LKML Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v6 00/29] Warn on orphan section placement
@ 2020-08-21 19:42 Kees Cook
  2020-08-21 19:42 ` [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
                   ` (29 more replies)
  0 siblings, 30 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

Hi Ingo,

Based on my testing, this is ready to go. I've reviewed the feedback on
v5 and made a few small changes, noted below.


https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v6

v6:
- rebase to -tip x86/boot
- remove 0-sized NOLOAD
- move .got.plt to end with INFO (NOLOAD warns)
- add Reviewed-bys
v5: https://lore.kernel.org/lkml/20200731230820.1742553-1-keescook@chromium.org/
v4: https://lore.kernel.org/lkml/20200629061840.4065483-1-keescook@chromium.org/
v3: https://lore.kernel.org/lkml/20200624014940.1204448-1-keescook@chromium.org/
v2: https://lore.kernel.org/lkml/20200622205815.2988115-1-keescook@chromium.org/
v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/

A recent bug[1] was solved for builds linked with ld.lld, and tracking
it down took way longer than it needed to (a year). Ultimately, it
boiled down to differences between ld.bfd and ld.lld's handling of
orphan sections. Similar situation have continued to recur, and it's
clear the kernel build needs to be much more explicit about linker
sections. Similarly, the recent FGKASLR series brought up orphan section
handling too[2]. In all cases, it would have been nice if the linker was
running with --orphan-handling=warn so that surprise sections wouldn't
silently get mapped into the kernel image at locations up to the whim
of the linker's orphan handling logic. Instead, all desired sections
should be explicitly identified in the linker script (to be either kept,
discarded, or verified to be zero-sized) with any orphans throwing a
warning. The powerpc architecture has actually been doing this for some
time, so this series just extends that coverage to x86, arm, and arm64.

This has gotten sucecssful build testing under the following matrix:

compiler/linker: gcc+ld.bfd, clang+ld.lld
targets: defconfig, allmodconfig
architectures: x86, i386, arm64, arm
versions: -tip x86/boot

All three architectures depend on the first several commits to
vmlinux.lds.h. x86 depends on Arvind's GOT series (in -tip x86/boot now).
arm64 depends on the efi/libstub patch. As such, I'd like to land this
series as a whole. Ingo has suggested he'd take it into -tip.

Thanks!

-Kees

[1] https://github.com/ClangBuiltLinux/linux/issues/282
[2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/

Kees Cook (28):
  vmlinux.lds.h: Create COMMON_DISCARDS
  vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
  vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
  vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
  vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
  efi/libstub: Disable -mbranch-protection
  arm64/mm: Remove needless section quotes
  arm64/kernel: Remove needless Call Frame Information annotations
  arm64/build: Remove .eh_frame* sections due to unwind tables
  arm64/build: Use common DISCARDS in linker script
  arm64/build: Add missing DWARF sections
  arm64/build: Assert for unwanted sections
  arm64/build: Warn on orphan section placement
  arm/build: Refactor linker script headers
  arm/build: Explicitly keep .ARM.attributes sections
  arm/build: Add missing sections
  arm/build: Assert for unwanted sections
  arm/build: Warn on orphan section placement
  arm/boot: Handle all sections explicitly
  arm/boot: Warn on orphan section placement
  x86/asm: Avoid generating unused kprobe sections
  x86/build: Enforce an empty .got.plt section
  x86/build: Assert for unwanted sections
  x86/build: Warn on orphan section placement
  x86/boot/compressed: Reorganize zero-size section asserts
  x86/boot/compressed: Remove, discard, or assert for unwanted sections
  x86/boot/compressed: Add missing debugging sections to output
  x86/boot/compressed: Warn on orphan section placement

Nick Desaulniers (1):
  vmlinux.lds.h: add PGO and AutoFDO input sections

 arch/alpha/kernel/vmlinux.lds.S               |  1 +
 arch/arc/kernel/vmlinux.lds.S                 |  1 +
 arch/arm/Makefile                             |  4 ++
 arch/arm/boot/compressed/Makefile             |  2 +
 arch/arm/boot/compressed/vmlinux.lds.S        | 20 +++----
 .../arm/{kernel => include/asm}/vmlinux.lds.h | 30 ++++++++--
 arch/arm/kernel/vmlinux-xip.lds.S             |  8 ++-
 arch/arm/kernel/vmlinux.lds.S                 |  8 ++-
 arch/arm64/Makefile                           |  9 ++-
 arch/arm64/kernel/smccc-call.S                |  2 -
 arch/arm64/kernel/vmlinux.lds.S               | 28 +++++++--
 arch/arm64/mm/mmu.c                           |  2 +-
 arch/csky/kernel/vmlinux.lds.S                |  1 +
 arch/hexagon/kernel/vmlinux.lds.S             |  1 +
 arch/ia64/kernel/vmlinux.lds.S                |  1 +
 arch/mips/kernel/vmlinux.lds.S                |  1 +
 arch/nds32/kernel/vmlinux.lds.S               |  1 +
 arch/nios2/kernel/vmlinux.lds.S               |  1 +
 arch/openrisc/kernel/vmlinux.lds.S            |  1 +
 arch/parisc/boot/compressed/vmlinux.lds.S     |  1 +
 arch/parisc/kernel/vmlinux.lds.S              |  1 +
 arch/powerpc/kernel/vmlinux.lds.S             |  2 +-
 arch/riscv/kernel/vmlinux.lds.S               |  1 +
 arch/s390/kernel/vmlinux.lds.S                |  1 +
 arch/sh/kernel/vmlinux.lds.S                  |  1 +
 arch/sparc/kernel/vmlinux.lds.S               |  1 +
 arch/um/kernel/dyn.lds.S                      |  2 +-
 arch/um/kernel/uml.lds.S                      |  2 +-
 arch/x86/Makefile                             |  4 ++
 arch/x86/boot/compressed/Makefile             |  2 +
 arch/x86/boot/compressed/vmlinux.lds.S        | 58 +++++++++++++------
 arch/x86/include/asm/asm.h                    |  6 +-
 arch/x86/kernel/vmlinux.lds.S                 | 39 ++++++++++++-
 drivers/firmware/efi/libstub/Makefile         |  9 ++-
 include/asm-generic/vmlinux.lds.h             | 49 +++++++++++++---
 35 files changed, 241 insertions(+), 60 deletions(-)
 rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (84%)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 02/29] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Kees Cook
                   ` (28 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

Collect the common DISCARD sections for architectures that need more
specialized discard control than what the standard DISCARDS section
provides.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 7616ff0b96ec..184b23d62784 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,13 +954,16 @@
 	EXIT_DATA
 #endif
 
+#define COMMON_DISCARDS							\
+	*(.discard)							\
+	*(.discard.*)							\
+	*(.modinfo)
+
 #define DISCARDS							\
 	/DISCARD/ : {							\
 	EXIT_DISCARDS							\
 	EXIT_CALL							\
-	*(.discard)							\
-	*(.discard.*)							\
-	*(.modinfo)							\
+	COMMON_DISCARDS							\
 	}
 
 /**
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 02/29] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
  2020-08-21 19:42 ` [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 03/29] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
                   ` (27 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Fangrui Song, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

For vmlinux linking, no architecture uses the .gnu.version* sections,
so remove it via the COMMON_DISCARDS macro in preparation for adding
--orphan-handling=warn more widely. This is a work-around for what
appears to be a bug[1] in ld.bfd which warns for this synthetic section
even when none is found in input objects, and even when no section is
emitted for an output object[2].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=26153
[2] https://lore.kernel.org/lkml/202006221524.CEB86E036B@keescook/

Reviewed-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 184b23d62784..f1f02a2f71b7 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -957,7 +957,9 @@
 #define COMMON_DISCARDS							\
 	*(.discard)							\
 	*(.discard.*)							\
-	*(.modinfo)
+	*(.modinfo)							\
+	/* ld.bfd warns about .gnu.version* even when not emitted */	\
+	*(.gnu.version*)						\
 
 #define DISCARDS							\
 	/DISCARD/ : {							\
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 03/29] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
  2020-08-21 19:42 ` [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
  2020-08-21 19:42 ` [PATCH v6 02/29] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 04/29] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
                   ` (26 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Marco Elver, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread)
produce unwanted[1] .eh_frame and .init_array.* sections. Add them to
COMMON_DISCARDS, except with CONFIG_CONSTRUCTORS, which wants to keep
.init_array.* sections.

[1] https://bugs.llvm.org/show_bug.cgi?id=46478

Tested-by: Marco Elver <elver@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index f1f02a2f71b7..6b89a03e636e 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,7 +954,27 @@
 	EXIT_DATA
 #endif
 
+/*
+ * Clang's -fsanitize=kernel-address and -fsanitize=thread produce
+ * unwanted sections (.eh_frame and .init_array.*), but
+ * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections.
+ * https://bugs.llvm.org/show_bug.cgi?id=46478
+ */
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
+# ifdef CONFIG_CONSTRUCTORS
+#  define SANITIZER_DISCARDS						\
+	*(.eh_frame)
+# else
+#  define SANITIZER_DISCARDS						\
+	*(.init_array) *(.init_array.*)					\
+	*(.eh_frame)
+# endif
+#else
+# define SANITIZER_DISCARDS
+#endif
+
 #define COMMON_DISCARDS							\
+	SANITIZER_DISCARDS						\
 	*(.discard)							\
 	*(.discard.*)							\
 	*(.modinfo)							\
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 04/29] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (2 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 03/29] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 05/29] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
                   ` (25 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

The .comment section doesn't belong in STABS_DEBUG. Split it out into a
new macro named ELF_DETAILS. This will gain other non-debug sections
that need to be accounted for when linking with --orphan-handling=warn.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/alpha/kernel/vmlinux.lds.S           | 1 +
 arch/arc/kernel/vmlinux.lds.S             | 1 +
 arch/arm/kernel/vmlinux-xip.lds.S         | 1 +
 arch/arm/kernel/vmlinux.lds.S             | 1 +
 arch/arm64/kernel/vmlinux.lds.S           | 1 +
 arch/csky/kernel/vmlinux.lds.S            | 1 +
 arch/hexagon/kernel/vmlinux.lds.S         | 1 +
 arch/ia64/kernel/vmlinux.lds.S            | 1 +
 arch/mips/kernel/vmlinux.lds.S            | 1 +
 arch/nds32/kernel/vmlinux.lds.S           | 1 +
 arch/nios2/kernel/vmlinux.lds.S           | 1 +
 arch/openrisc/kernel/vmlinux.lds.S        | 1 +
 arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
 arch/parisc/kernel/vmlinux.lds.S          | 1 +
 arch/powerpc/kernel/vmlinux.lds.S         | 2 +-
 arch/riscv/kernel/vmlinux.lds.S           | 1 +
 arch/s390/kernel/vmlinux.lds.S            | 1 +
 arch/sh/kernel/vmlinux.lds.S              | 1 +
 arch/sparc/kernel/vmlinux.lds.S           | 1 +
 arch/um/kernel/dyn.lds.S                  | 2 +-
 arch/um/kernel/uml.lds.S                  | 2 +-
 arch/x86/boot/compressed/vmlinux.lds.S    | 2 ++
 arch/x86/kernel/vmlinux.lds.S             | 1 +
 include/asm-generic/vmlinux.lds.h         | 8 ++++++--
 24 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S
index bc6f727278fd..5b78d640725d 100644
--- a/arch/alpha/kernel/vmlinux.lds.S
+++ b/arch/alpha/kernel/vmlinux.lds.S
@@ -72,6 +72,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index 54139a6f469b..33ce59d91461 100644
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -122,6 +122,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	DISCARDS
 
 	.arcextmap 0 : {
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 6d2be994ae58..3d4e88f08196 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7f24bc08403e..5592f14b7e35 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index ec8e894684a7..13fc2ec46aae 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -241,6 +241,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 
 	HEAD_SYMBOLS
 }
diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S
index f05b413df328..f03033e17c29 100644
--- a/arch/csky/kernel/vmlinux.lds.S
+++ b/arch/csky/kernel/vmlinux.lds.S
@@ -109,6 +109,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S
index 0ca2471ddb9f..35b18e55eae8 100644
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -67,5 +67,6 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 }
diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
index d259690eb91a..9b265783be6a 100644
--- a/arch/ia64/kernel/vmlinux.lds.S
+++ b/arch/ia64/kernel/vmlinux.lds.S
@@ -218,6 +218,7 @@ SECTIONS {
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Default discards */
 	DISCARDS
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index f185a85a27c1..5e97e9d02f98 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -202,6 +202,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* These must appear regardless of  .  */
 	.gptab.sdata : {
diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S
index 7a6c1cefe3fe..6a91b965fb1e 100644
--- a/arch/nds32/kernel/vmlinux.lds.S
+++ b/arch/nds32/kernel/vmlinux.lds.S
@@ -64,6 +64,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S
index c55a7cfa1075..126e114744cb 100644
--- a/arch/nios2/kernel/vmlinux.lds.S
+++ b/arch/nios2/kernel/vmlinux.lds.S
@@ -58,6 +58,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S
index 60449fd7f16f..d287dbb84d0f 100644
--- a/arch/openrisc/kernel/vmlinux.lds.S
+++ b/arch/openrisc/kernel/vmlinux.lds.S
@@ -115,6 +115,7 @@ SECTIONS
 	/* Throw in the debugging sections */
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
         /* Sections to be discarded -- must be last */
 	DISCARDS
diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S
index 2ac3a643f2eb..ab7b43990857 100644
--- a/arch/parisc/boot/compressed/vmlinux.lds.S
+++ b/arch/parisc/boot/compressed/vmlinux.lds.S
@@ -84,6 +84,7 @@ SECTIONS
 	}
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S
index 53e29d88f99c..2769eb991f58 100644
--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -164,6 +164,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 326e113d2e45..e0548b4950de 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -360,8 +360,8 @@ SECTIONS
 	PROVIDE32 (end = .);
 
 	STABS_DEBUG
-
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 	/DISCARD/ : {
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index f3586e31ed1e..6f3af7bbc49d 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -97,6 +97,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 37695499717d..177ccfbda40a 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -181,6 +181,7 @@ SECTIONS
 	/* Debugging sections.	*/
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Sections to be discarded */
 	DISCARDS
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index bde7a6c01aaf..3161b9ccd2a5 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -76,6 +76,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
index f99e99e58075..d55ae65a07ad 100644
--- a/arch/sparc/kernel/vmlinux.lds.S
+++ b/arch/sparc/kernel/vmlinux.lds.S
@@ -187,6 +187,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index f5001481010c..dacbfabf66d8 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -164,8 +164,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 3b6dab3d4501..45d957d7004c 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -108,8 +108,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 29df99b6cc64..3c2ee9a5bf43 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -82,6 +82,8 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	ELF_DETAILS
+
 	DISCARDS
 }
 
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9a03e5b23135..0cc035cb15f1 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -411,6 +411,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 6b89a03e636e..cadcbc3cdabd 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -34,6 +34,7 @@
  *
  *	STABS_DEBUG
  *	DWARF_DEBUG
+ *	ELF_DETAILS
  *
  *	DISCARDS		// must be the last
  * }
@@ -811,14 +812,17 @@
 		.debug_macro	0 : { *(.debug_macro) }			\
 		.debug_addr	0 : { *(.debug_addr) }
 
-		/* Stabs debugging sections.  */
+/* Stabs debugging sections. */
 #define STABS_DEBUG							\
 		.stab 0 : { *(.stab) }					\
 		.stabstr 0 : { *(.stabstr) }				\
 		.stab.excl 0 : { *(.stab.excl) }			\
 		.stab.exclstr 0 : { *(.stab.exclstr) }			\
 		.stab.index 0 : { *(.stab.index) }			\
-		.stab.indexstr 0 : { *(.stab.indexstr) }		\
+		.stab.indexstr 0 : { *(.stab.indexstr) }
+
+/* Required sections not related to debugging. */
+#define ELF_DETAILS							\
 		.comment 0 : { *(.comment) }
 
 #ifdef CONFIG_GENERIC_BUG
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 05/29] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (3 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 04/29] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 06/29] vmlinux.lds.h: add PGO and AutoFDO input sections Kees Cook
                   ` (24 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Fangrui Song, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

When linking vmlinux with LLD, the synthetic sections .symtab, .strtab,
and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section
so there will be no warnings when --orphan-handling=warn is used more
widely. (They are added above comment as it is the more common
order[1].)

ld.lld: warning: <internal>:(.symtab) is being placed in '.symtab'
ld.lld: warning: <internal>:(.shstrtab) is being placed in '.shstrtab'
ld.lld: warning: <internal>:(.strtab) is being placed in '.strtab'

[1] https://lore.kernel.org/lkml/20200622224928.o2a7jkq33guxfci4@google.com/

Reported-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index cadcbc3cdabd..98d013dcc11a 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -823,7 +823,10 @@
 
 /* Required sections not related to debugging. */
 #define ELF_DETAILS							\
-		.comment 0 : { *(.comment) }
+		.comment 0 : { *(.comment) }				\
+		.symtab 0 : { *(.symtab) }				\
+		.strtab 0 : { *(.strtab) }				\
+		.shstrtab 0 : { *(.shstrtab) }
 
 #ifdef CONFIG_GENERIC_BUG
 #define BUG_TABLE							\
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 06/29] vmlinux.lds.h: add PGO and AutoFDO input sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (4 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 05/29] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] vmlinux.lds.h: Add " tip-bot2 for Nick Desaulniers
  2020-08-21 19:42 ` [PATCH v6 07/29] efi/libstub: Disable -mbranch-protection Kees Cook
                   ` (23 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Nick Desaulniers, Jian Cai,
	Fāng-ruì Sòng, Luis Lozano, Manoj Gupta, stable,
	Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

From: Nick Desaulniers <ndesaulniers@google.com>

Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too.

When compiling with profiling information (collected via PGO
instrumentations or AutoFDO sampling), Clang will separate code into
.text.hot, .text.unlikely, or .text.unknown sections based on profiling
information. After D79600 (clang-11), these sections will have a
trailing `.` suffix, ie.  .text.hot., .text.unlikely., .text.unknown..

When using -ffunction-sections together with profiling infomation,
either explicitly (FGKASLR) or implicitly (LTO), code may be placed in
sections following the convention:
.text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz>
where <foo>, <bar>, and <baz> are functions.  (This produces one section
per function; we generally try to merge these all back via linker script
so that we don't have 50k sections).

For the above cases, we need to teach our linker scripts that such
sections might exist and that we'd explicitly like them grouped
together, otherwise we can wind up with code outside of the
_stext/_etext boundaries that might not be mapped properly for some
architectures, resulting in boot failures.

If the linker script is not told about possible input sections, then
where the section is placed as output is a heuristic-laiden mess that's
non-portable between linkers (ie. BFD and LLD), and has resulted in many
hard to debug bugs.  Kees Cook is working on cleaning this up by adding
--orphan-handling=warn linker flag used in ARCH=powerpc to additional
architectures. In the case of linker scripts, borrowing from the Zen of
Python: explicit is better than implicit.

Also, ld.bfd's internal linker script considers .text.hot AND
.text.hot.* to be part of .text, as well as .text.unlikely and
.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't
see Clang producing such code in our kernel builds, but I see code in
LLVM that can produce such section names if profiling information is
missing. That may point to a larger issue with generating or collecting
profiles, but I would much rather be safe and explicit than have to
debug yet another issue related to orphan section placement.

Reported-by: Jian Cai <jiancai@google.com>
Suggested-by: Fāng-ruì Sòng <maskray@google.com>
Tested-by: Luis Lozano <llozano@google.com>
Tested-by: Manoj Gupta <manojgupta@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655
Link: https://reviews.llvm.org/D79600
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760
Debugged-by: Luis Lozano <llozano@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/asm-generic/vmlinux.lds.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 98d013dcc11a..91dcfb91ac45 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -581,7 +581,10 @@
  */
 #define TEXT_TEXT							\
 		ALIGN_FUNCTION();					\
-		*(.text.hot TEXT_MAIN .text.fixup .text.unlikely)	\
+		*(.text.hot .text.hot.*)				\
+		*(TEXT_MAIN .text.fixup)				\
+		*(.text.unlikely .text.unlikely.*)			\
+		*(.text.unknown .text.unknown.*)			\
 		NOINSTR_TEXT						\
 		*(.text..refcount)					\
 		*(.ref.text)						\
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 07/29] efi/libstub: Disable -mbranch-protection
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (5 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 06/29] vmlinux.lds.h: add PGO and AutoFDO input sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 08/29] arm64/mm: Remove needless section quotes Kees Cook
                   ` (22 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Arvind Sankar, Atish Patra, linux-efi, Ard Biesheuvel,
	Nick Desaulniers, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Nathan Chancellor, Arnd Bergmann,
	x86, clang-built-linux, linux-arch, linux-arm-kernel,
	linux-kernel

In preparation for adding --orphan-handling=warn to more architectures,
disable -mbranch-protection, as EFI does not yet support it[1].  This was
noticed due to it producing unwanted .note.gnu.property sections (prefixed
with .init due to the objcopy build step).

However, we must also work around a bug in Clang where the section is
still emitted for code-less object files[2], so also remove the section
during the objcopy.

