From: Kees Cook <keescook@chromium.org> To: Jakub Kicinski <jakub.kicinski@netronome.com>, Catalin Marinas <catalin.marinas@arm.com>, Heiko Carstens <heiko.carstens@de.ibm.com>, Eddie Kovsky <ewk@edkovsky.org> Cc: kbuild-all@01.org, kbuild test robot <lkp@intel.com>, Jessica Yu <jeyu@redhat.com>, Rusty Russell <rusty@rustcorp.com.au>, LKML <linux-kernel@vger.kernel.org>, "kernel-hardening@lists.openwall.com" <kernel-hardening@lists.openwall.com> Subject: Re: [PATCH v4 2/2] extable: verify address is read-only Date: Mon, 27 Mar 2017 11:42:57 -0700 [thread overview] Message-ID: <CAGXu5jKFPwDTaRq8eiszOoqdm-nQD13UrF_bj+m6FWWCzEnO9g@mail.gmail.com> (raw) In-Reply-To: <201703271633.xbYHmB37%fengguang.wu@intel.com> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot <lkp@intel.com> wrote: > Hi Eddie, > > [auto build test ERROR on next-20170323] > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8 v4.9-rc7 v4.9-rc6 v4.11-rc4] > [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] > > url: https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922 > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config) > compiler: bfin-uclinux-gcc (GCC) 6.2.0 > reproduce: > wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross > chmod +x ~/bin/make.cross > # save the attached .config to linux build tree > make.cross ARCH=blackfin > > All errors (new ones prefixed by >>): > > kernel/built-in.o: In function `core_kernel_rodata': >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' Hm, I'm confused about this. blackfin includes include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines __[start|end]_data_ro_after_init. Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73 ("mm: kmemleak: scan .data.ro_after_init") added a potentially redundant section name (s390 already calls this __[start|end]_ro_after_init). I'd like to get this cleaned up, since having multiple names for the same thing is confusing: diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 000e6e91f6a0..3667d20e997f 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -62,9 +62,11 @@ SECTIONS . = ALIGN(PAGE_SIZE); __start_ro_after_init = .; + __start_data_ro_after_init = .; .data..ro_after_init : { *(.data..ro_after_init) } + __end_data_ro_after_init = .; EXCEPTION_TABLE(16) . = ALIGN(PAGE_SIZE); __end_ro_after_init = .; And it seems that this hunk is wrong (__end_ro_after_init includes s390's exception table, etc). I think we should remove the ..._data_... name and use s390's name. I'll send an adjustment patch, but we'll still need to deal with blackfin. -Kees > > vim +169 kernel/extable.c > > 163 int core_kernel_rodata(unsigned long addr) > 164 { > 165 if (addr >= (unsigned long)__start_rodata && > 166 addr < (unsigned long)__end_rodata) > 167 return 1; > 168 > > 169 if (addr >= (unsigned long)__start_data_ro_after_init && > 170 addr < (unsigned long)__end_data_ro_after_init) > 171 return 1; > 172 > > --- > 0-DAY kernel test infrastructure Open Source Technology Center > https://lists.01.org/pipermail/kbuild-all Intel Corporation -- Kees Cook Pixel Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org> To: Jakub Kicinski <jakub.kicinski@netronome.com>, Catalin Marinas <catalin.marinas@arm.com>, Heiko Carstens <heiko.carstens@de.ibm.com>, Eddie Kovsky <ewk@edkovsky.org> Cc: kbuild-all@01.org, kbuild test robot <lkp@intel.com>, Jessica Yu <jeyu@redhat.com>, Rusty Russell <rusty@rustcorp.com.au>, LKML <linux-kernel@vger.kernel.org>, "kernel-hardening@lists.openwall.com" <kernel-hardening@lists.openwall.com> Subject: [kernel-hardening] Re: [PATCH v4 2/2] extable: verify address is read-only Date: Mon, 27 Mar 2017 11:42:57 -0700 [thread overview] Message-ID: <CAGXu5jKFPwDTaRq8eiszOoqdm-nQD13UrF_bj+m6FWWCzEnO9g@mail.gmail.com> (raw) In-Reply-To: <201703271633.xbYHmB37%fengguang.wu@intel.com> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot <lkp@intel.com> wrote: > Hi Eddie, > > [auto build test ERROR on next-20170323] > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8 v4.9-rc7 v4.9-rc6 v4.11-rc4] > [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] > > url: https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922 > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config) > compiler: bfin-uclinux-gcc (GCC) 6.2.0 > reproduce: > wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross > chmod +x ~/bin/make.cross > # save the attached .config to linux build tree > make.cross ARCH=blackfin > > All errors (new ones prefixed by >>): > > kernel/built-in.o: In function `core_kernel_rodata': >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init' Hm, I'm confused about this. blackfin includes include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines __[start|end]_data_ro_after_init. Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73 ("mm: kmemleak: scan .data.ro_after_init") added a potentially redundant section name (s390 already calls this __[start|end]_ro_after_init). I'd like to get this cleaned up, since having multiple names for the same thing is confusing: diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 000e6e91f6a0..3667d20e997f 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -62,9 +62,11 @@ SECTIONS . = ALIGN(PAGE_SIZE); __start_ro_after_init = .; + __start_data_ro_after_init = .; .data..ro_after_init : { *(.data..ro_after_init) } + __end_data_ro_after_init = .; EXCEPTION_TABLE(16) . = ALIGN(PAGE_SIZE); __end_ro_after_init = .; And it seems that this hunk is wrong (__end_ro_after_init includes s390's exception table, etc). I think we should remove the ..._data_... name and use s390's name. I'll send an adjustment patch, but we'll still need to deal with blackfin. -Kees > > vim +169 kernel/extable.c > > 163 int core_kernel_rodata(unsigned long addr) > 164 { > 165 if (addr >= (unsigned long)__start_rodata && > 166 addr < (unsigned long)__end_rodata) > 167 return 1; > 168 > > 169 if (addr >= (unsigned long)__start_data_ro_after_init && > 170 addr < (unsigned long)__end_data_ro_after_init) > 171 return 1; > 172 > > --- > 0-DAY kernel test infrastructure Open Source Technology Center > https://lists.01.org/pipermail/kbuild-all Intel Corporation -- Kees Cook Pixel Security
next prev parent reply other threads:[~2017-03-27 18:51 UTC|newest] Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-03-26 21:08 [PATCH v4 0/2] provide check for ro_after_init memory sections Eddie Kovsky 2017-03-26 21:08 ` [kernel-hardening] " Eddie Kovsky 2017-03-26 21:08 ` [PATCH v4 1/2] module: verify address is read-only Eddie Kovsky 2017-03-26 21:08 ` [kernel-hardening] " Eddie Kovsky 2017-03-30 3:31 ` Jessica Yu 2017-03-30 3:31 ` [kernel-hardening] " Jessica Yu 2017-03-26 21:08 ` [PATCH v4 2/2] extable: " Eddie Kovsky 2017-03-26 21:08 ` [kernel-hardening] " Eddie Kovsky 2017-03-27 8:43 ` kbuild test robot 2017-03-27 8:43 ` [kernel-hardening] " kbuild test robot 2017-03-27 18:42 ` Kees Cook [this message] 2017-03-27 18:42 ` Kees Cook 2017-03-29 3:28 ` Eddie Kovsky 2017-03-29 3:28 ` [kernel-hardening] " Eddie Kovsky 2017-03-30 3:27 ` Jessica Yu 2017-03-30 3:27 ` [kernel-hardening] " Jessica Yu 2017-03-30 16:24 ` Kees Cook 2017-03-30 16:24 ` [kernel-hardening] " Kees Cook 2017-03-31 3:09 ` Eddie Kovsky 2017-03-31 3:09 ` [kernel-hardening] " Eddie Kovsky 2017-04-03 22:10 ` Kees Cook 2017-04-03 22:10 ` [kernel-hardening] " Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAGXu5jKFPwDTaRq8eiszOoqdm-nQD13UrF_bj+m6FWWCzEnO9g@mail.gmail.com \ --to=keescook@chromium.org \ --cc=catalin.marinas@arm.com \ --cc=ewk@edkovsky.org \ --cc=heiko.carstens@de.ibm.com \ --cc=jakub.kicinski@netronome.com \ --cc=jeyu@redhat.com \ --cc=kbuild-all@01.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-kernel@vger.kernel.org \ --cc=lkp@intel.com \ --cc=rusty@rustcorp.com.au \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.