From: Fangrui Song <maskray@google.com>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ardb@kernel.org>,
Peter Collingbourne <pcc@google.com>,
James Morse <james.morse@arm.com>, Borislav Petkov <bp@suse.de>,
Ingo Molnar <mingo@redhat.com>,
Russell King <linux@armlinux.org.uk>,
Masahiro Yamada <masahiroy@kernel.org>,
Arvind Sankar <nivedita@alum.mit.edu>,
Nathan Chancellor <natechancellor@gmail.com>,
Arnd Bergmann <arnd@arndb.de>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>,
clang-built-linux <clang-built-linux@googlegroups.com>,
linux-arch <linux-arch@vger.kernel.org>,
linux-efi <linux-efi@vger.kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections
Date: Mon, 17 Aug 2020 15:06:29 -0700 [thread overview]
Message-ID: <20200817220629.3pkabegeedomsaaz@google.com> (raw)
In-Reply-To: <CAKwvOdn11z+iFQZC54JvQHC=NFX1FsoRMw2a-2P=5sQ6FKwbnw@mail.gmail.com>
On 2020-08-03, 'Nick Desaulniers' via Clang Built Linux wrote:
>On Fri, Jul 31, 2020 at 4:18 PM Kees Cook <keescook@chromium.org> wrote:
>>
>> In preparation for adding --orphan-handling=warn, explicitly keep the
>> .ARM.attributes section by expanding the existing ELF_DETAILS macro into
>> ARM_DETAILS.
>>
>> Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
>> Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> arch/arm/include/asm/vmlinux.lds.h | 4 ++++
>> arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
>> arch/arm/kernel/vmlinux.lds.S | 2 +-
>> 3 files changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
>> index a08f4301b718..c4af5182ab48 100644
>> --- a/arch/arm/include/asm/vmlinux.lds.h
>> +++ b/arch/arm/include/asm/vmlinux.lds.h
>> @@ -52,6 +52,10 @@
>> ARM_MMU_DISCARD(*(__ex_table)) \
>> COMMON_DISCARDS
>>
>> +#define ARM_DETAILS \
>> + ELF_DETAILS \
>> + .ARM.attributes 0 : { *(.ARM.attributes) }
>
>I had to look up what the `0` meant:
>https://sourceware.org/binutils/docs/ld/Output-Section-Attributes.html#Output-Section-Attributes
>mentions it's an "address" and
>https://ftp.gnu.org/old-gnu/Manuals/ld-2.9.1/html_chapter/ld_3.html#SEC21
>mentions it as "start" (an address).
>Unless we need those, can we drop them? (Sorry for the resulting churn
>that would cause). I think the NO_LOAD stuff makes more sense, but
>I'm curious if the kernel checks for that.
NOLOAD means SHT_NOBITS (usually SHF_ALLOC). .ARM.attributes is a
non-SHF_ALLOC section.
An explicit 0 (output section address) is good - GNU ld's internal
linker scripts (ld --verbose output) use 0 for such non-SHF_ALLOC sections.
Without the 0, the section may get a non-zero address, which is not
wrong - but probably does not look well. See https://reviews.llvm.org/D85867 for details.
Reviewed-by: Fangrui Song <maskray@google.com>
>> +
>> #define ARM_STUBS_TEXT \
>> *(.gnu.warning) \
>> *(.glue_7) \
>> diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
>> index 904c31fa20ed..57fcbf55f913 100644
>> --- a/arch/arm/kernel/vmlinux-xip.lds.S
>> +++ b/arch/arm/kernel/vmlinux-xip.lds.S
>> @@ -150,7 +150,7 @@ SECTIONS
>> _end = .;
>>
>> STABS_DEBUG
>> - ELF_DETAILS
>> + ARM_DETAILS
>> }
>>
>> /*
>> diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
>> index bb950c896a67..1d3d3b599635 100644
>> --- a/arch/arm/kernel/vmlinux.lds.S
>> +++ b/arch/arm/kernel/vmlinux.lds.S
>> @@ -149,7 +149,7 @@ SECTIONS
>> _end = .;
>>
>> STABS_DEBUG
>> - ELF_DETAILS
>> + ARM_DETAILS
>> }
>>
>> #ifdef CONFIG_STRICT_KERNEL_RWX
>> --
>> 2.25.1
>>
next prev parent reply other threads:[~2020-08-17 22:06 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-31 23:07 [PATCH v5 00/36] Warn on orphan section placement Kees Cook
2020-07-31 23:07 ` [PATCH v5 01/36] x86/boot/compressed: Move .got.plt entries out of the .got section Kees Cook
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Ard Biesheuvel
2020-07-31 23:07 ` [PATCH v5 02/36] x86/boot/compressed: Force hidden visibility for all symbol references Kees Cook
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Ard Biesheuvel
2020-07-31 23:07 ` [PATCH v5 03/36] x86/boot/compressed: Get rid of GOT fixup code Kees Cook
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Ard Biesheuvel
2020-07-31 23:07 ` [PATCH v5 04/36] x86/boot: Add .text.* to setup.ld Kees Cook
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Arvind Sankar
