[PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS

[PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS

[H.J. Lu]

[-- Attachment #1: Type: text/plain, Size: 2993 bytes --]

On Thu, Jan 30, 2020 at 12:06 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Thu, Jan 30, 2020 at 11:58 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Thu, Jan 30, 2020 at 11:45:15AM -0800, H.J. Lu wrote:
> > > On Thu, Jan 30, 2020 at 11:40 AM Kees Cook <keescook@chromium.org> wrote:
> > > >
> > > > On Thu, Jan 30, 2020 at 10:00:48AM -0800, H.J. Lu wrote:
> > > > > Since .exit.text and .exit.data sections are discarded at runtime, we
> > > > > should undefine EXIT_TEXT and EXIT_DATA to exclude .exit.text and
> > > > > .exit.data sections from default discarded sections.
> > > >
> > > > This is just a correctness fix, yes? The EXIT_TEXT and EXIT_DATA were
> > > > already included before the /DISCARD/ section here, so there's no
> > > > behavioral change with this patch, correct?
> > >
> > > That is correct.  I was confused by EXIT_TEXT and EXIT_DATA in generic
> > > DISCARDS.   My patch just makes it more explicit.
> >
> > Okay, so to that end and because this isn't arch-specific, I'd like to
> > see this be a behavioral flag, and then the generic DISCARDS macro can
> > be adjusted. This lets all architectures implement this without having
> > to scatter undef/define lines in each arch.
> >
> > Something like this:
> >
> > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> > index e00f41aa8ec4..f242d3b4814d 100644
> > --- a/include/asm-generic/vmlinux.lds.h
> > +++ b/include/asm-generic/vmlinux.lds.h
> > @@ -894,11 +894,17 @@
> >   * section definitions so that such archs put those in earlier section
> >   * definitions.
> >   */
> > -#define DISCARDS                                                       \
> > -       /DISCARD/ : {                                                   \
> > +#ifdef RUNTIME_DISCARD_EXIT
> > +#define EXIT_DISCARDS
> > +#else
> > +#define EXIT_DISCARDS                                                  \
> >         EXIT_TEXT                                                       \
> >         EXIT_DATA                                                       \
> > -       EXIT_CALL                                                       \
> > +       EXIT_CALL
> > +#endif

We should keep EXIT_CALL in DISCARDS.  Only .exit.text and .exit.data
sections are discarded at runtime.

> > +#define DISCARDS                                                       \
> > +       /DISCARD/ : {                                                   \
> > +       EXIT_DISCARDS                                                   \
> >         *(.discard)                                                     \
> >         *(.discard.*)                                                   \
> >         *(.modinfo)                                                     \
> >
> > Then x86 and all other architectures that do this can just use
> > #define RUNTIME_DISCARD_EXIT
> > at the top (like EMITS_PT_NOTE, etc).
> >
>
> It should work.

Here is the patch to add RUNTIME_DISCARD_EXIT to generic DISCARDS.

-- 
H.J.

[-- Attachment #2: 0001-Add-RUNTIME_DISCARD_EXIT-to-generic-DISCARDS.patch --]
[-- Type: text/x-patch, Size: 1538 bytes --]

From bde2821f5e01a5f49b227c6fb8ba6195c26381a9 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 30 Jan 2020 12:31:22 -0800
Subject: [PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS

In x86 kernel, .exit.text and .exit.data sections are discarded at
runtime not by linker.  Add RUNTIME_DISCARD_EXIT to generic DISCARDS
and define it in x86 kernel linker script to keep them.
---
 arch/x86/kernel/vmlinux.lds.S     |  1 +
 include/asm-generic/vmlinux.lds.h | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index e3296aa028fe..7206e1ac23dd 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -21,6 +21,7 @@
 #define LOAD_OFFSET __START_KERNEL_map
 #endif
 
+#define RUNTIME_DISCARD_EXIT
 #define EMITS_PT_NOTE
 #define RO_EXCEPTION_TABLE_ALIGN	16
 
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index e00f41aa8ec4..6b943fb8c5fd 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -894,10 +894,16 @@
  * section definitions so that such archs put those in earlier section
  * definitions.
  */
+#ifdef RUNTIME_DISCARD_EXIT
+#define EXIT_DISCARDS
+#else
+#define EXIT_DISCARDS							\
+	EXIT_TEXT							\
+	EXIT_DATA
+#endif
 #define DISCARDS							\
 	/DISCARD/ : {							\
-	EXIT_TEXT							\
-	EXIT_DATA							\
+	EXIT_DISCARDS							\
 	EXIT_CALL							\
 	*(.discard)							\
 	*(.discard.*)							\
-- 
2.24.1

Re: [PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS

[Kees Cook]

On Thu, Jan 30, 2020 at 12:47:07PM -0800, H.J. Lu wrote:
> From bde2821f5e01a5f49b227c6fb8ba6195c26381a9 Mon Sep 17 00:00:00 2001
> From: "H.J. Lu" <hjl.tools@gmail.com>
> Date: Thu, 30 Jan 2020 12:31:22 -0800
> Subject: [PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS
> 
> In x86 kernel, .exit.text and .exit.data sections are discarded at
> runtime not by linker.  Add RUNTIME_DISCARD_EXIT to generic DISCARDS
> and define it in x86 kernel linker script to keep them.

