From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753056AbcEPKa6 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 16 May 2016 06:30:58 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:35914 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751967AbcEPKa5 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 16 May 2016 06:30:57 -0400
Date: Mon, 16 May 2016 12:30:51 +0200
From: Ingo Molnar <mingo@kernel.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>, Borislav Petkov <bp@suse.de>,
        Baoquan He <bhe@redhat.com>, Yinghai Lu <yinghai@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "x86@kernel.org" <x86@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Dmitry Vyukov <dvyukov@google.com>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/boot: Refuse to build with data relocations
Message-ID: <20160516103051.GA11330@gmail.com>
References: <20160512203104.GA7425@www.outflux.net>
 <B09F32EB-DA6E-4A8C-9C7B-DF99B7A2FC62@zytor.com>
 <CAGXu5jLCfMbGCkPYbLPSHax5-GU65xPpjYTscfSkOmZJEv+jrA@mail.gmail.com>
 <8bc4f1fd-c6f8-4643-becf-4f84be378807@zytor.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8bc4f1fd-c6f8-4643-becf-4f84be378807@zytor.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* H. Peter Anvin <hpa@zytor.com> wrote:

> On 05/12/16 15:54, Kees Cook wrote:
> >>
> >> It would be far better to warn on the *type* of relocations rather than in which section they feel.
> > 
> > I'm open to specific changes. What's the best way to detect what you want here?
> > 
> 
> Use readelf -r and look for inappropriate relocation types (which are
> basically the same ones that we should have to muck with for the main
> kernel in relocs.c.)

I suspect initially we are good if we don't allow any relocations in 
arch/x86/boot/compressed/vmlinux:

 fomalhaut:~/linux/linux> readelf -r arch/x86/boot/compressed/vmlinux | grep -q  'There are no relocations in this file' ; echo $?
 0

versus a regular object file with lots of relocations:

 fomalhaut:~/linux/linux> readelf -r arch/x86/built-in.o | grep -q 'There are no relocations in this file' ; echo $?
 1

I.e. the relevant portion of Kees's patch would do something like:

quiet_cmd_check_data_rel = DATAREL $@
define cmd_check_data_rel
       for obj in $(filter %.o,$^); do \
               readelf -r $$obj | grep -qF 'There are no relocations in this file' && exit 0 || { \
                       echo "error: $$obj has data relocations!" >&2; \
                       exit 1; \
               } \
       done
endef

(totally untested)

Agreed?

Thanks,

	Ingo