From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFB1BC43331 for ; Thu, 2 Apr 2020 17:26:46 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 652E820757 for ; Thu, 2 Apr 2020 17:26:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HbyHiBG6"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="gKNvgOy8" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 652E820757 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=p0+oKjomq7d2YR5Za0i31cklbYVd9hG8Yx9XVxZ/9bQ=; b=HbyHiBG6N5DomV NDnNUIcLXO79V2stShwWDuQ5x7yAuU/hKKCBr+Rm9sw3OsMbFv1NAFl/FLcH5sqzbh1580Y1F7Xsl +i6pj+Zs5457GqZCaQvj0Y5pgLbSOh+0/N0aAfeneBqRJAJ/j6OK9k9RhB3cDqJA/Mclt1J+l0foy qRQ4su+ZZAY6IsuwLMQvbUzY9jxDkNIkm5TAXE+dYw06Cz9srQsYShplLB59IPll/I0MVwVc3EmOU PSlSik5+MWIOBYU1FNOrADVs14znIlorXQX0QkUaffT7s7g0f79jX5UVU6iFBO+Q+VrjQb9EHRTTv zBf5BCweNHTPaaQOWftA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jK3c5-0002xB-15; Thu, 02 Apr 2020 17:26:45 +0000 Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jK3c1-0002wP-N3 for linux-arm-kernel@lists.infradead.org; Thu, 02 Apr 2020 17:26:43 +0000 Received: by mail-pg1-x541.google.com with SMTP id k191so2121309pgc.13 for ; Thu, 02 Apr 2020 10:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=H5lB7pAvXIGYlFSVzFQn+Y4Z8wDMSG1ZSww0VcSBoT8=; b=gKNvgOy8hc6wCQvlSge37MBqulJCBRagCkj447Qm1o8xx2FINMhQg5yknXEoUR6m+Z ULQfZI01R/Qh6BD8443+HVRJj3c4uKax+LRFJqInEv1IolAfai65y4GBiay60zRG7BpJ TCadjYWSD4d+eJ6tLlRgQ4de9aCNzq574JQwM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=H5lB7pAvXIGYlFSVzFQn+Y4Z8wDMSG1ZSww0VcSBoT8=; b=O+UDBepoj4hdJeYs8FPS8L859xW3ZsNJ5zK7TUPD622pZuGzFeVKVI+tt/JwqNuSfE 8AWKQI2RzrhTWj+HdjClB3n/1FQ/hYWhzoGWxLRfxqbP0qz2XXiDHIibKVM9qrMSC6Pw Qw8miy5nJZweQo2V0zGbduKSCtLeB9HXg7UiBaca2QDT6jxojYsbJdywKinOo+eWld3L u6WG+2NjxonNESs0BPTiBj2UQc3QTzumemrJRLl3iEhfmv92uE5svZvIDSWgmFh66zFn Ow0V3BNs8rwkYVRFs5EiKcdCm8u3G1+yLnvdO9F4u/S5+8+UO7d+v89KmgZKsBoDZAgN G7sQ== X-Gm-Message-State: AGi0PubnOkF2ycr8jz1sxORYZWAJ4PT7A/RBn/9nOdII2ZdccifuhNgc vfj5R4z1rqo2dBv9TVS+cYxCHw== X-Google-Smtp-Source: APiQypJ2hmcB7ZLOhajLAuwgEV7uDtr5aTLCSP2mbBo/qg5FkMdgwdaJkp+Be18iVsLhUUcAH8dMmA== X-Received: by 2002:a05:6a00:2cf:: with SMTP id b15mr4105568pft.174.1585848400117; Thu, 02 Apr 2020 10:26:40 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p1sm4171243pjr.40.2020.04.02.10.26.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Apr 2020 10:26:39 -0700 (PDT) Date: Thu, 2 Apr 2020 10:26:38 -0700 From: Kees Cook To: Sedat Dilek Subject: Re: [PATCH 0/9] Enable orphan section warning Message-ID: <202004021023.D3D8AA3BE@keescook> References: <20200228002244.15240-1-keescook@chromium.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200402_102641_751087_0B62801F X-CRM114-Status: GOOD ( 21.61 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "H.J. Lu" , Arnd Bergmann , linux-kbuild@vger.kernel.org, Peter Collingbourne , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Russell King , linux-kernel@vger.kernel.org, Clang-Built-Linux ML , James Morse , linux-arch@vger.kernel.org, Borislav Petkov , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Apr 02, 2020 at 06:20:57PM +0200, Sedat Dilek wrote: > On Fri, Feb 28, 2020 at 1:22 AM Kees Cook wrote: > > > > Hi! > > > > A recent bug was solved for builds linked with ld.lld, and tracking > > it down took way longer than it needed to (a year). Ultimately, it > > boiled down to differences between ld.bfd and ld.lld's handling of > > orphan sections. Similarly, the recent FGKASLR series brough up orphan > > section handling too[2]. In both cases, it would have been nice if the > > linker was running with --orphan-handling=warn so that surprise sections > > wouldn't silently get mapped into the kernel image at locations up to > > the whim of the linker's orphan handling logic. Instead, all desired > > sections should be explicitly identified in the linker script (to be > > either kept or discarded) with any orphans throwing a warning. The > > powerpc architecture actually already does this, so this series seeks > > to extend this coverage to x86, arm64, and arm. > > > > This series depends on tip/x86/boot (where recent .eh_frame fixes[3] > > landed), and has a minor conflict[4] with the ARM tree (related to > > the earlier mentioned bug). As it uses refactorings in the asm-generic > > linker script, and makes changes to kbuild, I think the cleanest place > > for this series to land would also be through -tip. Once again (like > > my READ_IMPLIES_EXEC series), I'm looking to get maintainer Acks so > > this can go all together with the least disruption. Splitting it up by > > architecture seems needlessly difficult. > > > > Thanks! > > > > Hi Kees, > > what is the status of this patchset? > Looks like it is not in tip or linux-next Git. Based on the feedback, I have 3 TODO items: - track down and eliminate (or explain) the source of the .got.plt on arm64 - enable orphan warnings for _all_ architectures - refactor final link logic to perform the orphan warning in a clean way I'm working through these (and other work) still. I'm hoping to have another version up some time next week. -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel