From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8989C433E6 for ; Mon, 31 Aug 2020 19:43:04 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 71DCF2078B for ; Mon, 31 Aug 2020 19:43:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="1GgEBOIF"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="KH/wZ6f6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 71DCF2078B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=FMtxI26h3Xm6/oQphlqFIGo+P2VpT2fGNHHSjtPGvFg=; b=1GgEBOIFg2E9Z7ZRYF7WLL1t4 ZQoirquvz4zryiDMotiz3WXzfAqN+8CmD0nHY3GRUFwXPn1LEcYnm8F/H+UeYHRUjTpPtN12ruqUQ LRqEmvOGnKLbClMzvxPe5g/uo8c7uev7wB59PS19ba14896UMl2MeHgY0SbO0KSq2kU7QjTK0J9n1 cp0aB6pw571VZPvCgidPcanBz5iFCsOJ2dUC5WuMHU6vQN1+My1fcHrhpbhcU/B6ig6rtomqBVha3 da32UbrhM1mo/Qa+jeHI83QlNXWZeg1+mfc4qGekVzAIz18wfi1eiszLxzsLR05zjCJeIyeYhHH4p AUafEWTxg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kCpgL-00014n-Cd; Mon, 31 Aug 2020 19:41:33 +0000 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kCpgI-00013O-Dt for linux-arm-kernel@lists.infradead.org; Mon, 31 Aug 2020 19:41:31 +0000 Received: by mail-pf1-x442.google.com with SMTP id w7so1209754pfi.4 for ; Mon, 31 Aug 2020 12:41:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=BoCMpob6AiQsu+kxWHd5oJKfOs4R1dZWuQK+Zd6WM1s=; b=KH/wZ6f6GafyFg7fXLcCmcuRM9IwWFjcR/5mxZZvaELD+oD8nOi9GJ9SorhVHrNeH8 i6sEt+KoiVtmsZYyflDKVB1S1cLms++KSb0B8VQzxyEgSD+gXalOf/67a3Kum0FiM+sB sfcc3KwCqh5s7wlM9Eq9+gvbDXqUKSyIgeEe8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=BoCMpob6AiQsu+kxWHd5oJKfOs4R1dZWuQK+Zd6WM1s=; b=DtzRS8e8l2kJQEqlMEv+E1VhTGL/Cfci8uYL4AM+eZuVKvL0wT/D8ClWzRaROGk+bL 4j6Qma0fkn0ElIr+yIU68KWL7kZRMe6A4Hu+7QKpi9R3DmtB5lo5BTxJ5BZN+DL60w7d siMYl3/A8LadZScOIaEVvWOxKgxr1xEHes0MpFt0WPv+14akLDNsRgcPmG5H8k9uEZop sNsynkMfnoL5BOmZSjluTFjxvNhin/dmgIAfU+3uuUwgcglimlSHIH3cKnVCjgOufRJb RHIdKJrTQ3u15Qz7X8U7+p+Eu0e1Azh6+0Qtp1Nu83aryi30FRHziQxew/jTll21aDtI Uq3Q== X-Gm-Message-State: AOAM531KUWIpuvCYMlQYWxLntVDFxHl/fd7lobfu1Y8KUiXFCHgj4VkU Gf09JvwyINOy0UzS86nwi6DQDQ== X-Google-Smtp-Source: ABdhPJwA0imUxzKirhLfL59+/439BkhdAOMtESFs9lnafMybqpg7F7nAQsaduV5YosQ9+SDVDnAvfg== X-Received: by 2002:a63:e018:: with SMTP id e24mr2361162pgh.175.1598902885705; Mon, 31 Aug 2020 12:41:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s28sm4183844pfd.111.2020.08.31.12.41.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 12:41:24 -0700 (PDT) Date: Mon, 31 Aug 2020 12:41:23 -0700 From: Kees Cook To: Ingo Molnar , Borislav Petkov Subject: Re: [PATCH v6 00/29] Warn on orphan section placement Message-ID: <202008311240.9F94A39@keescook> References: <20200821194310.3089815-1-keescook@chromium.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200821194310.3089815-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200831_154130_535832_94A7CE81 X-CRM114-Status: GOOD ( 27.98 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, Arnd Bergmann , Catalin Marinas , Masahiro Yamada , x86@kernel.org, Nick Desaulniers , Russell King , linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Arvind Sankar , Ingo Molnar , James Morse , Nathan Chancellor , Peter Collingbourne , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote: > Hi Ingo, > > Based on my testing, this is ready to go. I've reviewed the feedback on > v5 and made a few small changes, noted below. If no one objects, I'll pop this into my tree for -next. I'd prefer it go via -tip though! :) Thanks! -Kees > > > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v6 > > v6: > - rebase to -tip x86/boot > - remove 0-sized NOLOAD > - move .got.plt to end with INFO (NOLOAD warns) > - add Reviewed-bys > v5: https://lore.kernel.org/lkml/20200731230820.1742553-1-keescook@chromium.org/ > v4: https://lore.kernel.org/lkml/20200629061840.4065483-1-keescook@chromium.org/ > v3: https://lore.kernel.org/lkml/20200624014940.1204448-1-keescook@chromium.org/ > v2: https://lore.kernel.org/lkml/20200622205815.2988115-1-keescook@chromium.org/ > v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/ > > A recent bug[1] was solved for builds linked with ld.lld, and tracking > it down took way longer than it needed to (a year). Ultimately, it > boiled down to differences between ld.bfd and ld.lld's handling of > orphan sections. Similar situation have continued to recur, and it's > clear the kernel build needs to be much more explicit about linker > sections. Similarly, the recent FGKASLR series brought up