook <keescook@chromium.org>
To: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Nick Desaulniers <ndesaulniers@google.com>,
Fangrui Song <maskray@google.com>,
Dmitry Golovin <dima@golovin.in>,
clang-built-linux@googlegroups.com,
Ard Biesheuvel <ardb@kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
Daniel Kiper <daniel.kiper@oracle.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Nathan Chancellor <natechancellor@gmail.com>,
Arnd Bergmann <arnd@arndb.de>, "H . J . Lu" <hjl@sourceware.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 2/7] x86/boot/compressed: Force hidden visibility for all symbol references
Date: Mon, 29 Jun 2020 08:50:59 -0700 [thread overview]
Message-ID: <202006290849.940FAE8C9B@keescook> (raw)
In-Reply-To: <20200629140928.858507-3-nivedita@alum.mit.edu>
On Mon, Jun 29, 2020 at 10:09:23AM -0400, Arvind Sankar wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> Eliminate all GOT entries in the decompressor binary, by forcing hidden
> visibility for all symbol references, which informs the compiler that
> such references will be resolved at link time without the need for
> allocating GOT entries.
>
> To ensure that no GOT entries will creep back in, add an assertion to
> the decompressor linker script that will fire if the .got section has
> a non-zero size.
>
> [Arvind: fixup -include hidden.h to -include $(srctree)/$(src)/hidden.h]
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> Acked-by: Arvind Sankar <nivedita@alum.mit.edu>
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> From: Ard Biesheuvel <ardb@kernel.org>
> Link: https://lore.kernel.org/r/20200523120021.34996-3-ardb@kernel.org
> ---
> arch/x86/boot/compressed/Makefile | 1 +
> arch/x86/boot/compressed/hidden.h | 19 +++++++++++++++++++
> arch/x86/boot/compressed/vmlinux.lds.S | 1 +
> 3 files changed, 21 insertions(+)
> create mode 100644 arch/x86/boot/compressed/hidden.h
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 7619742f91c9..b01c8aed0f23 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -42,6 +42,7 @@ KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
> KBUILD_CFLAGS += -Wno-pointer-sign
> KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
> KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
> +KBUILD_CFLAGS += -include $(srctree)/$(src)/hidden.h
>
> KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
> GCOV_PROFILE := n
> diff --git a/arch/x86/boot/compressed/hidden.h b/arch/x86/boot/compressed/hidden.h
> new file mode 100644
> index 000000000000..49a17b6b5962
> --- /dev/null
> +++ b/arch/x86/boot/compressed/hidden.h
> @@ -0,0 +1,19 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * When building position independent code with GCC using the -fPIC option,
> + * (or even the -fPIE one on older versions), it will assume that we are
> + * building a dynamic object (either a shared library or an executable) that
> + * may have symbol references that can only be resolved at load time. For a
> + * variety of reasons (ELF symbol preemption, the CoW footprint of the section
> + * that is modified by the loader), this results in all references to symbols
> + * with external linkage to go via entries in the Global Offset Table (GOT),
> + * which carries absolute addresses which need to be fixed up when the
> + * executable image is loaded at an offset which is different from its link
> + * time offset.
> + *
> + * Fortunately, there is a way to inform the compiler that such symbol
> + * references will be satisfied at link time rather than at load time, by
> + * giving them 'hidden' visibility.
