linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>, Jessica Yu <jeyu@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	linux-arch@vger.kernel.org, Heiko Carstens <hca@linux.ibm.com>,
	Vasily Gorbik <gor@linux.ibm.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Alexander Egorenkov <egorenar@linux.ibm.com>,
	Sven Schnelle <svens@linux.ibm.com>,
	Ilya Leoshkevich <iii@linux.ibm.com>,
	"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
	Ingo Molnar <mingo@kernel.org>,
	Sami Tolvanen <samitolvanen@google.com>,
	linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org,
	linux-hardening@vger.kernel.org,
	Sean Christopherson <seanjc@google.com>
Subject: Re: [PATCH 3/4] module: Use a list of strings for ro_after_init sections
Date: Sat, 4 Sep 2021 07:40:08 -0700	[thread overview]
Message-ID: <202109040739.F973371BD@keescook> (raw)
In-Reply-To: <20210904040903.tgkkoo2x76zpuj62@treble>

On Fri, Sep 03, 2021 at 09:09:03PM -0700, Josh Poimboeuf wrote:
> On Fri, Sep 03, 2021 at 09:38:42AM -0700, Kees Cook wrote:
> > On Thu, Sep 02, 2021 at 11:49:51PM -0700, Josh Poimboeuf wrote:
> > > On Wed, Sep 01, 2021 at 04:37:56PM -0700, Kees Cook wrote:
> > > > Instead of open-coding the section names, use a list for the sections that
> > > > need to be marked read-only after init. Unfortunately, it seems we can't
> > > > do normal section merging with scripts/module.lds.S as ld.bfd doesn't
> > > > correctly update symbol tables. For more details, see commit 6a3193cdd5e5
> > > > ("kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG
> > > > is enabled").
> > > 
> > > I'm missing what this has to do with section merging.  Can you connect
> > > the dots here, i.e. what sections would we want to merge and how would
> > > that help here?
> > 
> > Right, sorry, if ld.bfd didn't have this issue, we could use section
> > merging in the module.lds.S file the way we do in vmlinux.lds:
> > 
> > #ifndef RO_AFTER_INIT_DATA
> > #define RO_AFTER_INIT_DATA                                              \
> >         . = ALIGN(8);                                                   \
> >         __start_ro_after_init = .;                                      \
> >         *(.data..ro_after_init)                                         \
> >         JUMP_TABLE_DATA                                                 \
> >         STATIC_CALL_DATA                                                \
> >         __end_ro_after_init = .;
> > #endif
> > ...
> >         . = ALIGN((align));                                             \
> >         .rodata           : AT(ADDR(.rodata) - LOAD_OFFSET) {           \
> >                 __start_rodata = .;                                     \
> >                 *(.rodata) *(.rodata.*)                                 \
> >                 SCHED_DATA                                              \
> >                 RO_AFTER_INIT_DATA      /* Read only after init */      \
> >                 . = ALIGN(8);                                           \
> >                 __start___tracepoints_ptrs = .;                         \
> >                 KEEP(*(__tracepoints_ptrs)) /* Tracepoints: pointer array */ \
> >                 __stop___tracepoints_ptrs = .;                          \
> >                 *(__tracepoints_strings)/* Tracepoints: strings */      \
> >         }                                                               \
> > 
> > Then jump_table and static_call sections could be collected into a
> > new section, as the module loader would only need to look for that
> > single name.
> 
> Hm, that could be a really nice way to converge things for vmlinux and
> module linking.

Agreed! I had really wanted to do more of this, but was stumped by the
weird symbol behavior.

> After some digging, 6a3193cdd5e5 isn't necessarily a linker bug.  It may
> be some kind of undefined behavior when the section address isn't
> specified.  If you just explicitly set the section address to zero then
> the "bug" goes away.

Well that's a nice find! I'll play more with this to see if I can make a
cleaner solution.

Thanks!

-Kees

> 
> diff --git a/scripts/module.lds.S b/scripts/module.lds.S
> index 04c5685c25cf..80b09b7d405c 100644
> --- a/scripts/module.lds.S
> +++ b/scripts/module.lds.S
> @@ -30,23 +30,22 @@ SECTIONS {
>  
>  	__patchable_function_entries : { *(__patchable_function_entries) }
>  
> -#ifdef CONFIG_LTO_CLANG
>  	/*
>  	 * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
>  	 * -ffunction-sections, which increases the size of the final module.
>  	 * Merge the split sections in the final binary.
>  	 */
> -	.bss : {
> +	.bss 0 : {
>  		*(.bss .bss.[0-9a-zA-Z_]*)
>  		*(.bss..L*)
>  	}
>  
> -	.data : {
> +	.data 0 : {
>  		*(.data .data.[0-9a-zA-Z_]*)
>  		*(.data..L*)
>  	}
>  
> -	.rodata : {
> +	.rodata 0 : {
>  		*(.rodata .rodata.[0-9a-zA-Z_]*)
>  		*(.rodata..L*)
>  	}
> @@ -55,11 +54,10 @@ SECTIONS {
>  	 * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning
>  	 * of the .text section, and is aligned to PAGE_SIZE.
>  	 */
> -	.text : ALIGN_CFI {
> +	.text 0 : ALIGN_CFI {
>  		*(.text.__cfi_check)
>  		*(.text .text.[0-9a-zA-Z_]* .text..L.cfi*)
>  	}
> -#endif
>  }
>  
>  /* bring in arch-specific sections */
> 

-- 
Kees Cook

  reply	other threads:[~2021-09-04 14:40 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-01 23:37 [PATCH 0/4] Fix ro_after_init vs static_call Kees Cook
2021-09-01 23:37 ` [PATCH 1/4] vmlinux.lds.h: Use regular *RODATA and *RO_AFTER_INIT_DATA suffixes Kees Cook
2021-09-03  5:55   ` Josh Poimboeuf
2021-09-03  8:17   ` Heiko Carstens
2021-09-01 23:37 ` [PATCH 2/4] vmlinux.lds.h: Split .static_call_sites from .static_call_tramp_key Kees Cook
2021-09-03  5:55   ` Josh Poimboeuf
2021-09-01 23:37 ` [PATCH 3/4] module: Use a list of strings for ro_after_init sections Kees Cook
2021-09-03  6:49   ` Josh Poimboeuf
2021-09-03 16:38     ` Kees Cook
2021-09-04  4:09       ` Josh Poimboeuf
2021-09-04 14:40         ` Kees Cook [this message]
2021-09-01 23:37 ` [PATCH 4/4] module: Include .static_call_sites in module ro_after_init Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202109040739.F973371BD@keescook \
    --to=keescook@chromium.org \
    --cc=arnd@arndb.de \
    --cc=borntraeger@de.ibm.com \
    --cc=egorenar@linux.ibm.com \
    --cc=gor@linux.ibm.com \
    --cc=hca@linux.ibm.com \
    --cc=iii@linux.ibm.com \
    --cc=jeyu@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=samitolvanen@google.com \
    --cc=seanjc@google.com \
    --cc=svens@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).