From mboxrd@z Thu Jan 1 00:00:00 1970 From: Will Deacon Subject: Re: [PATCH v3 3/9] efi/libstub: Remove .note.gnu.property Date: Wed, 24 Jun 2020 16:26:46 +0100 Message-ID: <20200624152646.GA6768@willie-the-truck> References: <20200624014940.1204448-1-keescook@chromium.org> <20200624014940.1204448-4-keescook@chromium.org> <20200624033142.cinvg6rbg252j46d@google.com> <202006232143.66828CD3@keescook> <20200624104356.GA6134@willie-the-truck> <20200624112647.GC6134@willie-the-truck> <20200624134854.GF25945@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mail.kernel.org ([198.145.29.99]:58176 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404162AbgFXP0y (ORCPT ); Wed, 24 Jun 2020 11:26:54 -0400 Content-Disposition: inline In-Reply-To: <20200624134854.GF25945@arm.com> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Dave Martin Cc: Ard Biesheuvel , Mark Rutland , linux-arch , linux-efi , Kees Cook , Fangrui Song , Catalin Marinas , Masahiro Yamada , X86 ML , Nick Desaulniers , Russell King , Linux Kernel Mailing List , clang-built-linux , Arvind Sankar , Ingo Molnar , James Morse , Linux ARM , Thomas Gleixner , Borislav Petkov On Wed, Jun 24, 2020 at 02:48:55PM +0100, Dave Martin wrote: > On Wed, Jun 24, 2020 at 12:26:47PM +0100, Will Deacon wrote: > > On Wed, Jun 24, 2020 at 12:46:32PM +0200, Ard Biesheuvel wrote: > > > On Wed, 24 Jun 2020 at 12:44, Will Deacon wrote: > > > > For the kernel Image, how do we remove these sections? The objcopy flags > > > > in arch/arm64/boot/Makefile look both insufficient and out of date. My > > > > vmlinux ends up with both a ".notes" and a ".init.note.gnu.property" > > > > segment. > > > > > > The latter is the fault of the libstub make rules, that prepend .init > > > to all section names. > > > > Hmm. I tried adding -mbranch-protection=none to arm64 cflags for the stub, > > but I still see this note in vmlinux. It looks like it comes in via the > > stub copy of lib-ctype.o, but I don't know why that would force the > > note. The cflags look ok to me [1] and I confirmed that the note is > > being generated by the compiler. > > > > > I'm not sure if there is a point to having PAC and/or BTI in the EFI > > > stub, given that it runs under the control of the firmware, with its > > > memory mappings and PAC configuration etc. > > > > Agreed, I just can't figure out how to get rid of the note. > > Because this section is generated by the linker itself I think you might > have to send it to /DISCARD/ in the link, or strip it explicitly after > linking. Right, but why is the linker generating that section in the first place? I'm compiling with -mbranch-protection=none and all the other objects linked into the stub do not have the section. I wonder if it's because lib/ctype.c doesn't have any executable code... Will From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org ([198.145.29.99]:58176 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404162AbgFXP0y (ORCPT ); Wed, 24 Jun 2020 11:26:54 -0400 Date: Wed, 24 Jun 2020 16:26:46 +0100 From: Will Deacon Subject: Re: [PATCH v3 3/9] efi/libstub: Remove .note.gnu.property Message-ID: <20200624152646.GA6768@willie-the-truck> References: <20200624014940.1204448-1-keescook@chromium.org> <20200624014940.1204448-4-keescook@chromium.org> <20200624033142.cinvg6rbg252j46d@google.com> <202006232143.66828CD3@keescook> <20200624104356.GA6134@willie-the-truck> <20200624112647.GC6134@willie-the-truck> <20200624134854.GF25945@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200624134854.GF25945@arm.com> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Dave Martin Cc: Ard Biesheuvel , Mark Rutland , linux-arch , linux-efi , Kees Cook , Fangrui Song , Catalin Marinas , Masahiro Yamada , X86 ML , Nick Desaulniers , Russell King , Linux Kernel Mailing List , clang-built-linux , Arvind Sankar , Ingo Molnar , James Morse , Linux ARM , Thomas Gleixner , Borislav Petkov , Peter Collingbourne , Nathan Chancellor , Arnd Bergmann Message-ID: <20200624152646.IEuXCc6s50Rkd04JITlkSZ35vbC5hO8YqBHJybFKOpw@z> On Wed, Jun 24, 2020 at 02:48:55PM +0100, Dave Martin wrote: > On Wed, Jun 24, 2020 at 12:26:47PM +0100, Will Deacon wrote: > > On Wed, Jun 24, 2020 at 12:46:32PM +0200, Ard Biesheuvel wrote: > > > On Wed, 24 Jun 2020 at 12:44, Will Deacon wrote: > > > > For the kernel Image, how do we remove these sections? The objcopy flags > > > > in arch/arm64/boot/Makefile look both insufficient and out of date. My > > > > vmlinux ends up with both a ".notes" and a ".init.note.gnu.property" > > > > segment. > > > > > > The latter is the fault of the libstub make rules, that prepend .init > > > to all section names. > > > > Hmm. I tried adding -mbranch-protection=none to arm64 cflags for the stub, > > but I still see this note in vmlinux. It looks like it comes in via the > > stub copy of lib-ctype.o, but I don't know why that would force the > > note. The cflags look ok to me [1] and I confirmed that the note is > > being generated by the compiler. > > > > > I'm not sure if there is a point to having PAC and/or BTI in the EFI > > > stub, given that it runs under the control of the firmware, with its > > > memory mappings and PAC configuration etc. > > > > Agreed, I just can't figure out how to get rid of the note. > > Because this section is generated by the linker itself I think you might > have to send it to /DISCARD/ in the link, or strip it explicitly after > linking. Right, but why is the linker generating that section in the first place? I'm compiling with -mbranch-protection=none and all the other objects linked into the stub do not have the section. I wonder if it's because lib/ctype.c doesn't have any executable code... Will