From: Nicholas Piggin <npiggin@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@suse.de>,
Catalin Marinas <catalin.marinas@arm.com>,
clang-built-linux@googlegroups.com,
"H.J. Lu" <hjl.tools@gmail.com>,
James Morse <james.morse@arm.com>,
linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
Russell King <linux@armlinux.org.uk>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
Mark Rutland <mark.rutland@arm.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Peter Collingbourne <pcc@google.com>,
Will Deacon <will@kernel.org>,
x86@kernel.org
Subject: Re: [PATCH 1/9] scripts/link-vmlinux.sh: Delay orphan handling warnings until final link
Date: Sun, 22 Mar 2020 19:16:29 +1000 [thread overview]
Message-ID: <1584868418.o62lxee8k1.astroid@bobo.none> (raw)
In-Reply-To: <202003201121.8CBD96451B@keescook>
Kees Cook's on March 21, 2020 4:24 am:
> On Fri, Mar 20, 2020 at 12:47:54PM +1000, Nicholas Piggin wrote:
>> Kees Cook's on February 28, 2020 10:22 am:
>> > Right now, powerpc adds "--orphan-handling=warn" to LD_FLAGS_vmlinux
>> > to detect when there are unexpected sections getting added to the kernel
>> > image. There is no need to report these warnings more than once, so it
>> > can be removed until the final link stage.
>> >
>> > This helps pave the way for other architectures to enable this, with the
>> > end goal of enabling this warning by default for vmlinux for all
>> > architectures.
>> >
>> > Signed-off-by: Kees Cook <keescook@chromium.org>
>> > ---
>> > scripts/link-vmlinux.sh | 6 ++++++
>> > 1 file changed, 6 insertions(+)
>> >
>> > diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
>> > index 1919c311c149..416968fea685 100755
>> > --- a/scripts/link-vmlinux.sh
>> > +++ b/scripts/link-vmlinux.sh
>> > @@ -255,6 +255,11 @@ info GEN modules.builtin
>> > tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
>> > tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
>> >
>> > +
>> > +# Do not warn about orphan sections until the final link stage.
>> > +saved_LDFLAGS_vmlinux="${LDFLAGS_vmlinux}"
>> > +LDFLAGS_vmlinux="$(echo "${LDFLAGS_vmlinux}" | sed -E 's/ --orphan-handling=warn( |$)/ /g')"
>> > +
>> > btf_vmlinux_bin_o=""
>> > if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
>> > if gen_btf .tmp_vmlinux.btf .btf.vmlinux.bin.o ; then
>> > @@ -306,6 +311,7 @@ if [ -n "${CONFIG_KALLSYMS}" ]; then
>> > fi
>> > fi
>> >
>> > +LDFLAGS_vmlinux="${saved_LDFLAGS_vmlinux}"
>> > vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
>> >
>> > if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
>>
>> That's ugly. Why not just enable it for all archs?
>
> It is ugly; I agree.
>
> I can try to do this for all architectures, but I worry there are a
> bunch I can't test. But I guess it would stand out. ;)
It's only warn, so it doesn't break their builds (unless there's a
linker error on warn option I don't know about?). We had a powerpc bug
that would have been caught with it as well, so it's not a bad idea to
get everyone using it.
I would just do it. Doesn't take much to fix.
Thanks,
Nick
WARNING: multiple messages have this Message-ID (diff)
From: Nicholas Piggin <npiggin@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-arch@vger.kernel.org, "H.J. Lu" <hjl.tools@gmail.com>,
Arnd Bergmann <arnd@arndb.de>,
linux-kbuild@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Masahiro Yamada <masahiroy@kernel.org>,
x86@kernel.org, Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com,
Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>,
Mark Rutland <mark.rutland@arm.com>, Borislav Petkov <bp@suse.de>,
Peter Collingbourne <pcc@google.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/9] scripts/link-vmlinux.sh: Delay orphan handling warnings until final link
Date: Sun, 22 Mar 2020 19:16:29 +1000 [thread overview]
Message-ID: <1584868418.o62lxee8k1.astroid@bobo.none> (raw)
In-Reply-To: <202003201121.8CBD96451B@keescook>
Kees Cook's on March 21, 2020 4:24 am:
> On Fri, Mar 20, 2020 at 12:47:54PM +1000, Nicholas Piggin wrote:
>> Kees Cook's on February 28, 2020 10:22 am:
>> > Right now, powerpc adds "--orphan-handling=warn" to LD_FLAGS_vmlinux
>> > to detect when there are unexpected sections getting added to the kernel
>> > image. There is no need to report these warnings more than once, so it
>> > can be removed until the final link stage.
