[PATCH 0/2] arm/arm64: localise objcopy flags

[PATCH 0/2] arm/arm64: localise objcopy flags

[Mark Rutland]

Hi,

Typically, architectures (including arm and arm64) define OBJCOPYFLAGS in their
top-level makefile, for the purpose of generating a raw binaries suitable for
booting, including Image, zImage, vmlinux.bin, etc.

As this top-level arch makefile is included by the top-level kernel makefile,
these flags are passed to other invocations of objcopy tree-wide. This can
result in unexpected and inconsistent behaviour across architectures (e.g.
generation of a raw binary rather than an ELF [1]).

Rather than force each new user of objcopy to specially clear OBJCOPYFLAGS,
this patch moves the existing OBJCOPYFLAGS variable definitions such that they
only affects the cases we require them for today, leaving the global namespace
clear.

Other architectures will likely need similar treatment.

Thanks,
Mark.

[1] http://www.openwall.com/lists/kernel-hardening/2016/06/08/2

Mark Rutland (2):
  arm64: localise Image objcopy flags
  arm: localise objcopy flags

 arch/arm/Makefile        | 1 -
 arch/arm/boot/Makefile   | 2 ++
 arch/arm64/Makefile      | 1 -
 arch/arm64/boot/Makefile | 2 ++
 4 files changed, 4 insertions(+), 2 deletions(-)

-- 
1.9.1

[PATCH 1/2] arm64: localise Image objcopy flags

[Mark Rutland]

We currently define OBJCOPYFLAGS in the top-level arm64 Makefile, and
thus these flags will be passed to all uses of objcopy, kernel-wide, for
which they are not explicitly overridden. The flags we set are intended
for converting vmlinux (and ELF) into Image (a raw binary), and thus the
flags chosen are problematic for some other uses which do not expect a
raw binary result, e.g. the upcoming lkdtm rodata test:

  http://www.openwall.com/lists/kernel-hardening/2016/06/08/2

This patch localises the objcopy flags such that they are only used for
the vmlinux -> Image conversion.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/Makefile      | 1 -
 arch/arm64/boot/Makefile | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 7085e32..af6d2d2 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -12,7 +12,6 @@
 
 LDFLAGS_vmlinux	:=-p --no-undefined -X
 CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET)
-OBJCOPYFLAGS	:=-O binary -R .note -R .note.gnu.build-id -R .comment -S
 GZFLAGS		:=-9
 
 ifneq ($(CONFIG_RELOCATABLE),)
diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
index 305c552..1f012c5 100644
--- a/arch/arm64/boot/Makefile
+++ b/arch/arm64/boot/Makefile
@@ -14,6 +14,8 @@
 # Based on the ia64 boot/Makefile.
 #
 
+OBJCOPYFLAGS_Image :=-O binary -R .note -R .note.gnu.build-id -R .comment -S
+
 targets := Image Image.gz
 
 $(obj)/Image: vmlinux FORCE
-- 
1.9.1

[PATCH 2/2] arm: localise objcopy flags

[Mark Rutland]

We currently define OBJCOPYFLAGS in the top-level arm Makefile, and thus
these flags will be passed to all uses of objcopy, kernel-wide, for
which they are not explicitly overridden. The flags we set are intended
for converting a few ELF files into raw binaries, and thus the flags
chosen are problematic for some other uses which do not expect a raw
binary result, e.g. the upcoming lkdtm rodata test:

  http://www.openwall.com/lists/kernel-hardening/2016/06/08/2

This patch localises the objcopy flags such that they are only used for
the cases we require them for today.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Russell King <linux@armlinux.org.uk>
---
 arch/arm/Makefile      | 1 -
 arch/arm/boot/Makefile | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 274e8a6..2ef60d3 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -23,7 +23,6 @@ ifeq ($(CONFIG_ARM_MODULE_PLTS),y)
 LDFLAGS_MODULE	+= -T $(srctree)/arch/arm/kernel/module.lds
 endif
 
-OBJCOPYFLAGS	:=-O binary -R .comment -S
 GZFLAGS		:=-9
 #KBUILD_CFLAGS	+=-pipe
 
diff --git a/arch/arm/boot/Makefile b/arch/arm/boot/Makefile
index 5be33a2..706efd6 100644
--- a/arch/arm/boot/Makefile
+++ b/arch/arm/boot/Makefile
@@ -11,6 +11,8 @@
 # Copyright (C) 1995-2002 Russell King
 #
 