orphan section > handling too[2]. In all cases, it would have been nice if the linker was > running with --orphan-handling=warn so that surprise sections wouldn't > silently get mapped into the kernel image at locations up to the whim > of the linker's orphan handling logic. Instead, all desired sections > should be explicitly identified in the linker script (to be either kept, > discarded, or verified to be zero-sized) with any orphans throwing a > warning. The powerpc architecture has actually been doing this for some > time, so this series just extends that coverage to x86, arm, and arm64. > > This has gotten sucecssful build testing under the following matrix: > > compiler/linker: gcc+ld.bfd, clang+ld.lld > targets: defconfig, allmodconfig > architectures: x86, i386, arm64, arm > versions: -tip x86/boot > > All three architectures depend on the first several commits to > vmlinux.lds.h. x86 depends on Arvind's GOT series (in -tip x86/boot now). > arm64 depends on the efi/libstub patch. As such, I'd like to land this > series as a whole. Ingo has suggested he'd take it into -tip. > > Thanks! > > -Kees > > [1] https://github.com/ClangBuiltLinux/linux/issues/282 > [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/ > > Kees Cook (28): > vmlinux.lds.h: Create COMMON_DISCARDS > vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS > vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections > vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG > vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS > efi/libstub: Disable -mbranch-protection > arm64/mm: Remove needless section quotes > arm64/kernel: Remove needless Call Frame Information annotations > arm64/build: Remove .eh_frame* sections due to unwind tables > arm64/build: Use common DISCARDS in linker script > arm64/build: Add missing DWARF sections > arm64/build: Assert for unwanted sections > arm64/build: Warn on orphan section placement > arm/build: Refactor linker script headers > arm/build: Explicitly keep .ARM.attributes sections > arm/build: Add missing sections > arm/build: Assert for unwanted sections > arm/build: Warn on orphan section placement > arm/boot: Handle all sections explicitly > arm/boot: Warn on orphan section placement > x86/asm: Avoid generating unused kprobe sections > x86/build: Enforce an empty .got.plt section > x86/build: Assert for unwanted sections > x86/build: Warn on orphan section placement > x86/boot/compressed: Reorganize zero-size section asserts > x86/boot/compressed: Remove, discard, or assert for unwanted sections > x86/boot/compressed: Add missing debugging sections to output > x86/boot/compressed: Warn on orphan section placement > > Nick Desaulniers (1): > vmlinux.lds.h: add PGO and AutoFDO input sections > > arch/alpha/kernel/vmlinux.lds.S | 1 + > arch/arc/kernel/vmlinux.lds.S | 1 + > arch/arm/Makefile | 4 ++ > arch/arm/boot/compressed/Makefile | 2 + > arch/arm/boot/compressed/vmlinux.lds.S | 20 +++---- > .../arm/{kernel => include/asm}/vmlinux.lds.h | 30 ++++++++-- > arch/arm/kernel/vmlinux-xip.lds.S | 8 ++- > arch/arm/kernel/vmlinux.lds.S | 8 ++- > arch/arm64/Makefile | 9 ++- > arch/arm64/kernel/smccc-call.S | 2 - > arch/arm64/kernel/vmlinux.lds.S | 28 +++++++-- > arch/arm64/mm/mmu.c | 2 +- > arch/csky/kernel/vmlinux.lds.S | 1 + > arch/hexagon/kernel/vmlinux.lds.S | 1 + > arch/ia64/kernel/vmlinux.lds.S | 1 + > arch/mips/kernel/vmlinux.lds.S | 1 + > arch/nds32/kernel/vmlinux.lds.S | 1 + > arch/nios2/kernel/vmlinux.lds.S | 1 + > arch/openrisc/kernel/vmlinux.lds.S | 1 + > arch/parisc/boot/compressed/vmlinux.lds.S | 1 + > arch/parisc/kernel/vmlinux.lds.S | 1 + > arch/powerpc/kernel/vmlinux.lds.S | 2 +- > arch/riscv/kernel/vmlinux.lds.S | 1 + > arch/s390/kernel/vmlinux.lds.S | 1 + > arch/sh/kernel/vmlinux.lds.S | 1 + > arch/sparc/kernel/vmlinux.lds.S | 1 + > arch/um/kernel/dyn.lds.S | 2 +- > arch/um/kernel/uml.lds.S | 2 +- > arch/x86/Makefile | 4 ++ > arch/x86/boot/compressed/Makefile | 2 + > arch/x86/boot/compressed/vmlinux.lds.S | 58 +++++++++++++------ > arch/x86/include/asm/asm.h | 6 +- > arch/x86/kernel/vmlinux.lds.S | 39 ++++++++++++- > drivers/firmware/efi/libstub/Makefile | 9 ++- > include/asm-generic/vmlinux.lds.h | 49 +++++++++++++--- > 35 files changed, 241 insertions(+), 60 deletions(-) > rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (84%) > > -- > 2.25.1 > -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel