From: Sedat Dilek <sedat.dilek@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Borislav Petkov <bp@suse.de>, "H.J. Lu" <hjl.tools@gmail.com>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Peter Collingbourne <pcc@google.com>,
James Morse <james.morse@arm.com>, Arnd Bergmann <arnd@arndb.de>,
Masahiro Yamada <masahiroy@kernel.org>,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
linux-arch@vger.kernel.org, linux-kbuild@vger.kernel.org,
Clang-Built-Linux ML <clang-built-linux@googlegroups.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/9] Enable orphan section warning
Date: Fri, 28 Feb 2020 07:51:21 +0100 [thread overview]
Message-ID: <CA+icZUVRnjOWKZynAGDniXD_H9KRccONmeKHs25DPPU1c8ZcGg@mail.gmail.com> (raw)
In-Reply-To: <20200228002244.15240-1-keescook@chromium.org>
On Fri, Feb 28, 2020 at 1:22 AM Kees Cook <keescook@chromium.org> wrote:
>
> Hi!
>
> A recent bug was solved for builds linked with ld.lld, and tracking
> it down took way longer than it needed to (a year). Ultimately, it
> boiled down to differences between ld.bfd and ld.lld's handling of
> orphan sections. Similarly, the recent FGKASLR series brough up orphan
> section handling too[2]. In both cases, it would have been nice if the
> linker was running with --orphan-handling=warn so that surprise sections
> wouldn't silently get mapped into the kernel image at locations up to
> the whim of the linker's orphan handling logic. Instead, all desired
> sections should be explicitly identified in the linker script (to be
> either kept or discarded) with any orphans throwing a warning. The
> powerpc architecture actually already does this, so this series seeks
> to extend this coverage to x86, arm64, and arm.
>
> This series depends on tip/x86/boot (where recent .eh_frame fixes[3]
> landed), and has a minor conflict[4] with the ARM tree (related to
> the earlier mentioned bug). As it uses refactorings in the asm-generic
> linker script, and makes changes to kbuild, I think the cleanest place
> for this series to land would also be through -tip. Once again (like
> my READ_IMPLIES_EXEC series), I'm looking to get maintainer Acks so
> this can go all together with the least disruption. Splitting it up by
> architecture seems needlessly difficult.
>
> Thanks!
>
> -Kees
>
> [1] https://github.com/ClangBuiltLinux/linux/issues/282
> [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/
> [3] https://lore.kernel.org/lkml/158264960194.28353.10560165361470246192.tip-bot2@tip-bot2/
> [4] https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=8959/1
>
Hi Kees,
is this an updated version of what you have in your
kees/linux.git#linker/orphans/x86-arm Git branch?
Especially, I saw a difference in [2] and "[PATCH 4/9] x86/boot: Warn
on orphan section placement"
[ arch/x86/boot/compressed/Makefile ]
+KBUILD_LDFLAGS += --no-ld-generated-unwind-info
Can you comment on why this KBUILD_LDFLAGS was added/needed?
I like when people offer their work in a Git branch.
Do you plan to do that?
Thanks.
Regards,
- Sedat -
[1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/x86-arm
[2] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=linker/orphans/x86-arm&id=e43aa77956c40b9b6db0b37b3780423aa2e661ad
> H.J. Lu (1):
> Add RUNTIME_DISCARD_EXIT to generic DISCARDS
>
> Kees Cook (8):
> scripts/link-vmlinux.sh: Delay orphan handling warnings until final
> link
> vmlinux.lds.h: Add .gnu.version* to DISCARDS
> x86/build: Warn on orphan section placement
> x86/boot: Warn on orphan section placement
> arm64/build: Use common DISCARDS in linker script
> arm64/build: Warn on orphan section placement
> arm/build: Warn on orphan section placement
> arm/boot: Warn on orphan section placement
>
> arch/arm/Makefile | 4 ++++
> arch/arm/boot/compressed/Makefile | 2 ++
> arch/arm/boot/compressed/vmlinux.lds.S | 17 ++++++--------
> .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++-----
> arch/arm/kernel/vmlinux-xip.lds.S | 5 ++---
> arch/arm/kernel/vmlinux.lds.S | 5 ++---
> arch/arm64/Makefile | 4 ++++
> arch/arm64/kernel/vmlinux.lds.S | 13 +++++------
> arch/x86/Makefile | 4 ++++
> arch/x86/boot/compressed/Makefile | 3 ++-
> arch/x86/boot/compressed/vmlinux.lds.S | 13 +++++++++++
> arch/x86/kernel/vmlinux.lds.S | 7 ++++++
> include/asm-generic/vmlinux.lds.h | 11 ++++++++--
> scripts/link-vmlinux.sh | 6 +++++
> 14 files changed, 85 insertions(+), 31 deletions(-)
> rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%)
>
> --
> 2.20.1
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200228002244.15240-1-keescook%40chromium.org.
WARNING: multiple messages have this Message-ID (diff)
From: Sedat Dilek <sedat.dilek@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
linux-kbuild@vger.kernel.org,
Peter Collingbourne <pcc@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Masahiro Yamada <masahiroy@kernel.org>,
x86@kernel.org, Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org,
Clang-Built-Linux ML <clang-built-linux@googlegroups.com>,
James Morse <james.morse@arm.com>,
linux-arch@vger.kernel.org, Borislav Petkov <bp@suse.de>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 0/9] Enable orphan section warning
Date: Fri, 28 Feb 2020 07:51:21 +0100 [thread overview]
Message-ID: <CA+icZUVRnjOWKZynAGDniXD_H9KRccONmeKHs25DPPU1c8ZcGg@mail.gmail.com> (raw)
In-Reply-To: <20200228002244.15240-1-keescook@chromium.org>
On Fri, Feb 28, 2020 at 1:22 AM Kees Cook <keescook@chromium.org> wrote:
>
> Hi!
>
> A recent bug was solved for builds linked with ld.lld, and tracking
> it down took way longer than it needed to (a year). Ultimately, it
> boiled down to differences between ld.bfd and ld.lld's handling of
> orphan sections. Similarly, the recent FGKASLR series brough up orphan
> section handling too[2]. In both cases, it would have been nice if the
> linker was running with --orphan-handling=warn so that surprise sections
> wouldn't silently get mapped into the kernel image at locations up to
> the whim of the linker's orphan handling logic. Instead, all desired
> sections should be explicitly identified in the linker script (to be
> either kept or discarded) with any orphans throwing a warning. The
> powerpc architecture actually already does this, so this series seeks
> to extend this coverage to x86, arm64, and arm.
>
> This series depends on tip/x86/boot (where recent .eh_frame fixes[3]
> landed), and has a minor conflict[4] with the ARM tree (related to
> the earlier mentioned bug). As it uses refactorings in the asm-generic
> linker script, and makes changes to kbuild, I think the cleanest place
> for this series to land would also be through -tip. Once again (like
> my READ_IMPLIES_EXEC series), I'm looking to get maintainer Acks so
> this can go all together with the least disruption. Splitting it up by
> architecture seems needlessly difficult.
>
> Thanks!
>
> -Kees
>
> [1] https://github.com/ClangBuiltLinux/linux/issues/282
> [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/
> [3] https://lore.kernel.org/lkml/158264960194.28353.10560165361470246192.tip-bot2@tip-bot2/
> [4] https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=8959/1
>
Hi Kees,
is this an updated version of what you have in your
kees/linux.git#linker/orphans/x86-arm Git branch?
Especially, I saw a difference in [2] and "[PATCH 4/9] x86/boot: Warn
on orphan section placement"
[ arch/x86/boot/compressed/Makefile ]
+KBUILD_LDFLAGS += --no-ld-generated-unwind-info
Can you comment on why this KBUILD_LDFLAGS was added/needed?
I like when people offer their work in a Git branch.
Do you plan to do that?
Thanks.