2020-07-31 23:07 ` [PATCH v5 05/36] x86/boot: Remove run-time relocations from .head.text code Kees Cook
2020-07-31 23:42 ` Nick Desaulniers
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Arvind Sankar
2020-07-31 23:07 ` [PATCH v5 06/36] x86/boot: Remove run-time relocations from head_{32,64}.S Kees Cook
2020-08-07 18:12 ` Nick Desaulniers
2020-08-07 20:20 ` Arvind Sankar
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Arvind Sankar
2020-07-31 23:07 ` [PATCH v5 07/36] x86/boot: Check that there are no run-time relocations Kees Cook
2020-08-14 15:23 ` [tip: x86/boot] " tip-bot2 for Arvind Sankar
2020-07-31 23:07 ` [PATCH v5 08/36] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
2020-07-31 23:07 ` [PATCH v5 09/36] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Kees Cook
2020-07-31 23:07 ` [PATCH v5 10/36] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
2020-07-31 23:07 ` [PATCH v5 11/36] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
2020-07-31 23:07 ` [PATCH v5 12/36] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
2020-07-31 23:07 ` [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections Kees Cook
2020-08-01 3:51 ` Arvind Sankar
2020-08-01 6:18 ` Kees Cook
2020-08-01 17:27 ` Arvind Sankar
2020-08-03 19:05 ` Andi Kleen
2020-08-03 20:15 ` Arvind Sankar
2020-08-04 1:19 ` Fāng-ruì Sòng
2020-08-04 4:45 ` Andi Kleen
2020-08-04 5:32 ` Fāng-ruì Sòng
2020-08-04 16:06 ` Arvind Sankar
2020-08-21 19:18 ` Kees Cook
2020-07-31 23:07 ` [PATCH v5 14/36] efi/libstub: Disable -mbranch-protection Kees Cook
2020-07-31 23:07 ` [PATCH v5 15/36] arm64/mm: Remove needless section quotes Kees Cook
2020-07-31 23:08 ` [PATCH v5 16/36] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
2020-07-31 23:08 ` [PATCH v5 17/36] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
2020-07-31 23:08 ` [PATCH v5 18/36] arm64/build: Use common DISCARDS in linker script Kees Cook
2020-07-31 23:08 ` [PATCH v5 19/36] arm64/build: Add missing DWARF sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 20/36] arm64/build: Assert for unwanted sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 21/36] arm64/build: Warn on orphan section placement Kees Cook
2020-07-31 23:08 ` [PATCH v5 22/36] arm/build: Refactor linker script headers Kees Cook
2020-07-31 23:08 ` [PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
2020-08-03 19:02 ` Nick Desaulniers
2020-08-17 22:06 ` Fangrui Song [this message]
2020-07-31 23:08 ` [PATCH v5 24/36] arm/build: Add missing sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 25/36] arm/build: Warn on orphan section placement Kees Cook
2020-07-31 23:08 ` [PATCH v5 26/36] arm/boot: Handle all sections explicitly Kees Cook
2020-07-31 23:08 ` [PATCH v5 27/36] arm/boot: Warn on orphan section placement Kees Cook
2020-07-31 23:08 ` [PATCH v5 28/36] x86/asm: Avoid generating unused kprobe sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section Kees Cook
2020-08-01 2:12 ` Arvind Sankar
2020-08-01 5:32 ` Kees Cook
2020-08-21 17:49 ` Kees Cook
2020-07-31 23:08 ` [PATCH v5 30/36] x86/build: Assert for unwanted sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 31/36] x86/build: Warn on orphan section placement Kees Cook
2020-07-31 23:08 ` [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts Kees Cook
2020-08-01 1:47 ` Arvind Sankar
2020-08-01 2:53 ` Arvind Sankar
2020-08-01 5:36 ` Kees Cook
2020-08-01 17:12 ` Arvind Sankar
2020-08-21 18:24 ` Kees Cook
2020-08-01 5:35 ` Kees Cook
2020-08-01 17:00 ` Arvind Sankar
2020-08-21 18:19 ` Kees Cook
2020-07-31 23:08 ` [PATCH v5 33/36] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
2020-07-31 23:08 ` [PATCH v5 34/36] x86/boot/compressed: Add missing debugging sections to output Kees Cook
2020-07-31 23:08 ` [PATCH v5 35/36] x86/boot/compressed: Warn on orphan section placement Kees Cook
2020-07-31 23:08 ` [PATCH v5 36/36] arm/build: Assert for unwanted sections Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200817220629.3pkabegeedomsaaz@google.com \
--to=maskray@google.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=james.morse@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mingo@redhat.com \
--cc=natechancellor@gmail.com \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=pcc@google.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).