Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-arch@vger.kernel.org, linux-s390@vger.kernel.org,
	Michal Simek <monstr@monstr.eu>,
	linux-ia64@vger.kernel.org, Kees Cook <keescook@chromium.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Michael Ellerman <mpe@ellerman.id.au>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Segher Boessenkool <segher@kernel.crashing.org>,
	linuxppc-dev@lists.ozlabs.org,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Yoshinori Sato <ysato@users.sourceforge.jp>,
	Andy Lutomirski <luto@kernel.org>,
	linux-alpha@vger.kernel.org,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Will Deacon <will@kernel.org>,
	linux-arm-kernel@lists.infradead.org,
	linux-c6x-dev@linux-c6x.org
Subject: [PATCH v3 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES
Date: Tue, 29 Oct 2019 14:13:22 -0700
Message-ID: <20191029211351.13243-1-keescook@chromium.org> (raw)

Arch maintainers: please send Acks (if you haven't already) for your
respective linker script changes; the intention is for this series to land
via -tip. See patch #1 for an extended rationale for the "note" vs "notes"
naming. If "notes" is strongly desired, we can perform that change on
top of this series. For now, I prefer to leave things as they were in v2.

v3: Add new Acks, clarify "note" vs "notes" renaming
v2: https://lore.kernel.org/lkml/20191011000609.29728-1-keescook@chromium.org
v1: https://lore.kernel.org/lkml/20190926175602.33098-1-keescook@chromium.org


This series works to move the linker sections for NOTES and
EXCEPTION_TABLE into the RO_DATA area, where they belong on most
(all?) architectures. The problem being addressed was the discovery
by Rick Edgecombe that the exception table was accidentally marked
executable while he was developing his execute-only-memory series. When
permissions were flipped from readable-and-executable to only-executable,
the exception table became unreadable, causing things to explode rather
badly. :)

Roughly speaking, the steps are:

- regularize the linker names for PT_NOTE and PT_LOAD program headers
  (to "note" and "text" respectively)
- regularize restoration of linker section to program header assignment
  (when PT_NOTE exists)
- move NOTES into RO_DATA
- finish macro naming conversions for RO_DATA and RW_DATA
- move EXCEPTION_TABLE into RO_DATA on architectures where this is clear
- clean up some x86-specific reporting of kernel memory resources
- switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because
  I finally realized what that trailing ": 0x9090" meant -- and we should
  trap, not slide, if execution lands in section padding

Thanks!

-Kees


Kees Cook (29):
  powerpc: Rename "notes" PT_NOTE to "note"
  powerpc: Remove PT_NOTE workaround
  powerpc: Rename PT_LOAD identifier "kernel" to "text"
  alpha: Rename PT_LOAD identifier "kernel" to "text"
  ia64: Rename PT_LOAD identifier "code" to "text"
  s390: Move RO_DATA into "text" PT_LOAD Program Header
  x86: Restore "text" Program Header with dummy section
  vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes
  vmlinux.lds.h: Move Program Header restoration into NOTES macro
  vmlinux.lds.h: Move NOTES into RO_DATA
  vmlinux.lds.h: Replace RODATA with RO_DATA
  vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA
  vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA
  vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA
  x86: Actually use _etext for end of text segment
  x86: Move EXCEPTION_TABLE to RO_DATA segment
  alpha: Move EXCEPTION_TABLE to RO_DATA segment
  arm64: Move EXCEPTION_TABLE to RO_DATA segment
  c6x: Move EXCEPTION_TABLE to RO_DATA segment
  h8300: Move EXCEPTION_TABLE to RO_DATA segment
  ia64: Move EXCEPTION_TABLE to RO_DATA segment
  microblaze: Move EXCEPTION_TABLE to RO_DATA segment
  parisc: Move EXCEPTION_TABLE to RO_DATA segment
  powerpc: Move EXCEPTION_TABLE to RO_DATA segment
  xtensa: Move EXCEPTION_TABLE to RO_DATA segment
  x86/mm: Remove redundant &s on addresses
  x86/mm: Report which part of kernel image is freed
  x86/mm: Report actual image regions in /proc/iomem
  x86: Use INT3 instead of NOP for linker fill bytes

 arch/alpha/kernel/vmlinux.lds.S      | 18 +++++-----
 arch/arc/kernel/vmlinux.lds.S        |  6 ++--
 arch/arm/kernel/vmlinux-xip.lds.S    |  4 +--
 arch/arm/kernel/vmlinux.lds.S        |  4 +--
 arch/arm64/kernel/vmlinux.lds.S      | 10 +++---
 arch/c6x/kernel/vmlinux.lds.S        |  8 ++---
 arch/csky/kernel/vmlinux.lds.S       |  5 ++-
 arch/h8300/kernel/vmlinux.lds.S      |  9 ++---
 arch/hexagon/kernel/vmlinux.lds.S    |  5 ++-
 arch/ia64/kernel/vmlinux.lds.S       | 20 +++++------
 arch/m68k/kernel/vmlinux-nommu.lds   |  4 +--
 arch/m68k/kernel/vmlinux-std.lds     |  2 +-
 arch/m68k/kernel/vmlinux-sun3.lds    |  2 +-
 arch/microblaze/kernel/vmlinux.lds.S |  8 ++---
 arch/mips/kernel/vmlinux.lds.S       | 15 ++++----
 arch/nds32/kernel/vmlinux.lds.S      |  5 ++-
 arch/nios2/kernel/vmlinux.lds.S      |  5 ++-
 arch/openrisc/kernel/vmlinux.lds.S   |  7 ++--
 arch/parisc/kernel/vmlinux.lds.S     | 11 +++---
 arch/powerpc/kernel/vmlinux.lds.S    | 37 ++++---------------
 arch/riscv/kernel/vmlinux.lds.S      |  5 ++-
 arch/s390/kernel/vmlinux.lds.S       | 12 +++----
 arch/sh/kernel/vmlinux.lds.S         |  3 +-
 arch/sparc/kernel/vmlinux.lds.S      |  3 +-
 arch/um/include/asm/common.lds.S     |  3 +-
 arch/unicore32/kernel/vmlinux.lds.S  |  5 ++-
 arch/x86/include/asm/processor.h     |  2 +-
 arch/x86/include/asm/sections.h      |  1 -
 arch/x86/kernel/setup.c              | 12 ++++++-
 arch/x86/kernel/vmlinux.lds.S        | 16 ++++-----
 arch/x86/mm/init.c                   |  8 ++---
 arch/x86/mm/init_64.c                | 16 +++++----
 arch/x86/mm/pti.c                    |  2 +-
 arch/xtensa/kernel/vmlinux.lds.S     |  8 ++---
 include/asm-generic/vmlinux.lds.h    | 53 ++++++++++++++++++++--------
 35 files changed, 159 insertions(+), 175 deletions(-)

-- 
2.17.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

             reply index

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-29 21:13 Kees Cook [this message]
2019-10-29 21:13 ` [PATCH v3 01/29] powerpc: Rename "notes" PT_NOTE to "note" Kees Cook
2019-10-29 21:13 ` [PATCH v3 02/29] powerpc: Remove PT_NOTE workaround Kees Cook
2019-10-29 21:13 ` [PATCH v3 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text" Kees Cook
2019-10-29 21:13 ` [PATCH v3 04/29] alpha: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 05/29] ia64: Rename PT_LOAD identifier "code" " Kees Cook
2019-10-29 21:13 ` [PATCH v3 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header Kees Cook
2019-10-29 21:13 ` [PATCH v3 07/29] x86: Restore "text" Program Header with dummy section Kees Cook
2019-10-29 21:13 ` [PATCH v3 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes Kees Cook
2019-10-29 21:13 ` [PATCH v3 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro Kees Cook
2019-10-29 21:13 ` [PATCH v3 10/29] vmlinux.lds.h: Move NOTES into RO_DATA Kees Cook
2019-10-29 21:13 ` [PATCH v3 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA Kees Cook
2019-10-29 21:13 ` [PATCH v3 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION " Kees Cook
2019-10-29 21:13 ` [PATCH v3 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA Kees Cook
2019-10-29 21:13 ` [PATCH v3 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA Kees Cook
2019-10-29 21:13 ` [PATCH v3 15/29] x86: Actually use _etext for end of text segment Kees Cook
2019-10-29 21:13 ` [PATCH v3 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment Kees Cook
2019-10-29 21:13 ` [PATCH v3 17/29] alpha: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 18/29] arm64: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 19/29] c6x: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 20/29] h8300: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 21/29] ia64: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 22/29] microblaze: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 23/29] parisc: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 24/29] powerpc: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 25/29] xtensa: " Kees Cook
2019-10-29 21:13 ` [PATCH v3 26/29] x86/mm: Remove redundant &s on addresses Kees Cook
2019-10-29 21:13 ` [PATCH v3 27/29] x86/mm: Report which part of kernel image is freed Kees Cook
2019-10-29 21:13 ` [PATCH v3 28/29] x86/mm: Report actual image regions in /proc/iomem Kees Cook
2019-10-29 21:13 ` [PATCH v3 29/29] x86: Use INT3 instead of NOP for linker fill bytes Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191029211351.13243-1-keescook@chromium.org \
    --to=keescook@chromium.org \
    --cc=arnd@arndb.de \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=heiko.carstens@de.ibm.com \
    --cc=linux-alpha@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-c6x-dev@linux-c6x.org \
    --cc=linux-ia64@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=luto@kernel.org \
    --cc=monstr@monstr.eu \
    --cc=mpe@ellerman.id.au \
    --cc=rick.p.edgecombe@intel.com \
    --cc=segher@kernel.crashing.org \
    --cc=will@kernel.org \
    --cc=ysato@users.sourceforge.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-ARM-Kernel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/0 linux-arm-kernel/git/0.git
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/1 linux-arm-kernel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-arm-kernel linux-arm-kernel/ https://lore.kernel.org/linux-arm-kernel \
		linux-arm-kernel@lists.infradead.org
	public-inbox-index linux-arm-kernel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-arm-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git