Regards,
- Sedat -
[1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/x86-arm
[2] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=linker/orphans/x86-arm&id=e43aa77956c40b9b6db0b37b3780423aa2e661ad
> H.J. Lu (1):
> Add RUNTIME_DISCARD_EXIT to generic DISCARDS
>
> Kees Cook (8):
> scripts/link-vmlinux.sh: Delay orphan handling warnings until final
> link
> vmlinux.lds.h: Add .gnu.version* to DISCARDS
> x86/build: Warn on orphan section placement
> x86/boot: Warn on orphan section placement
> arm64/build: Use common DISCARDS in linker script
> arm64/build: Warn on orphan section placement
> arm/build: Warn on orphan section placement
> arm/boot: Warn on orphan section placement
>
> arch/arm/Makefile | 4 ++++
> arch/arm/boot/compressed/Makefile | 2 ++
> arch/arm/boot/compressed/vmlinux.lds.S | 17 ++++++--------
> .../arm/{kernel => include/asm}/vmlinux.lds.h | 22 ++++++++++++++-----
> arch/arm/kernel/vmlinux-xip.lds.S | 5 ++---
> arch/arm/kernel/vmlinux.lds.S | 5 ++---
> arch/arm64/Makefile | 4 ++++
> arch/arm64/kernel/vmlinux.lds.S | 13 +++++------
> arch/x86/Makefile | 4 ++++
> arch/x86/boot/compressed/Makefile | 3 ++-
> arch/x86/boot/compressed/vmlinux.lds.S | 13 +++++++++++
> arch/x86/kernel/vmlinux.lds.S | 7 ++++++
> include/asm-generic/vmlinux.lds.h | 11 ++++++++--
> scripts/link-vmlinux.sh | 6 +++++
> 14 files changed, 85 insertions(+), 31 deletions(-)
> rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (92%)
>
> --
> 2.20.1
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200228002244.15240-1-keescook%40chromium.org.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-02-28 6:51 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-28 0:22 [PATCH 0/9] Enable orphan section warning Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 1/9] scripts/link-vmlinux.sh: Delay orphan handling warnings until final link Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-20 2:47 ` Nicholas Piggin
2020-03-20 2:47 ` Nicholas Piggin
2020-03-20 18:24 ` Kees Cook
2020-03-20 18:24 ` Kees Cook
2020-03-22 9:16 ` Nicholas Piggin
2020-03-22 9:16 ` Nicholas Piggin
2020-03-22 16:00 ` Kees Cook
2020-03-22 16:00 ` Kees Cook
2020-02-28 0:22 ` [PATCH 2/9] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 3/9] x86/build: Warn on orphan section placement Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 4/9] x86/boot: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 5/9] Add RUNTIME_DISCARD_EXIT to generic DISCARDS Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 6/9] arm64/build: Use common DISCARDS in linker script Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-17 21:52 ` Will Deacon
2020-03-17 21:52 ` Will Deacon
2020-02-28 0:22 ` [PATCH 7/9] arm64/build: Warn on orphan section placement Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-03-17 21:56 ` Will Deacon
2020-03-17 21:56 ` Will Deacon
2020-03-17 23:01 ` Kees Cook
2020-03-17 23:01 ` Kees Cook
2020-03-17 23:10 ` Nick Desaulniers
2020-03-17 23:10 ` Nick Desaulniers
2020-02-28 0:22 ` [PATCH 8/9] arm/build: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 0:22 ` [PATCH 9/9] arm/boot: " Kees Cook
2020-02-28 0:22 ` Kees Cook
2020-02-28 6:51 ` Sedat Dilek [this message]
2020-02-28 6:51 ` [PATCH 0/9] Enable orphan section warning Sedat Dilek
2020-03-03 4:32 ` Kees Cook
2020-03-03 4:32 ` Kees Cook
2020-04-02 16:20 ` Sedat Dilek
2020-04-02 16:20 ` Sedat Dilek
2020-04-02 17:26 ` Kees Cook
2020-04-02 17:26 ` Kees Cook
2020-04-05 11:15 ` Sedat Dilek
2020-04-05 11:15 ` Sedat Dilek
2020-02-28 0:23 Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+icZUVRnjOWKZynAGDniXD_H9KRccONmeKHs25DPPU1c8ZcGg@mail.gmail.com \
--to=sedat.dilek@gmail.com \
--cc=arnd@arndb.de \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=hjl.tools@gmail.com \
--cc=james.morse@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=pcc@google.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.