From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Kees Cook <keescook@chromium.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Michael Ellerman <mpe@ellerman.id.au>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Will Deacon <will@kernel.org>,
linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org, linux-alpha@vger.kernel.org,
linux-ia64@vger.kernel.org, linux-s390@vger.kernel.org,
linux-c6x-dev@linux-c6x.org,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Michal Simek <monstr@monstr.eu>,
linux-parisc@vger.kernel.org, linux-xtensa@linux-xtensa.org,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES
Date: Thu, 10 Oct 2019 17:05:40 -0700 [thread overview]
Message-ID: <20191011000609.29728-1-keescook@chromium.org> (raw)
Arch maintainers: please send Acks (if you haven't already) for your
respective linker script changes; the intention is for this series to
land via -tip.
v1: https://lore.kernel.org/lkml/20190926175602.33098-1-keescook@chromium.org
v2: clean up commit messages, rename RO_EXCEPTION_TABLE (bp)
This series works to move the linker sections for NOTES and
EXCEPTION_TABLE into the RO_DATA area, where they belong on most
(all?) architectures. The problem being addressed was the discovery
by Rick Edgecombe that the exception table was accidentally marked
executable while he was developing his execute-only-memory series. When
permissions were flipped from readable-and-executable to only-executable,
the exception table became unreadable, causing things to explode rather
badly. :)
Roughly speaking, the steps are:
- regularize the linker names for PT_NOTE and PT_LOAD program headers
(to "note" and "text" respectively)
- regularize restoration of linker section to program header assignment
(when PT_NOTE exists)
- move NOTES into RO_DATA
- finish macro naming conversions for RO_DATA and RW_DATA
- move EXCEPTION_TABLE into RO_DATA on architectures where this is clear
- clean up some x86-specific reporting of kernel memory resources
- switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because
I finally realized what that trailing ": 0x9090" meant -- and we should
trap, not slide, if execution lands in section padding
Thanks!
-Kees
Kees Cook (29):
powerpc: Rename "notes" PT_NOTE to "note"
powerpc: Remove PT_NOTE workaround
powerpc: Rename PT_LOAD identifier "kernel" to "text"
alpha: Rename PT_LOAD identifier "kernel" to "text"
ia64: Rename PT_LOAD identifier "code" to "text"
s390: Move RO_DATA into "text" PT_LOAD Program Header
x86: Restore "text" Program Header with dummy section
vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes
vmlinux.lds.h: Move Program Header restoration into NOTES macro
vmlinux.lds.h: Move NOTES into RO_DATA
vmlinux.lds.h: Replace RODATA with RO_DATA
vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA
vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA
vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA
x86: Actually use _etext for end of text segment
x86: Move EXCEPTION_TABLE to RO_DATA segment
alpha: Move EXCEPTION_TABLE to RO_DATA segment
arm64: Move EXCEPTION_TABLE to RO_DATA segment
c6x: Move EXCEPTION_TABLE to RO_DATA segment
h8300: Move EXCEPTION_TABLE to RO_DATA segment
ia64: Move EXCEPTION_TABLE to RO_DATA segment
microblaze: Move EXCEPTION_TABLE to RO_DATA segment
parisc: Move EXCEPTION_TABLE to RO_DATA segment
powerpc: Move EXCEPTION_TABLE to RO_DATA segment
xtensa: Move EXCEPTION_TABLE to RO_DATA segment
x86/mm: Remove redundant &s on addresses
x86/mm: Report which part of kernel image is freed
x86/mm: Report actual image regions in /proc/iomem
x86: Use INT3 instead of NOP for linker fill bytes
arch/alpha/kernel/vmlinux.lds.S | 18 +++++-----
arch/arc/kernel/vmlinux.lds.S | 6 ++--
arch/arm/kernel/vmlinux-xip.lds.S | 4 +--
arch/arm/kernel/vmlinux.lds.S | 4 +--
arch/arm64/kernel/vmlinux.lds.S | 9 ++---
arch/c6x/kernel/vmlinux.lds.S | 8 ++---
arch/csky/kernel/vmlinux.lds.S | 5 ++-
arch/h8300/kernel/vmlinux.lds.S | 9 ++---
arch/hexagon/kernel/vmlinux.lds.S | 5 ++-
arch/ia64/kernel/vmlinux.lds.S | 20 +++++------
arch/m68k/kernel/vmlinux-nommu.lds | 4 +--
arch/m68k/kernel/vmlinux-std.lds | 2 +-
arch/m68k/kernel/vmlinux-sun3.lds | 2 +-
arch/microblaze/kernel/vmlinux.lds.S | 8 ++---
arch/mips/kernel/vmlinux.lds.S | 15 ++++----
arch/nds32/kernel/vmlinux.lds.S | 5 ++-
arch/nios2/kernel/vmlinux.lds.S | 5 ++-
arch/openrisc/kernel/vmlinux.lds.S | 7 ++--
arch/parisc/kernel/vmlinux.lds.S | 11 +++---
arch/powerpc/kernel/vmlinux.lds.S | 37 ++++---------------
arch/riscv/kernel/vmlinux.lds.S | 5 ++-
arch/s390/kernel/vmlinux.lds.S | 12 +++----
arch/sh/kernel/vmlinux.lds.S | 3 +-
arch/sparc/kernel/vmlinux.lds.S | 3 +-
arch/um/include/asm/common.lds.S | 3 +-
arch/unicore32/kernel/vmlinux.lds.S | 5 ++-
arch/x86/include/asm/processor.h | 2 +-
arch/x86/include/asm/sections.h | 1 -
arch/x86/kernel/setup.c | 12 ++++++-
arch/x86/kernel/vmlinux.lds.S | 16 ++++-----
arch/x86/mm/init.c | 8 ++---
arch/x86/mm/init_64.c | 16 +++++----
arch/x86/mm/pti.c | 2 +-
arch/xtensa/kernel/vmlinux.lds.S | 8 ++---
include/asm-generic/vmlinux.lds.h | 53 ++++++++++++++++++++--------
35 files changed, 159 insertions(+), 174 deletions(-)
--
2.17.1
Kees Cook (29):
powerpc: Rename "notes" PT_NOTE to "note"
powerpc: Remove PT_NOTE workaround
powerpc: Rename PT_LOAD identifier "kernel" to "text"
alpha: Rename PT_LOAD identifier "kernel" to "text"
ia64: Rename PT_LOAD identifier "code" to "text"
s390: Move RO_DATA into "text" PT_LOAD Program Header
x86: Restore "text" Program Header with dummy section
vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes
vmlinux.lds.h: Move Program Header restoration into NOTES macro
vmlinux.lds.h: Move NOTES into RO_DATA
vmlinux.lds.h: Replace RODATA with RO_DATA
vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA
vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA
vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA
x86: Actually use _etext for end of text segment
x86: Move EXCEPTION_TABLE to RO_DATA segment
alpha: Move EXCEPTION_TABLE to RO_DATA segment
arm64: Move EXCEPTION_TABLE to RO_DATA segment
c6x: Move EXCEPTION_TABLE to RO_DATA segment
h8300: Move EXCEPTION_TABLE to RO_DATA segment
ia64: Move EXCEPTION_TABLE to RO_DATA segment
microblaze: Move EXCEPTION_TABLE to RO_DATA segment
parisc: Move EXCEPTION_TABLE to RO_DATA segment
powerpc: Move EXCEPTION_TABLE to RO_DATA segment
xtensa: Move EXCEPTION_TABLE to RO_DATA segment
x86/mm: Remove redundant &s on addresses
x86/mm: Report which part of kernel image is freed
x86/mm: Report actual image regions in /proc/iomem
x86: Use INT3 instead of NOP for linker fill bytes
arch/alpha/kernel/vmlinux.lds.S | 18 +++++-----
arch/arc/kernel/vmlinux.lds.S | 6 ++--
arch/arm/kernel/vmlinux-xip.lds.S | 4 +--
arch/arm/kernel/vmlinux.lds.S | 4 +--
arch/arm64/kernel/vmlinux.lds.S | 10 +++---
arch/c6x/kernel/vmlinux.lds.S | 8 ++---
arch/csky/kernel/vmlinux.lds.S | 5 ++-
arch/h8300/kernel/vmlinux.lds.S | 9 ++---
arch/hexagon/kernel/vmlinux.lds.S | 5 ++-
arch/ia64/kernel/vmlinux.lds.S | 20 +++++------
arch/m68k/kernel/vmlinux-nommu.lds | 4 +--
arch/m68k/kernel/vmlinux-std.lds | 2 +-
arch/m68k/kernel/vmlinux-sun3.lds | 2 +-
arch/microblaze/kernel/vmlinux.lds.S | 8 ++---
arch/mips/kernel/vmlinux.lds.S | 15 ++++----
arch/nds32/kernel/vmlinux.lds.S | 5 ++-
arch/nios2/kernel/vmlinux.lds.S | 5 ++-
arch/openrisc/kernel/vmlinux.lds.S | 7 ++--
arch/parisc/kernel/vmlinux.lds.S | 11 +++---
arch/powerpc/kernel/vmlinux.lds.S | 37 ++++---------------
arch/riscv/kernel/vmlinux.lds.S | 5 ++-
arch/s390/kernel/vmlinux.lds.S | 12 +++----
arch/sh/kernel/vmlinux.lds.S | 3 +-
arch/sparc/kernel/vmlinux.lds.S | 3 +-
arch/um/include/asm/common.lds.S | 3 +-
arch/unicore32/kernel/vmlinux.lds.S | 5 ++-
arch/x86/include/asm/processor.h | 2 +-
arch/x86/include/asm/sections.h | 1 -
arch/x86/kernel/setup.c | 12 ++++++-
