On 2019 Mai 14, Kees Cook wrote: > On Tue, May 14, 2019 at 02:04:21PM +0200, Johannes Hirte wrote: > > On 2019 Apr 23, Kees Cook wrote: > > > When building x86 with Clang LTO and CFI, CFI jump regions are > > > automatically added to the end of the .text section late in linking. As a > > > result, the _etext position was being labelled before the appended jump > > > regions, causing confusion about where the boundaries of the executable > > > region actually are in the running kernel, and broke at least the fault > > > injection code. This moves the _etext mark to outside (and immediately > > > after) the .text area, as it already the case on other architectures > > > (e.g. arm64, arm). > > > > > > Reported-and-tested-by: Sami Tolvanen > > > Signed-off-by: Kees Cook > > > --- > > > arch/x86/kernel/vmlinux.lds.S | 6 +++--- > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S > > > index bad8c51fee6e..de94da2366e7 100644 > > > --- a/arch/x86/kernel/vmlinux.lds.S > > > +++ b/arch/x86/kernel/vmlinux.lds.S > > > @@ -141,11 +141,11 @@ SECTIONS > > > *(.text.__x86.indirect_thunk) > > > __indirect_thunk_end = .; > > > #endif > > > - > > > - /* End of text section */ > > > - _etext = .; > > > } :text = 0x9090 > > > > > > + /* End of text section */ > > > + _etext = .; > > > + > > > NOTES :text :note > > > > > > EXCEPTION_TABLE(16) :text = 0x9090 > > > -- > > > 2.17.1 > > > > This breaks the build on my system: > > > > RELOCS arch/x86/boot/compressed/vmlinux.relocs > > CC arch/x86/boot/compressed/early_serial_console.o > > CC arch/x86/boot/compressed/kaslr.o > > AS arch/x86/boot/compressed/mem_encrypt.o > > CC arch/x86/boot/compressed/kaslr_64.o > > Invalid absolute R_X86_64_32S relocation: _etext > > make[2]: *** [arch/x86/boot/compressed/Makefile:130: arch/x86/boot/compressed/vmlinux.relocs] Error 1 > > make[2]: *** Deleting file 'arch/x86/boot/compressed/vmlinux.relocs' > > make[2]: *** Waiting for unfinished jobs.... > > make[1]: *** [arch/x86/boot/Makefile:112: arch/x86/boot/compressed/vmlinux] Error 2 > > make: *** [arch/x86/Makefile:283: bzImage] Error 2 > > Interesting! Can you send along your .config and compiler details? Tested with gcc-8.3 and gcc-9.1, both the same result. Using built-in specs. COLLECT_GCC=gcc-8.3.0 COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/8.3.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-8.3.0-r1/work/gcc-8.3.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/8.3.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/include/g++-v8 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/8.3.0/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 8.3.0-r1 p1.1' --disable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-altivec --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libmudflap --disable-libssp --disable-libmpx --disable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp Thread model: posix gcc version 8.3.0 (Gentoo 8.3.0-r1 p1.1) Using built-in specs. COLLECT_GCC=gcc-9.1.0 COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/9.1.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-9.1.0/work/gcc-9.1.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/9.1.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/g++-v9 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/9.1.0/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 9.1.0 p1.0' --disable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-altivec --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libmudflap --disable-libssp --disable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp Thread model: posix gcc version 9.1.0 (Gentoo 9.1.0 p1.0) -- Regards, Johannes