[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
[2] https://bugs.llvm.org/show_bug.cgi?id=46480

Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Atish Patra <atish.patra@wdc.com>
Cc: linux-efi@vger.kernel.org
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/firmware/efi/libstub/Makefile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 5eefd60917df..0c911e391d75 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ \
 # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
 # disable the stackleak plugin
 cflags-$(CONFIG_ARM64)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-				   -fpie $(DISABLE_STACKLEAK_PLUGIN)
+				   -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+				   $(call cc-option,-mbranch-protection=none)
 cflags-$(CONFIG_ARM)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
 				   -fno-builtin -fpic \
 				   $(call cc-option,-mno-single-pic-base)
@@ -66,6 +67,12 @@ lib-$(CONFIG_X86)		+= x86-stub.o
 CFLAGS_arm32-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 CFLAGS_arm64-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 
+# Even when -mbranch-protection=none is set, Clang will generate a
+# .note.gnu.property for code-less object files (like lib/ctype.c),
+# so work around this by explicitly removing the unwanted section.
+# https://bugs.llvm.org/show_bug.cgi?id=46480
+STUBCOPY_FLAGS-y		+= --remove-section=.note.gnu.property
+
 #
 # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
 # .bss section, so the .bss section of the EFI stub needs to be included in the
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 08/29] arm64/mm: Remove needless section quotes
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (6 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 07/29] efi/libstub: Disable -mbranch-protection Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 09/29] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
                   ` (21 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Will Deacon, Nick Desaulniers, Catalin Marinas,
	Mark Rutland, Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

Fix a case of needless quotes in __section(), which Clang doesn't like.

Acked-by: Will Deacon <will@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 75df62fea1b6..e43c805b7b8c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -43,7 +43,7 @@
 u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
 u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
 
-u64 __section(".mmuoff.data.write") vabits_actual;
+u64 __section(.mmuoff.data.write) vabits_actual;
 EXPORT_SYMBOL(vabits_actual);
 
 u64 kimage_voffset __ro_after_init;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 09/29] arm64/kernel: Remove needless Call Frame Information annotations
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (7 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 08/29] arm64/mm: Remove needless section quotes Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 10/29] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
                   ` (20 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Ard Biesheuvel, Will Deacon, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

Remove last instance of an .eh_frame section by removing the needless Call
Frame Information annotations which were likely leftovers from 32-bit arm.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/kernel/smccc-call.S | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S
index 1f93809528a4..d62447964ed9 100644
--- a/arch/arm64/kernel/smccc-call.S
+++ b/arch/arm64/kernel/smccc-call.S
@@ -9,7 +9,6 @@
 #include <asm/assembler.h>
 
 	.macro SMCCC instr
-	.cfi_startproc
 	\instr	#0
 	ldr	x4, [sp]
 	stp	x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS]
@@ -21,7 +20,6 @@
 	b.ne	1f
 	str	x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS]
 1:	ret
-	.cfi_endproc
 	.endm
 
 /*
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 10/29] arm64/build: Remove .eh_frame* sections due to unwind tables
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (8 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 09/29] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 11/29] arm64/build: Use common DISCARDS in linker script Kees Cook
                   ` (19 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Ard Biesheuvel, Will Deacon, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS
contain -fno-asychronous-unwind-tables and -fno-unwind-tables.

With all sources of .eh_frame now removed from the build, drop this
DISCARD so we can be alerted in the future if it returns unexpectedly
once orphan section warnings have been enabled.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/Makefile             | 5 ++++-
 arch/arm64/kernel/vmlinux.lds.S | 1 -
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 55bc8546d9c7..6de7f551b821 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -47,13 +47,16 @@ endif
 
 KBUILD_CFLAGS	+= -mgeneral-regs-only	\
 		   $(compat_vdso) $(cc_has_k_constraint)
-KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS	+= $(call cc-disable-warning, psabi)
 KBUILD_AFLAGS	+= $(compat_vdso)
 
 KBUILD_CFLAGS	+= $(call cc-option,-mabi=lp64)
 KBUILD_AFLAGS	+= $(call cc-option,-mabi=lp64)
 
+# Avoid generating .eh_frame* sections.
+KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_AFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
 prepare: stack_protector_prepare
 stack_protector_prepare: prepare0
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 13fc2ec46aae..c2b8426bf4bd 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -94,7 +94,6 @@ SECTIONS
 		*(.discard.*)
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
-		*(.eh_frame)
 	}
 
 	. = KIMAGE_VADDR + TEXT_OFFSET;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 11/29] arm64/build: Use common DISCARDS in linker script
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (9 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 10/29] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 12/29] arm64/build: Add missing DWARF sections Kees Cook
                   ` (18 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

Use the common DISCARDS rule for the linker script in an effort to
regularize the linker script to prepare for warning on orphaned
sections. Additionally clean up left-over no-op macros.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Will Deacon <will@kernel.org>
---
 arch/arm64/kernel/vmlinux.lds.S | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index c2b8426bf4bd..082e9efa2b43 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -6,6 +6,7 @@
  */
 
 #define RO_EXCEPTION_TABLE_ALIGN	8
+#define RUNTIME_DISCARD_EXIT
 
 #include <asm-generic/vmlinux.lds.h>
 #include <asm/cache.h>
@@ -88,10 +89,8 @@ SECTIONS
 	 * matching the same input section name.  There is no documented
 	 * order of matching.
 	 */
+	DISCARDS
 	/DISCARD/ : {
-		EXIT_CALL
-		*(.discard)
-		*(.discard.*)
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 12/29] arm64/build: Add missing DWARF sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (10 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 11/29] arm64/build: Use common DISCARDS in linker script Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 13/29] arm64/build: Assert for unwanted sections Kees Cook
                   ` (17 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

Explicitly include DWARF sections when they're present in the build.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/kernel/vmlinux.lds.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 082e9efa2b43..16eb2ef806cd 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -239,6 +239,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	HEAD_SYMBOLS
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (11 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 12/29] arm64/build: Add missing DWARF sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-10-26 12:29   ` [PATCH v6 13/29] " Geert Uytterhoeven
  2020-08-21 19:42 ` [PATCH v6 14/29] arm64/build: Warn on orphan section placement Kees Cook
                   ` (16 subsequent siblings)
  29 siblings, 2 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for warning on orphan sections, discard
unwanted non-zero-sized generated sections, and enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 16eb2ef806cd..6ccf19fd2b39 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -121,6 +121,14 @@ SECTIONS
 		*(.got)			/* Global offset table		*/
 	}
 
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
+	       "Unexpected GOT/PLT entries detected!")
+
 	. = ALIGN(SEGMENT_ALIGN);
 	_etext = .;			/* End of text section */
 
@@ -243,6 +251,18 @@ SECTIONS
 	ELF_DETAILS
 
 	HEAD_SYMBOLS
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.plt : {
+		*(.plt) *(.plt.*) *(.iplt) *(.igot)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+	.data.rel.ro : { *(.data.rel.ro) }
+	ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
 }
 
 #include "image-vars.h"
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 14/29] arm64/build: Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (12 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 13/29] arm64/build: Assert for unwanted sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-08-21 19:42 ` [PATCH v6 15/29] arm/build: Refactor linker script headers Kees Cook
                   ` (15 subsequent siblings)
  29 siblings, 0 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nick Desaulniers, Nathan Chancellor,
	Arnd Bergmann, x86, clang-built-linux, linux-arch, linux-efi,
	linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.

With all sections now handled, enable orphan section warnings.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm64/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 6de7f551b821..61a46f56ff33 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -29,6 +29,10 @@ LDFLAGS_vmlinux	+= --fix-cortex-a53-843419
   endif
 endif
 
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
 ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y)
   ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y)
 $(warning LSE atomics not supported by binutils)
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 15/29] arm/build: Refactor linker script headers
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (13 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 14/29] arm64/build: Warn on orphan section placement Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 16/29] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
                   ` (14 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for adding --orphan-handling=warn, refactor the linker
script header includes, and extract common macros.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/{kernel => include/asm}/vmlinux.lds.h | 13 ++++++++-----
 arch/arm/kernel/vmlinux-xip.lds.S              |  4 +---
 arch/arm/kernel/vmlinux.lds.S                  |  4 +---
 3 files changed, 10 insertions(+), 11 deletions(-)
 rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (96%)

diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
similarity index 96%
rename from arch/arm/kernel/vmlinux.lds.h
rename to arch/arm/include/asm/vmlinux.lds.h
index 381a8e105fa5..a08f4301b718 100644
--- a/arch/arm/kernel/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -1,4 +1,5 @@
 /* SPDX-License-Identifier: GPL-2.0 */
+#include <asm-generic/vmlinux.lds.h>
 
 #ifdef CONFIG_HOTPLUG_CPU
 #define ARM_CPU_DISCARD(x)
@@ -49,8 +50,12 @@
 		EXIT_CALL						\
 		ARM_MMU_DISCARD(*(.text.fixup))				\
 		ARM_MMU_DISCARD(*(__ex_table))				\
-		*(.discard)						\
-		*(.discard.*)
+		COMMON_DISCARDS
+
+#define ARM_STUBS_TEXT							\
+		*(.gnu.warning)						\
+		*(.glue_7)						\
+		*(.glue_7t)
 
 #define ARM_TEXT							\
 		IDMAP_TEXT						\
@@ -64,9 +69,7 @@
 		CPUIDLE_TEXT						\
 		LOCK_TEXT						\
 		KPROBES_TEXT						\
-		*(.gnu.warning)						\
-		*(.glue_7)						\
-		*(.glue_7t)						\
+		ARM_STUBS_TEXT						\
 		. = ALIGN(4);						\
 		*(.got)			/* Global offset table */	\
 		ARM_CPU_KEEP(PROC_INFO)
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3d4e88f08196..904c31fa20ed 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -9,15 +9,13 @@
 
 #include <linux/sizes.h>
 
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 5592f14b7e35..bb950c896a67 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -9,15 +9,13 @@
 #else
 
 #include <linux/pgtable.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 16/29] arm/build: Explicitly keep .ARM.attributes sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (14 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 15/29] arm/build: Refactor linker script headers Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 17/29] arm/build: Add missing sections Kees Cook
                   ` (13 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Nick Desaulniers, Fangrui Song, Catalin Marinas,
	Mark Rutland, Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

In preparation for adding --orphan-handling=warn, explicitly keep the
.ARM.attributes section (at address 0[1]) by expanding the existing
ELF_DETAILS macro into ARM_DETAILS.

[1] https://reviews.llvm.org/D85867

Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
Reviewed-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/include/asm/vmlinux.lds.h | 4 ++++
 arch/arm/kernel/vmlinux-xip.lds.S  | 2 +-
 arch/arm/kernel/vmlinux.lds.S      | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index a08f4301b718..c4af5182ab48 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,10 @@
 		ARM_MMU_DISCARD(*(__ex_table))				\
 		COMMON_DISCARDS
 
+#define ARM_DETAILS							\
+		ELF_DETAILS						\
+		.ARM.attributes 0 : { *(.ARM.attributes) }
+
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 904c31fa20ed..57fcbf55f913 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,7 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index bb950c896a67..1d3d3b599635 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,7 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 17/29] arm/build: Add missing sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (15 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 16/29] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:42 ` [PATCH v6 18/29] arm/build: Assert for unwanted sections Kees Cook
                   ` (12 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Nick Desaulniers, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

Add missing text stub sections .vfp11_veneer and .v4_bx, as well as
missing DWARF sections, when present in the build.

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/include/asm/vmlinux.lds.h | 4 +++-
 arch/arm/kernel/vmlinux-xip.lds.S  | 1 +
 arch/arm/kernel/vmlinux.lds.S      | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index c4af5182ab48..6624dd97475c 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -59,7 +59,9 @@
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
-		*(.glue_7t)
+		*(.glue_7t)						\
+		*(.vfp11_veneer)                                        \
+		*(.v4_bx)
 
 #define ARM_TEXT							\
 		IDMAP_TEXT						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 57fcbf55f913..11ffa79751da 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,6 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 1d3d3b599635..dc672fe35de3 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 18/29] arm/build: Assert for unwanted sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (16 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 17/29] arm/build: Add missing sections Kees Cook
@ 2020-08-21 19:42 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 19/29] arm/build: Warn on orphan section placement Kees Cook
                   ` (11 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:42 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for warning on orphan sections, enforce
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/include/asm/vmlinux.lds.h | 11 +++++++++++
 arch/arm/kernel/vmlinux-xip.lds.S  |  2 ++
 arch/arm/kernel/vmlinux.lds.S      |  2 ++
 3 files changed, 15 insertions(+)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 6624dd97475c..4a91428c324d 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,17 @@
 		ARM_MMU_DISCARD(*(__ex_table))				\
 		COMMON_DISCARDS
 
+/*
+ * Sections that should stay zero sized, which is safer to explicitly
+ * check instead of blindly discarding.
+ */
+#define ARM_ASSERTS							\
+	.plt : {							\
+		*(.iplt) *(.rel.iplt) *(.iplt) *(.igot.plt)		\
+	}								\
+	ASSERT(SIZEOF(.plt) == 0,					\
+	       "Unexpected run-time procedure linkages detected!")
+
 #define ARM_DETAILS							\
 		ELF_DETAILS						\
 		.ARM.attributes 0 : { *(.ARM.attributes) }
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 11ffa79751da..50136828f5b5 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,8 @@ SECTIONS
 	STABS_DEBUG
 	DWARF_DEBUG
 	ARM_DETAILS
+
+	ARM_ASSERTS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index dc672fe35de3..5f4922e858d0 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,8 @@ SECTIONS
 	STABS_DEBUG
 	DWARF_DEBUG
 	ARM_DETAILS
+
+	ARM_ASSERTS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 19/29] arm/build: Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (17 preceding siblings ...)
  2020-08-21 19:42 ` [PATCH v6 18/29] arm/build: Assert for unwanted sections Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-08-21 19:43 ` [PATCH v6 20/29] arm/boot: Handle all sections explicitly Kees Cook
                   ` (10 subsequent siblings)
  29 siblings, 0 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Nick Desaulniers, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.

Specifically, this would have made a recently fixed bug very obvious:

ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'

With all sections handled, enable orphan section warning.

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 4e877354515f..0aa133c4ddec 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -16,6 +16,10 @@ LDFLAGS_vmlinux	+= --be8
 KBUILD_LDFLAGS_MODULE	+= --be8
 endif
 
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
 ifeq ($(CONFIG_ARM_MODULE_PLTS),y)
 KBUILD_LDS_MODULE	+= $(srctree)/arch/arm/kernel/module.lds
 endif
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 20/29] arm/boot: Handle all sections explicitly
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (18 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 19/29] arm/build: Warn on orphan section placement Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 21/29] arm/boot: Warn on orphan section placement Kees Cook
                   ` (9 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for warning on orphan sections, use common macros for
debug sections, discards, and text stubs. Add discards for unwanted .note,
and .rel sections.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/boot/compressed/vmlinux.lds.S | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 09ac33f52814..b914be3a207b 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -2,6 +2,7 @@
 /*
  *  Copyright (C) 2000 Russell King
  */
+#include <asm/vmlinux.lds.h>
 
 #ifdef CONFIG_CPU_ENDIAN_BE8
 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
@@ -17,8 +18,11 @@ ENTRY(_start)
 SECTIONS
 {
   /DISCARD/ : {
+    COMMON_DISCARDS
     *(.ARM.exidx*)
     *(.ARM.extab*)
+    *(.note.*)
+    *(.rel.*)
     /*
      * Discard any r/w data - this produces a link error if we have any,
      * which is required for PIC decompression.  Local data generates
@@ -36,9 +40,7 @@ SECTIONS
     *(.start)
     *(.text)
     *(.text.*)
-    *(.gnu.warning)
-    *(.glue_7t)
-    *(.glue_7)
+    ARM_STUBS_TEXT
   }
   .table : ALIGN(4) {
     _table_start = .;
@@ -128,12 +130,10 @@ SECTIONS
   PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
   PROVIDE(__pecoff_end = ALIGN(512));
 
-  .stab 0		: { *(.stab) }
-  .stabstr 0		: { *(.stabstr) }
-  .stab.excl 0		: { *(.stab.excl) }
-  .stab.exclstr 0	: { *(.stab.exclstr) }
-  .stab.index 0		: { *(.stab.index) }
-  .stab.indexstr 0	: { *(.stab.indexstr) }
-  .comment 0		: { *(.comment) }
+  STABS_DEBUG
+  DWARF_DEBUG
+  ARM_DETAILS
+
+  ARM_ASSERTS
 }
 ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 21/29] arm/boot: Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (19 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 20/29] arm/boot: Handle all sections explicitly Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-08-21 19:43 ` [PATCH v6 22/29] x86/asm: Avoid generating unused kprobe sections Kees Cook
                   ` (8 subsequent siblings)
  29 siblings, 0 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker script.

With all sections now handled, enable orphan section warning.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/boot/compressed/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index b1147b7f2c8d..d6cd2688ad7e 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -123,6 +123,8 @@ endif
 LDFLAGS_vmlinux += --no-undefined
 # Delete all temporary local symbols
 LDFLAGS_vmlinux += -X
+# Report orphan sections
+LDFLAGS_vmlinux += --orphan-handling=warn
 # Next argument is a linker script
 LDFLAGS_vmlinux += -T
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 22/29] x86/asm: Avoid generating unused kprobe sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (20 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 21/29] arm/boot: Warn on orphan section placement Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 23/29] x86/build: Enforce an empty .got.plt section Kees Cook
                   ` (7 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

When !CONFIG_KPROBES, do not generate kprobe sections. This makes
sure there are no unexpected sections encountered by the linker scripts.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/include/asm/asm.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 5c15f95b1ba7..4712206c4325 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -138,11 +138,15 @@
 # define _ASM_EXTABLE_FAULT(from, to)				\
 	_ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
 
-# define _ASM_NOKPROBE(entry)					\
+# ifdef CONFIG_KPROBES
+#  define _ASM_NOKPROBE(entry)					\
 	.pushsection "_kprobe_blacklist","aw" ;			\
 	_ASM_ALIGN ;						\
 	_ASM_PTR (entry);					\
 	.popsection
+# else
+#  define _ASM_NOKPROBE(entry)
+# endif
 
 #else /* ! __ASSEMBLY__ */
 # define _EXPAND_EXTABLE_HANDLE(x) #x
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 23/29] x86/build: Enforce an empty .got.plt section
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (21 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 22/29] x86/asm: Avoid generating unused kprobe sections Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 24/29] x86/build: Assert for unwanted sections Kees Cook
                   ` (6 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as INFO. This is more sensitive than just blindly
discarding the section.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035cb15f1..4b1b936a6e7d 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
-}
 
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt (INFO) : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+	       SIZEOF(.got.plt) == 0x18,
+#else
+	       SIZEOF(.got.plt) == 0xc,
+#endif
+	       "Unexpected GOT/PLT entries detected!")
+}
 
 #ifdef CONFIG_X86_32
 /*
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 24/29] x86/build: Assert for unwanted sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (22 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 23/29] x86/build: Enforce an empty .got.plt section Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] x86/build: Add asserts " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 25/29] x86/build: Warn on orphan section placement Kees Cook
                   ` (5 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for warning on orphan sections, enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/kernel/vmlinux.lds.S | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4b1b936a6e7d..45d72447df84 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -427,6 +427,30 @@ SECTIONS
 	       SIZEOF(.got.plt) == 0xc,
 #endif
 	       "Unexpected GOT/PLT entries detected!")
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.got : {
+		*(.got) *(.igot.*)
+	}
+	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+	.plt : {
+		*(.plt) *(.plt.*) *(.iplt)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+	.rel.dyn : {
+		*(.rel.*) *(.rel_*)
+	}
+	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
+
+	.rela.dyn : {
+		*(.rela.*) *(.rela_*)
+	}
+	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
 }
 
 #ifdef CONFIG_X86_32
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 25/29] x86/build: Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (23 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 24/29] x86/build: Assert for unwanted sections Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-08-21 19:43 ` [PATCH v6 26/29] x86/boot/compressed: Reorganize zero-size section asserts Kees Cook
                   ` (4 subsequent siblings)
  29 siblings, 0 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker script.

Now that all sections are explicitly handled, enable orphan section
warnings.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 4346ffb2e39f..ccacbf808552 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -209,6 +209,10 @@ ifdef CONFIG_X86_64
 LDFLAGS_vmlinux += -z max-page-size=0x200000
 endif
 
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
 archscripts: scripts_basic
 	$(Q)$(MAKE) $(build)=arch/x86/tools relocs
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 26/29] x86/boot/compressed: Reorganize zero-size section asserts
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (24 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 25/29] x86/build: Warn on orphan section placement Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
                   ` (3 subsequent siblings)
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

For readability, move the zero-sized sections to the end after DISCARDS.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/vmlinux.lds.S | 44 +++++++++++++++-----------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 3c2ee9a5bf43..ca544a16724b 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -42,19 +42,6 @@ SECTIONS
 		*(.rodata.*)
 		_erodata = . ;
 	}
-	.rel.dyn : {
-		*(.rel.*)
-	}
-	.rela.dyn : {
-		*(.rela.*)
-	}
-	.got : {
-		*(.got)
-	}
-	.got.plt : {
-		*(.got.plt)
-	}
-
 	.data :	{
 		_data = . ;
 		*(.data)
@@ -85,13 +72,34 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
-}
 
-ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+	.got.plt (INFO) : {
+		*(.got.plt)
+	}
+	ASSERT(SIZEOF(.got.plt) == 0 ||
 #ifdef CONFIG_X86_64
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
+	       SIZEOF(.got.plt) == 0x18,
 #else
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
+	       SIZEOF(.got.plt) == 0xc,
 #endif
+	       "Unexpected GOT/PLT entries detected!")
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.got : {
+		*(.got)
+	}
+	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+	.rel.dyn : {
+		*(.rel.*)
+	}
+	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
 
-ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!")
+	.rela.dyn : {
+		*(.rela.*)
+	}
+	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
+}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (25 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 26/29] x86/boot/compressed: Reorganize zero-size section asserts Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-08-21 20:01   ` Arvind Sankar
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 28/29] x86/boot/compressed: Add missing debugging sections to output Kees Cook
                   ` (2 subsequent siblings)
  29 siblings, 2 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

In preparation for warning on orphan sections, stop the linker from
generating the .eh_frame* sections, discard unwanted non-zero-sized
generated sections, and enforce other expected-to-be-zero-sized sections
(since discarding them might hide problems with them suddenly gaining
unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/Makefile      |  1 +
 arch/x86/boot/compressed/vmlinux.lds.S | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 753d57266757..5b7f6e175b03 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -50,6 +50,7 @@ GCOV_PROFILE := n
 UBSAN_SANITIZE :=n
 
 KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
 # Compressed kernel should be built as PIE since it may be loaded at any
 # address by the bootloader.
 LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index ca544a16724b..02f6feb0e55b 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -72,6 +72,11 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
+	/DISCARD/ : {
+		*(.dynamic) *(.dynsym) *(.dynstr) *(.dynbss)
+		*(.hash) *(.gnu.hash)
+		*(.note.*)
+	}
 
 	.got.plt (INFO) : {
 		*(.got.plt)
@@ -93,13 +98,18 @@ SECTIONS
 	}
 	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
 
+	.plt : {
+		*(.plt) *(.plt.*)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
 	.rel.dyn : {
-		*(.rel.*)
+		*(.rel.*) *(.rel_*)
 	}
 	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
 
 	.rela.dyn : {
-		*(.rela.*)
+		*(.rela.*) *(.rela_*)
 	}
 	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 28/29] x86/boot/compressed: Add missing debugging sections to output
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (26 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  2020-08-21 19:43 ` [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement Kees Cook
  2020-08-31 19:41 ` [PATCH v6 00/29] " Kees Cook
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

Include the missing DWARF and STABS sections in the compressed image,
when they are present.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 02f6feb0e55b..112b2375d021 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -69,6 +69,8 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	DISCARDS
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (27 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 28/29] x86/boot/compressed: Add missing debugging sections to output Kees Cook
@ 2020-08-21 19:43 ` Kees Cook
  2020-08-31 19:41 ` [PATCH v6 00/29] " Kees Cook
  29 siblings, 0 replies; 92+ messages in thread
From: Kees Cook @ 2020-08-21 19:43 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Kees Cook, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.

Now that all sections are explicitly handled, enable orphan section
warnings.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 5b7f6e175b03..647e15837a28 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -54,6 +54,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
 # Compressed kernel should be built as PIE since it may be loaded at any
 # address by the bootloader.
 LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
+LDFLAGS_vmlinux += --orphan-handling=warn
 LDFLAGS_vmlinux += -T
 
 hostprogs	:= mkpiggy
-- 
2.25.1


^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections
  2020-08-21 19:43 ` [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
@ 2020-08-21 20:01   ` Arvind Sankar
  2020-08-21 21:21     ` Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
  1 sibling, 1 reply; 92+ messages in thread
From: Arvind Sankar @ 2020-08-21 20:01 UTC (permalink / raw)
  To: Kees Cook
  Cc: Ingo Molnar, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> In preparation for warning on orphan sections, stop the linker from
> generating the .eh_frame* sections, discard unwanted non-zero-sized
> generated sections, and enforce other expected-to-be-zero-sized sections
> (since discarding them might hide problems with them suddenly gaining
> unexpected entries).
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
>  	.rel.dyn : {
> -		*(.rel.*)
> +		*(.rel.*) *(.rel_*)
>  	}
>  	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
>  
>  	.rela.dyn : {
> -		*(.rela.*)
> +		*(.rela.*) *(.rela_*)
>  	}
>  	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
>  }
> -- 
> 2.25.1
> 

When do you get .rela_?

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections
  2020-08-21 20:01   ` Arvind Sankar
@ 2020-08-21 21:21     ` Kees Cook
  2020-08-21 21:28       ` Arvind Sankar
  0 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-21 21:21 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Ingo Molnar, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

On Fri, Aug 21, 2020 at 04:01:59PM -0400, Arvind Sankar wrote:
> On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> > In preparation for warning on orphan sections, stop the linker from
> > generating the .eh_frame* sections, discard unwanted non-zero-sized
> > generated sections, and enforce other expected-to-be-zero-sized sections
> > (since discarding them might hide problems with them suddenly gaining
> > unexpected entries).
> > 
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> >  	.rel.dyn : {
> > -		*(.rel.*)
> > +		*(.rel.*) *(.rel_*)
> >  	}
> >  	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
> >  
> >  	.rela.dyn : {
> > -		*(.rela.*)
> > +		*(.rela.*) *(.rela_*)
> >  	}
> >  	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> >  }
> > -- 
> > 2.25.1
> > 
> 
> When do you get .rela_?

i386 builds, IIRC. I can try to hunt that down if you want?

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections
  2020-08-21 21:21     ` Kees Cook
@ 2020-08-21 21:28       ` Arvind Sankar
  0 siblings, 0 replies; 92+ messages in thread
From: Arvind Sankar @ 2020-08-21 21:28 UTC (permalink / raw)
  To: Kees Cook
  Cc: Arvind Sankar, Ingo Molnar, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Nick Desaulniers, Nathan Chancellor, Arnd Bergmann, x86,
	clang-built-linux, linux-arch, linux-efi, linux-arm-kernel,
	linux-kernel

On Fri, Aug 21, 2020 at 02:21:34PM -0700, Kees Cook wrote:
> On Fri, Aug 21, 2020 at 04:01:59PM -0400, Arvind Sankar wrote:
> > On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> > > In preparation for warning on orphan sections, stop the linker from
> > > generating the .eh_frame* sections, discard unwanted non-zero-sized
> > > generated sections, and enforce other expected-to-be-zero-sized sections
> > > (since discarding them might hide problems with them suddenly gaining
> > > unexpected entries).
> > > 
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > >  	.rel.dyn : {
> > > -		*(.rel.*)
> > > +		*(.rel.*) *(.rel_*)
> > >  	}
> > >  	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
> > >  
> > >  	.rela.dyn : {
> > > -		*(.rela.*)
> > > +		*(.rela.*) *(.rela_*)
> > >  	}
> > >  	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> > >  }
> > > -- 
> > > 2.25.1
> > > 
> > 
> > When do you get .rela_?
> 
> i386 builds, IIRC. I can try to hunt that down if you want?
> 
> -- 
> Kees Cook

Nah, just curious.

Thanks.

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
                   ` (28 preceding siblings ...)
  2020-08-21 19:43 ` [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement Kees Cook
@ 2020-08-31 19:41 ` Kees Cook
  2020-09-01  7:11   ` Ingo Molnar
  29 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-08-31 19:41 UTC (permalink / raw)
  To: Ingo Molnar, Borislav Petkov
  Cc: Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> Hi Ingo,
> 
> Based on my testing, this is ready to go. I've reviewed the feedback on
> v5 and made a few small changes, noted below.

If no one objects, I'll pop this into my tree for -next. I'd prefer it
go via -tip though! :)

Thanks!

-Kees

> 
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v6
> 
> v6:
> - rebase to -tip x86/boot
> - remove 0-sized NOLOAD
> - move .got.plt to end with INFO (NOLOAD warns)
> - add Reviewed-bys
> v5: https://lore.kernel.org/lkml/20200731230820.1742553-1-keescook@chromium.org/
> v4: https://lore.kernel.org/lkml/20200629061840.4065483-1-keescook@chromium.org/
> v3: https://lore.kernel.org/lkml/20200624014940.1204448-1-keescook@chromium.org/
> v2: https://lore.kernel.org/lkml/20200622205815.2988115-1-keescook@chromium.org/
> v1: https://lore.kernel.org/lkml/20200228002244.15240-1-keescook@chromium.org/
> 
> A recent bug[1] was solved for builds linked with ld.lld, and tracking
> it down took way longer than it needed to (a year). Ultimately, it
> boiled down to differences between ld.bfd and ld.lld's handling of
> orphan sections. Similar situation have continued to recur, and it's
> clear the kernel build needs to be much more explicit about linker
> sections. Similarly, the recent FGKASLR series brought up orphan section
> handling too[2]. In all cases, it would have been nice if the linker was
> running with --orphan-handling=warn so that surprise sections wouldn't
> silently get mapped into the kernel image at locations up to the whim
> of the linker's orphan handling logic. Instead, all desired sections
> should be explicitly identified in the linker script (to be either kept,
> discarded, or verified to be zero-sized) with any orphans throwing a
> warning. The powerpc architecture has actually been doing this for some
> time, so this series just extends that coverage to x86, arm, and arm64.
> 
> This has gotten sucecssful build testing under the following matrix:
> 
> compiler/linker: gcc+ld.bfd, clang+ld.lld
> targets: defconfig, allmodconfig
> architectures: x86, i386, arm64, arm
> versions: -tip x86/boot
> 
> All three architectures depend on the first several commits to
> vmlinux.lds.h. x86 depends on Arvind's GOT series (in -tip x86/boot now).
> arm64 depends on the efi/libstub patch. As such, I'd like to land this
> series as a whole. Ingo has suggested he'd take it into -tip.
> 
> Thanks!
> 
> -Kees
> 
> [1] https://github.com/ClangBuiltLinux/linux/issues/282
> [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/
> 
> Kees Cook (28):
>   vmlinux.lds.h: Create COMMON_DISCARDS
>   vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
>   vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
>   vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
>   vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
>   efi/libstub: Disable -mbranch-protection
>   arm64/mm: Remove needless section quotes
>   arm64/kernel: Remove needless Call Frame Information annotations
>   arm64/build: Remove .eh_frame* sections due to unwind tables
>   arm64/build: Use common DISCARDS in linker script
>   arm64/build: Add missing DWARF sections
>   arm64/build: Assert for unwanted sections
>   arm64/build: Warn on orphan section placement
>   arm/build: Refactor linker script headers
>   arm/build: Explicitly keep .ARM.attributes sections
>   arm/build: Add missing sections
>   arm/build: Assert for unwanted sections
>   arm/build: Warn on orphan section placement
>   arm/boot: Handle all sections explicitly
>   arm/boot: Warn on orphan section placement
>   x86/asm: Avoid generating unused kprobe sections
>   x86/build: Enforce an empty .got.plt section
>   x86/build: Assert for unwanted sections
>   x86/build: Warn on orphan section placement
>   x86/boot/compressed: Reorganize zero-size section asserts
>   x86/boot/compressed: Remove, discard, or assert for unwanted sections
>   x86/boot/compressed: Add missing debugging sections to output
>   x86/boot/compressed: Warn on orphan section placement
> 
> Nick Desaulniers (1):
>   vmlinux.lds.h: add PGO and AutoFDO input sections
> 
>  arch/alpha/kernel/vmlinux.lds.S               |  1 +
>  arch/arc/kernel/vmlinux.lds.S                 |  1 +
>  arch/arm/Makefile                             |  4 ++
>  arch/arm/boot/compressed/Makefile             |  2 +
>  arch/arm/boot/compressed/vmlinux.lds.S        | 20 +++----
>  .../arm/{kernel => include/asm}/vmlinux.lds.h | 30 ++++++++--
>  arch/arm/kernel/vmlinux-xip.lds.S             |  8 ++-
>  arch/arm/kernel/vmlinux.lds.S                 |  8 ++-
>  arch/arm64/Makefile                           |  9 ++-
>  arch/arm64/kernel/smccc-call.S                |  2 -
>  arch/arm64/kernel/vmlinux.lds.S               | 28 +++++++--
>  arch/arm64/mm/mmu.c                           |  2 +-
>  arch/csky/kernel/vmlinux.lds.S                |  1 +
>  arch/hexagon/kernel/vmlinux.lds.S             |  1 +
>  arch/ia64/kernel/vmlinux.lds.S                |  1 +
>  arch/mips/kernel/vmlinux.lds.S                |  1 +
>  arch/nds32/kernel/vmlinux.lds.S               |  1 +
>  arch/nios2/kernel/vmlinux.lds.S               |  1 +
>  arch/openrisc/kernel/vmlinux.lds.S            |  1 +
>  arch/parisc/boot/compressed/vmlinux.lds.S     |  1 +
>  arch/parisc/kernel/vmlinux.lds.S              |  1 +
>  arch/powerpc/kernel/vmlinux.lds.S             |  2 +-
>  arch/riscv/kernel/vmlinux.lds.S               |  1 +
>  arch/s390/kernel/vmlinux.lds.S                |  1 +
>  arch/sh/kernel/vmlinux.lds.S                  |  1 +
>  arch/sparc/kernel/vmlinux.lds.S               |  1 +
>  arch/um/kernel/dyn.lds.S                      |  2 +-
>  arch/um/kernel/uml.lds.S                      |  2 +-
>  arch/x86/Makefile                             |  4 ++
>  arch/x86/boot/compressed/Makefile             |  2 +
>  arch/x86/boot/compressed/vmlinux.lds.S        | 58 +++++++++++++------
>  arch/x86/include/asm/asm.h                    |  6 +-
>  arch/x86/kernel/vmlinux.lds.S                 | 39 ++++++++++++-
>  drivers/firmware/efi/libstub/Makefile         |  9 ++-
>  include/asm-generic/vmlinux.lds.h             | 49 +++++++++++++---
>  35 files changed, 241 insertions(+), 60 deletions(-)
>  rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (84%)
> 
> -- 
> 2.25.1
> 

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-08-31 19:41 ` [PATCH v6 00/29] " Kees Cook
@ 2020-09-01  7:11   ` Ingo Molnar
  2020-09-01  7:59     ` Ingo Molnar
  0 siblings, 1 reply; 92+ messages in thread
From: Ingo Molnar @ 2020-09-01  7:11 UTC (permalink / raw)
  To: Kees Cook
  Cc: Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel


* Kees Cook <keescook@chromium.org> wrote:

> On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > Hi Ingo,
> > 
> > Based on my testing, this is ready to go. I've reviewed the feedback on
> > v5 and made a few small changes, noted below.
> 
> If no one objects, I'll pop this into my tree for -next. I'd prefer it
> go via -tip though! :)
> 
> Thanks!

I'll pick it up today, it all looks very good now!

Thanks,

	Ingo

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01  7:11   ` Ingo Molnar
@ 2020-09-01  7:59     ` Ingo Molnar
  2020-09-01  8:16       ` Ingo Molnar
  0 siblings, 1 reply; 92+ messages in thread
From: Ingo Molnar @ 2020-09-01  7:59 UTC (permalink / raw)
  To: Kees Cook
  Cc: Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel


* Ingo Molnar <mingo@kernel.org> wrote:

> 
> * Kees Cook <keescook@chromium.org> wrote:
> 
> > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > Hi Ingo,
> > > 
> > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > v5 and made a few small changes, noted below.
> > 
> > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > go via -tip though! :)
> > 
> > Thanks!
> 
> I'll pick it up today, it all looks very good now!

One thing I found in testing is that it doesn't handler older LD 
versions well enough:

  ld: unrecognized option '--orphan-handling=warn'

Could we just detect the availability of this flag, and emit a warning 
if it doesn't exist but otherwise not abort the build?

This is with:

  GNU ld version 2.25-17.fc23

Thanks,

	Ingo

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01  7:59     ` Ingo Molnar
@ 2020-09-01  8:16       ` Ingo Molnar
  2020-09-01 15:17         ` Kees Cook
  0 siblings, 1 reply; 92+ messages in thread
From: Ingo Molnar @ 2020-09-01  8:16 UTC (permalink / raw)
  To: Kees Cook
  Cc: Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel


* Ingo Molnar <mingo@kernel.org> wrote:

> 
> * Ingo Molnar <mingo@kernel.org> wrote:
> 
> > 
> > * Kees Cook <keescook@chromium.org> wrote:
> > 
> > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > Hi Ingo,
> > > > 
> > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > v5 and made a few small changes, noted below.
> > > 
> > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > go via -tip though! :)
> > > 
> > > Thanks!
> > 
> > I'll pick it up today, it all looks very good now!
> 
> One thing I found in testing is that it doesn't handler older LD 
> versions well enough:
> 
>   ld: unrecognized option '--orphan-handling=warn'
> 
> Could we just detect the availability of this flag, and emit a warning 
> if it doesn't exist but otherwise not abort the build?
> 
> This is with:
> 
>   GNU ld version 2.25-17.fc23

I've resolved this for now by not applying the 5 patches that add the 
actual orphan section warnings:

  arm64/build: Warn on orphan section placement
  arm/build: Warn on orphan section placement
  arm/boot: Warn on orphan section placement
  x86/build: Warn on orphan section placement
  x86/boot/compressed: Warn on orphan section placement

The new asserts plus the actual fixes/enhancements are enough changes 
to test for now in any case. :-)

Thanks,

	Ingo

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/boot/compressed: Remove, discard, or assert for unwanted sections
  2020-08-21 19:43 ` [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
  2020-08-21 20:01   ` Arvind Sankar
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  1 sibling, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     d1c0272bc1c068f8c2cb3d1b395173602b0df6e7
Gitweb:        https://git.kernel.org/tip/d1c0272bc1c068f8c2cb3d1b395173602b0df6e7
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:08 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/boot/compressed: Remove, discard, or assert for unwanted sections

In preparation for warning on orphan sections, stop the linker from
generating the .eh_frame* sections, discard unwanted non-zero-sized
generated sections, and enforce other expected-to-be-zero-sized sections
(since discarding them might hide problems with them suddenly gaining
unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-28-keescook@chromium.org
---
 arch/x86/boot/compressed/Makefile      |  1 +
 arch/x86/boot/compressed/vmlinux.lds.S | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 753d572..5b7f6e1 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -50,6 +50,7 @@ GCOV_PROFILE := n
 UBSAN_SANITIZE :=n
 
 KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
 # Compressed kernel should be built as PIE since it may be loaded at any
 # address by the bootloader.
 LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index ca544a1..02f6feb 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -72,6 +72,11 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
+	/DISCARD/ : {
+		*(.dynamic) *(.dynsym) *(.dynstr) *(.dynbss)
+		*(.hash) *(.gnu.hash)
+		*(.note.*)
+	}
 
 	.got.plt (INFO) : {
 		*(.got.plt)
@@ -93,13 +98,18 @@ SECTIONS
 	}
 	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
 
+	.plt : {
+		*(.plt) *(.plt.*)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
 	.rel.dyn : {
-		*(.rel.*)
+		*(.rel.*) *(.rel_*)
 	}
 	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
 
 	.rela.dyn : {
-		*(.rela.*)
+		*(.rela.*) *(.rela_*)
 	}
 	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
 }

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/boot/compressed: Add missing debugging sections to output
  2020-08-21 19:43 ` [PATCH v6 28/29] x86/boot/compressed: Add missing debugging sections to output Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     414d2ff5e5f21049b6b242271a6a8579f9dffc1b
Gitweb:        https://git.kernel.org/tip/414d2ff5e5f21049b6b242271a6a8579f9dffc1b
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:09 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/boot/compressed: Add missing debugging sections to output

Include the missing DWARF and STABS sections in the compressed image,
when they are present.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-29-keescook@chromium.org
---
 arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 02f6feb..112b237 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -69,6 +69,8 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	DISCARDS

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/build: Add asserts for unwanted sections
  2020-08-21 19:43 ` [PATCH v6 24/29] x86/build: Assert for unwanted sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     5354e84598f264793265cc99b4be2a2295826c86
Gitweb:        https://git.kernel.org/tip/5354e84598f264793265cc99b4be2a2295826c86
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:05 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/build: Add asserts for unwanted sections

In preparation for warning on orphan sections, enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-25-keescook@chromium.org
---
 arch/x86/kernel/vmlinux.lds.S | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4b1b936..45d7244 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -427,6 +427,30 @@ SECTIONS
 	       SIZEOF(.got.plt) == 0xc,
 #endif
 	       "Unexpected GOT/PLT entries detected!")
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.got : {
+		*(.got) *(.igot.*)
+	}
+	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+	.plt : {
+		*(.plt) *(.plt.*) *(.iplt)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+	.rel.dyn : {
+		*(.rel.*) *(.rel_*)
+	}
+	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
+
+	.rela.dyn : {
+		*(.rela.*) *(.rela_*)
+	}
+	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
 }
 
 #ifdef CONFIG_X86_32

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/build: Enforce an empty .got.plt section
  2020-08-21 19:43 ` [PATCH v6 23/29] x86/build: Enforce an empty .got.plt section Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     815d680771ae09080d2da83dac2647c08cdf99ce
Gitweb:        https://git.kernel.org/tip/815d680771ae09080d2da83dac2647c08cdf99ce
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:04 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/build: Enforce an empty .got.plt section

The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as INFO. This is more sensitive than just blindly
discarding the section.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-24-keescook@chromium.org
---
 arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035c..4b1b936 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
-}
 
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt (INFO) : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+	       SIZEOF(.got.plt) == 0x18,
+#else
+	       SIZEOF(.got.plt) == 0xc,
+#endif
+	       "Unexpected GOT/PLT entries detected!")
+}
 