> + */
> +
> +#pragma GCC visibility push(hidden)
Is this recognized by Clang? I'm assuming so, since I see this already
being used in drivers/firmware/efi/libstub/hidden.h
> diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
> index b17d218ccdf9..4bcc943842ab 100644
> --- a/arch/x86/boot/compressed/vmlinux.lds.S
> +++ b/arch/x86/boot/compressed/vmlinux.lds.S
> @@ -81,6 +81,7 @@ SECTIONS
> DISCARDS
> }
>
> +ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
> #ifdef CONFIG_X86_64
> ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
> #else
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
next prev parent reply other threads:[~2020-06-29 19:27 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-29 14:09 [PATCH v3 0/7] x86/boot: Remove runtime relocations from compressed kernel Arvind Sankar
2020-06-29 14:09 ` [PATCH v3 1/7] x86/boot/compressed: Move .got.plt entries out of the .got section Arvind Sankar
2020-06-29 15:48 ` Kees Cook
2020-06-29 15:50 ` Arvind Sankar
2020-06-29 15:51 ` Ard Biesheuvel
2020-06-29 16:10 ` Kees Cook
2020-06-29 14:09 ` [PATCH v3 2/7] x86/boot/compressed: Force hidden visibility for all symbol references Arvind Sankar
2020-06-29 15:50 ` Kees Cook [this message]
2020-07-14 9:20 ` Sedat Dilek
2020-07-14 9:47 ` Ard Biesheuvel
2020-06-29 14:09 ` [PATCH v3 3/7] x86/boot/compressed: Get rid of GOT fixup code Arvind Sankar
2020-06-29 15:53 ` Kees Cook
2020-06-29 14:09 ` [PATCH v3 4/7] x86/boot: Add .text.* to setup.ld Arvind Sankar
2020-06-29 15:55 ` Kees Cook
2020-06-29 14:09 ` [PATCH v3 5/7] x86/boot: Remove run-time relocations from .head.text code Arvind Sankar
2020-06-29 16:04 ` Kees Cook
2020-06-29 17:01 ` Arvind Sankar
2020-07-14 13:20 ` Sedat Dilek
2020-06-29 14:09 ` [PATCH v3 6/7] x86/boot: Remove runtime relocations from head_{32,64}.S Arvind Sankar
2020-06-29 16:06 ` Kees Cook
2020-06-29 16:52 ` Arvind Sankar
2020-06-29 14:09 ` [PATCH v3 7/7] x86/boot: Check that there are no runtime relocations Arvind Sankar
2020-06-29 16:09 ` Kees Cook
2020-06-29 16:11 ` Ard Biesheuvel
2020-06-29 16:20 ` Kees Cook
2020-06-29 16:56 ` Arvind Sankar
2020-06-29 17:37 ` Fangrui Song
2020-06-29 18:11 ` Ard Biesheuvel
2020-06-29 23:34 ` Fangrui Song
2020-06-30 16:26 ` Ard Biesheuvel
2020-06-30 17:54 ` Arvind Sankar
2020-06-30 22:00 ` Fangrui Song
2020-06-30 23:27 ` Arvind Sankar
2020-07-01 6:44 ` Ard Biesheuvel
2020-07-01 14:42 ` Arvind Sankar
2020-06-29 18:43 ` Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 0/7] x86/boot: Remove runtime relocations from compressed kernel Arvind Sankar
2020-07-14 13:15 ` Sedat Dilek
2020-07-14 14:15 ` Arvind Sankar
2020-07-14 18:13 ` Sedat Dilek
2020-07-14 18:30 ` Sedat Dilek
2020-07-14 18:33 ` Sedat Dilek
2020-07-14 19:21 ` Sedat Dilek
2020-07-14 19:29 ` Arvind Sankar
2020-07-14 19:53 ` Sedat Dilek
2020-07-14 20:07 ` Arvind Sankar
2020-07-14 20:10 ` Sedat Dilek
2020-07-14 20:14 ` Arvind Sankar
2020-07-14 20:17 ` Sedat Dilek
2020-07-14 20:08 ` Sedat Dilek
2020-07-14 20:21 ` Arvind Sankar
2020-07-14 20:24 ` Sedat Dilek
2020-07-14 20:27 ` Sedat Dilek
2020-07-14 20:35 ` Arvind Sankar
2020-07-14 20:43 ` Sedat Dilek
2020-07-14 21:07 ` Arvind Sankar
2020-07-14 20:33 ` Arvind Sankar
2020-07-15 0:41 ` [PATCH v5 0/7] x86/boot: Remove run-time " Arvind Sankar
2020-07-15 1:46 ` Sedat Dilek
2020-07-15 7:11 ` Sedat Dilek
2020-07-17 13:46 ` Arvind Sankar
2020-07-17 18:16 ` Nick Desaulniers
2020-07-17 18:21 ` Sedat Dilek
2020-07-17 20:17 ` [PATCH-next " Arvind Sankar
2020-07-17 23:46 ` Nick Desaulniers
2020-07-29 22:04 ` Kees Cook
2020-07-29 22:23 ` Arvind Sankar
2020-07-30 2:38 ` Kees Cook
2020-07-17 20:17 ` [PATCH-next v5 1/7] x86/boot/compressed: Move .got.plt entries out of the .got section Arvind Sankar
2020-07-17 20:17 ` [PATCH-next v5 2/7] x86/boot/compressed: Force hidden visibility for all symbol references Arvind Sankar
2020-07-17 20:17 ` [PATCH-next v5 3/7] x86/boot/compressed: Get rid of GOT fixup code Arvind Sankar