>> >
>> > This helps pave the way for other architectures to enable this, with the
>> > end goal of enabling this warning by default for vmlinux for all
>> > architectures.
>> >
>> > Signed-off-by: Kees Cook <keescook@chromium.org>
>> > ---
>> > scripts/link-vmlinux.sh | 6 ++++++
>> > 1 file changed, 6 insertions(+)
>> >
>> > diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
>> > index 1919c311c149..416968fea685 100755
>> > --- a/scripts/link-vmlinux.sh
>> > +++ b/scripts/link-vmlinux.sh
>> > @@ -255,6 +255,11 @@ info GEN modules.builtin
>> > tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
>> > tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
>> >
>> > +
>> > +# Do not warn about orphan sections until the final link stage.
>> > +saved_LDFLAGS_vmlinux="${LDFLAGS_vmlinux}"
>> > +LDFLAGS_vmlinux="$(echo "${LDFLAGS_vmlinux}" | sed -E 's/ --orphan-handling=warn( |$)/ /g')"
>> > +
>> > btf_vmlinux_bin_o=""
>> > if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
>> > if gen_btf .tmp_vmlinux.btf .btf.vmlinux.bin.o ; then
>> > @@ -306,6 +311,7 @@ if [ -n "${CONFIG_KALLSYMS}" ]; then
>> > fi
>> > fi
>> >
>> > +LDFLAGS_vmlinux="${saved_LDFLAGS_vmlinux}"
>> > vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
>> >
>> > if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
>>
>> That's ugly. Why not just enable it for all archs?
>
> It is ugly; I agree.
>
> I can try to do this for all architectures, but I worry there are a
> bunch I can't test. But I guess it would stand out. ;)
It's only warn, so it doesn't break their builds (unless there's a
linker error on warn option I don't know about?). We had a powerpc bug
that would have been caught with it as well, so it's not a bad idea to
get everyone using it.
I would just do it. Doesn't take much to fix.
Thanks,
Nick
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-03-22 9:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-28 0:22 [PATCH 0/9] Enable orphan section warning Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 1/9] scripts/link-vmlinux.sh: Delay orphan handling warnings until final link Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-20 2:47 ` Nicholas Piggin
2020-03-20 2:47 ` Nicholas Piggin
2020-03-20 18:24 ` Kees Cook
2020-03-20 18:24 ` Kees Cook
2020-03-22 9:16 ` Nicholas Piggin [this message]
2020-03-22 9:16 ` Nicholas Piggin
2020-03-22 16:00 ` Kees Cook
2020-03-22 16:00 ` Kees Cook
2020-02-28 0:22 ` [PATCH 2/9] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 3/9] x86/build: Warn on orphan section placement Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 4/9] x86/boot: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 5/9] Add RUNTIME_DISCARD_EXIT to generic DISCARDS Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 6/9] arm64/build: Use common DISCARDS in linker script Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-17 21:52 ` Will Deacon
2020-03-17 21:52 ` Will Deacon
2020-02-28 0:22 ` [PATCH 7/9] arm64/build: Warn on orphan section placement Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-17 21:56 ` Will Deacon
2020-03-17 21:56 ` Will Deacon
2020-03-17 23:01 ` Kees Cook
2020-03-17 23:01 ` Kees Cook
2020-03-17 23:10 ` Nick Desaulniers
2020-03-17 23:10 ` Nick Desaulniers
2020-02-28 0:22 ` [PATCH 8/9] arm/build: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 9/9] arm/boot: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 6:51 ` [PATCH 0/9] Enable orphan section warning Sedat Dilek
2020-02-28 6:51 ` Sedat Dilek
2020-03-03 4:32 ` Kees Cook
2020-03-03 4:32 ` Kees Cook
2020-04-02 16:20 ` Sedat Dilek
2020-04-02 16:20 ` Sedat Dilek
2020-04-02 17:26 ` Kees Cook
2020-04-02 17:26 ` Kees Cook
2020-04-05 11:15 ` Sedat Dilek
2020-04-05 11:15 ` Sedat Dilek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1584868418.o62lxee8k1.astroid@bobo.none \
--to=npiggin@gmail.com \
--cc=arnd@arndb.de \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=hjl.tools@gmail.com \
--cc=james.morse@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=pcc@google.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.