 #ifdef CONFIG_X86_32
 /*

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/boot/compressed: Reorganize zero-size section asserts
  2020-08-21 19:43 ` [PATCH v6 26/29] x86/boot/compressed: Reorganize zero-size section asserts Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     7cf891a40057f851af74e68bacb01b90bd775b5d
Gitweb:        https://git.kernel.org/tip/7cf891a40057f851af74e68bacb01b90bd775b5d
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:07 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/boot/compressed: Reorganize zero-size section asserts

For readability, move the zero-sized sections to the end after DISCARDS.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-27-keescook@chromium.org
---
 arch/x86/boot/compressed/vmlinux.lds.S | 44 ++++++++++++++-----------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 3c2ee9a..ca544a1 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -42,19 +42,6 @@ SECTIONS
 		*(.rodata.*)
 		_erodata = . ;
 	}
-	.rel.dyn : {
-		*(.rel.*)
-	}
-	.rela.dyn : {
-		*(.rela.*)
-	}
-	.got : {
-		*(.got)
-	}
-	.got.plt : {
-		*(.got.plt)
-	}
-
 	.data :	{
 		_data = . ;
 		*(.data)
@@ -85,13 +72,34 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
-}
 
-ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+	.got.plt (INFO) : {
+		*(.got.plt)
+	}
+	ASSERT(SIZEOF(.got.plt) == 0 ||
 #ifdef CONFIG_X86_64
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
+	       SIZEOF(.got.plt) == 0x18,
 #else
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
+	       SIZEOF(.got.plt) == 0xc,
 #endif
+	       "Unexpected GOT/PLT entries detected!")
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.got : {
+		*(.got)
+	}
+	ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+	.rel.dyn : {
+		*(.rel.*)
+	}
+	ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
 
-ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!")
+	.rela.dyn : {
+		*(.rela.*)
+	}
+	ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
+}

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] x86/asm: Avoid generating unused kprobe sections
  2020-08-21 19:43 ` [PATCH v6 22/29] x86/asm: Avoid generating unused kprobe sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     a850958c072404f75dd41782cb4ff34b8625b47d
Gitweb:        https://git.kernel.org/tip/a850958c072404f75dd41782cb4ff34b8625b47d
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:03 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

x86/asm: Avoid generating unused kprobe sections

When !CONFIG_KPROBES, do not generate kprobe sections. This makes
sure there are no unexpected sections encountered by the linker scripts.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-23-keescook@chromium.org
---
 arch/x86/include/asm/asm.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 5c15f95..4712206 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -138,11 +138,15 @@
 # define _ASM_EXTABLE_FAULT(from, to)				\
 	_ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
 
-# define _ASM_NOKPROBE(entry)					\
+# ifdef CONFIG_KPROBES
+#  define _ASM_NOKPROBE(entry)					\
 	.pushsection "_kprobe_blacklist","aw" ;			\
 	_ASM_ALIGN ;						\
 	_ASM_PTR (entry);					\
 	.popsection
+# else
+#  define _ASM_NOKPROBE(entry)
+# endif
 
 #else /* ! __ASSEMBLY__ */
 # define _EXPAND_EXTABLE_HANDLE(x) #x

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm/boot: Handle all sections explicitly
  2020-08-21 19:43 ` [PATCH v6 20/29] arm/boot: Handle all sections explicitly Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, Russell King, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     7e8c4ed2638d08a1604c87b60ed7161bf92e6f86
Gitweb:        https://git.kernel.org/tip/7e8c4ed2638d08a1604c87b60ed7161bf92e6f86
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:43:01 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

arm/boot: Handle all sections explicitly

In preparation for warning on orphan sections, use common macros for
debug sections, discards, and text stubs. Add discards for unwanted .note,
and .rel sections.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Russell King <linux@armlinux.org.uk>
Link: https://lore.kernel.org/r/20200821194310.3089815-21-keescook@chromium.org
---
 arch/arm/boot/compressed/vmlinux.lds.S | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 09ac33f..b914be3 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -2,6 +2,7 @@
 /*
  *  Copyright (C) 2000 Russell King
  */
+#include <asm/vmlinux.lds.h>
 
 #ifdef CONFIG_CPU_ENDIAN_BE8
 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
@@ -17,8 +18,11 @@ ENTRY(_start)
 SECTIONS
 {
   /DISCARD/ : {
+    COMMON_DISCARDS
     *(.ARM.exidx*)
     *(.ARM.extab*)
+    *(.note.*)
+    *(.rel.*)
     /*
      * Discard any r/w data - this produces a link error if we have any,
      * which is required for PIC decompression.  Local data generates
@@ -36,9 +40,7 @@ SECTIONS
     *(.start)
     *(.text)
     *(.text.*)
-    *(.gnu.warning)
-    *(.glue_7t)
-    *(.glue_7)
+    ARM_STUBS_TEXT
   }
   .table : ALIGN(4) {
     _table_start = .;
@@ -128,12 +130,10 @@ SECTIONS
   PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
   PROVIDE(__pecoff_end = ALIGN(512));
 
-  .stab 0		: { *(.stab) }
-  .stabstr 0		: { *(.stabstr) }
-  .stab.excl 0		: { *(.stab.excl) }
-  .stab.exclstr 0	: { *(.stab.exclstr) }
-  .stab.index 0		: { *(.stab.index) }
-  .stab.indexstr 0	: { *(.stab.indexstr) }
-  .comment 0		: { *(.comment) }
+  STABS_DEBUG
+  DWARF_DEBUG
+  ARM_DETAILS
+
+  ARM_ASSERTS
 }
 ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm/build: Explicitly keep .ARM.attributes sections
  2020-08-21 19:42 ` [PATCH v6 16/29] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Nick Desaulniers, Kees Cook, Ingo Molnar, Fangrui Song,
	Russell King, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     3b14aefb84320ac430cecbdc87b680317916b2bd
Gitweb:        https://git.kernel.org/tip/3b14aefb84320ac430cecbdc87b680317916b2bd
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:57 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

arm/build: Explicitly keep .ARM.attributes sections

In preparation for adding --orphan-handling=warn, explicitly keep the
.ARM.attributes section (at address 0[1]) by expanding the existing
ELF_DETAILS macro into ARM_DETAILS.

[1] https://reviews.llvm.org/D85867

Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Cc: Russell King <linux@armlinux.org.uk>
Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
Link: https://lore.kernel.org/r/20200821194310.3089815-17-keescook@chromium.org
---
 arch/arm/include/asm/vmlinux.lds.h | 4 ++++
 arch/arm/kernel/vmlinux-xip.lds.S  | 2 +-
 arch/arm/kernel/vmlinux.lds.S      | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index a08f430..c4af518 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,10 @@
 		ARM_MMU_DISCARD(*(__ex_table))				\
 		COMMON_DISCARDS
 
+#define ARM_DETAILS							\
+		ELF_DETAILS						\
+		.ARM.attributes 0 : { *(.ARM.attributes) }
+
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 904c31f..57fcbf5 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,7 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index bb950c8..1d3d3b5 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,7 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
-	ELF_DETAILS
+	ARM_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm/build: Assert for unwanted sections
  2020-08-21 19:42 ` [PATCH v6 18/29] arm/build: Assert for unwanted sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, Russell King, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     0c918e753f8c03b0308a635c0721a8c24d738d4a
Gitweb:        https://git.kernel.org/tip/0c918e753f8c03b0308a635c0721a8c24d738d4a
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:59 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

arm/build: Assert for unwanted sections

In preparation for warning on orphan sections, enforce
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Russell King <linux@armlinux.org.uk>
Link: https://lore.kernel.org/r/20200821194310.3089815-19-keescook@chromium.org
---
 arch/arm/include/asm/vmlinux.lds.h | 11 +++++++++++
 arch/arm/kernel/vmlinux-xip.lds.S  |  2 ++
 arch/arm/kernel/vmlinux.lds.S      |  2 ++
 3 files changed, 15 insertions(+)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 6624dd9..4a91428 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,17 @@
 		ARM_MMU_DISCARD(*(__ex_table))				\
 		COMMON_DISCARDS
 
+/*
+ * Sections that should stay zero sized, which is safer to explicitly
+ * check instead of blindly discarding.
+ */
+#define ARM_ASSERTS							\
+	.plt : {							\
+		*(.iplt) *(.rel.iplt) *(.iplt) *(.igot.plt)		\
+	}								\
+	ASSERT(SIZEOF(.plt) == 0,					\
+	       "Unexpected run-time procedure linkages detected!")
+
 #define ARM_DETAILS							\
 		ELF_DETAILS						\
 		.ARM.attributes 0 : { *(.ARM.attributes) }
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 11ffa79..5013682 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,8 @@ SECTIONS
 	STABS_DEBUG
 	DWARF_DEBUG
 	ARM_DETAILS
+
+	ARM_ASSERTS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index dc672fe..5f4922e 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,8 @@ SECTIONS
 	STABS_DEBUG
 	DWARF_DEBUG
 	ARM_DETAILS
+
+	ARM_ASSERTS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm/build: Add missing sections
  2020-08-21 19:42 ` [PATCH v6 17/29] arm/build: Add missing sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Nick Desaulniers, Russell King, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     512dd2eebe5585893412e0c8bec8dbfe2dead6c8
Gitweb:        https://git.kernel.org/tip/512dd2eebe5585893412e0c8bec8dbfe2dead6c8
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:58 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00

arm/build: Add missing sections

Add missing text stub sections .vfp11_veneer and .v4_bx, as well as
missing DWARF sections, when present in the build.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Russell King <linux@armlinux.org.uk>
Link: https://lore.kernel.org/r/20200821194310.3089815-18-keescook@chromium.org
---
 arch/arm/include/asm/vmlinux.lds.h | 4 +++-
 arch/arm/kernel/vmlinux-xip.lds.S  | 1 +
 arch/arm/kernel/vmlinux.lds.S      | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index c4af518..6624dd9 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -59,7 +59,9 @@
 #define ARM_STUBS_TEXT							\
 		*(.gnu.warning)						\
 		*(.glue_7)						\
-		*(.glue_7t)
+		*(.glue_7t)						\
+		*(.vfp11_veneer)                                        \
+		*(.v4_bx)
 
 #define ARM_TEXT							\
 		IDMAP_TEXT						\
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 57fcbf5..11ffa79 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,6 +150,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 1d3d3b5..dc672fe 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ARM_DETAILS
 }
 

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm/build: Refactor linker script headers
  2020-08-21 19:42 ` [PATCH v6 15/29] arm/build: Refactor linker script headers Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, Russell King, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     d7e3b065dc98e95f2dae6d2da031dd4c243bd7be
Gitweb:        https://git.kernel.org/tip/d7e3b065dc98e95f2dae6d2da031dd4c243bd7be
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:56 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 10:03:17 +02:00

arm/build: Refactor linker script headers

In preparation for adding --orphan-handling=warn, refactor the linker
script header includes, and extract common macros.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Russell King <linux@armlinux.org.uk>
Link: https://lore.kernel.org/r/20200821194310.3089815-16-keescook@chromium.org
---
 arch/arm/include/asm/vmlinux.lds.h | 130 ++++++++++++++++++++++++++++-
 arch/arm/kernel/vmlinux-xip.lds.S  |   4 +-
 arch/arm/kernel/vmlinux.lds.S      |   4 +-
 arch/arm/kernel/vmlinux.lds.h      | 127 +---------------------------
 4 files changed, 132 insertions(+), 133 deletions(-)
 create mode 100644 arch/arm/include/asm/vmlinux.lds.h
 delete mode 100644 arch/arm/kernel/vmlinux.lds.h

diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
new file mode 100644
index 0000000..a08f430
--- /dev/null
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -0,0 +1,130 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#include <asm-generic/vmlinux.lds.h>
+
+#ifdef CONFIG_HOTPLUG_CPU
+#define ARM_CPU_DISCARD(x)
+#define ARM_CPU_KEEP(x)		x
+#else
+#define ARM_CPU_DISCARD(x)	x
+#define ARM_CPU_KEEP(x)
+#endif
+
+#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
+	defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL)
+#define ARM_EXIT_KEEP(x)	x
+#define ARM_EXIT_DISCARD(x)
+#else
+#define ARM_EXIT_KEEP(x)
+#define ARM_EXIT_DISCARD(x)	x
+#endif
+
+#ifdef CONFIG_MMU
+#define ARM_MMU_KEEP(x)		x
+#define ARM_MMU_DISCARD(x)
+#else
+#define ARM_MMU_KEEP(x)
+#define ARM_MMU_DISCARD(x)	x
+#endif
+
+#define PROC_INFO							\
+		. = ALIGN(4);						\
+		__proc_info_begin = .;					\
+		*(.proc.info.init)					\
+		__proc_info_end = .;
+
+#define IDMAP_TEXT							\
+		ALIGN_FUNCTION();					\
+		__idmap_text_start = .;					\
+		*(.idmap.text)						\
+		__idmap_text_end = .;					\
+
+#define ARM_DISCARD							\
+		*(.ARM.exidx.exit.text)					\
+		*(.ARM.extab.exit.text)					\
+		*(.ARM.exidx.text.exit)					\
+		*(.ARM.extab.text.exit)					\
+		ARM_CPU_DISCARD(*(.ARM.exidx.cpuexit.text))		\
+		ARM_CPU_DISCARD(*(.ARM.extab.cpuexit.text))		\
+		ARM_EXIT_DISCARD(EXIT_TEXT)				\
+		ARM_EXIT_DISCARD(EXIT_DATA)				\
+		EXIT_CALL						\
+		ARM_MMU_DISCARD(*(.text.fixup))				\
+		ARM_MMU_DISCARD(*(__ex_table))				\
+		COMMON_DISCARDS
+
+#define ARM_STUBS_TEXT							\
+		*(.gnu.warning)						\
+		*(.glue_7)						\
+		*(.glue_7t)
+
+#define ARM_TEXT							\
+		IDMAP_TEXT						\
+		__entry_text_start = .;					\
+		*(.entry.text)						\
+		__entry_text_end = .;					\
+		IRQENTRY_TEXT						\
+		SOFTIRQENTRY_TEXT					\
+		TEXT_TEXT						\
+		SCHED_TEXT						\
+		CPUIDLE_TEXT						\
+		LOCK_TEXT						\
+		KPROBES_TEXT						\
+		ARM_STUBS_TEXT						\
+		. = ALIGN(4);						\
+		*(.got)			/* Global offset table */	\
+		ARM_CPU_KEEP(PROC_INFO)
+
+/* Stack unwinding tables */
+#define ARM_UNWIND_SECTIONS						\
+	. = ALIGN(8);							\
+	.ARM.unwind_idx : {						\
+		__start_unwind_idx = .;					\
+		*(.ARM.exidx*)						\
+		__stop_unwind_idx = .;					\
+	}								\
+	.ARM.unwind_tab : {						\
+		__start_unwind_tab = .;					\
+		*(.ARM.extab*)						\
+		__stop_unwind_tab = .;					\
+	}
+
+/*
+ * The vectors and stubs are relocatable code, and the
+ * only thing that matters is their relative offsets
+ */
+#define ARM_VECTORS							\
+	__vectors_start = .;						\
+	.vectors 0xffff0000 : AT(__vectors_start) {			\
+		*(.vectors)						\
+	}								\
+	. = __vectors_start + SIZEOF(.vectors);				\
+	__vectors_end = .;						\
+									\
+	__stubs_start = .;						\
+	.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) {		\
+		*(.stubs)						\
+	}								\
+	. = __stubs_start + SIZEOF(.stubs);				\
+	__stubs_end = .;						\
+									\
+	PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
+
+#define ARM_TCM								\
+	__itcm_start = ALIGN(4);					\
+	.text_itcm ITCM_OFFSET : AT(__itcm_start - LOAD_OFFSET) {	\
+		__sitcm_text = .;					\
+		*(.tcm.text)						\
+		*(.tcm.rodata)						\
+		. = ALIGN(4);						\
+		__eitcm_text = .;					\
+	}								\
+	. = __itcm_start + SIZEOF(.text_itcm);				\
+									\
+	__dtcm_start = .;						\
+	.data_dtcm DTCM_OFFSET : AT(__dtcm_start - LOAD_OFFSET) {	\
+		__sdtcm_data = .;					\
+		*(.tcm.data)						\
+		. = ALIGN(4);						\
+		__edtcm_data = .;					\
+	}								\
+	. = __dtcm_start + SIZEOF(.data_dtcm);
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3d4e88f..904c31f 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -9,15 +9,13 @@
 
 #include <linux/sizes.h>
 
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 5592f14..bb950c8 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -9,15 +9,13 @@
 #else
 
 #include <linux/pgtable.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
 #include <asm/cache.h>
 #include <asm/thread_info.h>
 #include <asm/memory.h>
 #include <asm/mpu.h>
 #include <asm/page.h>
 
-#include "vmlinux.lds.h"
-
 OUTPUT_ARCH(arm)
 ENTRY(stext)
 
diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/kernel/vmlinux.lds.h
deleted file mode 100644
index 381a8e1..0000000
--- a/arch/arm/kernel/vmlinux.lds.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-
-#ifdef CONFIG_HOTPLUG_CPU
-#define ARM_CPU_DISCARD(x)
-#define ARM_CPU_KEEP(x)		x
-#else
-#define ARM_CPU_DISCARD(x)	x
-#define ARM_CPU_KEEP(x)
-#endif
-
-#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
-	defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL)
-#define ARM_EXIT_KEEP(x)	x
-#define ARM_EXIT_DISCARD(x)
-#else
-#define ARM_EXIT_KEEP(x)
-#define ARM_EXIT_DISCARD(x)	x
-#endif
-
-#ifdef CONFIG_MMU
-#define ARM_MMU_KEEP(x)		x
-#define ARM_MMU_DISCARD(x)
-#else
-#define ARM_MMU_KEEP(x)
-#define ARM_MMU_DISCARD(x)	x
-#endif
-
-#define PROC_INFO							\
-		. = ALIGN(4);						\
-		__proc_info_begin = .;					\
-		*(.proc.info.init)					\
-		__proc_info_end = .;
-
-#define IDMAP_TEXT							\
-		ALIGN_FUNCTION();					\
-		__idmap_text_start = .;					\
-		*(.idmap.text)						\
-		__idmap_text_end = .;					\
-
-#define ARM_DISCARD							\
-		*(.ARM.exidx.exit.text)					\
-		*(.ARM.extab.exit.text)					\
-		*(.ARM.exidx.text.exit)					\
-		*(.ARM.extab.text.exit)					\
-		ARM_CPU_DISCARD(*(.ARM.exidx.cpuexit.text))		\
-		ARM_CPU_DISCARD(*(.ARM.extab.cpuexit.text))		\
-		ARM_EXIT_DISCARD(EXIT_TEXT)				\
-		ARM_EXIT_DISCARD(EXIT_DATA)				\
-		EXIT_CALL						\
-		ARM_MMU_DISCARD(*(.text.fixup))				\
-		ARM_MMU_DISCARD(*(__ex_table))				\
-		*(.discard)						\
-		*(.discard.*)
-
-#define ARM_TEXT							\
-		IDMAP_TEXT						\
-		__entry_text_start = .;					\
-		*(.entry.text)						\
-		__entry_text_end = .;					\
-		IRQENTRY_TEXT						\
-		SOFTIRQENTRY_TEXT					\
-		TEXT_TEXT						\
-		SCHED_TEXT						\
-		CPUIDLE_TEXT						\
-		LOCK_TEXT						\
-		KPROBES_TEXT						\
-		*(.gnu.warning)						\
-		*(.glue_7)						\
-		*(.glue_7t)						\
-		. = ALIGN(4);						\
-		*(.got)			/* Global offset table */	\
-		ARM_CPU_KEEP(PROC_INFO)
-
-/* Stack unwinding tables */
-#define ARM_UNWIND_SECTIONS						\
-	. = ALIGN(8);							\
-	.ARM.unwind_idx : {						\
-		__start_unwind_idx = .;					\
-		*(.ARM.exidx*)						\
-		__stop_unwind_idx = .;					\
-	}								\
-	.ARM.unwind_tab : {						\
-		__start_unwind_tab = .;					\
-		*(.ARM.extab*)						\
-		__stop_unwind_tab = .;					\
-	}
-
-/*
- * The vectors and stubs are relocatable code, and the
- * only thing that matters is their relative offsets
- */
-#define ARM_VECTORS							\
-	__vectors_start = .;						\
-	.vectors 0xffff0000 : AT(__vectors_start) {			\
-		*(.vectors)						\
-	}								\
-	. = __vectors_start + SIZEOF(.vectors);				\
-	__vectors_end = .;						\
-									\
-	__stubs_start = .;						\
-	.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) {		\
-		*(.stubs)						\
-	}								\
-	. = __stubs_start + SIZEOF(.stubs);				\
-	__stubs_end = .;						\
-									\
-	PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
-
-#define ARM_TCM								\
-	__itcm_start = ALIGN(4);					\
-	.text_itcm ITCM_OFFSET : AT(__itcm_start - LOAD_OFFSET) {	\
-		__sitcm_text = .;					\
-		*(.tcm.text)						\
-		*(.tcm.rodata)						\
-		. = ALIGN(4);						\
-		__eitcm_text = .;					\
-	}								\
-	. = __itcm_start + SIZEOF(.text_itcm);				\
-									\
-	__dtcm_start = .;						\
-	.data_dtcm DTCM_OFFSET : AT(__dtcm_start - LOAD_OFFSET) {	\
-		__sdtcm_data = .;					\
-		*(.tcm.data)						\
-		. = ALIGN(4);						\
-		__edtcm_data = .;					\
-	}								\
-	. = __dtcm_start + SIZEOF(.data_dtcm);