+OBJCOPYFLAGS	:=-O binary -R .comment -S
+
 ifneq ($(MACHINE),)
 include $(MACHINE)/Makefile.boot
 endif
-- 
1.9.1

[PATCH 0/2] arm/arm64: localise objcopy flags

[Kees Cook]

On Tue, Jul 12, 2016 at 11:28 AM, Mark Rutland <mark.rutland@arm.com> wrote:
> Hi,
>
> Typically, architectures (including arm and arm64) define OBJCOPYFLAGS in their
> top-level makefile, for the purpose of generating a raw binaries suitable for
> booting, including Image, zImage, vmlinux.bin, etc.
>
> As this top-level arch makefile is included by the top-level kernel makefile,
> these flags are passed to other invocations of objcopy tree-wide. This can
> result in unexpected and inconsistent behaviour across architectures (e.g.
> generation of a raw binary rather than an ELF [1]).
>
> Rather than force each new user of objcopy to specially clear OBJCOPYFLAGS,
> this patch moves the existing OBJCOPYFLAGS variable definitions such that they
> only affects the cases we require them for today, leaving the global namespace
> clear.
>
> Other architectures will likely need similar treatment.

Oh excellent, thanks for doing this! I made an attempt at this back
when I ran into it with lkdtm, but I wasn't sure it was working as
intended. :)

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

>
> Thanks,
> Mark.
>
> [1] http://www.openwall.com/lists/kernel-hardening/2016/06/08/2
>
> Mark Rutland (2):
>   arm64: localise Image objcopy flags
>   arm: localise objcopy flags
>
>  arch/arm/Makefile        | 1 -
>  arch/arm/boot/Makefile   | 2 ++
>  arch/arm64/Makefile      | 1 -
>  arch/arm64/boot/Makefile | 2 ++
>  4 files changed, 4 insertions(+), 2 deletions(-)
>
> --
> 1.9.1
>



-- 
Kees Cook
Chrome OS & Brillo Security

[PATCH 0/2] arm/arm64: localise objcopy flags

[Laura Abbott]

On 07/12/2016 08:28 AM, Mark Rutland wrote:
> Hi,
>
> Typically, architectures (including arm and arm64) define OBJCOPYFLAGS in their
> top-level makefile, for the purpose of generating a raw binaries suitable for
> booting, including Image, zImage, vmlinux.bin, etc.
>
> As this top-level arch makefile is included by the top-level kernel makefile,
> these flags are passed to other invocations of objcopy tree-wide. This can
> result in unexpected and inconsistent behaviour across architectures (e.g.
> generation of a raw binary rather than an ELF [1]).
>
> Rather than force each new user of objcopy to specially clear OBJCOPYFLAGS,
> this patch moves the existing OBJCOPYFLAGS variable definitions such that they
> only affects the cases we require them for today, leaving the global namespace
> clear.
>
> Other architectures will likely need similar treatment.
>
> Thanks,
> Mark.
>
> [1] http://www.openwall.com/lists/kernel-hardening/2016/06/08/2
>
> Mark Rutland (2):
>   arm64: localise Image objcopy flags
>   arm: localise objcopy flags
>
>  arch/arm/Makefile        | 1 -
>  arch/arm/boot/Makefile   | 2 ++
>  arch/arm64/Makefile      | 1 -
>  arch/arm64/boot/Makefile | 2 ++
>  4 files changed, 4 insertions(+), 2 deletions(-)
>

Kees' lkdtm tests compile and boot successfully with this patch for
both arm and arm64 so you can add

Tested-by: Laura Abbott <labbott@redhat.com>

Thanks,
Laura

[PATCH 0/2] arm/arm64: localise objcopy flags

[Mark Rutland]

