linux-efi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v4 00/17] Warn on orphan section placement
@ 2020-06-29  6:18 Kees Cook
  2020-06-29  6:18 ` [PATCH v4 01/17] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
                   ` (17 more replies)
  0 siblings, 18 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

v4:
- explicitly add .ARM.attributes
- split up arm64 changes into separate patches
- split up arm changes into separate patches
- work around Clang section generation bug in -mbranch-protection
- work around Clang section generation bug in KASAN and KCSAN
- split "common" ELF sections out of STABS_DEBUG
- changed relative position of .comment
- add reviews/acks
v3: https://lore.kernel.org/lkml/20200624014940.1204448-1-keescook@chromium.org/
v2: https://lore.kernel.org/lkml/20200622205815.2988115-1-keescook@chromium.org/
v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/

A recent bug[1] was solved for builds linked with ld.lld, and tracking
it down took way longer than it needed to (a year). Ultimately, it
boiled down to differences between ld.bfd and ld.lld's handling of
orphan sections. Similarly, the recent FGKASLR series brough up orphan
section handling too[2]. In both cases, it would have been nice if the
linker was running with --orphan-handling=warn so that surprise sections
wouldn't silently get mapped into the kernel image at locations up to the
whim of the linker's orphan handling logic. Instead, all desired sections
should be explicitly identified in the linker script (to be either kept or
discarded) with any orphans throwing a warning. The powerpc architecture
actually already does this, so this series extends coverage to x86, arm,
and arm64.

All three architectures depend on the first four commits (to
vmlinux.lds.h), and arm64 depends on the 5th and 6th patches (to ctype,
and efi/libstub). As such, I'd like to land this series as a whole. Given
that two thirds of it is in the arm universe, perhaps this can land via
the arm64 tree? If x86 -tip is preferred, that works too. Or I could
just carry this myself in -next. In all cases, I would really appreciate
reviews/acks/etc. :)

Thanks!

-Kees

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v4

Kees Cook (17):
  vmlinux.lds.h: Add .gnu.version* to DISCARDS
  vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
  vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
  vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
  ctype: Work around Clang -mbranch-protection=none bug
  efi/libstub: Disable -mbranch-protection
  arm64/build: Use common DISCARDS in linker script
  arm64/mm: Remove needless section quotes
  arm64/build: Remove .eh_frame* sections due to unwind tables
  arm64/kernel: Remove needless Call Frame Information annotations
  arm64/build: Warn on orphan section placement
  arm/build: Refactor linker script headers
  arm/build: Explicitly keep .ARM.attributes sections
  arm/build: Warn on orphan section placement
  arm/boot: Warn on orphan section placement
  x86/build: Warn on orphan section placement
  x86/boot: Warn on orphan section placement

 arch/alpha/kernel/vmlinux.lds.S               |  1 +
 arch/arc/kernel/vmlinux.lds.S                 |  1 +
 arch/arm/boot/compressed/Makefile             |  2 ++
 arch/arm/boot/compressed/vmlinux.lds.S        | 18 +++++-----
 .../arm/{kernel => include/asm}/vmlinux.lds.h | 25 ++++++++++---
 arch/arm/kernel/vmlinux-xip.lds.S             |  6 ++--
 arch/arm/kernel/vmlinux.lds.S                 |  6 ++--
 arch/arm64/Makefile                           |  9 ++++-
 arch/arm64/kernel/smccc-call.S                |  2 --
 arch/arm64/kernel/vmlinux.lds.S               | 17 ++++++---
 arch/arm64/mm/mmu.c                           |  2 +-
 arch/csky/kernel/vmlinux.lds.S                |  1 +
 arch/hexagon/kernel/vmlinux.lds.S             |  1 +
 arch/ia64/kernel/vmlinux.lds.S                |  1 +
 arch/mips/kernel/vmlinux.lds.S                |  1 +
 arch/nds32/kernel/vmlinux.lds.S               |  1 +
 arch/nios2/kernel/vmlinux.lds.S               |  1 +
 arch/openrisc/kernel/vmlinux.lds.S            |  1 +
 arch/parisc/boot/compressed/vmlinux.lds.S     |  1 +
 arch/parisc/kernel/vmlinux.lds.S              |  1 +
 arch/powerpc/kernel/vmlinux.lds.S             |  2 +-
 arch/riscv/kernel/vmlinux.lds.S               |  1 +
 arch/s390/kernel/vmlinux.lds.S                |  1 +
 arch/sh/kernel/vmlinux.lds.S                  |  1 +
 arch/sparc/kernel/vmlinux.lds.S               |  1 +
 arch/um/kernel/dyn.lds.S                      |  2 +-
 arch/um/kernel/uml.lds.S                      |  2 +-
 arch/unicore32/kernel/vmlinux.lds.S           |  1 +
 arch/x86/Makefile                             |  8 ++++-
 arch/x86/boot/compressed/Makefile             |  3 +-
 arch/x86/boot/compressed/vmlinux.lds.S        | 12 +++++++
 arch/x86/include/asm/asm.h                    |  6 +++-
 arch/x86/kernel/vmlinux.lds.S                 |  7 ++++
 drivers/firmware/efi/libstub/Makefile         |  3 +-
 include/asm-generic/vmlinux.lds.h             | 35 +++++++++++++++++--
 lib/ctype.c                                   | 10 ++++++
 36 files changed, 154 insertions(+), 39 deletions(-)
 rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (88%)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 38+ messages in thread

* [PATCH v4 01/17] vmlinux.lds.h: Add .gnu.version* to DISCARDS
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 02/17] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
                   ` (16 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Fangrui Song, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

For vmlinux linking, no architecture uses the .gnu.version* sections,
so remove it via the common DISCARDS macro in preparation for adding
--orphan-handling=warn more widely. This is a work-around for what
appears to be a bug[1] in ld.bfd which warns for this synthetic section
even when none is found in input objects, and even when no section is
emitted for an output object[2].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=26153
[2] https://lore.kernel.org/lkml/202006221524.CEB86E036B@keescook/

Reviewed-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index db600ef218d7..1248a206be8d 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -934,6 +934,8 @@
 	*(.discard)							\
 	*(.discard.*)							\
 	*(.modinfo)							\
+	/* ld.bfd warns about .gnu.version* even when not emitted */	\
+	*(.gnu.version*)						\
 	}
 
 /**
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 02/17] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
  2020-06-29  6:18 ` [PATCH v4 01/17] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 03/17] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
                   ` (15 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread) produce
unwanted[1] .eh_frame and .init_array.* sections. Add them to DISCARDS,
except with CONFIG_CONSTRUCTORS, which wants to keep .init_array.*
sections.

[1] https://bugs.llvm.org/show_bug.cgi?id=46478

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 1248a206be8d..e53a2d4f47f6 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -927,10 +927,30 @@
 	EXIT_DATA
 #endif
 
+/*
+ * Clang's -fsanitize=kernel-address and -fsanitize=thread produce
+ * unwanted sections (.eh_frame and .init_array.*), but
+ * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections.
+ * https://bugs.llvm.org/show_bug.cgi?id=46478
+ */
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
+# ifdef CONFIG_CONSTRUCTORS
+#  define KASAN_DISCARDS						\
+	*(.eh_frame)
+# else
+#  define KASAN_DISCARDS						\
+	*(.init_array) *(.init_array.*)					\
+	*(.eh_frame)
+# endif
+#else
+# define KASAN_DISCARDS
+#endif
+
 #define DISCARDS							\
 	/DISCARD/ : {							\
 	EXIT_DISCARDS							\
 	EXIT_CALL							\
+	KASAN_DISCARDS							\
 	*(.discard)							\
 	*(.discard.*)							\
 	*(.modinfo)							\
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 03/17] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
  2020-06-29  6:18 ` [PATCH v4 01/17] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
  2020-06-29  6:18 ` [PATCH v4 02/17] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 04/17] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
                   ` (14 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

The .comment section doesn't belong in STABS_DEBUG. Split it out into a
new macro named ELF_DETAILS. This will gain other non-debug sections
that need to be accounted for when linking with --orphan-handling=warn.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/alpha/kernel/vmlinux.lds.S           | 1 +
 arch/arc/kernel/vmlinux.lds.S             | 1 +
 arch/arm/kernel/vmlinux-xip.lds.S         | 1 +
 arch/arm/kernel/vmlinux.lds.S             | 1 +
 arch/arm64/kernel/vmlinux.lds.S           | 1 +
 arch/csky/kernel/vmlinux.lds.S            | 1 +
 arch/hexagon/kernel/vmlinux.lds.S         | 1 +
 arch/ia64/kernel/vmlinux.lds.S            | 1 +
 arch/mips/kernel/vmlinux.lds.S            | 1 +
 arch/nds32/kernel/vmlinux.lds.S           | 1 +
 arch/nios2/kernel/vmlinux.lds.S           | 1 +
 arch/openrisc/kernel/vmlinux.lds.S        | 1 +
 arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
 arch/parisc/kernel/vmlinux.lds.S          | 1 +
 arch/powerpc/kernel/vmlinux.lds.S         | 2 +-
 arch/riscv/kernel/vmlinux.lds.S           | 1 +
 arch/s390/kernel/vmlinux.lds.S            | 1 +
 arch/sh/kernel/vmlinux.lds.S              | 1 +
 arch/sparc/kernel/vmlinux.lds.S           | 1 +
 arch/um/kernel/dyn.lds.S                  | 2 +-
 arch/um/kernel/uml.lds.S                  | 2 +-
 arch/unicore32/kernel/vmlinux.lds.S       | 1 +
 arch/x86/boot/compressed/vmlinux.lds.S    | 2 ++
 arch/x86/kernel/vmlinux.lds.S             | 1 +
 include/asm-generic/vmlinux.lds.h         | 8 ++++++--
 25 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S
index bc6f727278fd..5b78d640725d 100644
--- a/arch/alpha/kernel/vmlinux.lds.S
+++ b/arch/alpha/kernel/vmlinux.lds.S
@@ -72,6 +72,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index 54139a6f469b..33ce59d91461 100644
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -122,6 +122,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	DISCARDS
 
 	.arcextmap 0 : {
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 6d2be994ae58..3d4e88f08196 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7f24bc08403e..5592f14b7e35 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 6827da7f3aa5..55ae731b6368 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -245,6 +245,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 
 	HEAD_SYMBOLS
 }
diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S
index f05b413df328..f03033e17c29 100644
--- a/arch/csky/kernel/vmlinux.lds.S
+++ b/arch/csky/kernel/vmlinux.lds.S
@@ -109,6 +109,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S
index 0ca2471ddb9f..35b18e55eae8 100644
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -67,5 +67,6 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 }
diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
index d259690eb91a..9b265783be6a 100644
--- a/arch/ia64/kernel/vmlinux.lds.S
+++ b/arch/ia64/kernel/vmlinux.lds.S
@@ -218,6 +218,7 @@ SECTIONS {
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Default discards */
 	DISCARDS
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index f185a85a27c1..5e97e9d02f98 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -202,6 +202,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* These must appear regardless of  .  */
 	.gptab.sdata : {
diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S
index 7a6c1cefe3fe..6a91b965fb1e 100644
--- a/arch/nds32/kernel/vmlinux.lds.S
+++ b/arch/nds32/kernel/vmlinux.lds.S
@@ -64,6 +64,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S
index c55a7cfa1075..126e114744cb 100644
--- a/arch/nios2/kernel/vmlinux.lds.S
+++ b/arch/nios2/kernel/vmlinux.lds.S
@@ -58,6 +58,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S
index 60449fd7f16f..d287dbb84d0f 100644
--- a/arch/openrisc/kernel/vmlinux.lds.S
+++ b/arch/openrisc/kernel/vmlinux.lds.S
@@ -115,6 +115,7 @@ SECTIONS
 	/* Throw in the debugging sections */
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
         /* Sections to be discarded -- must be last */
 	DISCARDS
diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S
index 2ac3a643f2eb..ab7b43990857 100644
--- a/arch/parisc/boot/compressed/vmlinux.lds.S
+++ b/arch/parisc/boot/compressed/vmlinux.lds.S
@@ -84,6 +84,7 @@ SECTIONS
 	}
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S
index 53e29d88f99c..2769eb991f58 100644
--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -164,6 +164,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 326e113d2e45..e0548b4950de 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -360,8 +360,8 @@ SECTIONS
 	PROVIDE32 (end = .);
 
 	STABS_DEBUG
-
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 	/DISCARD/ : {
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index e6f8016b366a..00a325289a26 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -97,6 +97,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 37695499717d..177ccfbda40a 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -181,6 +181,7 @@ SECTIONS
 	/* Debugging sections.	*/
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Sections to be discarded */
 	DISCARDS
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index bde7a6c01aaf..3161b9ccd2a5 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -76,6 +76,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
index f99e99e58075..d55ae65a07ad 100644
--- a/arch/sparc/kernel/vmlinux.lds.S
+++ b/arch/sparc/kernel/vmlinux.lds.S
@@ -187,6 +187,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index f5001481010c..dacbfabf66d8 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -164,8 +164,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 3b6dab3d4501..45d957d7004c 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -108,8 +108,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/unicore32/kernel/vmlinux.lds.S b/arch/unicore32/kernel/vmlinux.lds.S
index 6fb320b337ef..22eb642c7280 100644
--- a/arch/unicore32/kernel/vmlinux.lds.S
+++ b/arch/unicore32/kernel/vmlinux.lds.S
@@ -54,6 +54,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS		/* Exit code and data */
 }
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 8f1025d1f681..d88612e3091f 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -75,5 +75,7 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	ELF_DETAILS
+
 	DISCARDS
 }
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 3bfc8dd8a43d..504d16968ed8 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -410,6 +410,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index e53a2d4f47f6..c5d10bc53996 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -34,6 +34,7 @@
  *
  *	STABS_DEBUG
  *	DWARF_DEBUG
+ *	ELF_DETAILS
  *
  *	DISCARDS		// must be the last
  * }
@@ -784,14 +785,17 @@
 		.debug_macro	0 : { *(.debug_macro) }			\
 		.debug_addr	0 : { *(.debug_addr) }
 
-		/* Stabs debugging sections.  */
+/* Stabs debugging sections. */
 #define STABS_DEBUG							\
 		.stab 0 : { *(.stab) }					\
 		.stabstr 0 : { *(.stabstr) }				\
 		.stab.excl 0 : { *(.stab.excl) }			\
 		.stab.exclstr 0 : { *(.stab.exclstr) }			\
 		.stab.index 0 : { *(.stab.index) }			\
-		.stab.indexstr 0 : { *(.stab.indexstr) }		\
+		.stab.indexstr 0 : { *(.stab.indexstr) }
+
+/* Required sections not related to debugging. */
+#define ELF_DETAILS							\
 		.comment 0 : { *(.comment) }
 
 #ifdef CONFIG_GENERIC_BUG
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 04/17] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (2 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 03/17] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug Kees Cook
                   ` (13 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Fangrui Song, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

When linking vmlinux with LLD, the synthetic sections .symtab, .strtab,
and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section
so there will be no warnings when --orphan-handling=warn is used more
widely. (They are added above comment as it is the more common
order[1].)

ld.lld: warning: <internal>:(.symtab) is being placed in '.symtab'
ld.lld: warning: <internal>:(.shstrtab) is being placed in '.shstrtab'
ld.lld: warning: <internal>:(.strtab) is being placed in '.strtab'

[1] https://lore.kernel.org/lkml/20200622224928.o2a7jkq33guxfci4@google.com/

Reported-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index c5d10bc53996..9477359278a2 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -796,7 +796,10 @@
 
 /* Required sections not related to debugging. */
 #define ELF_DETAILS							\
-		.comment 0 : { *(.comment) }
+		.comment 0 : { *(.comment) }				\
+		.symtab 0 : { *(.symtab) }				\
+		.strtab 0 : { *(.strtab) }				\
+		.shstrtab 0 : { *(.shstrtab) }
 
 #ifdef CONFIG_GENERIC_BUG
 #define BUG_TABLE							\
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (3 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 04/17] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  8:15   ` Ard Biesheuvel
  2020-06-29  6:18 ` [PATCH v4 06/17] efi/libstub: Disable -mbranch-protection Kees Cook
                   ` (12 subsequent siblings)
  17 siblings, 1 reply; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Ard Biesheuvel, Dave Martin, clang-built-linux,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

In preparation for building efi/libstub with -mbranch-protection=none
(EFI does not support branch protection features[1]), add no-op code
to work around a Clang bug that emits an unwanted .note.gnu.property
section for object files without code[2].

[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
[2] https://bugs.llvm.org/show_bug.cgi?id=46480

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: Dave Martin <Dave.Martin@arm.com>
Cc: clang-built-linux@googlegroups.com
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 lib/ctype.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/ctype.c b/lib/ctype.c
index c819fe269eb2..21245ed57d90 100644
--- a/lib/ctype.c
+++ b/lib/ctype.c
@@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,	/* 224-239 */
 _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};	/* 240-255 */
 
 EXPORT_SYMBOL(_ctype);
+
+/*
+ * Clang will generate .note.gnu.property sections for object files
+ * without code, even in the presence of -mbranch-protection=none.
+ * To work around this, define an unused static function.
+ * https://bugs.llvm.org/show_bug.cgi?id=46480
+ */
+#ifdef CONFIG_CC_IS_CLANG
+void __maybe_unused __clang_needs_code_here(void) { }
+#endif
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 06/17] efi/libstub: Disable -mbranch-protection
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (4 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 07/17] arm64/build: Use common DISCARDS in linker script Kees Cook
                   ` (11 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Ard Biesheuvel, Arvind Sankar, Atish Patra, linux-efi,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch,
	linux-arm-kernel, linux-kernel

In preparation for adding --orphan-handling=warn to more architectures,
this disables -mbranch-protection, as EFI does not yet support it[1].
This was noticed due to it producing unwanted .note.gnu.property sections
(prefixed with .init due to the objcopy build step).

[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Atish Patra <atish.patra@wdc.com>
Cc: linux-efi@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/firmware/efi/libstub/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 75daaf20374e..10fa342ef40c 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ \
 # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
 # disable the stackleak plugin
 cflags-$(CONFIG_ARM64)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-				   -fpie $(DISABLE_STACKLEAK_PLUGIN)
+				   -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+				   $(call cc-option,-mbranch-protection=none)
 cflags-$(CONFIG_ARM)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
 				   -fno-builtin -fpic \
 				   $(call cc-option,-mno-single-pic-base)
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 07/17] arm64/build: Use common DISCARDS in linker script
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (5 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 06/17] efi/libstub: Disable -mbranch-protection Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 08/17] arm64/mm: Remove needless section quotes Kees Cook
                   ` (10 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Use the common DISCARDS rule for the linker script in an effort to
regularize the linker script to prepare for warning on orphaned
sections. Additionally clean up left-over no-op macros.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Will Deacon <will@kernel.org>
---
 arch/arm64/kernel/vmlinux.lds.S | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 55ae731b6368..b5a94ec1eada 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -6,6 +6,7 @@
  */
 
 #define RO_EXCEPTION_TABLE_ALIGN	8
+#define RUNTIME_DISCARD_EXIT
 
 #include <asm-generic/vmlinux.lds.h>
 #include <asm/cache.h>
@@ -89,10 +90,8 @@ SECTIONS
 	 * matching the same input section name.  There is no documented
 	 * order of matching.
 	 */
+	DISCARDS
 	/DISCARD/ : {
-		EXIT_CALL
-		*(.discard)
-		*(.discard.*)
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
 		*(.eh_frame)
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (6 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 07/17] arm64/build: Use common DISCARDS in linker script Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29 19:53   ` Nick Desaulniers
  2020-06-29  6:18 ` [PATCH v4 09/17] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
                   ` (9 subsequent siblings)
  17 siblings, 1 reply; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Fix a case of needless quotes in __section(), which Clang doesn't like.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 1df25f26571d..dce024ea6084 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -42,7 +42,7 @@
 u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
 u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
 
-u64 __section(".mmuoff.data.write") vabits_actual;
+u64 __section(.mmuoff.data.write) vabits_actual;
 EXPORT_SYMBOL(vabits_actual);
 
 u64 kimage_voffset __ro_after_init;
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 09/17] arm64/build: Remove .eh_frame* sections due to unwind tables
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (7 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 08/17] arm64/mm: Remove needless section quotes Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 10/17] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
                   ` (8 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS
contain -fno-asychronous-unwind-tables and -fno-unwind-tables.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index a0d94d063fa8..895486606f74 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -47,13 +47,16 @@ endif
 
 KBUILD_CFLAGS	+= -mgeneral-regs-only	\
 		   $(compat_vdso) $(cc_has_k_constraint)
-KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS	+= $(call cc-disable-warning, psabi)
 KBUILD_AFLAGS	+= $(compat_vdso)
 
 KBUILD_CFLAGS	+= $(call cc-option,-mabi=lp64)
 KBUILD_AFLAGS	+= $(call cc-option,-mabi=lp64)
 
+# Avoid generating .eh_frame* sections.
+KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_AFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
 prepare: stack_protector_prepare
 stack_protector_prepare: prepare0
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 10/17] arm64/kernel: Remove needless Call Frame Information annotations
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (8 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 09/17] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 11/17] arm64/build: Warn on orphan section placement Kees Cook
                   ` (7 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Remove last instance of an .eh_frame section by removing the needless Call
Frame Information annotations which were likely leftovers from 32-bit arm.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/kernel/smccc-call.S | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S
index 1f93809528a4..d62447964ed9 100644
--- a/arch/arm64/kernel/smccc-call.S
+++ b/arch/arm64/kernel/smccc-call.S
@@ -9,7 +9,6 @@
 #include <asm/assembler.h>
 
 	.macro SMCCC instr
-	.cfi_startproc
 	\instr	#0
 	ldr	x4, [sp]
 	stp	x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS]
@@ -21,7 +20,6 @@
 	b.ne	1f
 	str	x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS]
 1:	ret
-	.cfi_endproc
 	.endm
 
 /*
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 11/17] arm64/build: Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (9 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 10/17] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 12/17] arm/build: Refactor linker script headers Kees Cook
                   ` (6 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly named in the linker
script.

Remove .eh_frame, since there are none left.

Add .plt, .data.rel.ro, .igot.*, and .iplt to discards as they are not
actually used. While .got.plt is also not used, it must be included
otherwise ld.bfd will fail to link with the error:

    aarch64-linux-gnu-ld: discarded output section: `.got.plt'

However, as it'd be better to validate that it stays effectively empty,
add an assert, as suggested by Ard Biesheuvel.

Explicitly include debug sections when they're present.

Finally, enable orphan section warnings.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/Makefile             |  4 ++++
 arch/arm64/kernel/vmlinux.lds.S | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 895486606f74..fb3aa2d7de4d 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -29,6 +29,10 @@ LDFLAGS_vmlinux	+= --fix-cortex-a53-843419
   endif
 endif
 
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
 ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y)
   ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y)
 $(warning LSE atomics not supported by binutils)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index b5a94ec1eada..320ba5ec2adc 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -94,7 +94,8 @@ SECTIONS
 	/DISCARD/ : {
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
-		*(.eh_frame)
+		*(.plt) *(.data.rel.ro)
+		*(.igot.*) *(.iplt)
 	}
 
 	. = KIMAGE_VADDR + TEXT_OFFSET;
@@ -244,9 +245,17 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	HEAD_SYMBOLS
+
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt (INFO) : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, ".got.plt not empty")
 }
 
 #include "image-vars.h"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 12/17] arm/build: Refactor linker script headers
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (10 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 11/17] arm64/build: Warn on orphan section placement Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 13/17] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
                   ` (5 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

In preparation for adding --orphan-handling=warn, refactor the linker
script header includes, and extract common macros. (The ARM_COMMON_DISCARD
macro will be shared with the boot linker script in a future patch.)

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/{kernel => include/asm}/vmlinux.lds.h | 17 ++++++++++++-----
 arch/arm/kernel/vmlinux-xip.lds.S              |  4 +---
 arch/arm/kernel/vmlinux.lds.S                  |  4 +---
 3 files changed, 14 insertions(+), 11 deletions(-)
 rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (95%)

diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
similarity index 95%
rename from arch/arm/kernel/vmlinux.lds.h
rename to arch/arm/include/asm/vmlinux.lds.h
index 381a8e105fa5..142c038b2e97 100644
--- a/arch/arm/kernel/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -1,4 +1,5 @@
 /* SPDX-License-Identifier: GPL-2.0 */
+#include <asm-generic/vmlinux.lds.h>
 
 #ifdef CONFIG_HOTPLUG_CPU
 #define ARM_CPU_DISCARD(x)
@@ -37,6 +38,10 @@
 		*(.idmap.text)						\
 		__idmap_text_end = .;					\
 
+#define ARM_COMMON_DISCARD						\
+		*(.discard)						\
+		*(.discard.*)
+
 #define ARM_DISCARD							\
 		*(.ARM.exidx.exit.text)					\
 		*(.ARM.extab.exit.text)					\
@@ -49,8 +54,12 @@
 		EXIT_CALL						\
 		ARM_MMU_DISCARD(*(.text.fixup))				\
 		ARM_MMU_DISCARD(*(__ex_table))				\
-		*(.discard)						\
-		*(.discard.*)
+		ARM_COMMON_DISCARD
+
+#define ARM_STUBS_TEXT							\
+		*(.gnu.warning)						\
+		*(.glue_7)						\
+		*(.glue_7t)
 
 #define ARM_TEXT							\
 		IDMAP_TEXT						\
@@ -64,9 +73,7 @@
 		CPUIDLE_TEXT						\
 		LOCK_TEXT						\
 		KPROBES_TEXT						\
-		*(.gnu.warning)						\
-		*(.glue_7)						\
-		*(.glue_7t)						\
+		ARM_STUBS_TEXT						\
 		. = ALIGN(4);						\
 		*(.got)			/* Global offset table */	\
 		ARM_CPU_KEEP(PROC_INFO)
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3d4e88f08196..904c31fa20ed 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -9,15 +9,13 @@
 
 #include <linux/sizes.h>
 
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 5592f14b7e35..bb950c896a67 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -9,15 +9,13 @@
 #else
 
 #include <linux/pgtable.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 13/17] arm/build: Explicitly keep .ARM.attributes sections
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (11 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 12/17] arm/build: Refactor linker script headers Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 14/17] arm/build: Warn on orphan section placement Kees Cook
                   ` (4 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Nick Desaulniers, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	x86, clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

In preparation for adding --orphan-handling=warn, explicitly keep the
.ARM.attributes section by expanding the existing ELF_DETAILS macro into
ARM_DETAILS.

Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/include/asm/vmlinux.lds.h | 4 ++++
 arch/arm/kernel/vmlinux-xip.lds.S  | 2 +-
 arch/arm/kernel/vmlinux.lds.S      | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 142c038b2e97..c66b16cd8837 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -56,6 +56,10 @@
 		ARM_MMU_DISCARD(*(__ex_table))				\
 		ARM_COMMON_DISCARD
 
+#define ARM_DETAILS							\
+		ELF_DETAILS						\
+		.ARM.attributes 0 : { *(.ARM.attributes) }
+
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 904c31fa20ed..57fcbf55f913 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,7 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index bb950c896a67..1d3d3b599635 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,7 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (12 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 13/17] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29 15:54   ` Arvind Sankar
  2020-06-29 19:47   ` Nick Desaulniers
  2020-06-29  6:18 ` [PATCH v4 15/17] arm/boot: " Kees Cook
                   ` (3 subsequent siblings)
  17 siblings, 2 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly named in the linker
script.

Specifically, this would have made a recently fixed bug very obvious:

ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'

Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.

Add missing text stub sections .vfp11_veneer and .v4_bx.

Add debug sections explicitly.

Finally enable orphan section warning.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/include/asm/vmlinux.lds.h | 6 +++++-
 arch/arm/kernel/vmlinux-xip.lds.S  | 1 +
 arch/arm/kernel/vmlinux.lds.S      | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index c66b16cd8837..d44fae722e7a 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -39,6 +39,8 @@
 		__idmap_text_end = .;					\
 
 #define ARM_COMMON_DISCARD						\
+		*(.iplt) *(.rel.iplt) *(.igot.plt)                      \
+		*(.modinfo)                                             \
 		*(.discard)						\
 		*(.discard.*)
 
@@ -63,7 +65,9 @@
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
-		*(.glue_7t)
+		*(.glue_7t)						\
+		*(.vfp11_veneer)                                        \
+		*(.v4_bx)
 
 #define ARM_TEXT							\
 		IDMAP_TEXT						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 57fcbf55f913..11ffa79751da 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,6 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 1d3d3b599635..dc672fe35de3 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 15/17] arm/boot: Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (13 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 14/17] arm/build: Warn on orphan section placement Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 16/17] x86/build: " Kees Cook
                   ` (2 subsequent siblings)
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly named in the linker
script.

Use common macros for debug sections, discards, and text stubs. Add
discards for unwanted .note, and .rel sections. Finally, enable orphan
section warning.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/boot/compressed/Makefile      |  2 ++
 arch/arm/boot/compressed/vmlinux.lds.S | 18 ++++++++----------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index 00602a6fba04..b8a97d81662d 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -128,6 +128,8 @@ endif
 LDFLAGS_vmlinux += --no-undefined
 # Delete all temporary local symbols
 LDFLAGS_vmlinux += -X
+# Report orphan sections
+LDFLAGS_vmlinux += --orphan-handling=warn
 # Next argument is a linker script
 LDFLAGS_vmlinux += -T
 
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 09ac33f52814..636e9ceb79ec 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -2,6 +2,7 @@
 /*
  *  Copyright (C) 2000 Russell King
  */
+#include <asm/vmlinux.lds.h>
 
 #ifdef CONFIG_CPU_ENDIAN_BE8
 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
@@ -17,8 +18,11 @@ ENTRY(_start)
 SECTIONS
 {
   /DISCARD/ : {
+    ARM_COMMON_DISCARD
     *(.ARM.exidx*)
     *(.ARM.extab*)
+    *(.note.*)
+    *(.rel.*)
     /*
      * Discard any r/w data - this produces a link error if we have any,
      * which is required for PIC decompression.  Local data generates
@@ -36,9 +40,7 @@ SECTIONS
     *(.start)
     *(.text)
     *(.text.*)
-    *(.gnu.warning)
-    *(.glue_7t)
-    *(.glue_7)
+    ARM_STUBS_TEXT
   }
   .table : ALIGN(4) {
     _table_start = .;
@@ -128,12 +130,8 @@ SECTIONS
   PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
   PROVIDE(__pecoff_end = ALIGN(512));
 
-  .stab 0		: { *(.stab) }
-  .stabstr 0		: { *(.stabstr) }
-  .stab.excl 0		: { *(.stab.excl) }
-  .stab.exclstr 0	: { *(.stab.exclstr) }
-  .stab.index 0		: { *(.stab.index) }
-  .stab.indexstr 0	: { *(.stab.indexstr) }
-  .comment 0		: { *(.comment) }
+  STABS_DEBUG
+  DWARF_DEBUG
+  ARM_DETAILS
 }
 ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 16/17] x86/build: Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (14 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 15/17] arm/boot: " Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-06-29  6:18 ` [PATCH v4 17/17] x86/boot: " Kees Cook
  2020-08-21 16:02 ` [PATCH v4 00/17] " Will Deacon
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly named in the linker
script.

Discards the unused rela, plt, and got sections that are not needed
in the final vmlinux, stop emitting kprobe sections without kprobes,
and enable orphan section warnings.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/Makefile             | 4 ++++
 arch/x86/include/asm/asm.h    | 6 +++++-
 arch/x86/kernel/vmlinux.lds.S | 6 ++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 00e378de8bc0..f8a5b2333729 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -51,6 +51,10 @@ ifdef CONFIG_X86_NEED_RELOCS
         LDFLAGS_vmlinux := --emit-relocs --discard-none
 endif
 
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
 #
 # Prevent GCC from generating any FP code by mistake.
 #
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 0f63585edf5f..92feec0f0a12 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -138,11 +138,15 @@
 # define _ASM_EXTABLE_FAULT(from, to)				\
 	_ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
 
-# define _ASM_NOKPROBE(entry)					\
+# ifdef CONFIG_KPROBES
+#  define _ASM_NOKPROBE(entry)					\
 	.pushsection "_kprobe_blacklist","aw" ;			\
 	_ASM_ALIGN ;						\
 	_ASM_PTR (entry);					\
 	.popsection
+# else
+#  define _ASM_NOKPROBE(entry)
+# endif
 
 #else
 # define _EXPAND_EXTABLE_HANDLE(x) #x
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 504d16968ed8..52e2b4952a0b 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -413,6 +413,12 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
+	/DISCARD/ : {
+		*(.rela.*) *(.rela_*)
+		*(.rel.*) *(.rel_*)
+		*(.got) *(.got.*)
+		*(.igot.*) *(.iplt)
+	}
 }
 
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* [PATCH v4 17/17] x86/boot: Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (15 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 16/17] x86/build: " Kees Cook
@ 2020-06-29  6:18 ` Kees Cook
  2020-08-21 16:02 ` [PATCH v4 00/17] " Will Deacon
  17 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29  6:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly named in the linker
script.

Add the common debugging sections. Discard the unused note, rel, plt,
dyn, and hash sections that are not needed in the compressed vmlinux.
Disable .eh_frame generation in the linker and enable orphan section
warnings.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/Makefile      |  3 ++-
 arch/x86/boot/compressed/vmlinux.lds.S | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 7619742f91c9..646720a05f89 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -48,6 +48,7 @@ GCOV_PROFILE := n
 UBSAN_SANITIZE :=n
 
 KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
 # Compressed kernel should be built as PIE since it may be loaded at any
 # address by the bootloader.
 ifeq ($(CONFIG_X86_32),y)
@@ -59,7 +60,7 @@ else
 KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
 	&& echo "-z noreloc-overflow -pie --no-dynamic-linker")
 endif
-LDFLAGS_vmlinux := -T
+LDFLAGS_vmlinux := --orphan-handling=warn -T
 
 hostprogs	:= mkpiggy
 HOST_EXTRACFLAGS += -I$(srctree)/tools/include
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index d88612e3091f..9afb8737896f 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -75,7 +75,17 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	DISCARDS
+	/DISCARD/ : {
+		*(.note.*)
+		*(.rela.*) *(.rela_*)
+		*(.rel.*) *(.rel_*)
+		*(.plt) *(.plt.*)
+		*(.dyn*)
+		*(.hash) *(.gnu.hash)
+	}
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29  6:18 ` [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug Kees Cook
@ 2020-06-29  8:15   ` Ard Biesheuvel
  2020-06-29 14:43     ` Kees Cook
  2020-06-29 15:06     ` Kees Cook
  0 siblings, 2 replies; 38+ messages in thread
From: Ard Biesheuvel @ 2020-06-29  8:15 UTC (permalink / raw)
  To: Kees Cook
  Cc: Will Deacon, Dave Martin, clang-built-linux, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List

On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
>
> In preparation for building efi/libstub with -mbranch-protection=none
> (EFI does not support branch protection features[1]), add no-op code
> to work around a Clang bug that emits an unwanted .note.gnu.property
> section for object files without code[2].
>
> [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> [2] https://bugs.llvm.org/show_bug.cgi?id=46480
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Will Deacon <will@kernel.org>
> Cc: Dave Martin <Dave.Martin@arm.com>
> Cc: clang-built-linux@googlegroups.com
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  lib/ctype.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/lib/ctype.c b/lib/ctype.c
> index c819fe269eb2..21245ed57d90 100644
> --- a/lib/ctype.c
> +++ b/lib/ctype.c
> @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
>  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
>
>  EXPORT_SYMBOL(_ctype);
> +
> +/*
> + * Clang will generate .note.gnu.property sections for object files
> + * without code, even in the presence of -mbranch-protection=none.
> + * To work around this, define an unused static function.
> + * https://bugs.llvm.org/show_bug.cgi?id=46480
> + */
> +#ifdef CONFIG_CC_IS_CLANG
> +void __maybe_unused __clang_needs_code_here(void) { }
> +#endif
> --
> 2.25.1
>

I take it we don't need this horrible hack if we build the EFI stub
with branch protections and filter out the .note.gnu.property section
explicitly?

Sorry to backpedal, but that is probably a better approach after all,
given that the instructions don't hurt, and we will hopefully be able
to arm them once UEFI (as well as PE/COFF) gets around to describing
this in a way that both the firmware and the OS can consume.

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29  8:15   ` Ard Biesheuvel
@ 2020-06-29 14:43     ` Kees Cook
  2020-06-29 15:06     ` Kees Cook
  1 sibling, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29 14:43 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Will Deacon, Dave Martin, clang-built-linux, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List

On Mon, Jun 29, 2020 at 10:15:47AM +0200, Ard Biesheuvel wrote:
> On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
> >
> > In preparation for building efi/libstub with -mbranch-protection=none
> > (EFI does not support branch protection features[1]), add no-op code
> > to work around a Clang bug that emits an unwanted .note.gnu.property
> > section for object files without code[2].
> >
> > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> > [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> >
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Cc: Will Deacon <will@kernel.org>
> > Cc: Dave Martin <Dave.Martin@arm.com>
> > Cc: clang-built-linux@googlegroups.com
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> >  lib/ctype.c | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/lib/ctype.c b/lib/ctype.c
> > index c819fe269eb2..21245ed57d90 100644
> > --- a/lib/ctype.c
> > +++ b/lib/ctype.c
> > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
> >  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
> >
> >  EXPORT_SYMBOL(_ctype);
> > +
> > +/*
> > + * Clang will generate .note.gnu.property sections for object files
> > + * without code, even in the presence of -mbranch-protection=none.
> > + * To work around this, define an unused static function.
> > + * https://bugs.llvm.org/show_bug.cgi?id=46480
> > + */
> > +#ifdef CONFIG_CC_IS_CLANG
> > +void __maybe_unused __clang_needs_code_here(void) { }
> > +#endif
> > --
> > 2.25.1
> >
> 
> I take it we don't need this horrible hack if we build the EFI stub
> with branch protections and filter out the .note.gnu.property section
> explicitly?

Correct.

> Sorry to backpedal, but that is probably a better approach after all,
> given that the instructions don't hurt, and we will hopefully be able
> to arm them once UEFI (as well as PE/COFF) gets around to describing
> this in a way that both the firmware and the OS can consume.

Okay, will revert to the v3 solution.

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29  8:15   ` Ard Biesheuvel
  2020-06-29 14:43     ` Kees Cook
@ 2020-06-29 15:06     ` Kees Cook
  2020-06-29 15:08       ` Ard Biesheuvel
  2020-06-29 18:02       ` Nick Desaulniers
  1 sibling, 2 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29 15:06 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Will Deacon, Dave Martin, clang-built-linux, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List

On Mon, Jun 29, 2020 at 10:15:47AM +0200, Ard Biesheuvel wrote:
> On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
> >
> > In preparation for building efi/libstub with -mbranch-protection=none
> > (EFI does not support branch protection features[1]), add no-op code
> > to work around a Clang bug that emits an unwanted .note.gnu.property
> > section for object files without code[2].
> >
> > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> > [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> >
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Cc: Will Deacon <will@kernel.org>
> > Cc: Dave Martin <Dave.Martin@arm.com>
> > Cc: clang-built-linux@googlegroups.com
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> >  lib/ctype.c | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/lib/ctype.c b/lib/ctype.c
> > index c819fe269eb2..21245ed57d90 100644
> > --- a/lib/ctype.c
> > +++ b/lib/ctype.c
> > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
> >  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
> >
> >  EXPORT_SYMBOL(_ctype);
> > +
> > +/*
> > + * Clang will generate .note.gnu.property sections for object files
> > + * without code, even in the presence of -mbranch-protection=none.
> > + * To work around this, define an unused static function.
> > + * https://bugs.llvm.org/show_bug.cgi?id=46480
> > + */
> > +#ifdef CONFIG_CC_IS_CLANG
> > +void __maybe_unused __clang_needs_code_here(void) { }
> > +#endif
> > --
> > 2.25.1
> >
> 
> I take it we don't need this horrible hack if we build the EFI stub
> with branch protections and filter out the .note.gnu.property section
> explicitly?
> 
> Sorry to backpedal, but that is probably a better approach after all,
> given that the instructions don't hurt, and we will hopefully be able
> to arm them once UEFI (as well as PE/COFF) gets around to describing
> this in a way that both the firmware and the OS can consume.

How does this look?


commit 051ef0b75a386c3fe2f216d16246468147a48c5b
Author: Kees Cook <keescook@chromium.org>
Date:   Tue Jun 23 18:02:56 2020 -0700

    efi/libstub: Disable -mbranch-protection
    
    In preparation for adding --orphan-handling=warn to more architectures,
    disable -mbranch-protection, as EFI does not yet support it[1].  This was
    noticed due to it producing unwanted .note.gnu.property sections (prefixed
    with .init due to the objcopy build step).
    
    However, we must also work around a bug in Clang where the section is
    still emitted for code-less object files[2], so also remove the section
    during the objcopy.
    
    [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
    [2] https://bugs.llvm.org/show_bug.cgi?id=46480
    
    Cc: Ard Biesheuvel <ardb@kernel.org>
    Cc: Arvind Sankar <nivedita@alum.mit.edu>
    Cc: Atish Patra <atish.patra@wdc.com>
    Cc: linux-efi@vger.kernel.org
    Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 75daaf20374e..f9f1922f8f28 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ \
 # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
 # disable the stackleak plugin
 cflags-$(CONFIG_ARM64)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-				   -fpie $(DISABLE_STACKLEAK_PLUGIN)
+				   -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+				   $(call cc-option,-mbranch-protection=none)
 cflags-$(CONFIG_ARM)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
 				   -fno-builtin -fpic \
 				   $(call cc-option,-mno-single-pic-base)
@@ -66,6 +67,12 @@ lib-$(CONFIG_X86)		+= x86-stub.o
 CFLAGS_arm32-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 CFLAGS_arm64-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 
+# Even when -mbranch-protection=none is set, Clang will generate a
+# .note.gnu.property for code-less object files (like lib/ctype.c),
+# so work around this by explicitly removing the unwanted section.
+# https://bugs.llvm.org/show_bug.cgi?id=46480
+STUBCOPY_FLAGS-y		+= --remove-section=.note.gnu.property
+
 #
 # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
 # .bss section, so the .bss section of the EFI stub needs to be included in the

-- 
Kees Cook

^ permalink raw reply related	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29 15:06     ` Kees Cook
@ 2020-06-29 15:08       ` Ard Biesheuvel
  2020-06-29 15:16         ` Kees Cook
  2020-06-29 18:02       ` Nick Desaulniers
  1 sibling, 1 reply; 38+ messages in thread
From: Ard Biesheuvel @ 2020-06-29 15:08 UTC (permalink / raw)
  To: Kees Cook
  Cc: Will Deacon, Dave Martin, clang-built-linux, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List

On Mon, 29 Jun 2020 at 17:06, Kees Cook <keescook@chromium.org> wrote:
>
> On Mon, Jun 29, 2020 at 10:15:47AM +0200, Ard Biesheuvel wrote:
> > On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
> > >
> > > In preparation for building efi/libstub with -mbranch-protection=none
> > > (EFI does not support branch protection features[1]), add no-op code
> > > to work around a Clang bug that emits an unwanted .note.gnu.property
> > > section for object files without code[2].
> > >
> > > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> > > [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> > >
> > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > Cc: Will Deacon <will@kernel.org>
> > > Cc: Dave Martin <Dave.Martin@arm.com>
> > > Cc: clang-built-linux@googlegroups.com
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > ---
> > >  lib/ctype.c | 10 ++++++++++
> > >  1 file changed, 10 insertions(+)
> > >
> > > diff --git a/lib/ctype.c b/lib/ctype.c
> > > index c819fe269eb2..21245ed57d90 100644
> > > --- a/lib/ctype.c
> > > +++ b/lib/ctype.c
> > > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
> > >  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
> > >
> > >  EXPORT_SYMBOL(_ctype);
> > > +
> > > +/*
> > > + * Clang will generate .note.gnu.property sections for object files
> > > + * without code, even in the presence of -mbranch-protection=none.
> > > + * To work around this, define an unused static function.
> > > + * https://bugs.llvm.org/show_bug.cgi?id=46480
> > > + */
> > > +#ifdef CONFIG_CC_IS_CLANG
> > > +void __maybe_unused __clang_needs_code_here(void) { }
> > > +#endif
> > > --
> > > 2.25.1
> > >
> >
> > I take it we don't need this horrible hack if we build the EFI stub
> > with branch protections and filter out the .note.gnu.property section
> > explicitly?
> >
> > Sorry to backpedal, but that is probably a better approach after all,
> > given that the instructions don't hurt, and we will hopefully be able
> > to arm them once UEFI (as well as PE/COFF) gets around to describing
> > this in a way that both the firmware and the OS can consume.
>
> How does this look?
>
>
> commit 051ef0b75a386c3fe2f216d16246468147a48c5b
> Author: Kees Cook <keescook@chromium.org>
> Date:   Tue Jun 23 18:02:56 2020 -0700
>
>     efi/libstub: Disable -mbranch-protection
>
>     In preparation for adding --orphan-handling=warn to more architectures,
>     disable -mbranch-protection, as EFI does not yet support it[1].  This was
>     noticed due to it producing unwanted .note.gnu.property sections (prefixed
>     with .init due to the objcopy build step).
>
>     However, we must also work around a bug in Clang where the section is
>     still emitted for code-less object files[2], so also remove the section
>     during the objcopy.
>
>     [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
>     [2] https://bugs.llvm.org/show_bug.cgi?id=46480
>
>     Cc: Ard Biesheuvel <ardb@kernel.org>
>     Cc: Arvind Sankar <nivedita@alum.mit.edu>
>     Cc: Atish Patra <atish.patra@wdc.com>
>     Cc: linux-efi@vger.kernel.org
>     Signed-off-by: Kees Cook <keescook@chromium.org>
>
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index 75daaf20374e..f9f1922f8f28 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)          += -m$(BITS) -D__KERNEL__ \
>  # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
>  # disable the stackleak plugin
>  cflags-$(CONFIG_ARM64)         := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> -                                  -fpie $(DISABLE_STACKLEAK_PLUGIN)
> +                                  -fpie $(DISABLE_STACKLEAK_PLUGIN) \
> +                                  $(call cc-option,-mbranch-protection=none)
>  cflags-$(CONFIG_ARM)           := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>                                    -fno-builtin -fpic \
>                                    $(call cc-option,-mno-single-pic-base)
> @@ -66,6 +67,12 @@ lib-$(CONFIG_X86)            += x86-stub.o
>  CFLAGS_arm32-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
>  CFLAGS_arm64-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
>
> +# Even when -mbranch-protection=none is set, Clang will generate a
> +# .note.gnu.property for code-less object files (like lib/ctype.c),
> +# so work around this by explicitly removing the unwanted section.
> +# https://bugs.llvm.org/show_bug.cgi?id=46480
> +STUBCOPY_FLAGS-y               += --remove-section=.note.gnu.property
> +
>  #
>  # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
>  # .bss section, so the .bss section of the EFI stub needs to be included in the
>


Looks fine

Acked-by: Ard Biesheuvel <ardb@kernel.org>

if you want to keep it with the set, or I can take it as a EFI fix.

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29 15:08       ` Ard Biesheuvel
@ 2020-06-29 15:16         ` Kees Cook
  0 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29 15:16 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Will Deacon, Dave Martin, clang-built-linux, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List

On Mon, Jun 29, 2020 at 05:08:03PM +0200, Ard Biesheuvel wrote:
> On Mon, 29 Jun 2020 at 17:06, Kees Cook <keescook@chromium.org> wrote:
> >
> > On Mon, Jun 29, 2020 at 10:15:47AM +0200, Ard Biesheuvel wrote:
> > > On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
> > > >
> > > > In preparation for building efi/libstub with -mbranch-protection=none
> > > > (EFI does not support branch protection features[1]), add no-op code
> > > > to work around a Clang bug that emits an unwanted .note.gnu.property
> > > > section for object files without code[2].
> > > >
> > > > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> > > > [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> > > >
> > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > Cc: Will Deacon <will@kernel.org>
> > > > Cc: Dave Martin <Dave.Martin@arm.com>
> > > > Cc: clang-built-linux@googlegroups.com
> > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > ---
> > > >  lib/ctype.c | 10 ++++++++++
> > > >  1 file changed, 10 insertions(+)
> > > >
> > > > diff --git a/lib/ctype.c b/lib/ctype.c
> > > > index c819fe269eb2..21245ed57d90 100644
> > > > --- a/lib/ctype.c
> > > > +++ b/lib/ctype.c
> > > > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
> > > >  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
> > > >
> > > >  EXPORT_SYMBOL(_ctype);
> > > > +
> > > > +/*
> > > > + * Clang will generate .note.gnu.property sections for object files
> > > > + * without code, even in the presence of -mbranch-protection=none.
> > > > + * To work around this, define an unused static function.
> > > > + * https://bugs.llvm.org/show_bug.cgi?id=46480
> > > > + */
> > > > +#ifdef CONFIG_CC_IS_CLANG
> > > > +void __maybe_unused __clang_needs_code_here(void) { }
> > > > +#endif
> > > > --
> > > > 2.25.1
> > > >
> > >
> > > I take it we don't need this horrible hack if we build the EFI stub
> > > with branch protections and filter out the .note.gnu.property section
> > > explicitly?
> > >
> > > Sorry to backpedal, but that is probably a better approach after all,
> > > given that the instructions don't hurt, and we will hopefully be able
> > > to arm them once UEFI (as well as PE/COFF) gets around to describing
> > > this in a way that both the firmware and the OS can consume.
> >
> > How does this look?
> >
> >
> > commit 051ef0b75a386c3fe2f216d16246468147a48c5b
> > Author: Kees Cook <keescook@chromium.org>
> > Date:   Tue Jun 23 18:02:56 2020 -0700
> >
> >     efi/libstub: Disable -mbranch-protection
> >
> >     In preparation for adding --orphan-handling=warn to more architectures,
> >     disable -mbranch-protection, as EFI does not yet support it[1].  This was
> >     noticed due to it producing unwanted .note.gnu.property sections (prefixed
> >     with .init due to the objcopy build step).
> >
> >     However, we must also work around a bug in Clang where the section is
> >     still emitted for code-less object files[2], so also remove the section
> >     during the objcopy.
> >
> >     [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> >     [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> >
> >     Cc: Ard Biesheuvel <ardb@kernel.org>
> >     Cc: Arvind Sankar <nivedita@alum.mit.edu>
> >     Cc: Atish Patra <atish.patra@wdc.com>
> >     Cc: linux-efi@vger.kernel.org
> >     Signed-off-by: Kees Cook <keescook@chromium.org>
> >
> > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> > index 75daaf20374e..f9f1922f8f28 100644
> > --- a/drivers/firmware/efi/libstub/Makefile
> > +++ b/drivers/firmware/efi/libstub/Makefile
> > @@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)          += -m$(BITS) -D__KERNEL__ \
> >  # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
> >  # disable the stackleak plugin
> >  cflags-$(CONFIG_ARM64)         := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> > -                                  -fpie $(DISABLE_STACKLEAK_PLUGIN)
> > +                                  -fpie $(DISABLE_STACKLEAK_PLUGIN) \
> > +                                  $(call cc-option,-mbranch-protection=none)
> >  cflags-$(CONFIG_ARM)           := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> >                                    -fno-builtin -fpic \
> >                                    $(call cc-option,-mno-single-pic-base)
> > @@ -66,6 +67,12 @@ lib-$(CONFIG_X86)            += x86-stub.o
> >  CFLAGS_arm32-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
> >  CFLAGS_arm64-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
> >
> > +# Even when -mbranch-protection=none is set, Clang will generate a
> > +# .note.gnu.property for code-less object files (like lib/ctype.c),
> > +# so work around this by explicitly removing the unwanted section.
> > +# https://bugs.llvm.org/show_bug.cgi?id=46480
> > +STUBCOPY_FLAGS-y               += --remove-section=.note.gnu.property
> > +
> >  #
> >  # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
> >  # .bss section, so the .bss section of the EFI stub needs to be included in the
> >
> 
> 
> Looks fine
> 
> Acked-by: Ard Biesheuvel <ardb@kernel.org>

Thanks!

> if you want to keep it with the set, or I can take it as a EFI fix.

My current plan is to just keep it all together.

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29  6:18 ` [PATCH v4 14/17] arm/build: Warn on orphan section placement Kees Cook
@ 2020-06-29 15:54   ` Arvind Sankar
  2020-06-29 18:07     ` Russell King - ARM Linux admin
  2020-06-29 19:47   ` Nick Desaulniers
  1 sibling, 1 reply; 38+ messages in thread
From: Arvind Sankar @ 2020-06-29 15:54 UTC (permalink / raw)
  To: Kees Cook
  Cc: Will Deacon, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

On Sun, Jun 28, 2020 at 11:18:37PM -0700, Kees Cook wrote:
> We don't want to depend on the linker's orphan section placement
> heuristics as these can vary between linkers, and may change between
> versions. All sections need to be explicitly named in the linker
> script.
> 
> Specifically, this would have made a recently fixed bug very obvious:
> 
> ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
> 
> Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.
> 
> Add missing text stub sections .vfp11_veneer and .v4_bx.
> 
> Add debug sections explicitly.
> 
> Finally enable orphan section warning.

This is unrelated to this patch as such, but I noticed that ARM32/64 places
the .got section inside .text -- is that expected on ARM?

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29 15:06     ` Kees Cook
  2020-06-29 15:08       ` Ard Biesheuvel
@ 2020-06-29 18:02       ` Nick Desaulniers
  2020-06-29 18:37         ` Kees Cook
  1 sibling, 1 reply; 38+ messages in thread
From: Nick Desaulniers @ 2020-06-29 18:02 UTC (permalink / raw)
  To: Kees Cook
  Cc: Ard Biesheuvel, Will Deacon, Dave Martin, clang-built-linux,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Daniel Kiss

On Mon, Jun 29, 2020 at 8:06 AM Kees Cook <keescook@chromium.org> wrote:
>
> On Mon, Jun 29, 2020 at 10:15:47AM +0200, Ard Biesheuvel wrote:
> > On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@chromium.org> wrote:
> > >
> > > In preparation for building efi/libstub with -mbranch-protection=none
> > > (EFI does not support branch protection features[1]), add no-op code
> > > to work around a Clang bug that emits an unwanted .note.gnu.property
> > > section for object files without code[2].
> > >
> > > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
> > > [2] https://bugs.llvm.org/show_bug.cgi?id=46480
> > >
> > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > Cc: Will Deacon <will@kernel.org>
> > > Cc: Dave Martin <Dave.Martin@arm.com>
> > > Cc: clang-built-linux@googlegroups.com
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > ---
> > >  lib/ctype.c | 10 ++++++++++
> > >  1 file changed, 10 insertions(+)
> > >
> > > diff --git a/lib/ctype.c b/lib/ctype.c
> > > index c819fe269eb2..21245ed57d90 100644
> > > --- a/lib/ctype.c
> > > +++ b/lib/ctype.c
> > > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,     /* 224-239 */
> > >  _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L};      /* 240-255 */
> > >
> > >  EXPORT_SYMBOL(_ctype);
> > > +
> > > +/*
> > > + * Clang will generate .note.gnu.property sections for object files
> > > + * without code, even in the presence of -mbranch-protection=none.
> > > + * To work around this, define an unused static function.
> > > + * https://bugs.llvm.org/show_bug.cgi?id=46480
> > > + */
> > > +#ifdef CONFIG_CC_IS_CLANG
> > > +void __maybe_unused __clang_needs_code_here(void) { }
> > > +#endif
> > > --
> > > 2.25.1
> > >
> >
> > I take it we don't need this horrible hack if we build the EFI stub
> > with branch protections and filter out the .note.gnu.property section
> > explicitly?
> >
> > Sorry to backpedal, but that is probably a better approach after all,
> > given that the instructions don't hurt, and we will hopefully be able
> > to arm them once UEFI (as well as PE/COFF) gets around to describing
> > this in a way that both the firmware and the OS can consume.
>
> How does this look?
>
>
> commit 051ef0b75a386c3fe2f216d16246468147a48c5b
> Author: Kees Cook <keescook@chromium.org>
> Date:   Tue Jun 23 18:02:56 2020 -0700
>
>     efi/libstub: Disable -mbranch-protection
>
>     In preparation for adding --orphan-handling=warn to more architectures,
>     disable -mbranch-protection, as EFI does not yet support it[1].  This was
>     noticed due to it producing unwanted .note.gnu.property sections (prefixed
>     with .init due to the objcopy build step).
>
>     However, we must also work around a bug in Clang where the section is
>     still emitted for code-less object files[2], so also remove the section
>     during the objcopy.
>
>     [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
>     [2] https://bugs.llvm.org/show_bug.cgi?id=46480
>
>     Cc: Ard Biesheuvel <ardb@kernel.org>
>     Cc: Arvind Sankar <nivedita@alum.mit.edu>
>     Cc: Atish Patra <atish.patra@wdc.com>
>     Cc: linux-efi@vger.kernel.org
>     Signed-off-by: Kees Cook <keescook@chromium.org>
>
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index 75daaf20374e..f9f1922f8f28 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)          += -m$(BITS) -D__KERNEL__ \
>  # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
>  # disable the stackleak plugin
>  cflags-$(CONFIG_ARM64)         := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> -                                  -fpie $(DISABLE_STACKLEAK_PLUGIN)
> +                                  -fpie $(DISABLE_STACKLEAK_PLUGIN) \
> +                                  $(call cc-option,-mbranch-protection=none)
>  cflags-$(CONFIG_ARM)           := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>                                    -fno-builtin -fpic \
>                                    $(call cc-option,-mno-single-pic-base)
> @@ -66,6 +67,12 @@ lib-$(CONFIG_X86)            += x86-stub.o
>  CFLAGS_arm32-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
>  CFLAGS_arm64-stub.o            := -DTEXT_OFFSET=$(TEXT_OFFSET)
>
> +# Even when -mbranch-protection=none is set, Clang will generate a
> +# .note.gnu.property for code-less object files (like lib/ctype.c),
> +# so work around this by explicitly removing the unwanted section.
> +# https://bugs.llvm.org/show_bug.cgi?id=46480
> +STUBCOPY_FLAGS-y               += --remove-section=.note.gnu.property

This is definitely better than the empty function.  Though a patch is
posted for fixing this in LLVM. Assuming that lands before this, we
might not actually need this workaround?

arch/arm64/Kconfig
1625 config ARM64_BTI_KERNEL
...
1633   # https://reviews.llvm.org/rGb8ae3fdfa579dbf366b1bb1cbfdbf8c51db7fa55
1634   depends on !CC_IS_CLANG || CLANG_VERSION >= 100001

So if Daniel's patch lands AND is backported into the clang 10.0.1
release, then we might not need to carry this workaround?  Either way,

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

> +
>  #
>  # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
>  # .bss section, so the .bss section of the EFI stub needs to be included in the
>
> --
> Kees Cook

-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29 15:54   ` Arvind Sankar
@ 2020-06-29 18:07     ` Russell King - ARM Linux admin
  2020-06-29 18:15       ` Arvind Sankar
  0 siblings, 1 reply; 38+ messages in thread
From: Russell King - ARM Linux admin @ 2020-06-29 18:07 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Masahiro Yamada,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

On Mon, Jun 29, 2020 at 11:54:01AM -0400, Arvind Sankar wrote:
> On Sun, Jun 28, 2020 at 11:18:37PM -0700, Kees Cook wrote:
> > We don't want to depend on the linker's orphan section placement
> > heuristics as these can vary between linkers, and may change between
> > versions. All sections need to be explicitly named in the linker
> > script.
> > 
> > Specifically, this would have made a recently fixed bug very obvious:
> > 
> > ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
> > 
> > Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.
> > 
> > Add missing text stub sections .vfp11_veneer and .v4_bx.
> > 
> > Add debug sections explicitly.
> > 
> > Finally enable orphan section warning.
> 
> This is unrelated to this patch as such, but I noticed that ARM32/64 places
> the .got section inside .text -- is that expected on ARM?

Do you mean in general, in the kernel vmlinux, in the decompressor
vmlinux or ... ?

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29 18:07     ` Russell King - ARM Linux admin
@ 2020-06-29 18:15       ` Arvind Sankar
  2020-06-29 19:03         ` Russell King - ARM Linux admin
  0 siblings, 1 reply; 38+ messages in thread
From: Arvind Sankar @ 2020-06-29 18:15 UTC (permalink / raw)
  To: Russell King - ARM Linux admin
  Cc: Arvind Sankar, Kees Cook, Will Deacon, Catalin Marinas,
	Mark Rutland, Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Masahiro Yamada,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

On Mon, Jun 29, 2020 at 07:07:04PM +0100, Russell King - ARM Linux admin wrote:
> On Mon, Jun 29, 2020 at 11:54:01AM -0400, Arvind Sankar wrote:
> > On Sun, Jun 28, 2020 at 11:18:37PM -0700, Kees Cook wrote:
> > > We don't want to depend on the linker's orphan section placement
> > > heuristics as these can vary between linkers, and may change between
> > > versions. All sections need to be explicitly named in the linker
> > > script.
> > > 
> > > Specifically, this would have made a recently fixed bug very obvious:
> > > 
> > > ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
> > > 
> > > Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.
> > > 
> > > Add missing text stub sections .vfp11_veneer and .v4_bx.
> > > 
> > > Add debug sections explicitly.
> > > 
> > > Finally enable orphan section warning.
> > 
> > This is unrelated to this patch as such, but I noticed that ARM32/64 places
> > the .got section inside .text -- is that expected on ARM?
> 
> Do you mean in general, in the kernel vmlinux, in the decompressor
> vmlinux or ... ?
> 

Sorry, in the kernel vmlinux. ARM_TEXT includes *(.got) for 32-bit, and
the 64-bit vmlinux.lds.S includes it in .text as well. The decompressor
for 32-bit keeps it separate for non-EFI stub kernel and puts it inside
.data for EFI stub.

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug
  2020-06-29 18:02       ` Nick Desaulniers
@ 2020-06-29 18:37         ` Kees Cook
  0 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-06-29 18:37 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Will Deacon, Dave Martin, clang-built-linux,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	X86 ML, linux-arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Daniel Kiss

On Mon, Jun 29, 2020 at 11:02:51AM -0700, Nick Desaulniers wrote:
> This is definitely better than the empty function.  Though a patch is
> posted for fixing this in LLVM. Assuming that lands before this, we
> might not actually need this workaround?
> 
> arch/arm64/Kconfig
> 1625 config ARM64_BTI_KERNEL
> ...
> 1633   # https://reviews.llvm.org/rGb8ae3fdfa579dbf366b1bb1cbfdbf8c51db7fa55
> 1634   depends on !CC_IS_CLANG || CLANG_VERSION >= 100001
> 
> So if Daniel's patch lands AND is backported into the clang 10.0.1
> release, then we might not need to carry this workaround?  Either way,

True, though as I mentioned in the review, I don't think it's quite
right -- the warning getting removed is actually quite valuable.

> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

Thanks!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29 18:15       ` Arvind Sankar
@ 2020-06-29 19:03         ` Russell King - ARM Linux admin
  0 siblings, 0 replies; 38+ messages in thread
From: Russell King - ARM Linux admin @ 2020-06-29 19:03 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Masahiro Yamada,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

On Mon, Jun 29, 2020 at 02:15:14PM -0400, Arvind Sankar wrote:
> On Mon, Jun 29, 2020 at 07:07:04PM +0100, Russell King - ARM Linux admin wrote:
> > On Mon, Jun 29, 2020 at 11:54:01AM -0400, Arvind Sankar wrote:
> > > On Sun, Jun 28, 2020 at 11:18:37PM -0700, Kees Cook wrote:
> > > > We don't want to depend on the linker's orphan section placement
> > > > heuristics as these can vary between linkers, and may change between
> > > > versions. All sections need to be explicitly named in the linker
> > > > script.
> > > > 
> > > > Specifically, this would have made a recently fixed bug very obvious:
> > > > 
> > > > ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
> > > > 
> > > > Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.
> > > > 
> > > > Add missing text stub sections .vfp11_veneer and .v4_bx.
> > > > 
> > > > Add debug sections explicitly.
> > > > 
> > > > Finally enable orphan section warning.
> > > 
> > > This is unrelated to this patch as such, but I noticed that ARM32/64 places
> > > the .got section inside .text -- is that expected on ARM?
> > 
> > Do you mean in general, in the kernel vmlinux, in the decompressor
> > vmlinux or ... ?
> > 
> 
> Sorry, in the kernel vmlinux. ARM_TEXT includes *(.got) for 32-bit, and
> the 64-bit vmlinux.lds.S includes it in .text as well. The decompressor
> for 32-bit keeps it separate for non-EFI stub kernel and puts it inside
> .data for EFI stub.

The main 32-bit kernel image doesn't use the .got - I don't think it
actually even exists.

The decompressor (non-EFI) uses the .got as a way of getting position
independence, and that must be part of the binary image at a fixed
offset from the .text section.  The decompressor self-fixes up the
GOT entries.

In the case of the decompressor being flashed and executed from NOR
flash, the decompressor must be built for the specific address(es)
that it will reside (which does away with the .got table.)

For EFI, it needs to be in the .data section (which is in that case
always a fixed offset from .text) so that it can be written to so the
fix-ups work.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 14/17] arm/build: Warn on orphan section placement
  2020-06-29  6:18 ` [PATCH v4 14/17] arm/build: Warn on orphan section placement Kees Cook
  2020-06-29 15:54   ` Arvind Sankar
@ 2020-06-29 19:47   ` Nick Desaulniers
  1 sibling, 0 replies; 38+ messages in thread
From: Nick Desaulniers @ 2020-06-29 19:47 UTC (permalink / raw)
  To: Kees Cook
  Cc: Will Deacon, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
>
> We don't want to depend on the linker's orphan section placement
> heuristics as these can vary between linkers, and may change between
> versions. All sections need to be explicitly named in the linker
> script.
>
> Specifically, this would have made a recently fixed bug very obvious:
>
> ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
>
> Discard unneeded sections .iplt, .rel.iplt, .igot.plt, and .modinfo.
>
> Add missing text stub sections .vfp11_veneer and .v4_bx.
>
> Add debug sections explicitly.
>
> Finally enable orphan section warning.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Thanks for following up on the previous suggestion regarding .glu_7 /
.glu_7t ordering. LGTM
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

> ---
>  arch/arm/include/asm/vmlinux.lds.h | 6 +++++-
>  arch/arm/kernel/vmlinux-xip.lds.S  | 1 +
>  arch/arm/kernel/vmlinux.lds.S      | 1 +
>  3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
> index c66b16cd8837..d44fae722e7a 100644
> --- a/arch/arm/include/asm/vmlinux.lds.h
> +++ b/arch/arm/include/asm/vmlinux.lds.h
> @@ -39,6 +39,8 @@
>                 __idmap_text_end = .;                                   \
>
>  #define ARM_COMMON_DISCARD                                             \
> +               *(.iplt) *(.rel.iplt) *(.igot.plt)                      \
> +               *(.modinfo)                                             \
>                 *(.discard)                                             \
>                 *(.discard.*)
>
> @@ -63,7 +65,9 @@
>  #define ARM_STUBS_TEXT                                                 \
>                 *(.gnu.warning)                                         \
>                 *(.glue_7)                                              \
> -               *(.glue_7t)
> +               *(.glue_7t)                                             \
> +               *(.vfp11_veneer)                                        \
> +               *(.v4_bx)
>
>  #define ARM_TEXT                                                       \
>                 IDMAP_TEXT                                              \
> diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
> index 57fcbf55f913..11ffa79751da 100644
> --- a/arch/arm/kernel/vmlinux-xip.lds.S
> +++ b/arch/arm/kernel/vmlinux-xip.lds.S
> @@ -150,6 +150,7 @@ SECTIONS
>         _end = .;
>
>         STABS_DEBUG
> +       DWARF_DEBUG
>         ARM_DETAILS
>  }
>
> diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
> index 1d3d3b599635..dc672fe35de3 100644
> --- a/arch/arm/kernel/vmlinux.lds.S
> +++ b/arch/arm/kernel/vmlinux.lds.S
> @@ -149,6 +149,7 @@ SECTIONS
>         _end = .;
>
>         STABS_DEBUG
> +       DWARF_DEBUG
>         ARM_DETAILS
>  }
>
> --
> 2.25.1
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20200629061840.4065483-15-keescook%40chromium.org.



-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29  6:18 ` [PATCH v4 08/17] arm64/mm: Remove needless section quotes Kees Cook
@ 2020-06-29 19:53   ` Nick Desaulniers
  2020-06-29 20:03     ` Joe Perches
  2020-06-29 20:04     ` Kees Cook
  0 siblings, 2 replies; 38+ messages in thread
From: Nick Desaulniers @ 2020-06-29 19:53 UTC (permalink / raw)
  To: Kees Cook
  Cc: Will Deacon, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML,
	Joe Perches

On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
>
> Fix a case of needless quotes in __section(), which Clang doesn't like.
>
> Acked-by: Will Deacon <will@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Yep, I remember bugs from this.  Probably should scan the kernel for
other instances of this.  +Joe for checkpatch.pl validation.
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

> ---
>  arch/arm64/mm/mmu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index 1df25f26571d..dce024ea6084 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -42,7 +42,7 @@
>  u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
>  u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
>
> -u64 __section(".mmuoff.data.write") vabits_actual;
> +u64 __section(.mmuoff.data.write) vabits_actual;
>  EXPORT_SYMBOL(vabits_actual);
>
>  u64 kimage_voffset __ro_after_init;
> --
> 2.25.1
>


-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29 19:53   ` Nick Desaulniers
@ 2020-06-29 20:03     ` Joe Perches
  2020-06-29 20:29       ` Nick Desaulniers
  2020-06-29 20:04     ` Kees Cook
  1 sibling, 1 reply; 38+ messages in thread
From: Joe Perches @ 2020-06-29 20:03 UTC (permalink / raw)
  To: Nick Desaulniers, Kees Cook
  Cc: Will Deacon, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Mon, 2020-06-29 at 12:53 -0700, Nick Desaulniers wrote:
> On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
> > Fix a case of needless quotes in __section(), which Clang doesn't like.
> > 
> > Acked-by: Will Deacon <will@kernel.org>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> 
> Yep, I remember bugs from this.  Probably should scan the kernel for
> other instances of this.  +Joe for checkpatch.pl validation.
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

$ git grep -P -n '__section\s*\(\s*\"'
arch/arm64/mm/mmu.c:45:u64 __section(".mmuoff.data.write") vabits_actual;
include/linux/compiler.h:211:   __section("___kentry" "+" #sym )                        \
include/linux/export.h:133:     static int __ksym_marker_##sym[0] __section(".discard.ksym") __used
include/linux/srcutree.h:127:           __section("___srcu_struct_ptrs") = &name

My recollection is I submitted a patch
to _add_ quotes

https://lore.kernel.org/patchwork/patch/1125785/



^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29 19:53   ` Nick Desaulniers
  2020-06-29 20:03     ` Joe Perches
@ 2020-06-29 20:04     ` Kees Cook
  2020-06-29 20:54       ` Arvind Sankar
  1 sibling, 1 reply; 38+ messages in thread
From: Kees Cook @ 2020-06-29 20:04 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Will Deacon, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML,
	Joe Perches

On Mon, Jun 29, 2020 at 12:53:47PM -0700, Nick Desaulniers wrote:
> On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Fix a case of needless quotes in __section(), which Clang doesn't like.
> >
> > Acked-by: Will Deacon <will@kernel.org>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> 
> Yep, I remember bugs from this.  Probably should scan the kernel for
> other instances of this.  +Joe for checkpatch.pl validation.

I think the others are safe because they're in macros:

$ git grep -4 '__section("'
include/linux/compiler.h-# define KENTRY(sym)                                           \
include/linux/compiler.h-       extern typeof(sym) sym;                                 \
include/linux/compiler.h-       static const unsigned long __kentry_##sym               \
include/linux/compiler.h-       __used                                                  \
include/linux/compiler.h:       __section("___kentry" "+" #sym )                        \
include/linux/compiler.h-       = (unsigned long)&sym;
--
include/linux/export.h-#define __ksym_marker(sym)       \
include/linux/export.h: static int __ksym_marker_##sym[0] __section(".discard.ksym") __used
--
include/linux/srcutree.h-# define __DEFINE_SRCU(name, is_static)                                \
include/linux/srcutree.h-       is_static struct srcu_struct name;                              \
include/linux/srcutree.h-       struct srcu_struct * const __srcu_struct_##name                 \
include/linux/srcutree.h:               __section("___srcu_struct_ptrs") = &name


> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

Thanks!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29 20:03     ` Joe Perches
@ 2020-06-29 20:29       ` Nick Desaulniers
  0 siblings, 0 replies; 38+ messages in thread
From: Nick Desaulniers @ 2020-06-29 20:29 UTC (permalink / raw)
  To: Joe Perches
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Mon, Jun 29, 2020 at 1:03 PM Joe Perches <joe@perches.com> wrote:
>
> On Mon, 2020-06-29 at 12:53 -0700, Nick Desaulniers wrote:
> > On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
> > > Fix a case of needless quotes in __section(), which Clang doesn't like.
> > >
> > > Acked-by: Will Deacon <will@kernel.org>
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> >
> > Yep, I remember bugs from this.  Probably should scan the kernel for
> > other instances of this.  +Joe for checkpatch.pl validation.
> > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
>
> $ git grep -P -n '__section\s*\(\s*\"'
> arch/arm64/mm/mmu.c:45:u64 __section(".mmuoff.data.write") vabits_actual;
> include/linux/compiler.h:211:   __section("___kentry" "+" #sym )                        \
> include/linux/export.h:133:     static int __ksym_marker_##sym[0] __section(".discard.ksym") __used
> include/linux/srcutree.h:127:           __section("___srcu_struct_ptrs") = &name
>
> My recollection is I submitted a patch
> to _add_ quotes
>
> https://lore.kernel.org/patchwork/patch/1125785/

Hey, yeah!  Did you end up sending v2?

-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29 20:04     ` Kees Cook
@ 2020-06-29 20:54       ` Arvind Sankar
  2020-06-29 21:06         ` Arvind Sankar
  0 siblings, 1 reply; 38+ messages in thread
From: Arvind Sankar @ 2020-06-29 20:54 UTC (permalink / raw)
  To: Kees Cook
  Cc: Nick Desaulniers, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML,
	Joe Perches

On Mon, Jun 29, 2020 at 01:04:31PM -0700, Kees Cook wrote:
> On Mon, Jun 29, 2020 at 12:53:47PM -0700, Nick Desaulniers wrote:
> > On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
> > >
> > > Fix a case of needless quotes in __section(), which Clang doesn't like.
> > >
> > > Acked-by: Will Deacon <will@kernel.org>
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > 
> > Yep, I remember bugs from this.  Probably should scan the kernel for
> > other instances of this.  +Joe for checkpatch.pl validation.
> 
> I think the others are safe because they're in macros:

Why does that make it safe -- the commit msg is a bit sparse, but I
assume the problem is that it generates
	__attribute__((__section__("\".foo\"")))
from
	__section(".foo")
after preprocessing, and clang keeps the quotes in the section name when
generating assembly, while gcc appears to strip them off.

It does that even if nested in another macro, no?

> 
> $ git grep -4 '__section("'
> include/linux/compiler.h-# define KENTRY(sym)                                           \

Am I missing something, or is KENTRY unused in the tree?

> include/linux/compiler.h-       extern typeof(sym) sym;                                 \
> include/linux/compiler.h-       static const unsigned long __kentry_##sym               \
> include/linux/compiler.h-       __used                                                  \
> include/linux/compiler.h:       __section("___kentry" "+" #sym )                        \
> include/linux/compiler.h-       = (unsigned long)&sym;
> --
> include/linux/export.h-#define __ksym_marker(sym)       \
> include/linux/export.h: static int __ksym_marker_##sym[0] __section(".discard.ksym") __used
> --
> include/linux/srcutree.h-# define __DEFINE_SRCU(name, is_static)                                \
> include/linux/srcutree.h-       is_static struct srcu_struct name;                              \
> include/linux/srcutree.h-       struct srcu_struct * const __srcu_struct_##name                 \
> include/linux/srcutree.h:               __section("___srcu_struct_ptrs") = &name
> 
> 
> > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> 
> Thanks!
> 
> -- 
> Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 08/17] arm64/mm: Remove needless section quotes
  2020-06-29 20:54       ` Arvind Sankar
@ 2020-06-29 21:06         ` Arvind Sankar
  0 siblings, 0 replies; 38+ messages in thread
From: Arvind Sankar @ 2020-06-29 21:06 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Kees Cook, Nick Desaulniers, Will Deacon, Catalin Marinas,
	Mark Rutland, Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Thomas Gleixner, Ingo Molnar, Russell King,
	Masahiro Yamada, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML,
	Joe Perches

On Mon, Jun 29, 2020 at 04:54:48PM -0400, Arvind Sankar wrote:
> On Mon, Jun 29, 2020 at 01:04:31PM -0700, Kees Cook wrote:
> > On Mon, Jun 29, 2020 at 12:53:47PM -0700, Nick Desaulniers wrote:
> > > On Sun, Jun 28, 2020 at 11:18 PM Kees Cook <keescook@chromium.org> wrote:
> > > >
> > > > Fix a case of needless quotes in __section(), which Clang doesn't like.
> > > >
> > > > Acked-by: Will Deacon <will@kernel.org>
> > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > 
> > > Yep, I remember bugs from this.  Probably should scan the kernel for
> > > other instances of this.  +Joe for checkpatch.pl validation.
> > 
> > I think the others are safe because they're in macros:
> 
> Why does that make it safe -- the commit msg is a bit sparse, but I
> assume the problem is that it generates
> 	__attribute__((__section__("\".foo\"")))
> from
> 	__section(".foo")
> after preprocessing, and clang keeps the quotes in the section name when
> generating assembly, while gcc appears to strip them off.
> 
> It does that even if nested in another macro, no?

Yep, I can see things like:
[25] ".discard.ksym"   PROGBITS         0000000000000000  0000217c
       0000000000000000  0000000000000000  WA       0     0     4

Doesn't seem to cause a build error, but that can't be good.

> 
> > 
> > $ git grep -4 '__section("'
> > include/linux/compiler.h-# define KENTRY(sym)                                           \
> 
> Am I missing something, or is KENTRY unused in the tree?
> 
> > include/linux/compiler.h-       extern typeof(sym) sym;                                 \
> > include/linux/compiler.h-       static const unsigned long __kentry_##sym               \
> > include/linux/compiler.h-       __used                                                  \
> > include/linux/compiler.h:       __section("___kentry" "+" #sym )                        \
> > include/linux/compiler.h-       = (unsigned long)&sym;
> > --
> > include/linux/export.h-#define __ksym_marker(sym)       \
> > include/linux/export.h: static int __ksym_marker_##sym[0] __section(".discard.ksym") __used
> > --
> > include/linux/srcutree.h-# define __DEFINE_SRCU(name, is_static)                                \
> > include/linux/srcutree.h-       is_static struct srcu_struct name;                              \
> > include/linux/srcutree.h-       struct srcu_struct * const __srcu_struct_##name                 \
> > include/linux/srcutree.h:               __section("___srcu_struct_ptrs") = &name
> > 
> > 
> > > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> > 
> > Thanks!
> > 
> > -- 
> > Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 00/17] Warn on orphan section placement
  2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
                   ` (16 preceding siblings ...)
  2020-06-29  6:18 ` [PATCH v4 17/17] x86/boot: " Kees Cook
@ 2020-08-21 16:02 ` Will Deacon
  2020-08-21 17:36   ` Kees Cook
  17 siblings, 1 reply; 38+ messages in thread
From: Will Deacon @ 2020-08-21 16:02 UTC (permalink / raw)
  To: Kees Cook
  Cc: Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Hi Kees,

On Sun, Jun 28, 2020 at 11:18:23PM -0700, Kees Cook wrote:
> v4:
> - explicitly add .ARM.attributes
> - split up arm64 changes into separate patches
> - split up arm changes into separate patches
> - work around Clang section generation bug in -mbranch-protection
> - work around Clang section generation bug in KASAN and KCSAN
> - split "common" ELF sections out of STABS_DEBUG
> - changed relative position of .comment
> - add reviews/acks

What's the plan with this series? I thought it might have landed during the
merge window, but I can't even seem to find it in next. Anything else you
need on the arm64 side?

Will

^ permalink raw reply	[flat|nested] 38+ messages in thread

* Re: [PATCH v4 00/17] Warn on orphan section placement
  2020-08-21 16:02 ` [PATCH v4 00/17] " Will Deacon
@ 2020-08-21 17:36   ` Kees Cook
  0 siblings, 0 replies; 38+ messages in thread
From: Kees Cook @ 2020-08-21 17:36 UTC (permalink / raw)
  To: Will Deacon
  Cc: Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov,
	Thomas Gleixner, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

On Fri, Aug 21, 2020 at 05:02:38PM +0100, Will Deacon wrote:
> Hi Kees,
> 
> On Sun, Jun 28, 2020 at 11:18:23PM -0700, Kees Cook wrote:
> > v4:
> > - explicitly add .ARM.attributes
> > - split up arm64 changes into separate patches
> > - split up arm changes into separate patches
> > - work around Clang section generation bug in -mbranch-protection
> > - work around Clang section generation bug in KASAN and KCSAN
> > - split "common" ELF sections out of STABS_DEBUG
> > - changed relative position of .comment
> > - add reviews/acks
> 
> What's the plan with this series? I thought it might have landed during the
> merge window, but I can't even seem to find it in next. Anything else you
> need on the arm64 side?

I need to rebase/refresh -- the plan is for it to go via -tip (based on
what Ingo said). I'm working on a v6 right now.

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 38+ messages in thread

end of thread, other threads:[~2020-08-21 17:36 UTC | newest]

Thread overview: 38+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-29  6:18 [PATCH v4 00/17] Warn on orphan section placement Kees Cook
2020-06-29  6:18 ` [PATCH v4 01/17] vmlinux.lds.h: Add .gnu.version* to DISCARDS Kees Cook
2020-06-29  6:18 ` [PATCH v4 02/17] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
2020-06-29  6:18 ` [PATCH v4 03/17] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
2020-06-29  6:18 ` [PATCH v4 04/17] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
2020-06-29  6:18 ` [PATCH v4 05/17] ctype: Work around Clang -mbranch-protection=none bug Kees Cook
2020-06-29  8:15   ` Ard Biesheuvel
2020-06-29 14:43     ` Kees Cook
2020-06-29 15:06     ` Kees Cook
2020-06-29 15:08       ` Ard Biesheuvel
2020-06-29 15:16         ` Kees Cook
2020-06-29 18:02       ` Nick Desaulniers
2020-06-29 18:37         ` Kees Cook
2020-06-29  6:18 ` [PATCH v4 06/17] efi/libstub: Disable -mbranch-protection Kees Cook
2020-06-29  6:18 ` [PATCH v4 07/17] arm64/build: Use common DISCARDS in linker script Kees Cook
2020-06-29  6:18 ` [PATCH v4 08/17] arm64/mm: Remove needless section quotes Kees Cook
2020-06-29 19:53   ` Nick Desaulniers
2020-06-29 20:03     ` Joe Perches
2020-06-29 20:29       ` Nick Desaulniers
2020-06-29 20:04     ` Kees Cook
2020-06-29 20:54       ` Arvind Sankar
2020-06-29 21:06         ` Arvind Sankar
2020-06-29  6:18 ` [PATCH v4 09/17] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
2020-06-29  6:18 ` [PATCH v4 10/17] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
2020-06-29  6:18 ` [PATCH v4 11/17] arm64/build: Warn on orphan section placement Kees Cook
2020-06-29  6:18 ` [PATCH v4 12/17] arm/build: Refactor linker script headers Kees Cook
2020-06-29  6:18 ` [PATCH v4 13/17] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
2020-06-29  6:18 ` [PATCH v4 14/17] arm/build: Warn on orphan section placement Kees Cook
2020-06-29 15:54   ` Arvind Sankar
2020-06-29 18:07     ` Russell King - ARM Linux admin
2020-06-29 18:15       ` Arvind Sankar
2020-06-29 19:03         ` Russell King - ARM Linux admin
2020-06-29 19:47   ` Nick Desaulniers
2020-06-29  6:18 ` [PATCH v4 15/17] arm/boot: " Kees Cook
2020-06-29  6:18 ` [PATCH v4 16/17] x86/build: " Kees Cook
2020-06-29  6:18 ` [PATCH v4 17/17] x86/boot: " Kees Cook
2020-08-21 16:02 ` [PATCH v4 00/17] " Will Deacon
2020-08-21 17:36   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).