arch/x86/kernel/vmlinux.lds.S | 16 ++++-----
arch/x86/mm/init.c | 8 ++---
arch/x86/mm/init_64.c | 16 +++++----
arch/x86/mm/pti.c | 2 +-
arch/xtensa/kernel/vmlinux.lds.S | 8 ++---
include/asm-generic/vmlinux.lds.h | 53 ++++++++++++++++++++--------
35 files changed, 159 insertions(+), 175 deletions(-)
--
2.17.1
next reply other threads:[~2019-10-11 0:06 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-11 0:05 Kees Cook [this message]
2019-10-11 0:05 ` [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note" Kees Cook
2019-10-11 6:00 ` Michael Ellerman
2019-10-11 8:25 ` Segher Boessenkool
2019-10-11 16:11 ` Kees Cook
2019-10-11 16:25 ` Segher Boessenkool
2019-10-15 16:54 ` Borislav Petkov
2019-10-15 17:36 ` Kees Cook
2019-10-29 21:15 ` Kees Cook
2019-10-30 1:01 ` Segher Boessenkool
2019-11-04 8:59 ` Borislav Petkov
2019-10-11 0:05 ` [PATCH v2 02/29] powerpc: Remove PT_NOTE workaround Kees Cook
2019-10-11 6:07 ` Michael Ellerman
2019-10-11 16:09 ` Kees Cook
2019-10-11 0:05 ` [PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text" Kees Cook
2019-10-11 6:07 ` Michael Ellerman
2019-10-11 0:05 ` [PATCH v2 04/29] alpha: " Kees Cook
2019-10-11 0:05 ` [PATCH v2 05/29] ia64: Rename PT_LOAD identifier "code" " Kees Cook
2019-10-11 0:05 ` [PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header Kees Cook
2019-10-16 8:25 ` Heiko Carstens
2019-10-11 0:05 ` [PATCH v2 07/29] x86: Restore "text" Program Header with dummy section Kees Cook
2019-10-11 0:05 ` [PATCH v2 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes Kees Cook
2019-10-11 0:05 ` [PATCH v2 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro Kees Cook
2019-10-11 0:05 ` [PATCH v2 10/29] vmlinux.lds.h: Move NOTES into RO_DATA Kees Cook
2019-10-11 0:05 ` [PATCH v2 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA Kees Cook
2019-11-11 16:58 ` Geert Uytterhoeven
2019-11-11 17:23 ` Kees Cook
2019-11-11 18:08 ` Geert Uytterhoeven
2019-11-12 9:07 ` Borislav Petkov
2019-11-12 9:13 ` Geert Uytterhoeven
2019-11-12 20:55 ` Kees Cook
2019-10-11 0:05 ` [PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION " Kees Cook
2019-10-11 7:49 ` Geert Uytterhoeven
2019-10-11 0:05 ` [PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA Kees Cook
2019-10-11 7:49 ` Geert Uytterhoeven
2019-10-11 0:05 ` [PATCH v2 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA Kees Cook
2019-10-11 0:05 ` [PATCH v2 15/29] x86: Actually use _etext for end of text segment Kees Cook
2019-10-11 0:05 ` [PATCH v2 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment Kees Cook
2019-10-11 0:05 ` [PATCH v2 17/29] alpha: " Kees Cook
2019-10-11 0:05 ` [PATCH v2 18/29] arm64: " Kees Cook
2019-10-11 0:05 ` [PATCH v2 19/29] c6x: " Kees Cook
2019-10-11 0:06 ` [PATCH v2 20/29] h8300: " Kees Cook
2019-10-11 0:06 ` [PATCH v2 21/29] ia64: " Kees Cook
2019-10-11 0:06 ` [PATCH v2 22/29] microblaze: " Kees Cook
2019-10-11 0:06 ` [PATCH v2 23/29] parisc: " Kees Cook
2019-10-12 9:50 ` Helge Deller
2019-10-11 0:06 ` [PATCH v2 24/29] powerpc: " Kees Cook
2019-10-11 0:06 ` [PATCH v2 25/29] xtensa: " Kees Cook
2019-10-14 7:41 ` Max Filippov
2019-10-11 0:06 ` [PATCH v2 26/29] x86/mm: Remove redundant &s on addresses Kees Cook
2019-10-11 0:06 ` [PATCH v2 27/29] x86/mm: Report which part of kernel image is freed Kees Cook
2019-10-11 0:06 ` [PATCH v2 28/29] x86/mm: Report actual image regions in /proc/iomem Kees Cook
2019-10-11 0:06 ` [PATCH v2 29/29] x86: Use INT3 instead of NOP for linker fill bytes Kees Cook
2019-10-16 8:28 ` [PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES Heiko Carstens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191011000609.29728-1-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-c6x-dev@linux-c6x.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-xtensa@linux-xtensa.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=rick.p.edgecombe@intel.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).