On Mon, Jul 18, 2016 at 04:16:34PM -0700, Laura Abbott wrote:
> On 07/12/2016 08:28 AM, Mark Rutland wrote:
> >Hi,
> >
> >Typically, architectures (including arm and arm64) define OBJCOPYFLAGS in their
> >top-level makefile, for the purpose of generating a raw binaries suitable for
> >booting, including Image, zImage, vmlinux.bin, etc.
> >
> >As this top-level arch makefile is included by the top-level kernel makefile,
> >these flags are passed to other invocations of objcopy tree-wide. This can
> >result in unexpected and inconsistent behaviour across architectures (e.g.
> >generation of a raw binary rather than an ELF [1]).
> >
> >Rather than force each new user of objcopy to specially clear OBJCOPYFLAGS,
> >this patch moves the existing OBJCOPYFLAGS variable definitions such that they
> >only affects the cases we require them for today, leaving the global namespace
> >clear.
> >
> >Other architectures will likely need similar treatment.
> >
> >Thanks,
> >Mark.
> >
> >[1] http://www.openwall.com/lists/kernel-hardening/2016/06/08/2
> >
> >Mark Rutland (2):
> >  arm64: localise Image objcopy flags
> >  arm: localise objcopy flags
> >
> > arch/arm/Makefile        | 1 -
> > arch/arm/boot/Makefile   | 2 ++
> > arch/arm64/Makefile      | 1 -
> > arch/arm64/boot/Makefile | 2 ++
> > 4 files changed, 4 insertions(+), 2 deletions(-)
> >
> 
> Kees' lkdtm tests compile and boot successfully with this patch for
> both arm and arm64 so you can add
> 
> Tested-by: Laura Abbott <labbott@redhat.com>

Cheers!

On the assumption that Russell is ok with the arm patch, I've dropped
that in the patch system (with tags) as 8588/1 [1].

Catalin, Will, I guess I should repost the arm64 patch come v4.8-rc1?

Thanks,
Mark.

[1] http://www.armlinux.org.uk/developer/patches/viewpatch.php?id=8588/1

[PATCH 0/2] arm/arm64: localise objcopy flags

[Catalin Marinas]

On Tue, Jul 19, 2016 at 11:29:26AM +0100, Mark Rutland wrote:
> On Mon, Jul 18, 2016 at 04:16:34PM -0700, Laura Abbott wrote:
> > On 07/12/2016 08:28 AM, Mark Rutland wrote:
> > >Mark Rutland (2):
> > >  arm64: localise Image objcopy flags
> > >  arm: localise objcopy flags
> > >
> > > arch/arm/Makefile        | 1 -
> > > arch/arm/boot/Makefile   | 2 ++
> > > arch/arm64/Makefile      | 1 -
> > > arch/arm64/boot/Makefile | 2 ++
> > > 4 files changed, 4 insertions(+), 2 deletions(-)
> > >
> > 
> > Kees' lkdtm tests compile and boot successfully with this patch for
> > both arm and arm64 so you can add
> > 
> > Tested-by: Laura Abbott <labbott@redhat.com>
> 
> Cheers!
> 
> On the assumption that Russell is ok with the arm patch, I've dropped
> that in the patch system (with tags) as 8588/1 [1].
> 
> Catalin, Will, I guess I should repost the arm64 patch come v4.8-rc1?

I queued them for 4.8. Thanks.

-- 
Catalin

[PATCH 0/2] arm/arm64: localise objcopy flags

[Catalin Marinas]

On Tue, Jul 19, 2016 at 03:31:41PM +0100, Catalin Marinas wrote:
> On Tue, Jul 19, 2016 at 11:29:26AM +0100, Mark Rutland wrote:
> > On Mon, Jul 18, 2016 at 04:16:34PM -0700, Laura Abbott wrote:
> > > On 07/12/2016 08:28 AM, Mark Rutland wrote:
> > > >Mark Rutland (2):
> > > >  arm64: localise Image objcopy flags
> > > >  arm: localise objcopy flags
> > > >
> > > > arch/arm/Makefile        | 1 -
> > > > arch/arm/boot/Makefile   | 2 ++
> > > > arch/arm64/Makefile      | 1 -
> > > > arch/arm64/boot/Makefile | 2 ++
> > > > 4 files changed, 4 insertions(+), 2 deletions(-)
> > > >
> > > 
> > > Kees' lkdtm tests compile and boot successfully with this patch for
> > > both arm and arm64 so you can add
> > > 
> > > Tested-by: Laura Abbott <labbott@redhat.com>
> > 
> > Cheers!
> > 
> > On the assumption that Russell is ok with the arm patch, I've dropped
> > that in the patch system (with tags) as 8588/1 [1].
> > 
> > Catalin, Will, I guess I should repost the arm64 patch come v4.8-rc1?
> 
> I queued them for 4.8. Thanks.

s/them/the arm64 patch/

-- 
Catalin