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/build: Assert for unwanted sections
  2020-08-21 19:42 ` [PATCH v6 13/29] arm64/build: Assert for unwanted sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  2020-10-26 12:29   ` [PATCH v6 13/29] " Geert Uytterhoeven
  1 sibling, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     be2881824ae9eb92a35b094f734f9ca7339ddf6d
Gitweb:        https://git.kernel.org/tip/be2881824ae9eb92a35b094f734f9ca7339ddf6d
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:54 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:37 +02:00

arm64/build: Assert for unwanted sections

In preparation for warning on orphan sections, discard
unwanted non-zero-sized generated sections, and enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-14-keescook@chromium.org
---
 arch/arm64/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 16eb2ef..e8847ca 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -121,6 +121,14 @@ SECTIONS
 		*(.got)			/* Global offset table		*/
 	}
 
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
+	       "Unexpected GOT/PLT entries detected!")
+
 	. = ALIGN(SEGMENT_ALIGN);
 	_etext = .;			/* End of text section */
 
@@ -243,6 +251,18 @@ SECTIONS
 	ELF_DETAILS
 
 	HEAD_SYMBOLS
+
+	/*
+	 * Sections that should stay zero sized, which is safer to
+	 * explicitly check instead of blindly discarding.
+	 */
+	.plt : {
+		*(.plt) *(.plt.*) *(.iplt) *(.igot)
+	}
+	ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+	.data.rel.ro : { *(.data.rel.ro) }
+	ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
 }
 
 #include "image-vars.h"

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/build: Add missing DWARF sections
  2020-08-21 19:42 ` [PATCH v6 12/29] arm64/build: Add missing DWARF sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Catalin Marinas, Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     578d7f0fd6a5ec8a369a4537c664eb2c8374c134
Gitweb:        https://git.kernel.org/tip/578d7f0fd6a5ec8a369a4537c664eb2c8374c134
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:53 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

arm64/build: Add missing DWARF sections

Explicitly include DWARF sections when they're present in the build.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-13-keescook@chromium.org
---
 arch/arm64/kernel/vmlinux.lds.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 082e9ef..16eb2ef 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -239,6 +239,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	DWARF_DEBUG
 	ELF_DETAILS
 
 	HEAD_SYMBOLS

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/build: Use common DISCARDS in linker script
  2020-08-21 19:42 ` [PATCH v6 11/29] arm64/build: Use common DISCARDS in linker script Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     2883352bf801d093a04f269800b48bb8aa2515fb
Gitweb:        https://git.kernel.org/tip/2883352bf801d093a04f269800b48bb8aa2515fb
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:52 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

arm64/build: Use common DISCARDS in linker script

Use the common DISCARDS rule for the linker script in an effort to
regularize the linker script to prepare for warning on orphaned
sections. Additionally clean up left-over no-op macros.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-12-keescook@chromium.org
---
 arch/arm64/kernel/vmlinux.lds.S | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index c2b8426..082e9ef 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -6,6 +6,7 @@
  */
 
 #define RO_EXCEPTION_TABLE_ALIGN	8
+#define RUNTIME_DISCARD_EXIT
 
 #include <asm-generic/vmlinux.lds.h>
 #include <asm/cache.h>
@@ -88,10 +89,8 @@ SECTIONS
 	 * matching the same input section name.  There is no documented
 	 * order of matching.
 	 */
+	DISCARDS
 	/DISCARD/ : {
-		EXIT_CALL
-		*(.discard)
-		*(.discard.*)
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
 	}

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/build: Remove .eh_frame* sections due to unwind tables
  2020-08-21 19:42 ` [PATCH v6 10/29] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     6e0a66d10c5b629369afa47b753d0ec46fa812dd
Gitweb:        https://git.kernel.org/tip/6e0a66d10c5b629369afa47b753d0ec46fa812dd
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:51 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

arm64/build: Remove .eh_frame* sections due to unwind tables

Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS
contain -fno-asychronous-unwind-tables and -fno-unwind-tables.

With all sources of .eh_frame now removed from the build, drop this
DISCARD so we can be alerted in the future if it returns unexpectedly
once orphan section warnings have been enabled.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-11-keescook@chromium.org
---
 arch/arm64/Makefile             | 5 ++++-
 arch/arm64/kernel/vmlinux.lds.S | 1 -
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 55bc854..6de7f55 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -47,13 +47,16 @@ endif
 
 KBUILD_CFLAGS	+= -mgeneral-regs-only	\
 		   $(compat_vdso) $(cc_has_k_constraint)
-KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables
 KBUILD_CFLAGS	+= $(call cc-disable-warning, psabi)
 KBUILD_AFLAGS	+= $(compat_vdso)
 
 KBUILD_CFLAGS	+= $(call cc-option,-mabi=lp64)
 KBUILD_AFLAGS	+= $(call cc-option,-mabi=lp64)
 
+# Avoid generating .eh_frame* sections.
+KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_AFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
 prepare: stack_protector_prepare
 stack_protector_prepare: prepare0
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 13fc2ec..c2b8426 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -94,7 +94,6 @@ SECTIONS
 		*(.discard.*)
 		*(.interp .dynamic)
 		*(.dynsym .dynstr .hash .gnu.hash)
-		*(.eh_frame)
 	}
 
 	. = KIMAGE_VADDR + TEXT_OFFSET;

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/kernel: Remove needless Call Frame Information annotations
  2020-08-21 19:42 ` [PATCH v6 09/29] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     34b4a5c54c429d12bcc783a27650752237c49a36
Gitweb:        https://git.kernel.org/tip/34b4a5c54c429d12bcc783a27650752237c49a36
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:50 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

arm64/kernel: Remove needless Call Frame Information annotations

Remove last instance of an .eh_frame section by removing the needless Call
Frame Information annotations which were likely leftovers from 32-bit ARM.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-10-keescook@chromium.org
---
 arch/arm64/kernel/smccc-call.S | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S
index 1f93809..d624479 100644
--- a/arch/arm64/kernel/smccc-call.S
+++ b/arch/arm64/kernel/smccc-call.S
@@ -9,7 +9,6 @@
 #include <asm/assembler.h>
 
 	.macro SMCCC instr
-	.cfi_startproc
 	\instr	#0
 	ldr	x4, [sp]
 	stp	x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS]
@@ -21,7 +20,6 @@
 	b.ne	1f
 	str	x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS]
 1:	ret
-	.cfi_endproc
 	.endm
 
 /*

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] arm64/mm: Remove needless section quotes
  2020-08-21 19:42 ` [PATCH v6 08/29] arm64/mm: Remove needless section quotes Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Nick Desaulniers, Will Deacon, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     b4ca91027d8226ae423ce498f03f5b348cf84e36
Gitweb:        https://git.kernel.org/tip/b4ca91027d8226ae423ce498f03f5b348cf84e36
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:49 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

arm64/mm: Remove needless section quotes

Fix a case of needless quotes in __section(), which Clang doesn't like.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-9-keescook@chromium.org
---
 arch/arm64/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 75df62f..e43c805 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -43,7 +43,7 @@
 u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
 u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
 
-u64 __section(".mmuoff.data.write") vabits_actual;
+u64 __section(.mmuoff.data.write) vabits_actual;
 EXPORT_SYMBOL(vabits_actual);
 
 u64 kimage_voffset __ro_after_init;

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
  2020-08-21 19:42 ` [PATCH v6 05/29] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Fangrui Song, Kees Cook, Ingo Molnar, linux-arch, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     a840c4de569f610bc5ee043b613c35b779d23186
Gitweb:        https://git.kernel.org/tip/a840c4de569f610bc5ee043b613c35b779d23186
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:46 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00

vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS

When linking vmlinux with LLD, the synthetic sections .symtab, .strtab,
and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section
so there will be no warnings when --orphan-handling=warn is used more
widely. (They are added above comment as it is the more common
order[1].)

ld.lld: warning: <internal>:(.symtab) is being placed in '.symtab'
ld.lld: warning: <internal>:(.shstrtab) is being placed in '.shstrtab'
ld.lld: warning: <internal>:(.strtab) is being placed in '.strtab'

[1] https://lore.kernel.org/lkml/20200622224928.o2a7jkq33guxfci4@google.com/

Reported-by: Fangrui Song <maskray@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: linux-arch@vger.kernel.org
Link: https://lore.kernel.org/r/20200821194310.3089815-6-keescook@chromium.org
---
 include/asm-generic/vmlinux.lds.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index cadcbc3..98d013d 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -823,7 +823,10 @@
 
 /* Required sections not related to debugging. */
 #define ELF_DETAILS							\
-		.comment 0 : { *(.comment) }
+		.comment 0 : { *(.comment) }				\
+		.symtab 0 : { *(.symtab) }				\
+		.strtab 0 : { *(.strtab) }				\
+		.shstrtab 0 : { *(.shstrtab) }
 
 #ifdef CONFIG_GENERIC_BUG
 #define BUG_TABLE							\

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] efi/libstub: Disable -mbranch-protection
  2020-08-21 19:42 ` [PATCH v6 07/29] efi/libstub: Disable -mbranch-protection Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Nick Desaulniers, Ard Biesheuvel, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     e2179a09ab089d3423751bd2b0c884ddb3eabe84
Gitweb:        https://git.kernel.org/tip/e2179a09ab089d3423751bd2b0c884ddb3eabe84
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:48 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00

efi/libstub: Disable -mbranch-protection

In preparation for adding --orphan-handling=warn to more architectures,
disable -mbranch-protection, as EFI does not yet support it[1].  This was
noticed due to it producing unwanted .note.gnu.property sections (prefixed
with .init due to the objcopy build step).

However, we must also work around a bug in Clang where the section is
still emitted for code-less object files[2], so also remove the section
during the objcopy.

[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
[2] https://bugs.llvm.org/show_bug.cgi?id=46480

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20200821194310.3089815-8-keescook@chromium.org
---
 drivers/firmware/efi/libstub/Makefile |  9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 5eefd60..0c911e3 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ \
 # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
 # disable the stackleak plugin
 cflags-$(CONFIG_ARM64)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-				   -fpie $(DISABLE_STACKLEAK_PLUGIN)
+				   -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+				   $(call cc-option,-mbranch-protection=none)
 cflags-$(CONFIG_ARM)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
 				   -fno-builtin -fpic \
 				   $(call cc-option,-mno-single-pic-base)
@@ -66,6 +67,12 @@ lib-$(CONFIG_X86)		+= x86-stub.o
 CFLAGS_arm32-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 CFLAGS_arm64-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 
+# Even when -mbranch-protection=none is set, Clang will generate a
+# .note.gnu.property for code-less object files (like lib/ctype.c),
+# so work around this by explicitly removing the unwanted section.
+# https://bugs.llvm.org/show_bug.cgi?id=46480
+STUBCOPY_FLAGS-y		+= --remove-section=.note.gnu.property
+
 #
 # For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
 # .bss section, so the .bss section of the EFI stub needs to be included in the

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Add PGO and AutoFDO input sections
  2020-08-21 19:42 ` [PATCH v6 06/29] vmlinux.lds.h: add PGO and AutoFDO input sections Kees Cook
@ 2020-09-01 11:47   ` tip-bot2 for Nick Desaulniers
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Nick Desaulniers @ 2020-09-01 11:47 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Jian Cai, maskray, Nick Desaulniers, Kees Cook, Ingo Molnar,
	Luis Lozano, Manoj Gupta, linux-arch, stable, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     eff8728fe69880d3f7983bec3fb6cea4c306261f
Gitweb:        https://git.kernel.org/tip/eff8728fe69880d3f7983bec3fb6cea4c306261f
Author:        Nick Desaulniers <ndesaulniers@google.com>
AuthorDate:    Fri, 21 Aug 2020 12:42:47 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00

vmlinux.lds.h: Add PGO and AutoFDO input sections

Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too.

When compiling with profiling information (collected via PGO
instrumentations or AutoFDO sampling), Clang will separate code into
.text.hot, .text.unlikely, or .text.unknown sections based on profiling
information. After D79600 (clang-11), these sections will have a
trailing `.` suffix, ie.  .text.hot., .text.unlikely., .text.unknown..

When using -ffunction-sections together with profiling infomation,
either explicitly (FGKASLR) or implicitly (LTO), code may be placed in
sections following the convention:
.text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz>
where <foo>, <bar>, and <baz> are functions.  (This produces one section
per function; we generally try to merge these all back via linker script
so that we don't have 50k sections).

For the above cases, we need to teach our linker scripts that such
sections might exist and that we'd explicitly like them grouped
together, otherwise we can wind up with code outside of the
_stext/_etext boundaries that might not be mapped properly for some
architectures, resulting in boot failures.

If the linker script is not told about possible input sections, then
where the section is placed as output is a heuristic-laiden mess that's
non-portable between linkers (ie. BFD and LLD), and has resulted in many
hard to debug bugs.  Kees Cook is working on cleaning this up by adding
--orphan-handling=warn linker flag used in ARCH=powerpc to additional
architectures. In the case of linker scripts, borrowing from the Zen of
Python: explicit is better than implicit.

Also, ld.bfd's internal linker script considers .text.hot AND
.text.hot.* to be part of .text, as well as .text.unlikely and
.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't
see Clang producing such code in our kernel builds, but I see code in
LLVM that can produce such section names if profiling information is
missing. That may point to a larger issue with generating or collecting
profiles, but I would much rather be safe and explicit than have to
debug yet another issue related to orphan section placement.

Reported-by: Jian Cai <jiancai@google.com>
Suggested-by: Fāng-ruì Sòng <maskray@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Luis Lozano <llozano@google.com>
Tested-by: Manoj Gupta <manojgupta@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: linux-arch@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655
Link: https://reviews.llvm.org/D79600
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760
Link: https://lore.kernel.org/r/20200821194310.3089815-7-keescook@chromium.org

Debugged-by: Luis Lozano <llozano@google.com>
---
 include/asm-generic/vmlinux.lds.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 98d013d..91dcfb9 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -581,7 +581,10 @@
  */
 #define TEXT_TEXT							\
 		ALIGN_FUNCTION();					\
-		*(.text.hot TEXT_MAIN .text.fixup .text.unlikely)	\
+		*(.text.hot .text.hot.*)				\
+		*(TEXT_MAIN .text.fixup)				\
+		*(.text.unlikely .text.unlikely.*)			\
+		*(.text.unknown .text.unknown.*)			\
 		NOINSTR_TEXT						\
 		*(.text..refcount)					\
 		*(.ref.text)						\

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
  2020-08-21 19:42 ` [PATCH v6 04/29] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
@ 2020-09-01 11:48   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:48 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, linux-arch, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     c604abc3f6e3030f3a3022b184ed7d3780c34d30
Gitweb:        https://git.kernel.org/tip/c604abc3f6e3030f3a3022b184ed7d3780c34d30
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:45 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00

vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG

The .comment section doesn't belong in STABS_DEBUG. Split it out into a
new macro named ELF_DETAILS. This will gain other non-debug sections
that need to be accounted for when linking with --orphan-handling=warn.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: linux-arch@vger.kernel.org
Link: https://lore.kernel.org/r/20200821194310.3089815-5-keescook@chromium.org
---
 arch/alpha/kernel/vmlinux.lds.S           | 1 +
 arch/arc/kernel/vmlinux.lds.S             | 1 +
 arch/arm/kernel/vmlinux-xip.lds.S         | 1 +
 arch/arm/kernel/vmlinux.lds.S             | 1 +
 arch/arm64/kernel/vmlinux.lds.S           | 1 +
 arch/csky/kernel/vmlinux.lds.S            | 1 +
 arch/hexagon/kernel/vmlinux.lds.S         | 1 +
 arch/ia64/kernel/vmlinux.lds.S            | 1 +
 arch/mips/kernel/vmlinux.lds.S            | 1 +
 arch/nds32/kernel/vmlinux.lds.S           | 1 +
 arch/nios2/kernel/vmlinux.lds.S           | 1 +
 arch/openrisc/kernel/vmlinux.lds.S        | 1 +
 arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
 arch/parisc/kernel/vmlinux.lds.S          | 1 +
 arch/powerpc/kernel/vmlinux.lds.S         | 2 +-
 arch/riscv/kernel/vmlinux.lds.S           | 1 +
 arch/s390/kernel/vmlinux.lds.S            | 1 +
 arch/sh/kernel/vmlinux.lds.S              | 1 +
 arch/sparc/kernel/vmlinux.lds.S           | 1 +
 arch/um/kernel/dyn.lds.S                  | 2 +-
 arch/um/kernel/uml.lds.S                  | 2 +-
 arch/x86/boot/compressed/vmlinux.lds.S    | 2 ++
 arch/x86/kernel/vmlinux.lds.S             | 1 +
 include/asm-generic/vmlinux.lds.h         | 8 ++++++--
 24 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S
index bc6f727..5b78d64 100644
--- a/arch/alpha/kernel/vmlinux.lds.S
+++ b/arch/alpha/kernel/vmlinux.lds.S
@@ -72,6 +72,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index 54139a6..33ce59d 100644
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -122,6 +122,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	DISCARDS
 
 	.arcextmap 0 : {
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 6d2be99..3d4e88f 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7f24bc0..5592f14 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 }
 
 #ifdef CONFIG_STRICT_KERNEL_RWX
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index ec8e894..13fc2ec 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -241,6 +241,7 @@ SECTIONS
 	_end = .;
 
 	STABS_DEBUG
+	ELF_DETAILS
 
 	HEAD_SYMBOLS
 }
diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S
index f05b413..f03033e 100644
--- a/arch/csky/kernel/vmlinux.lds.S
+++ b/arch/csky/kernel/vmlinux.lds.S
@@ -109,6 +109,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S
index 0ca2471..35b18e5 100644
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -67,5 +67,6 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 }
diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
index d259690..9b26578 100644
--- a/arch/ia64/kernel/vmlinux.lds.S
+++ b/arch/ia64/kernel/vmlinux.lds.S
@@ -218,6 +218,7 @@ SECTIONS {
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Default discards */
 	DISCARDS
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index f185a85..5e97e9d 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -202,6 +202,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* These must appear regardless of  .  */
 	.gptab.sdata : {
diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S
index 7a6c1ce..6a91b96 100644
--- a/arch/nds32/kernel/vmlinux.lds.S
+++ b/arch/nds32/kernel/vmlinux.lds.S
@@ -64,6 +64,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S
index c55a7cf..126e114 100644
--- a/arch/nios2/kernel/vmlinux.lds.S
+++ b/arch/nios2/kernel/vmlinux.lds.S
@@ -58,6 +58,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S
index 60449fd..d287dbb 100644
--- a/arch/openrisc/kernel/vmlinux.lds.S
+++ b/arch/openrisc/kernel/vmlinux.lds.S
@@ -115,6 +115,7 @@ SECTIONS
 	/* Throw in the debugging sections */
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
         /* Sections to be discarded -- must be last */
 	DISCARDS
diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S
index 2ac3a64..ab7b439 100644
--- a/arch/parisc/boot/compressed/vmlinux.lds.S
+++ b/arch/parisc/boot/compressed/vmlinux.lds.S
@@ -84,6 +84,7 @@ SECTIONS
 	}
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S
index 53e29d8..2769eb9 100644
--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -164,6 +164,7 @@ SECTIONS
 	_end = . ;
 
 	STABS_DEBUG
+	ELF_DETAILS
 	.note 0 : { *(.note) }
 
 	/* Sections to be discarded */
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 326e113..e0548b4 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -360,8 +360,8 @@ SECTIONS
 	PROVIDE32 (end = .);
 
 	STABS_DEBUG
-
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 	/DISCARD/ : {
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index f3586e3..6f3af7b 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -97,6 +97,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 3769549..177ccfb 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -181,6 +181,7 @@ SECTIONS
 	/* Debugging sections.	*/
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	/* Sections to be discarded */
 	DISCARDS
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index bde7a6c..3161b9c 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -76,6 +76,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
index f99e99e..d55ae65 100644
--- a/arch/sparc/kernel/vmlinux.lds.S
+++ b/arch/sparc/kernel/vmlinux.lds.S
@@ -187,6 +187,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index f500148..dacbfab 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -164,8 +164,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 3b6dab3..45d957d 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -108,8 +108,8 @@ SECTIONS
   PROVIDE (end = .);
 
   STABS_DEBUG
-
   DWARF_DEBUG
+  ELF_DETAILS
 
   DISCARDS
 }
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 29df99b..3c2ee9a 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -82,6 +82,8 @@ SECTIONS
 	. = ALIGN(PAGE_SIZE);	/* keep ZO size page aligned */
 	_end = .;
 
+	ELF_DETAILS
+
 	DISCARDS
 }
 
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9a03e5b..0cc035c 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -411,6 +411,7 @@ SECTIONS
 
 	STABS_DEBUG
 	DWARF_DEBUG
+	ELF_DETAILS
 
 	DISCARDS
 }
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 6b89a03..cadcbc3 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -34,6 +34,7 @@
  *
  *	STABS_DEBUG
  *	DWARF_DEBUG
+ *	ELF_DETAILS
  *
  *	DISCARDS		// must be the last
  * }
@@ -811,14 +812,17 @@
 		.debug_macro	0 : { *(.debug_macro) }			\
 		.debug_addr	0 : { *(.debug_addr) }
 
-		/* Stabs debugging sections.  */
+/* Stabs debugging sections. */
 #define STABS_DEBUG							\
 		.stab 0 : { *(.stab) }					\
 		.stabstr 0 : { *(.stabstr) }				\
 		.stab.excl 0 : { *(.stab.excl) }			\
 		.stab.exclstr 0 : { *(.stab.exclstr) }			\
 		.stab.index 0 : { *(.stab.index) }			\
-		.stab.indexstr 0 : { *(.stab.indexstr) }		\
+		.stab.indexstr 0 : { *(.stab.indexstr) }
+
+/* Required sections not related to debugging. */
+#define ELF_DETAILS							\
 		.comment 0 : { *(.comment) }
 
 #ifdef CONFIG_GENERIC_BUG

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
  2020-08-21 19:42 ` [PATCH v6 03/29] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
@ 2020-09-01 11:48   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:48 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Marco Elver, linux-arch, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     d812db78288d76d1e8c6df3a840c41a8875f6468
Gitweb:        https://git.kernel.org/tip/d812db78288d76d1e8c6df3a840c41a8875f6468
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:44 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00

vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections

KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread)
produce unwanted[1] .eh_frame and .init_array.* sections. Add them to
COMMON_DISCARDS, except with CONFIG_CONSTRUCTORS, which wants to keep
.init_array.* sections.

[1] https://bugs.llvm.org/show_bug.cgi?id=46478

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Marco Elver <elver@google.com>
Cc: linux-arch@vger.kernel.org
Link: https://lore.kernel.org/r/20200821194310.3089815-4-keescook@chromium.org
---
 include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index f1f02a2..6b89a03 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,7 +954,27 @@
 	EXIT_DATA
 #endif
 
+/*
+ * Clang's -fsanitize=kernel-address and -fsanitize=thread produce
+ * unwanted sections (.eh_frame and .init_array.*), but
+ * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections.
+ * https://bugs.llvm.org/show_bug.cgi?id=46478
+ */
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
+# ifdef CONFIG_CONSTRUCTORS
+#  define SANITIZER_DISCARDS						\
+	*(.eh_frame)
+# else
+#  define SANITIZER_DISCARDS						\
+	*(.init_array) *(.init_array.*)					\
+	*(.eh_frame)
+# endif
+#else
+# define SANITIZER_DISCARDS
+#endif
+
 #define COMMON_DISCARDS							\
+	SANITIZER_DISCARDS						\
 	*(.discard)							\
 	*(.discard.*)							\
 	*(.modinfo)							\

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Create COMMON_DISCARDS
  2020-08-21 19:42 ` [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
@ 2020-09-01 11:48   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:48 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Kees Cook, Ingo Molnar, linux-arch, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     03c2b85cb7f13e9bd82cbe4201ede52177d433f5
Gitweb:        https://git.kernel.org/tip/03c2b85cb7f13e9bd82cbe4201ede52177d433f5
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:42 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:34 +02:00

vmlinux.lds.h: Create COMMON_DISCARDS

Collect the common DISCARD sections for architectures that need more
specialized discard control than what the standard DISCARDS section
provides.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: linux-arch@vger.kernel.org
Link: https://lore.kernel.org/r/20200821194310.3089815-2-keescook@chromium.org
---
 include/asm-generic/vmlinux.lds.h |  9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 7616ff0..184b23d 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,13 +954,16 @@
 	EXIT_DATA
 #endif
 
+#define COMMON_DISCARDS							\
+	*(.discard)							\
+	*(.discard.*)							\
+	*(.modinfo)
+
 #define DISCARDS							\
 	/DISCARD/ : {							\
 	EXIT_DISCARDS							\
 	EXIT_CALL							\
-	*(.discard)							\
-	*(.discard.*)							\
-	*(.modinfo)							\
+	COMMON_DISCARDS							\
 	}
 
 /**

^ permalink raw reply	[flat|nested] 92+ messages in thread

* [tip: core/build] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
  2020-08-21 19:42 ` [PATCH v6 02/29] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Kees Cook
@ 2020-09-01 11:48   ` tip-bot2 for Kees Cook
  0 siblings, 0 replies; 92+ messages in thread
From: tip-bot2 for Kees Cook @ 2020-09-01 11:48 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kees Cook, Ingo Molnar, Fangrui Song, linux-arch, x86, LKML

The following commit has been merged into the core/build branch of tip:

Commit-ID:     dfbe69689b4dee19021d8c315a5137b4790b5634
Gitweb:        https://git.kernel.org/tip/dfbe69689b4dee19021d8c315a5137b4790b5634
Author:        Kees Cook <keescook@chromium.org>
AuthorDate:    Fri, 21 Aug 2020 12:42:43 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00

vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS

For vmlinux linking, no architecture uses the .gnu.version* sections,
so remove it via the COMMON_DISCARDS macro in preparation for adding
--orphan-handling=warn more widely. This is a work-around for what
appears to be a bug[1] in ld.bfd which warns for this synthetic section
even when none is found in input objects, and even when no section is
emitted for an output object[2].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=26153
[2] https://lore.kernel.org/lkml/202006221524.CEB86E036B@keescook/

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Cc: linux-arch@vger.kernel.org
Link: https://lore.kernel.org/r/20200821194310.3089815-3-keescook@chromium.org
---
 include/asm-generic/vmlinux.lds.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 184b23d..f1f02a2 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -957,7 +957,9 @@
 #define COMMON_DISCARDS							\
 	*(.discard)							\
 	*(.discard.*)							\
-	*(.modinfo)
+	*(.modinfo)							\
+	/* ld.bfd warns about .gnu.version* even when not emitted */	\
+	*(.gnu.version*)						\
 
 #define DISCARDS							\
 	/DISCARD/ : {							\

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01  8:16       ` Ingo Molnar
@ 2020-09-01 15:17         ` Kees Cook
  2020-09-01 18:02           ` Nick Desaulniers
  0 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-09-01 15:17 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, x86, clang-built-linux,
	linux-arch, linux-efi, linux-arm-kernel, linux-kernel

On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
> 
> * Ingo Molnar <mingo@kernel.org> wrote:
> 
> > 
> > * Ingo Molnar <mingo@kernel.org> wrote:
> > 
> > > 
> > > * Kees Cook <keescook@chromium.org> wrote:
> > > 
> > > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > > Hi Ingo,
> > > > > 
> > > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > > v5 and made a few small changes, noted below.
> > > > 
> > > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > > go via -tip though! :)
> > > > 
> > > > Thanks!
> > > 
> > > I'll pick it up today, it all looks very good now!
> > 
> > One thing I found in testing is that it doesn't handler older LD 
> > versions well enough:
> > 
> >   ld: unrecognized option '--orphan-handling=warn'

Oh! Uhm, yikes. Thanks for noticing this.

> > Could we just detect the availability of this flag, and emit a warning 
> > if it doesn't exist but otherwise not abort the build?

Yeah, I'll respin those patches.

> > This is with:
> > 
> >   GNU ld version 2.25-17.fc23

(At best, this is from 2015 ... but yes, min binutils in 2.23.)

> 
> I've resolved this for now by not applying the 5 patches that add the 
> actual orphan section warnings:
> 
>   arm64/build: Warn on orphan section placement
>   arm/build: Warn on orphan section placement
>   arm/boot: Warn on orphan section placement
>   x86/build: Warn on orphan section placement
>   x86/boot/compressed: Warn on orphan section placement
> 
> The new asserts plus the actual fixes/enhancements are enough changes 
> to test for now in any case. :-)

Yup! I'll respin the enabling patches. Thanks again!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01 15:17         ` Kees Cook
@ 2020-09-01 18:02           ` Nick Desaulniers
  2020-09-01 23:18             ` Kees Cook
  0 siblings, 1 reply; 92+ messages in thread
From: Nick Desaulniers @ 2020-09-01 18:02 UTC (permalink / raw)
  To: Kees Cook, Michael Ellerman, Masahiro Yamada, Nicholas Piggin
  Cc: Ingo Molnar, Borislav Petkov, Catalin Marinas, Mark Rutland,
	Ard Biesheuvel, Peter Collingbourne, James Morse, Ingo Molnar,
	Russell King, Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Tue, Sep 1, 2020 at 8:17 AM Kees Cook <keescook@chromium.org> wrote:
>
> On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
> >
> > * Ingo Molnar <mingo@kernel.org> wrote:
> >
> > >
> > > * Ingo Molnar <mingo@kernel.org> wrote:
> > >
> > > >
> > > > * Kees Cook <keescook@chromium.org> wrote:
> > > >
> > > > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > > > Hi Ingo,
> > > > > >
> > > > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > > > v5 and made a few small changes, noted below.
> > > > >
> > > > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > > > go via -tip though! :)
> > > > >
> > > > > Thanks!
> > > >
> > > > I'll pick it up today, it all looks very good now!
> > >
> > > One thing I found in testing is that it doesn't handler older LD
> > > versions well enough:
> > >
> > >   ld: unrecognized option '--orphan-handling=warn'
>
> Oh! Uhm, yikes. Thanks for noticing this.
>
> > > Could we just detect the availability of this flag, and emit a warning
> > > if it doesn't exist but otherwise not abort the build?
>
> Yeah, I'll respin those patches.
>
> > > This is with:
> > >
> > >   GNU ld version 2.25-17.fc23
>
> (At best, this is from 2015 ... but yes, min binutils in 2.23.)

Ah, crap! Indeed arch/powerpc/Makefile wraps this in ld-option.

Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
me; let me send patches)  How is that not an error?  Yes, guilty,
officer.
commit 055efab3120b ("kbuild: drop support for cc-ldoption").
Did I not know how to use grep, or?  No, it is
commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
that is wrong.
-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01 18:02           ` Nick Desaulniers
@ 2020-09-01 23:18             ` Kees Cook
  2020-09-01 23:54               ` Nick Desaulniers
  0 siblings, 1 reply; 92+ messages in thread
From: Kees Cook @ 2020-09-01 23:18 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Michael Ellerman, Masahiro Yamada, Nicholas Piggin, Ingo Molnar,
	Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Tue, Sep 01, 2020 at 11:02:02AM -0700, Nick Desaulniers wrote:
> On Tue, Sep 1, 2020 at 8:17 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
> > > > This is with:
> > > >
> > > >   GNU ld version 2.25-17.fc23
> >
> > (At best, this is from 2015 ... but yes, min binutils in 2.23.)
> 
> Ah, crap! Indeed arch/powerpc/Makefile wraps this in ld-option.

Yeah, I totally missed that too. :)

> Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
> me; let me send patches)  How is that not an error?  Yes, guilty,
> officer.
> commit 055efab3120b ("kbuild: drop support for cc-ldoption").
> Did I not know how to use grep, or?  No, it is
> commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
> that is wrong.

Eek, yeah, the vdso needs fixing; whoops. Lucky for my series, I only need
ld-option! ;)

(Doing test builds now...)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 00/29] Warn on orphan section placement
  2020-09-01 23:18             ` Kees Cook
@ 2020-09-01 23:54               ` Nick Desaulniers
  0 siblings, 0 replies; 92+ messages in thread
From: Nick Desaulniers @ 2020-09-01 23:54 UTC (permalink / raw)
  To: Kees Cook
  Cc: Michael Ellerman, Masahiro Yamada, Nicholas Piggin, Ingo Molnar,
	Borislav Petkov, Catalin Marinas, Mark Rutland, Ard Biesheuvel,
	Peter Collingbourne, James Morse, Ingo Molnar, Russell King,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
	clang-built-linux, linux-arch, linux-efi, Linux ARM, LKML

On Tue, Sep 1, 2020 at 4:18 PM Kees Cook <keescook@chromium.org> wrote:
>
> On Tue, Sep 01, 2020 at 11:02:02AM -0700, Nick Desaulniers wrote:
> > Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
> > me; let me send patches)  How is that not an error?  Yes, guilty,
> > officer.
> > commit 055efab3120b ("kbuild: drop support for cc-ldoption").
> > Did I not know how to use grep, or?  No, it is
> > commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
> > that is wrong.
>
> Eek, yeah, the vdso needs fixing; whoops. Lucky for my series, I only need
> ld-option! ;)
>

I didn't cc everyone here on that thread, but here's the series I sent
for it: https://lore.kernel.org/lkml/20200901222523.1941988-1-ndesaulniers@google.com/T/#u
.
-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-08-21 19:42 ` [PATCH v6 13/29] arm64/build: Assert for unwanted sections Kees Cook
  2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
@ 2020-10-26 12:29   ` Geert Uytterhoeven
  2020-10-26 13:29     ` Geert Uytterhoeven
  1 sibling, 1 reply; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-26 12:29 UTC (permalink / raw)
  To: Kees Cook
  Cc: Ingo Molnar, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Kees,

On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> In preparation for warning on orphan sections, discard
> unwanted non-zero-sized generated sections, and enforce other
> expected-to-be-zero-sized sections (since discarding them might hide
> problems with them suddenly gaining unexpected entries).
>
> Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>

This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
sections") in v5.10-rc1, and is causing the following error with
renesas_defconfig[1]:

    aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'
    aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
    aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!

I cannot reproduce this with the standard arm64 defconfig.

I bisected the error to the aforementioned commit, but understand this
is not the real reason.  If I revert this commit, I still get:

    aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
`arch/arm64/kernel/head.o' being placed in section `.got.plt'
    aarch64-linux-gnu-ld: warning: orphan section `.plt' from
`arch/arm64/kernel/head.o' being placed in section `.plt'
    aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
`arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
    aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'

I.e. including the ".eh_frame" warning. I have tried bisecting that
warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
placement"), which is another red herring.

Note that even on plain be2881824ae9eb92, I get:

    aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
    aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!

The parent commit obviously doesn't show that (but probably still has
the problem).

Do you have a clue!

Thanks!

> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -121,6 +121,14 @@ SECTIONS
>                 *(.got)                 /* Global offset table          */
>         }
>
> +       /*
> +        * Make sure that the .got.plt is either completely empty or it
> +        * contains only the lazy dispatch entries.
> +        */
> +       .got.plt : { *(.got.plt) }
> +       ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
> +              "Unexpected GOT/PLT entries detected!")
> +
>         . = ALIGN(SEGMENT_ALIGN);
>         _etext = .;                     /* End of text section */
>
> @@ -243,6 +251,18 @@ SECTIONS
>         ELF_DETAILS
>
>         HEAD_SYMBOLS
> +
> +       /*
> +        * Sections that should stay zero sized, which is safer to
> +        * explicitly check instead of blindly discarding.
> +        */
> +       .plt : {
> +               *(.plt) *(.plt.*) *(.iplt) *(.igot)
> +       }
> +       ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
> +
> +       .data.rel.ro : { *(.data.rel.ro) }
> +       ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
>  }
>
>  #include "image-vars.h"

[1] https://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel.git/log/?h=topic/renesas-defconfig

Gr{oetje,eeting}s,

                        Geert


--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 12:29   ` [PATCH v6 13/29] " Geert Uytterhoeven
@ 2020-10-26 13:29     ` Geert Uytterhoeven
  2020-10-26 16:01       ` Geert Uytterhoeven
  0 siblings, 1 reply; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-26 13:29 UTC (permalink / raw)
  To: Kees Cook
  Cc: Ingo Molnar, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Kees,

On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > In preparation for warning on orphan sections, discard
> > unwanted non-zero-sized generated sections, and enforce other
> > expected-to-be-zero-sized sections (since discarding them might hide
> > problems with them suddenly gaining unexpected entries).
> >
> > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
>
> This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> sections") in v5.10-rc1, and is causing the following error with
> renesas_defconfig[1]:
>
>     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> `kernel/bpf/core.o' being placed in section `.eh_frame'
>     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
>     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
>
> I cannot reproduce this with the standard arm64 defconfig.
>
> I bisected the error to the aforementioned commit, but understand this
> is not the real reason.  If I revert this commit, I still get:
>
>     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> `arch/arm64/kernel/head.o' being placed in section `.got.plt'
>     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> `arch/arm64/kernel/head.o' being placed in section `.plt'
>     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
>     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> `kernel/bpf/core.o' being placed in section `.eh_frame'
>
> I.e. including the ".eh_frame" warning. I have tried bisecting that
> warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> placement"), which is another red herring.

kernel/bpf/core.o is the only file containing an eh_frame section,
causing the warning.
If I compile core.c with "-g" added, like arm64 defconfig does, the
eh_frame section is no longer emitted.

Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...

> Note that even on plain be2881824ae9eb92, I get:
>
>     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
>     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
>
> The parent commit obviously doesn't show that (but probably still has
> the problem).

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 13:29     ` Geert Uytterhoeven
@ 2020-10-26 16:01       ` Geert Uytterhoeven
  2020-10-26 17:38         ` Ard Biesheuvel
  0 siblings, 1 reply; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-26 16:01 UTC (permalink / raw)
  To: Kees Cook
  Cc: Ingo Molnar, Ard Biesheuvel, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > In preparation for warning on orphan sections, discard
> > > unwanted non-zero-sized generated sections, and enforce other
> > > expected-to-be-zero-sized sections (since discarding them might hide
> > > problems with them suddenly gaining unexpected entries).
> > >
> > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> >
> > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > sections") in v5.10-rc1, and is causing the following error with
> > renesas_defconfig[1]:
> >
> >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > `kernel/bpf/core.o' being placed in section `.eh_frame'
> >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> >
> > I cannot reproduce this with the standard arm64 defconfig.
> >
> > I bisected the error to the aforementioned commit, but understand this
> > is not the real reason.  If I revert this commit, I still get:
> >
> >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > `arch/arm64/kernel/head.o' being placed in section `.plt'
> >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > `kernel/bpf/core.o' being placed in section `.eh_frame'
> >
> > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > placement"), which is another red herring.
>
> kernel/bpf/core.o is the only file containing an eh_frame section,
> causing the warning.
> If I compile core.c with "-g" added, like arm64 defconfig does, the
> eh_frame section is no longer emitted.
>
> Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
>
> > Note that even on plain be2881824ae9eb92, I get:
> >
> >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> >
> > The parent commit obviously doesn't show that (but probably still has
> > the problem).

Reverting both
b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
seems to solve my problems, without any ill effects?

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 16:01       ` Geert Uytterhoeven
@ 2020-10-26 17:38         ` Ard Biesheuvel
  2020-10-26 17:43           ` Geert Uytterhoeven
  2020-10-27 10:08           ` Jean-Philippe Brucker
  0 siblings, 2 replies; 92+ messages in thread
From: Ard Biesheuvel @ 2020-10-26 17:38 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Kees Cook, Ingo Molnar, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > In preparation for warning on orphan sections, discard
> > > > unwanted non-zero-sized generated sections, and enforce other
> > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > problems with them suddenly gaining unexpected entries).
> > > >
> > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > >
> > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > sections") in v5.10-rc1, and is causing the following error with
> > > renesas_defconfig[1]:
> > >
> > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > >
> > > I cannot reproduce this with the standard arm64 defconfig.
> > >
> > > I bisected the error to the aforementioned commit, but understand this
> > > is not the real reason.  If I revert this commit, I still get:
> > >
> > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > >
> > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > placement"), which is another red herring.
> >
> > kernel/bpf/core.o is the only file containing an eh_frame section,
> > causing the warning.
> > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > eh_frame section is no longer emitted.
> >
> > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> >
> > > Note that even on plain be2881824ae9eb92, I get:
> > >
> > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > >
> > > The parent commit obviously doesn't show that (but probably still has
> > > the problem).
>
> Reverting both
> b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> seems to solve my problems, without any ill effects?
>

I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)

The presence of .data.rel.ro and .got.plt sections suggests that the
toolchain is using -fpie and/or -z relro to build shared objects
rather than a fully linked bare metal binary.

Which toolchain are you using? Does adding -fno-pie to the compiler
command line and/or adding -z norelro to the linker command line make
any difference?

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:38         ` Ard Biesheuvel
@ 2020-10-26 17:43           ` Geert Uytterhoeven
  2020-10-26 17:48             ` Nick Desaulniers
  2020-10-27  8:51             ` Geert Uytterhoeven
  2020-10-27 10:08           ` Jean-Philippe Brucker
  1 sibling, 2 replies; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-26 17:43 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Kees Cook, Ingo Molnar, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Ard,

On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > In preparation for warning on orphan sections, discard
> > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > problems with them suddenly gaining unexpected entries).
> > > > >
> > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > >
> > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > sections") in v5.10-rc1, and is causing the following error with
> > > > renesas_defconfig[1]:
> > > >
> > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > I cannot reproduce this with the standard arm64 defconfig.
> > > >
> > > > I bisected the error to the aforementioned commit, but understand this
> > > > is not the real reason.  If I revert this commit, I still get:
> > > >
> > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > >
> > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > placement"), which is another red herring.
> > >
> > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > causing the warning.
> > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > eh_frame section is no longer emitted.
> > >
> > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > >
> > > > Note that even on plain be2881824ae9eb92, I get:
> > > >
> > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > The parent commit obviously doesn't show that (but probably still has
> > > > the problem).
> >
> > Reverting both
> > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > seems to solve my problems, without any ill effects?
> >
>
> I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
>
> The presence of .data.rel.ro and .got.plt sections suggests that the
> toolchain is using -fpie and/or -z relro to build shared objects
> rather than a fully linked bare metal binary.
>
> Which toolchain are you using? Does adding -fno-pie to the compiler

gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)  from Ubuntu 20.04LTS.

> command line and/or adding -z norelro to the linker command line make
> any difference?

I'll give that a try later...

