Re: [PATCH v3 7/7] x86/boot: Check that there are no runtime relocations

From: Ard Biesheuvel <ardb@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Arvind Sankar <nivedita@alum.mit.edu>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Fangrui Song <maskray@google.com>,
	Dmitry Golovin <dima@golovin.in>,
	clang-built-linux <clang-built-linux@googlegroups.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Daniel Kiper <daniel.kiper@oracle.com>,
	Sedat Dilek <sedat.dilek@gmail.com>,
	Nathan Chancellor <natechancellor@gmail.com>,
	Arnd Bergmann <arnd@arndb.de>, "H . J . Lu" <hjl@sourceware.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 7/7] x86/boot: Check that there are no runtime relocations
Date: Mon, 29 Jun 2020 18:11:59 +0200	[thread overview]
Message-ID: <CAMj1kXFge5aWL2BY8Y1=m1TonB+SrDq6p7TQWuO5JkzcR2dhjQ@mail.gmail.com> (raw)
In-Reply-To: <202006290907.E5EF18A@keescook>

On Mon, 29 Jun 2020 at 18:09, Kees Cook <keescook@chromium.org> wrote:
>
> On Mon, Jun 29, 2020 at 10:09:28AM -0400, Arvind Sankar wrote:
> > Add a linker script check that there are no runtime relocations, and
> > remove the old one that tries to check via looking for specially-named
> > sections in the object files.
> >
> > Drop the tests for -fPIE compiler option and -pie linker option, as they
> > are available in all supported gcc and binutils versions (as well as
> > clang and lld).
> >
> > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> > Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> > Reviewed-by: Fangrui Song <maskray@google.com>
> > ---
> >  arch/x86/boot/compressed/Makefile      | 28 +++-----------------------
> >  arch/x86/boot/compressed/vmlinux.lds.S |  8 ++++++++
> >  2 files changed, 11 insertions(+), 25 deletions(-)
>
> Reviewed-by: Kees Cook <keescook@chromium.org>
>
> question below ...
>
> > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
> > index a4a4a59a2628..a78510046eec 100644
> > --- a/arch/x86/boot/compressed/vmlinux.lds.S
> > +++ b/arch/x86/boot/compressed/vmlinux.lds.S
> > @@ -42,6 +42,12 @@ SECTIONS
> >               *(.rodata.*)
> >               _erodata = . ;
> >       }
> > +     .rel.dyn : {
> > +             *(.rel.*)
> > +     }
> > +     .rela.dyn : {
> > +             *(.rela.*)
> > +     }
> >       .got : {
> >               *(.got)
> >       }
>
> Should these be marked (INFO) as well?
>

Given that sections marked as (INFO) will still be emitted into the
ELF image, it does not really make a difference to do this for zero
sized sections.

> > @@ -85,3 +91,5 @@ ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT en
> >  #else
> >  ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
> >  #endif
> > +
> > +ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected runtime relocations detected!")
>
> I think I should be doing this same ASSERT style for other explicit
> DISCARDS in my orphan series so we'll notice if they change, instead
> of being silently dropped if they grow.
>