2020-07-17 20:17 ` [PATCH-next v5 4/7] x86/boot: Add .text.* to setup.ld Arvind Sankar
2020-07-17 20:17 ` [PATCH-next v5 5/7] x86/boot: Remove run-time relocations from .head.text code Arvind Sankar
2020-07-17 20:18 ` [PATCH-next v5 6/7] x86/boot: Remove run-time relocations from head_{32,64}.S Arvind Sankar
2020-07-17 20:18 ` [PATCH-next v5 7/7] x86/boot: Check that there are no run-time relocations Arvind Sankar
2020-07-18 5:44 ` [PATCH v5 0/7] x86/boot: Remove run-time relocations from compressed kernel Ard Biesheuvel
2020-07-18 7:01 ` Sedat Dilek
2020-07-24 23:25 ` Kees Cook
2020-07-31 14:53 ` Arvind Sankar
2020-07-31 14:58 ` Sedat Dilek
2020-07-31 20:27 ` [PATCH v6 " Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 1/7] x86/boot/compressed: Move .got.plt entries out of the .got section Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 2/7] x86/boot/compressed: Force hidden visibility for all symbol references Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 3/7] x86/boot/compressed: Get rid of GOT fixup code Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 4/7] x86/boot: Add .text.* to setup.ld Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 5/7] x86/boot: Remove run-time relocations from .head.text code Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 6/7] x86/boot: Remove run-time relocations from head_{32,64}.S Arvind Sankar
2020-07-31 20:27 ` [PATCH v6 7/7] x86/boot: Check that there are no run-time relocations Arvind Sankar
2020-07-31 23:15 ` [PATCH v6 0/7] x86/boot: Remove run-time relocations from compressed kernel Kees Cook
2020-07-15 0:41 ` [PATCH v5 1/7] x86/boot/compressed: Move .got.plt entries out of the .got section Arvind Sankar
2020-07-15 8:52 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 2/7] x86/boot/compressed: Force hidden visibility for all symbol references Arvind Sankar
2020-07-15 8:54 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 3/7] x86/boot/compressed: Get rid of GOT fixup code Arvind Sankar
2020-07-15 8:54 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 4/7] x86/boot: Add .text.* to setup.ld Arvind Sankar
2020-07-15 8:55 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 5/7] x86/boot: Remove run-time relocations from .head.text code Arvind Sankar
2020-07-15 8:56 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 6/7] x86/boot: Remove run-time relocations from head_{32,64}.S Arvind Sankar
2020-07-15 8:58 ` Sedat Dilek
2020-07-15 9:03 ` Ard Biesheuvel
2020-07-15 9:10 ` Sedat Dilek
2020-07-15 0:41 ` [PATCH v5 7/7] x86/boot: Check that there are no run-time relocations Arvind Sankar
2020-07-15 9:00 ` Sedat Dilek
2020-07-15 9:12 ` Sedat Dilek
2020-07-14 2:38 ` [PATCH v4 1/7] x86/boot/compressed: Move .got.plt entries out of the .got section Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 2/7] x86/boot/compressed: Force hidden visibility for all symbol references Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 3/7] x86/boot/compressed: Get rid of GOT fixup code Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 4/7] x86/boot: Add .text.* to setup.ld Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 5/7] x86/boot: Remove run-time relocations from .head.text code Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 6/7] x86/boot: Remove runtime relocations from head_{32,64}.S Arvind Sankar
2020-07-14 2:38 ` [PATCH v4 7/7] x86/boot: Check that there are no runtime relocations Arvind Sankar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006290849.940FAE8C9B@keescook \
--to=keescook@chromium.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=clang-built-linux@googlegroups.com \
--cc=daniel.kiper@oracle.com \
--cc=dima@golovin.in \
--cc=hjl@sourceware.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=maskray@google.com \
--cc=mingo@redhat.com \
--cc=natechancellor@gmail.com \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=sedat.dilek@gmail.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.