Thanks for doing this! :) (I wasn't sure about _CALL, thanks also for
checking that.)

(The patch is missing your SoB?)

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  arch/x86/kernel/vmlinux.lds.S     |  1 +
>  include/asm-generic/vmlinux.lds.h | 10 ++++++++--
>  2 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
> index e3296aa028fe..7206e1ac23dd 100644
> --- a/arch/x86/kernel/vmlinux.lds.S
> +++ b/arch/x86/kernel/vmlinux.lds.S
> @@ -21,6 +21,7 @@
>  #define LOAD_OFFSET __START_KERNEL_map
>  #endif
>  
> +#define RUNTIME_DISCARD_EXIT
>  #define EMITS_PT_NOTE
>  #define RO_EXCEPTION_TABLE_ALIGN	16
>  
> diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> index e00f41aa8ec4..6b943fb8c5fd 100644
> --- a/include/asm-generic/vmlinux.lds.h
> +++ b/include/asm-generic/vmlinux.lds.h
> @@ -894,10 +894,16 @@
>   * section definitions so that such archs put those in earlier section
>   * definitions.
>   */
> +#ifdef RUNTIME_DISCARD_EXIT
> +#define EXIT_DISCARDS
> +#else
> +#define EXIT_DISCARDS							\
> +	EXIT_TEXT							\
> +	EXIT_DATA
> +#endif
>  #define DISCARDS							\
>  	/DISCARD/ : {							\
> -	EXIT_TEXT							\
> -	EXIT_DATA							\
> +	EXIT_DISCARDS							\
>  	EXIT_CALL							\
>  	*(.discard)							\
>  	*(.discard.*)							\
> -- 
> 2.24.1
> 


-- 
Kees Cook

[PATCH] Add RUNTIME_DISCARD_EXIT to generic DISCARDS

[H.J. Lu]

In x86 kernel, .exit.text and .exit.data sections are discarded at
runtime, not by linker.  Add RUNTIME_DISCARD_EXIT to generic DISCARDS
and define it in x86 kernel linker script to keep them.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/kernel/vmlinux.lds.S     |  1 +
 include/asm-generic/vmlinux.lds.h | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index e3296aa028fe..7206e1ac23dd 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -21,6 +21,7 @@
 #define LOAD_OFFSET __START_KERNEL_map
 #endif
 
+#define RUNTIME_DISCARD_EXIT
 #define EMITS_PT_NOTE
 #define RO_EXCEPTION_TABLE_ALIGN	16
 
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index e00f41aa8ec4..6b943fb8c5fd 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -894,10 +894,16 @@
  * section definitions so that such archs put those in earlier section
  * definitions.
  */
+#ifdef RUNTIME_DISCARD_EXIT
+#define EXIT_DISCARDS
+#else
+#define EXIT_DISCARDS							\
+	EXIT_TEXT							\
+	EXIT_DATA
+#endif
 #define DISCARDS							\
 	/DISCARD/ : {							\
-	EXIT_TEXT							\
-	EXIT_DATA							\
+	EXIT_DISCARDS							\
 	EXIT_CALL							\
 	*(.discard)							\
 	*(.discard.*)							\
-- 
2.24.1

[PATCH] Discard .note.gnu.property sections in generic NOTES

[H.J. Lu]

With the command-line option, -mx86-used-note=yes, the x86 assembler
in binutils 2.32 and above generates a program property note in a note
section, .note.gnu.property, to encode used x86 ISAs and features.  But
kernel linker script only contains a single NOTE segment:

PHDRS {
 text PT_LOAD FLAGS(5);
 data PT_LOAD FLAGS(6);
 percpu PT_LOAD FLAGS(6);
 init PT_LOAD FLAGS(7);
 note PT_NOTE FLAGS(0);
}
SECTIONS
{
...
 .notes : AT(ADDR(.notes) - 0xffffffff80000000) { __start_notes = .; KEEP(*(.not
e.*)) __stop_notes = .; } :text :note
...
}