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:43           ` Geert Uytterhoeven
@ 2020-10-26 17:48             ` Nick Desaulniers
  2020-10-26 17:53               ` Geert Uytterhoeven
  2020-10-27 19:25               ` Geert Uytterhoeven
  2020-10-27  8:51             ` Geert Uytterhoeven
  1 sibling, 2 replies; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-26 17:48 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
<geert@linux-m68k.org> wrote:
>
> Hi Ard,
>
> On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > In preparation for warning on orphan sections, discard
> > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > problems with them suddenly gaining unexpected entries).
> > > > > >
> > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > >
> > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > renesas_defconfig[1]:
> > > > >
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > >
> > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > is not the real reason.  If I revert this commit, I still get:
> > > > >
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >
> > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > placement"), which is another red herring.
> > > >
> > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > causing the warning.

When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
missing from someone's KBUILD_CFLAGS.
But I don't see anything curious in kernel/bpf/Makefile, unless
cc-disable-warning is somehow broken.

> > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > eh_frame section is no longer emitted.
> > > >
> > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > >
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > The presence of .data.rel.ro and .got.plt sections suggests that the
> > toolchain is using -fpie and/or -z relro to build shared objects
> > rather than a fully linked bare metal binary.
> >
> > Which toolchain are you using? Does adding -fno-pie to the compiler
>
> gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)  from Ubuntu 20.04LTS.
>
> > command line and/or adding -z norelro to the linker command line make
> > any difference?
>
> I'll give that a try later...

This patch just got picked up into the for-next branch of the arm64
tree; it enables `-z norelro` regardless of configs.
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
If you apply that, that should help you test `-z norelro` quickly.

-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:48             ` Nick Desaulniers
@ 2020-10-26 17:53               ` Geert Uytterhoeven
  2020-10-27  8:37                 ` Geert Uytterhoeven
  2020-10-27 19:25               ` Geert Uytterhoeven
  1 sibling, 1 reply; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-26 17:53 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Nick,

On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
<ndesaulniers@google.com> wrote:
> On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> <geert@linux-m68k.org> wrote:
> > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > >
> > > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > > >
> > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > renesas_defconfig[1]:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > >
> > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > is not the real reason.  If I revert this commit, I still get:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >
> > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > placement"), which is another red herring.
> > > > >
> > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > causing the warning.
>
> When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> missing from someone's KBUILD_CFLAGS.
> But I don't see anything curious in kernel/bpf/Makefile, unless
> cc-disable-warning is somehow broken.

Yeah, I noticed it's added in arch/arm64/Makefile, and verified that it is
actually passed when building kernel/bpf/core.o.

> > > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > > eh_frame section is no longer emitted.
> > > > >
> > > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > > >
> > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > the problem).
> > > >
> > > > Reverting both
> > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > seems to solve my problems, without any ill effects?
> > > >
> > >
> > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > The presence of .data.rel.ro and .got.plt sections suggests that the
> > > toolchain is using -fpie and/or -z relro to build shared objects
> > > rather than a fully linked bare metal binary.
> > >
> > > Which toolchain are you using? Does adding -fno-pie to the compiler
> >
> > gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)  from Ubuntu 20.04LTS.
> >
> > > command line and/or adding -z norelro to the linker command line make
> > > any difference?
> >
> > I'll give that a try later...
>
> This patch just got picked up into the for-next branch of the arm64
> tree; it enables `-z norelro` regardless of configs.
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
> If you apply that, that should help you test `-z norelro` quickly.

Thanks, will give that a try, too.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:53               ` Geert Uytterhoeven
@ 2020-10-27  8:37                 ` Geert Uytterhoeven
  0 siblings, 0 replies; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-27  8:37 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Nick,

On Mon, Oct 26, 2020 at 6:53 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <ndesaulniers@google.com> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > > >
> > > > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > > > >
> > > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > > renesas_defconfig[1]:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > > >
> > > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > > is not the real reason.  If I revert this commit, I still get:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> Yeah, I noticed it's added in arch/arm64/Makefile, and verified that it is
> actually passed when building kernel/bpf/core.o.
>
> > > > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > > > eh_frame section is no longer emitted.
> > > > > >
> > > > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > > > >
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > > >
> > > > The presence of .data.rel.ro and .got.plt sections suggests that the
> > > > toolchain is using -fpie and/or -z relro to build shared objects
> > > > rather than a fully linked bare metal binary.
> > > >
> > > > Which toolchain are you using? Does adding -fno-pie to the compiler
> > >
> > > gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)  from Ubuntu 20.04LTS.
> > >
> > > > command line and/or adding -z norelro to the linker command line make
> > > > any difference?
> > >
> > > I'll give that a try later...
> >
> > This patch just got picked up into the for-next branch of the arm64
> > tree; it enables `-z norelro` regardless of configs.
> > https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
> > If you apply that, that should help you test `-z norelro` quickly.
>
> Thanks, will give that a try, too.

Commit 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 is part of v5.10-rc1,
so it was already included, and thus doesn't fix the issue.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:43           ` Geert Uytterhoeven
  2020-10-26 17:48             ` Nick Desaulniers
@ 2020-10-27  8:51             ` Geert Uytterhoeven
  1 sibling, 0 replies; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-27  8:51 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Kees Cook, Ingo Molnar, Catalin Marinas, Mark Rutland,
	Peter Collingbourne, James Morse, Borislav Petkov, Ingo Molnar,
	Russell King, Masahiro Yamada, Arvind Sankar, Nick Desaulniers,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas

Hi Ard,

On Mon, Oct 26, 2020 at 6:43 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > In preparation for warning on orphan sections, discard
> > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > problems with them suddenly gaining unexpected entries).
> > > > > >
> > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > >
> > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > renesas_defconfig[1]:
> > > > >
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > >
> > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > is not the real reason.  If I revert this commit, I still get:
> > > > >
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >
> > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > placement"), which is another red herring.
> > > >
> > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > causing the warning.
> > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > eh_frame section is no longer emitted.
> > > >
> > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > >
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > The presence of .data.rel.ro and .got.plt sections suggests that the
> > toolchain is using -fpie and/or -z relro to build shared objects
> > rather than a fully linked bare metal binary.
> >
> > Which toolchain are you using? Does adding -fno-pie to the compiler
>
> gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)  from Ubuntu 20.04LTS.
>
> > command line and/or adding -z norelro to the linker command line make
> > any difference?
>
> I'll give that a try later...

Adding -fno-pie to KBUILD_AFLAGS and KBUILD_CFLAGS doesn't
make a difference.

Same for adding -z norelno to the final link command:

    aarch64-linux-gnu-ld: warning: -z norelno ignored
    aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'
    aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
    aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:38         ` Ard Biesheuvel
  2020-10-26 17:43           ` Geert Uytterhoeven
@ 2020-10-27 10:08           ` Jean-Philippe Brucker
  2020-10-27 10:20             ` Geert Uytterhoeven
  1 sibling, 1 reply; 92+ messages in thread
From: Jean-Philippe Brucker @ 2020-10-27 10:08 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Geert Uytterhoeven, Mark Rutland, Linux-Arch, linux-efi,
	Kees Cook, Arnd Bergmann, Catalin Marinas, Masahiro Yamada,
	the arch/x86 maintainers, Nick Desaulniers, Russell King,
	Linux Kernel Mailing List, Linux-Renesas, clang-built-linux,
	Arvind Sankar, Ingo Molnar, James Morse, Nathan Chancellor,
	Borislav Petkov, Peter Collingbourne, Ingo Molnar, Linux ARM

Hi,

On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > Note that even on plain be2881824ae9eb92, I get:
> > > >
> > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > The parent commit obviously doesn't show that (but probably still has
> > > > the problem).
> >
> > Reverting both
> > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > seems to solve my problems, without any ill effects?
> >
> 
> I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)

I have the same problem with one of my debug configs and Linux v5.10-rc1,
and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
defconfig and disabling CONFIG_MODULES:

ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
ld: Unexpected GOT/PLT entries detected!
ld: Unexpected run-time procedure linkages detected!

Adding -fno-pie to this command doesn't fix the problem.

Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
addition to the error, but I don't get that warning with the 8.3.0
toolchain.

Thanks,
Jean

> 
> The presence of .data.rel.ro and .got.plt sections suggests that the
> toolchain is using -fpie and/or -z relro to build shared objects
> rather than a fully linked bare metal binary.
> 
> Which toolchain are you using? Does adding -fno-pie to the compiler
> command line and/or adding -z norelro to the linker command line make
> any difference?
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 10:08           ` Jean-Philippe Brucker
@ 2020-10-27 10:20             ` Geert Uytterhoeven
  2020-10-27 11:29               ` Ard Biesheuvel
  0 siblings, 1 reply; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-27 10:20 UTC (permalink / raw)
  To: Jean-Philippe Brucker
  Cc: Ard Biesheuvel, Mark Rutland, Linux-Arch, linux-efi, Kees Cook,
	Arnd Bergmann, Catalin Marinas, Masahiro Yamada,
	the arch/x86 maintainers, Nick Desaulniers, Russell King,
	Linux Kernel Mailing List, Linux-Renesas, clang-built-linux,
	Arvind Sankar, Ingo Molnar, James Morse, Nathan Chancellor,
	Borislav Petkov, Peter Collingbourne, Ingo Molnar, Linux ARM

Hi Jean-Philippe,

On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
<jean-philippe@linaro.org> wrote:
> On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
>
> I have the same problem with one of my debug configs and Linux v5.10-rc1,
> and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> defconfig and disabling CONFIG_MODULES:
>
> ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> ld: Unexpected GOT/PLT entries detected!
> ld: Unexpected run-time procedure linkages detected!
>
> Adding -fno-pie to this command doesn't fix the problem.
>
> Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> addition to the error, but I don't get that warning with the 8.3.0
> toolchain.

Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
Enabling that fixes the link error due to unexpected entries, but the
.eh_frame orphan section warning is still there.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 10:20             ` Geert Uytterhoeven
@ 2020-10-27 11:29               ` Ard Biesheuvel
  2020-10-27 11:53                 ` Naresh Kamboju
  2020-10-27 13:56                 ` Ard Biesheuvel
  0 siblings, 2 replies; 92+ messages in thread
From: Ard Biesheuvel @ 2020-10-27 11:29 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Jean-Philippe Brucker, Mark Rutland, Linux-Arch, linux-efi,
	Kees Cook, Arnd Bergmann, Catalin Marinas, Masahiro Yamada,
	the arch/x86 maintainers, Nick Desaulniers, Russell King,
	Linux Kernel Mailing List, Linux-Renesas, clang-built-linux,
	Arvind Sankar, Ingo Molnar, James Morse, Nathan Chancellor,
	Borislav Petkov, Peter Collingbourne, Ingo Molnar, Linux ARM

On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> Hi Jean-Philippe,
>
> On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> <jean-philippe@linaro.org> wrote:
> > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > the problem).
> > > >
> > > > Reverting both
> > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > seems to solve my problems, without any ill effects?
> > > >
> > >
> > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > defconfig and disabling CONFIG_MODULES:
> >
> > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > ld: Unexpected GOT/PLT entries detected!
> > ld: Unexpected run-time procedure linkages detected!
> >
> > Adding -fno-pie to this command doesn't fix the problem.
> >
> > Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> > get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> > addition to the error, but I don't get that warning with the 8.3.0
> > toolchain.
>
> Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
> Enabling that fixes the link error due to unexpected entries, but the
> .eh_frame orphan section warning is still there.
>

Looks like this is caused by the VFIO driver doing nasty things with
symbol_get(), resulting in weak symbol references being emitted. Since
taking the address of a weak symbol can yield NULL, the only way for
the linker to accommodate this is to use GOT indirection for the
direct symbol reference, so that the GOT entry can be set to NULL if
the reference is not satisfied at link time.

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 11:29               ` Ard Biesheuvel
@ 2020-10-27 11:53                 ` Naresh Kamboju
  2020-10-27 13:56                 ` Ard Biesheuvel
  1 sibling, 0 replies; 92+ messages in thread
From: Naresh Kamboju @ 2020-10-27 11:53 UTC (permalink / raw)
  To: Ard Biesheuvel, Geert Uytterhoeven, Kees Cook, Anders Roxell
  Cc: Jean-Philippe Brucker, Mark Rutland, Linux-Arch, linux-efi,
	Arnd Bergmann, Catalin Marinas, Masahiro Yamada,
	the arch/x86 maintainers, Nick Desaulniers, Russell King,
	Linux Kernel Mailing List, Linux-Renesas, clang-built-linux,
	Arvind Sankar, Ingo Molnar, James Morse, Nathan Chancellor,
	Borislav Petkov, Peter Collingbourne, Ingo Molnar, Linux ARM

On Tue, 27 Oct 2020 at 17:00, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> >
> > Hi Jean-Philippe,
> >
> > On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> > <jean-philippe@linaro.org> wrote:
> > > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > > defconfig and disabling CONFIG_MODULES:
> > >
> > > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > > ld: Unexpected GOT/PLT entries detected!
> > > ld: Unexpected run-time procedure linkages detected!

 ld: Unexpected GOT/PLT entries detected!
 ld: Unexpected run-time procedure linkages detected!

The arm64 build error fixed by (I have tested defconfig)

[PATCH] soc: qcom: QCOM_RPMH fix build with modular QCOM_RPMH
https://lore.kernel.org/linux-arm-msm/20201027111422.4008114-1-anders.roxell@linaro.org/
---

When building allmodconfig leading to the following link error with
CONFIG_QCOM_RPMH=y and CONFIG_QCOM_COMMAND_DB=m:

aarch64-linux-gnu-ld: drivers/clk/qcom/clk-rpmh.o: in function `clk_rpmh_probe':
  drivers/clk/qcom/clk-rpmh.c:474: undefined reference to `cmd_db_read_addr'
  drivers/clk/qcom/clk-rpmh.c:474:(.text+0x254): relocation truncated
to fit: R_AARCH64_CALL26 against undefined symbol `cmd_db_read_addr'

Fix this by adding a Kconfig depenency and forcing QCOM_RPMH to be a
module when QCOM_COMMAND_DB is a module. Also removing the dependency on
'ARCH_QCOM || COMPILE_TEST' since that is already a dependency for
QCOM_COMMAND_DB.

Fixes: 778279f4f5e4 ("soc: qcom: cmd-db: allow loading as a module")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
---
 drivers/soc/qcom/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 9b4ae9c16ba7..3bdd1604f78f 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -109,7 +109,7 @@ config QCOM_RMTFS_MEM

 config QCOM_RPMH
  tristate "Qualcomm RPM-Hardened (RPMH) Communication"
- depends on ARCH_QCOM || COMPILE_TEST
+ depends on QCOM_COMMAND_DB
  help
   Support for communication with the hardened-RPM blocks in
   Qualcomm Technologies Inc (QTI) SoCs. RPMH communication uses an
-- 
2.28.0


- Naresh

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 11:29               ` Ard Biesheuvel
  2020-10-27 11:53                 ` Naresh Kamboju
@ 2020-10-27 13:56                 ` Ard Biesheuvel
  1 sibling, 0 replies; 92+ messages in thread
From: Ard Biesheuvel @ 2020-10-27 13:56 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Jean-Philippe Brucker, Mark Rutland, Linux-Arch, linux-efi,
	Kees Cook, Arnd Bergmann, Catalin Marinas, Masahiro Yamada,
	the arch/x86 maintainers, Nick Desaulniers, Russell King,
	Linux Kernel Mailing List, Linux-Renesas, clang-built-linux,
	Arvind Sankar, Ingo Molnar, James Morse, Nathan Chancellor,
	Borislav Petkov, Peter Collingbourne, Ingo Molnar, Linux ARM

On Tue, 27 Oct 2020 at 12:29, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> >
> > Hi Jean-Philippe,
> >
> > On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> > <jean-philippe@linaro.org> wrote:
> > > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > > defconfig and disabling CONFIG_MODULES:
> > >
> > > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > > ld: Unexpected GOT/PLT entries detected!
> > > ld: Unexpected run-time procedure linkages detected!
> > >
> > > Adding -fno-pie to this command doesn't fix the problem.
> > >
> > > Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> > > get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> > > addition to the error, but I don't get that warning with the 8.3.0
> > > toolchain.
> >
> > Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
> > Enabling that fixes the link error due to unexpected entries, but the
> > .eh_frame orphan section warning is still there.
> >
>
> Looks like this is caused by the VFIO driver doing nasty things with
> symbol_get(), resulting in weak symbol references being emitted. Since
> taking the address of a weak symbol can yield NULL, the only way for
> the linker to accommodate this is to use GOT indirection for the
> direct symbol reference, so that the GOT entry can be set to NULL if
> the reference is not satisfied at link time.

This seems to do the trick for me.

diff --git a/include/linux/module.h b/include/linux/module.h
index 7ccdf87f376f..6264617bab4d 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -740,7 +740,7 @@ static inline bool within_module(unsigned long
addr, const struct module *mod)
 }

 /* Get/put a kernel symbol (calls should be symmetric) */
-#define symbol_get(x) ({ extern typeof(x) x __attribute__((weak)); &(x); })
+#define symbol_get(x) ({ extern typeof(x) x
__attribute__((weak,visibility("hidden"))); &(x); })
 #define symbol_put(x) do { } while (0)
 #define symbol_put_addr(x) do { } while (0)

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-26 17:48             ` Nick Desaulniers
  2020-10-26 17:53               ` Geert Uytterhoeven
@ 2020-10-27 19:25               ` Geert Uytterhoeven
  2020-10-27 19:33                 ` Ard Biesheuvel
  2020-10-27 20:12                 ` Nick Desaulniers
  1 sibling, 2 replies; 92+ messages in thread
From: Geert Uytterhoeven @ 2020-10-27 19:25 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf

Hi Nick,

CC Josh

On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
<ndesaulniers@google.com> wrote:
> On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> <geert@linux-m68k.org> wrote:
> > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > >
> > > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > > >
> > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > renesas_defconfig[1]:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > >
> > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > is not the real reason.  If I revert this commit, I still get:
> > > > > >
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >
> > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > placement"), which is another red herring.
> > > > >
> > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > causing the warning.
>
> When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> missing from someone's KBUILD_CFLAGS.
> But I don't see anything curious in kernel/bpf/Makefile, unless
> cc-disable-warning is somehow broken.

I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).

Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
is generated.  Removing the __no_fgcse tag fixes that.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 19:25               ` Geert Uytterhoeven
@ 2020-10-27 19:33                 ` Ard Biesheuvel
  2020-10-27 20:00                   ` Arvind Sankar
  2020-10-27 20:12                 ` Nick Desaulniers
  1 sibling, 1 reply; 92+ messages in thread
From: Ard Biesheuvel @ 2020-10-27 19:33 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Nick Desaulniers, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf

On Tue, 27 Oct 2020 at 20:25, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> Hi Nick,
>
> CC Josh
>
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <ndesaulniers@google.com> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <keescook@chromium.org> wrote:
> > > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > > >
> > > > > > > > Suggested-by: Ard Biesheuvel <ardb@kernel.org>
> > > > > > > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > > > > >
> > > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > > renesas_defconfig[1]:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >     aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > >     aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > > >
> > > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > > is not the real reason.  If I revert this commit, I still get:
> > > > > > >
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > >     aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
>
> Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> is generated.  Removing the __no_fgcse tag fixes that.
>


Given that it was added for issues related to retpolines, ORC and
objtool, it should be safe to make that annotation x86-only.

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 19:33                 ` Ard Biesheuvel
@ 2020-10-27 20:00                   ` Arvind Sankar
  0 siblings, 0 replies; 92+ messages in thread
From: Arvind Sankar @ 2020-10-27 20:00 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Geert Uytterhoeven, Nick Desaulniers, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	the arch/x86 maintainers, clang-built-linux, Linux-Arch,
	linux-efi, Linux ARM, Linux Kernel Mailing List, Linux-Renesas,
	Josh Poimboeuf

On Tue, Oct 27, 2020 at 08:33:00PM +0100, Ard Biesheuvel wrote:
> On Tue, 27 Oct 2020 at 20:25, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > >
> > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > missing from someone's KBUILD_CFLAGS.
> > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > cc-disable-warning is somehow broken.
> >
> > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> >
> > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > is generated.  Removing the __no_fgcse tag fixes that.
> >
> 
> 
> Given that it was added for issues related to retpolines, ORC and
> objtool, it should be safe to make that annotation x86-only.

The optimize attribute is not meant for production use. I had mentioned
this at the time but it got lost: the optimize attribute apparently does
not add options, it replaces them completely. So I'm guessing this one
is dropping the -fno-asynchronous-unwind-tables and causing the eh_frame
sections, though I don't know why that doesn't cause eh_frame on x86?

https://lore.kernel.org/lkml/alpine.LSU.2.21.2004151445520.11688@wotan.suse.de/

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 19:25               ` Geert Uytterhoeven
  2020-10-27 19:33                 ` Ard Biesheuvel
@ 2020-10-27 20:12                 ` Nick Desaulniers
  2020-10-27 20:15                   ` Ard Biesheuvel
  1 sibling, 1 reply; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-27 20:12 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Ard Biesheuvel, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
<geert@linux-m68k.org> wrote:
>
> Hi Nick,
>
> CC Josh
>
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <ndesaulniers@google.com> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
>
> Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> is generated.  Removing the __no_fgcse tag fixes that.

That's weird.  I feel pretty strongly that unless we're working around
a well understood compiler bug with a comment that links to a
submitted bug report, turning off rando compiler optimizations is a
terrible hack for which one must proceed straight to jail; do not pass
go; do not collect $200.  But maybe I'd feel differently for this case
given the context of the change that added it.  (Ard mentions
retpolines+orc+objtool; can someone share the relevant SHA if you have
it handy so I don't have to go digging?)  (I feel the same about there
being an empty asm(); statement in the definition of asm_volatile_goto
for compiler-gcc.h).  Might be time to "fix the compiler."

(It sounds like Arvind is both in agreement with my sentiment, and has
the root cause).

--
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:12                 ` Nick Desaulniers
@ 2020-10-27 20:15                   ` Ard Biesheuvel
  2020-10-27 20:17                     ` Nick Desaulniers
                                       ` (2 more replies)
  0 siblings, 3 replies; 92+ messages in thread
From: Ard Biesheuvel @ 2020-10-27 20:15 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Geert Uytterhoeven, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	kernel-toolchains, Miguel Ojeda

On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <ndesaulniers@google.com> wrote:
>
> On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> <geert@linux-m68k.org> wrote:
> >
> > Hi Nick,
> >
> > CC Josh
> >
> > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > <ndesaulniers@google.com> wrote:
> > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > <geert@linux-m68k.org> wrote:
> > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > placement"), which is another red herring.
> > > > > > >
> > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > causing the warning.
> > >
> > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > missing from someone's KBUILD_CFLAGS.
> > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > cc-disable-warning is somehow broken.
> >
> > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> >
> > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > is generated.  Removing the __no_fgcse tag fixes that.
>
> That's weird.  I feel pretty strongly that unless we're working around
> a well understood compiler bug with a comment that links to a
> submitted bug report, turning off rando compiler optimizations is a
> terrible hack for which one must proceed straight to jail; do not pass
> go; do not collect $200.  But maybe I'd feel differently for this case
> given the context of the change that added it.  (Ard mentions
> retpolines+orc+objtool; can someone share the relevant SHA if you have
> it handy so I don't have to go digging?)

commit 3193c0836f203a91bef96d88c64cccf0be090d9c
Author: Josh Poimboeuf <jpoimboe@redhat.com>
Date:   Wed Jul 17 20:36:45 2019 -0500

    bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()

has

Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")

and mentions objtool and CONFIG_RETPOLINE.

>  (I feel the same about there
> being an empty asm(); statement in the definition of asm_volatile_goto
> for compiler-gcc.h).  Might be time to "fix the compiler."
>
> (It sounds like Arvind is both in agreement with my sentiment, and has
> the root cause).
>

I agree that the __no_fgcse hack is terrible. Does Clang support the
following pragmas?

#pragma GCC push_options
#pragma GCC optimize ("-fno-gcse")
#pragma GCC pop_options

?

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:15                   ` Ard Biesheuvel
@ 2020-10-27 20:17                     ` Nick Desaulniers
  2020-10-27 20:30                       ` Arvind Sankar
  2020-10-27 20:28                     ` Nick Desaulniers
  2020-10-28 21:36                     ` Alexei Starovoitov
  2 siblings, 1 reply; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-27 20:17 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Geert Uytterhoeven, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <ndesaulniers@google.com> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <ndesaulniers@google.com> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated.  Removing the __no_fgcse tag fixes that.
> >
> > That's weird.  I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200.  But maybe I'd feel differently for this case
> > given the context of the change that added it.  (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
>
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <jpoimboe@redhat.com>
> Date:   Wed Jul 17 20:36:45 2019 -0500
>
>     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
>
> has
>
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
>
> and mentions objtool and CONFIG_RETPOLINE.
>
> >  (I feel the same about there
> > being an empty asm(); statement in the definition of asm_volatile_goto
> > for compiler-gcc.h).  Might be time to "fix the compiler."
> >
> > (It sounds like Arvind is both in agreement with my sentiment, and has
> > the root cause).
> >
>
> I agree that the __no_fgcse hack is terrible. Does Clang support the
> following pragmas?
>
> #pragma GCC push_options
> #pragma GCC optimize ("-fno-gcse")
> #pragma GCC pop_options
>
> ?

Put it in godbolt.org.  Pretty sure it's `#pragma clang` though.
`#pragma GCC` might be supported in clang or silently ignored, but
IIRC pragmas were a bit of a compat nightmare.  I think Arnd wrote
some macros to set pragmas based on toolchain.  (Uses _Pragma, for
pragmas in macros, IIRC).

-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:15                   ` Ard Biesheuvel
  2020-10-27 20:17                     ` Nick Desaulniers
@ 2020-10-27 20:28                     ` Nick Desaulniers
  2020-10-27 20:32                       ` Arvind Sankar
  2020-10-28 21:36                     ` Alexei Starovoitov
  2 siblings, 1 reply; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-27 20:28 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Geert Uytterhoeven, Kees Cook, Ingo Molnar, Catalin Marinas,
	Mark Rutland, Peter Collingbourne, James Morse, Borislav Petkov,
	Ingo Molnar, Russell King, Masahiro Yamada, Arvind Sankar,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	Miguel Ojeda, linux-toolchains

(+ right linux-toolchains mailing list, apologies for adding the wrong
one, I'm forever doomed to have gmail autocomplete to the wrong one
now that I've sent to it before)

On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <ndesaulniers@google.com> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <ndesaulniers@google.com> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated.  Removing the __no_fgcse tag fixes that.
> >
> > That's weird.  I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200.  But maybe I'd feel differently for this case
> > given the context of the change that added it.  (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
>
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <jpoimboe@redhat.com>
> Date:   Wed Jul 17 20:36:45 2019 -0500
>
>     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
>
> has
>
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
>
> and mentions objtool and CONFIG_RETPOLINE.

Thanks for the context.  It might be time to revisit the above commit.
If I revert it (small conflict that's easy to fixup),
kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
obtool did get smart enough to handle that case?  Probably regresses
the performance of that main dispatch loop for BPF, but not sure what
folks are expecting when retpolines are enabled.
-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:17                     ` Nick Desaulniers
@ 2020-10-27 20:30                       ` Arvind Sankar
  2020-10-27 20:40                         ` Nick Desaulniers
  0 siblings, 1 reply; 92+ messages in thread
From: Arvind Sankar @ 2020-10-27 20:30 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Geert Uytterhoeven, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	the arch/x86 maintainers, clang-built-linux, Linux-Arch,
	linux-efi, Linux ARM, Linux Kernel Mailing List, Linux-Renesas,
	Josh Poimboeuf, kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <ndesaulniers@google.com> wrote:
> > >
> > > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > > <geert@linux-m68k.org> wrote:
> > > >
> > > > Hi Nick,
> > > >
> > > > CC Josh
> > > >
> > > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > > <ndesaulniers@google.com> wrote:
> > > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > > <geert@linux-m68k.org> wrote:
> > > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > > placement"), which is another red herring.
> > > > > > > > >
> > > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > > causing the warning.
> > > > >
> > > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > > missing from someone's KBUILD_CFLAGS.
> > > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > > cc-disable-warning is somehow broken.
> > > >
> > > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > > >
> > > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > > is generated.  Removing the __no_fgcse tag fixes that.
> > >
> > > That's weird.  I feel pretty strongly that unless we're working around
> > > a well understood compiler bug with a comment that links to a
> > > submitted bug report, turning off rando compiler optimizations is a
> > > terrible hack for which one must proceed straight to jail; do not pass
> > > go; do not collect $200.  But maybe I'd feel differently for this case
> > > given the context of the change that added it.  (Ard mentions
> > > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > > it handy so I don't have to go digging?)
> >
> > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > Author: Josh Poimboeuf <jpoimboe@redhat.com>
> > Date:   Wed Jul 17 20:36:45 2019 -0500
> >
> >     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> >
> > has
> >
> > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> >
> > and mentions objtool and CONFIG_RETPOLINE.
> >
> > >  (I feel the same about there
> > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > for compiler-gcc.h).  Might be time to "fix the compiler."
> > >
> > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > the root cause).
> > >
> >
> > I agree that the __no_fgcse hack is terrible. Does Clang support the
> > following pragmas?
> >
> > #pragma GCC push_options
> > #pragma GCC optimize ("-fno-gcse")
> > #pragma GCC pop_options
> >
> > ?
> 
> Put it in godbolt.org.  Pretty sure it's `#pragma clang` though.
> `#pragma GCC` might be supported in clang or silently ignored, but
> IIRC pragmas were a bit of a compat nightmare.  I think Arnd wrote
> some macros to set pragmas based on toolchain.  (Uses _Pragma, for
> pragmas in macros, IIRC).
> 
> -- 
> Thanks,
> ~Nick Desaulniers

https://gcc.gnu.org/onlinedocs/gcc/Function-Specific-Option-Pragmas.html#Function-Specific-Option-Pragmas

#pragma GCC optimize is equivalent to the function attribute, so does
that actually help?

Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
4.9, so the hack could be dropped now?

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:28                     ` Nick Desaulniers
@ 2020-10-27 20:32                       ` Arvind Sankar
  2020-10-27 20:36                         ` Nick Desaulniers
  0 siblings, 1 reply; 92+ messages in thread
From: Arvind Sankar @ 2020-10-27 20:32 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Ard Biesheuvel, Geert Uytterhoeven, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	the arch/x86 maintainers, clang-built-linux, Linux-Arch,
	linux-efi, Linux ARM, Linux Kernel Mailing List, Linux-Renesas,
	Josh Poimboeuf, Miguel Ojeda, linux-toolchains

On Tue, Oct 27, 2020 at 01:28:02PM -0700, Nick Desaulniers wrote:
> > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > Author: Josh Poimboeuf <jpoimboe@redhat.com>
> > Date:   Wed Jul 17 20:36:45 2019 -0500
> >
> >     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> >
> > has
> >
> > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> >
> > and mentions objtool and CONFIG_RETPOLINE.
> 
> Thanks for the context.  It might be time to revisit the above commit.
> If I revert it (small conflict that's easy to fixup),
> kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
> obtool did get smart enough to handle that case?  Probably regresses
> the performance of that main dispatch loop for BPF, but not sure what
> folks are expecting when retpolines are enabled.
> -- 
> Thanks,
> ~Nick Desaulniers

The objtool issue was with RETPOLINE disabled.

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:32                       ` Arvind Sankar
@ 2020-10-27 20:36                         ` Nick Desaulniers
  0 siblings, 0 replies; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-27 20:36 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Ard Biesheuvel, Geert Uytterhoeven, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	Miguel Ojeda, linux-toolchains

On Tue, Oct 27, 2020 at 1:32 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Oct 27, 2020 at 01:28:02PM -0700, Nick Desaulniers wrote:
> > > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > > Author: Josh Poimboeuf <jpoimboe@redhat.com>
> > > Date:   Wed Jul 17 20:36:45 2019 -0500
> > >
> > >     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> > >
> > > has
> > >
> > > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> > >
> > > and mentions objtool and CONFIG_RETPOLINE.
> >
> > Thanks for the context.  It might be time to revisit the above commit.
> > If I revert it (small conflict that's easy to fixup),
> > kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
> > obtool did get smart enough to handle that case?  Probably regresses
> > the performance of that main dispatch loop for BPF, but not sure what
> > folks are expecting when retpolines are enabled.
> > --
> > Thanks,
> > ~Nick Desaulniers
>
> The objtool issue was with RETPOLINE disabled.

Ah, sorry, in that case default-CONFIG_RETPOLINE+gcc-9.3:
kernel/bpf/core.o: warning: objtool: ___bpf_prog_run()+0x8d4: sibling
call from callable instruction with modified stack frame
-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:30                       ` Arvind Sankar
@ 2020-10-27 20:40                         ` Nick Desaulniers
  2020-10-27 21:24                           ` Arvind Sankar
  0 siblings, 1 reply; 92+ messages in thread
From: Nick Desaulniers @ 2020-10-27 20:40 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Ard Biesheuvel, Geert Uytterhoeven, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Nathan Chancellor, Arnd Bergmann, the arch/x86 maintainers,
	clang-built-linux, Linux-Arch, linux-efi, Linux ARM,
	Linux Kernel Mailing List, Linux-Renesas, Josh Poimboeuf,
	kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 1:30 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> > > >  (I feel the same about there
> > > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > > for compiler-gcc.h).  Might be time to "fix the compiler."
> > > >
> > > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > > the root cause).
> > > >
> Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
> 4.9, so the hack could be dropped now?

https://lore.kernel.org/lkml/20180907222109.163802-1-ndesaulniers@google.com/

For the life of me I can't find Linus' response.  Maybe he shot it
down in the PR, but I can't find it...Miguel do you recall?  I could
paraphrase, but might be better to not rely on my memory.
-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:40                         ` Nick Desaulniers
@ 2020-10-27 21:24                           ` Arvind Sankar
  0 siblings, 0 replies; 92+ messages in thread
From: Arvind Sankar @ 2020-10-27 21:24 UTC (permalink / raw)
  To: Nick Desaulniers
  Cc: Arvind Sankar, Ard Biesheuvel, Geert Uytterhoeven, Kees Cook,
	Ingo Molnar, Catalin Marinas, Mark Rutland, Peter Collingbourne,
	James Morse, Borislav Petkov, Ingo Molnar, Russell King,
	Masahiro Yamada, Nathan Chancellor, Arnd Bergmann,
	the arch/x86 maintainers, clang-built-linux, Linux-Arch,
	linux-efi, Linux ARM, Linux Kernel Mailing List, Linux-Renesas,
	Josh Poimboeuf, kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 01:40:43PM -0700, Nick Desaulniers wrote:
> On Tue, Oct 27, 2020 at 1:30 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> >
> > On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> > > > >  (I feel the same about there
> > > > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > > > for compiler-gcc.h).  Might be time to "fix the compiler."
> > > > >
> > > > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > > > the root cause).
> > > > >
> > Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
> > 4.9, so the hack could be dropped now?
> 
> https://lore.kernel.org/lkml/20180907222109.163802-1-ndesaulniers@google.com/
> 
> For the life of me I can't find Linus' response.  Maybe he shot it
> down in the PR, but I can't find it...Miguel do you recall?  I could
> paraphrase, but might be better to not rely on my memory.
> -- 
> Thanks,
> ~Nick Desaulniers

You couldn't find it in July either :)
https://lkml.org/lkml/2020/7/10/1026

Possibly he didn't like the version check? That should be unnecessary now.

^ permalink raw reply	[flat|nested] 92+ messages in thread

* Re: [PATCH v6 13/29] arm64/build: Assert for unwanted sections
  2020-10-27 20:15                   ` Ard Biesheuvel
  2020-10-27 20:17                     ` Nick Desaulniers
  2020-10-27 20:28                     ` Nick Desaulniers
@ 2020-10-28 21:36                     ` Alexei Starovoitov
  2 siblings, 0 replies; 92+ messages in thread
From: Alexei Starovoitov @ 2020-10-28 21:36 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Nick Desaulniers, Geert Uytterhoeven, Kees Cook, Ingo Molnar,
	Catalin Marinas, Mark Rutland, Peter Collingbourne, James Morse,
	Borislav Petkov, Ingo Molnar, Russell King, Masahiro Yamada,
	Arvind Sankar, Nathan Chancellor, Arnd Bergmann,
	the arch/x86 maintainers, clang-built-linux, Linux-Arch,
	linux-efi, Linux ARM, Linux Kernel Mailing List, Linux-Renesas,
	Josh Poimboeuf, kernel-toolchains, Miguel Ojeda

On Tue, Oct 27, 2020 at 09:15:17PM +0100, Ard Biesheuvel wrote:
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <ndesaulniers@google.com> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <geert@linux-m68k.org> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <ndesaulniers@google.com> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <geert@linux-m68k.org> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated.  Removing the __no_fgcse tag fixes that.
> >
> > That's weird.  I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200.  But maybe I'd feel differently for this case
> > given the context of the change that added it.  (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
> 
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <jpoimboe@redhat.com>
> Date:   Wed Jul 17 20:36:45 2019 -0500
> 
>     bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> 
> has
> 
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")

That commit is broken.
I had this patch in my queue:
-#define __no_fgcse __attribute__((optimize("-fno-gcse")))
+#define __no_fgcse __attribute__((optimize("-fno-gcse,-fno-omit-frame-pointer")))

Sounds like you want to add -fno-asynchronous-unwind-tables to the above list?

> and mentions objtool and CONFIG_RETPOLINE.
> 
> >  (I feel the same about there
> > being an empty asm(); statement in the definition of asm_volatile_goto
> > for compiler-gcc.h).  Might be time to "fix the compiler."
> >
> > (It sounds like Arvind is both in agreement with my sentiment, and has
> > the root cause).
> >
> 
> I agree that the __no_fgcse hack is terrible. Does Clang support the
> following pragmas?
> 
> #pragma GCC push_options
> #pragma GCC optimize ("-fno-gcse")
> #pragma GCC pop_options

That will work too, but optimize("-fno...,-fno..,-fno..") is imo cleaner.

^ permalink raw reply	[flat|nested] 92+ messages in thread

end of thread, back to index

Thread overview: 92+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-21 19:42 [PATCH v6 00/29] Warn on orphan section placement Kees Cook
2020-08-21 19:42 ` [PATCH v6 01/29] vmlinux.lds.h: Create COMMON_DISCARDS Kees Cook
2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 02/29] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS Kees Cook
2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 03/29] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections Kees Cook
2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 04/29] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG Kees Cook
2020-09-01 11:48   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 05/29] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 06/29] vmlinux.lds.h: add PGO and AutoFDO input sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] vmlinux.lds.h: Add " tip-bot2 for Nick Desaulniers
2020-08-21 19:42 ` [PATCH v6 07/29] efi/libstub: Disable -mbranch-protection Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 08/29] arm64/mm: Remove needless section quotes Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 09/29] arm64/kernel: Remove needless Call Frame Information annotations Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 10/29] arm64/build: Remove .eh_frame* sections due to unwind tables Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 11/29] arm64/build: Use common DISCARDS in linker script Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 12/29] arm64/build: Add missing DWARF sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 13/29] arm64/build: Assert for unwanted sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-10-26 12:29   ` [PATCH v6 13/29] " Geert Uytterhoeven
2020-10-26 13:29     ` Geert Uytterhoeven
2020-10-26 16:01       ` Geert Uytterhoeven
2020-10-26 17:38         ` Ard Biesheuvel
2020-10-26 17:43           ` Geert Uytterhoeven
2020-10-26 17:48             ` Nick Desaulniers
2020-10-26 17:53               ` Geert Uytterhoeven
2020-10-27  8:37                 ` Geert Uytterhoeven
2020-10-27 19:25               ` Geert Uytterhoeven
2020-10-27 19:33                 ` Ard Biesheuvel
2020-10-27 20:00                   ` Arvind Sankar
2020-10-27 20:12                 ` Nick Desaulniers
2020-10-27 20:15                   ` Ard Biesheuvel
2020-10-27 20:17                     ` Nick Desaulniers
2020-10-27 20:30                       ` Arvind Sankar
2020-10-27 20:40                         ` Nick Desaulniers
2020-10-27 21:24                           ` Arvind Sankar
2020-10-27 20:28                     ` Nick Desaulniers
2020-10-27 20:32                       ` Arvind Sankar
2020-10-27 20:36                         ` Nick Desaulniers
2020-10-28 21:36                     ` Alexei Starovoitov
2020-10-27  8:51             ` Geert Uytterhoeven
2020-10-27 10:08           ` Jean-Philippe Brucker
2020-10-27 10:20             ` Geert Uytterhoeven
2020-10-27 11:29               ` Ard Biesheuvel
2020-10-27 11:53                 ` Naresh Kamboju
2020-10-27 13:56                 ` Ard Biesheuvel
2020-08-21 19:42 ` [PATCH v6 14/29] arm64/build: Warn on orphan section placement Kees Cook
2020-08-21 19:42 ` [PATCH v6 15/29] arm/build: Refactor linker script headers Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 16/29] arm/build: Explicitly keep .ARM.attributes sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 17/29] arm/build: Add missing sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:42 ` [PATCH v6 18/29] arm/build: Assert for unwanted sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 19/29] arm/build: Warn on orphan section placement Kees Cook
2020-08-21 19:43 ` [PATCH v6 20/29] arm/boot: Handle all sections explicitly Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 21/29] arm/boot: Warn on orphan section placement Kees Cook
2020-08-21 19:43 ` [PATCH v6 22/29] x86/asm: Avoid generating unused kprobe sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 23/29] x86/build: Enforce an empty .got.plt section Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 24/29] x86/build: Assert for unwanted sections Kees Cook
2020-09-01 11:47   ` [tip: core/build] x86/build: Add asserts " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 25/29] x86/build: Warn on orphan section placement Kees Cook
2020-08-21 19:43 ` [PATCH v6 26/29] x86/boot/compressed: Reorganize zero-size section asserts Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 27/29] x86/boot/compressed: Remove, discard, or assert for unwanted sections Kees Cook
2020-08-21 20:01   ` Arvind Sankar
2020-08-21 21:21     ` Kees Cook
2020-08-21 21:28       ` Arvind Sankar
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 28/29] x86/boot/compressed: Add missing debugging sections to output Kees Cook
2020-09-01 11:47   ` [tip: core/build] " tip-bot2 for Kees Cook
2020-08-21 19:43 ` [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement Kees Cook
2020-08-31 19:41 ` [PATCH v6 00/29] " Kees Cook
2020-09-01  7:11   ` Ingo Molnar
2020-09-01  7:59     ` Ingo Molnar
2020-09-01  8:16       ` Ingo Molnar
2020-09-01 15:17         ` Kees Cook
2020-09-01 18:02           ` Nick Desaulniers
2020-09-01 23:18             ` Kees Cook
2020-09-01 23:54               ` Nick Desaulniers

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
	git clone --mirror https://lore.kernel.org/lkml/10 lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git