The NOTE segment generated by kernel linker script is aligned to 4 bytes.
But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
we get

[hjl@gnu-skx-1 linux]$ readelf -n vmlinux

Displaying notes found in: .notes
  Owner                Data size Description
  Xen                  0x00000006 Unknown note type: (0x00000006)
   description data: 6c 69 6e 75 78 00
  Xen                  0x00000004 Unknown note type: (0x00000007)
   description data: 32 2e 36 00
  xen-3.0              0x00000005 Unknown note type: (0x006e6558)
   description data: 08 00 00 00 03
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x50
readelf: Warning:  type: 0xffffffff, namesize: 0x006e6558, descsize:
0x80000000, alignment: 8
[hjl@gnu-skx-1 linux]$

Since note.gnu.property section in kernel image is never used, this patch
discards .note.gnu.property sections in kernel linker script by adding

/DISCARD/ : {
  *(.note.gnu.property)
}

before kernel NOTE segment in generic NOTES.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
 include/asm-generic/vmlinux.lds.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 6b943fb8c5fd..6659a7c07c84 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -818,7 +818,14 @@
 #define TRACEDATA
 #endif
 
+/*
+ * Discard .note.gnu.property sections which are unused and have
+ * different alignment requirement from kernel note sections.
+ */
 #define NOTES								\
+	/DISCARD/ : {							\
+		*(.note.gnu.property)					\
+	}								\
 	.notes : AT(ADDR(.notes) - LOAD_OFFSET) {			\
 		__start_notes = .;					\
 		KEEP(*(.note.*))					\
-- 
2.24.1

Re: [PATCH] Discard .note.gnu.property sections in generic NOTES

[Kees Cook]

On Thu, Jan 30, 2020 at 02:43:37PM -0800, H.J. Lu wrote:
> With the command-line option, -mx86-used-note=yes, the x86 assembler
> in binutils 2.32 and above generates a program property note in a note
> section, .note.gnu.property, to encode used x86 ISAs and features.  But
> kernel linker script only contains a single NOTE segment:
> 
> PHDRS {
>  text PT_LOAD FLAGS(5);
>  data PT_LOAD FLAGS(6);
>  percpu PT_LOAD FLAGS(6);
>  init PT_LOAD FLAGS(7);
>  note PT_NOTE FLAGS(0);
> }
> SECTIONS
> {
> ...
>  .notes : AT(ADDR(.notes) - 0xffffffff80000000) { __start_notes = .; KEEP(*(.not
> e.*)) __stop_notes = .; } :text :note
> ...
> }
> 
> The NOTE segment generated by kernel linker script is aligned to 4 bytes.
> But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
> we get
> 
> [hjl@gnu-skx-1 linux]$ readelf -n vmlinux
> 
> Displaying notes found in: .notes
>   Owner                Data size Description
>   Xen                  0x00000006 Unknown note type: (0x00000006)
>    description data: 6c 69 6e 75 78 00
>   Xen                  0x00000004 Unknown note type: (0x00000007)
>    description data: 32 2e 36 00
>   xen-3.0              0x00000005 Unknown note type: (0x006e6558)
>    description data: 08 00 00 00 03
> readelf: Warning: note with invalid namesz and/or descsz found at offset 0x50
> readelf: Warning:  type: 0xffffffff, namesize: 0x006e6558, descsize:
> 0x80000000, alignment: 8
> [hjl@gnu-skx-1 linux]$
> 
> Since note.gnu.property section in kernel image is never used, this patch
> discards .note.gnu.property sections in kernel linker script by adding
> 
> /DISCARD/ : {
>   *(.note.gnu.property)
> }
> 
> before kernel NOTE segment in generic NOTES.
> 
> Signed-off-by: H.J. Lu <hjl.tools@gmail.com>

Thanks!

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  include/asm-generic/vmlinux.lds.h | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> index 6b943fb8c5fd..6659a7c07c84 100644
> --- a/include/asm-generic/vmlinux.lds.h
> +++ b/include/asm-generic/vmlinux.lds.h
> @@ -818,7 +818,14 @@
>  #define TRACEDATA
>  #endif
>  
> +/*
> + * Discard .note.gnu.property sections which are unused and have
> + * different alignment requirement from kernel note sections.
> + */
>  #define NOTES								\
> +	/DISCARD/ : {							\
> +		*(.note.gnu.property)					\
> +	}								\
>  	.notes : AT(ADDR(.notes) - LOAD_OFFSET) {			\
>  		__start_notes = .;					\
>  		KEEP(*(.note.*))					\
> -- 
> 2.24.1
> 

-- 
Kees Cook