With the command-line option, -mx86-used-note=yes, the x86 assembler
in binutils 2.32 and above generates a program property note in a note
section, .note.gnu.property, to encode used x86 ISAs and features. But
x86 kernel vDSO linker script only contains a single NOTE segment:
PHDRS
{
text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
note PT_NOTE FLAGS(4); /* PF_R */
eh_frame_hdr 0x6474e550;
}
The NOTE segment generated by vDSO linker script is aligned to 4 bytes.
But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
we get
[hjl@gnu-skx-1 vdso]$ readelf -n vdso64.so
Displaying notes found in: .note
Owner Data size Description
Linux 0x00000004 Unknown note type: (0x00000000)
description data: 06 00 00 00
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x20
readelf: Warning: type: 0x78, namesize: 0x00000100, descsize: 0x756e694c, alignment: 8
[hjl@gnu-skx-1 vdso]$
Since note.gnu.property section in vDSO is not checked by dynamic linker,
this patch discards .note.gnu.property sections in vDSO by adding
/DISCARD/ : {
*(.note.gnu.property)
}
before .notes sections in vDSO linker script.
Signed-off-by: H.J. Lu <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
---
arch/x86/entry/vdso/vdso-layout.lds.S | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/entry/vdso/vdso-layout.lds.S b/arch/x86/entry/vdso/vdso-layout.lds.S
index ea7e0155c604..4d152933547d 100644
--- a/arch/x86/entry/vdso/vdso-layout.lds.S
+++ b/arch/x86/entry/vdso/vdso-layout.lds.S
@@ -57,6 +57,13 @@ SECTIONS
*(.gnu.linkonce.b.*)
} :text
+ /*
+ * Discard .note.gnu.property sections which are unused and have
+ * different alignment requirement from vDSO note sections.
+ */
+ /DISCARD/ : {
+ *(.note.gnu.property)
+ }
.note : { *(.note.*) } :text :note
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr
--
2.25.1
On Thu, Mar 26, 2020 at 10:43:14AM -0700, H.J. Lu wrote:
> With the command-line option, -mx86-used-note=yes, the x86 assembler
I see:
-mx86-used-note=no
-mx86-used-note=yes
These options control whether the assembler should generate
GNU_PROPERTY_X86_ISA_1_USED and GNU_PROPERTY_X86_FEATURE_2_USED GNU property
notes. The default can be controlled by the --enable-x86-used-note
configure option.
Is there a plan to use this build option in the kernel in the future or
all binutils will have it enabled or what's the story here?
Because I don't see -mx86-used-note used anywhere in the kernel...
> in binutils 2.32 and above generates a program property note in a note
> section, .note.gnu.property, to encode used x86 ISAs and features. But
> x86 kernel vDSO linker script only contains a single NOTE segment:
>
> PHDRS
> {
> text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
> dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
> note PT_NOTE FLAGS(4); /* PF_R */
> eh_frame_hdr 0x6474e550;
> }
>
> The NOTE segment generated by vDSO linker script is aligned to 4 bytes.
> But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
> we get
>
> [hjl@gnu-skx-1 vdso]$ readelf -n vdso64.so
>
> Displaying notes found in: .note
> Owner Data size Description
> Linux 0x00000004 Unknown note type: (0x00000000)
> description data: 06 00 00 00
> readelf: Warning: note with invalid namesz and/or descsz found at offset 0x20
> readelf: Warning: type: 0x78, namesize: 0x00000100, descsize: 0x756e694c, alignment: 8
> [hjl@gnu-skx-1 vdso]$
>
> Since note.gnu.property section in vDSO is not checked by dynamic linker,
> this patch discards .note.gnu.property sections in vDSO by adding
Avoid having "This patch" or "This commit" in the commit message. It is
tautologically useless.
Also, do
$ git grep 'This patch' Documentation/process
for more details.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Fri, Mar 27, 2020 at 3:44 AM Borislav Petkov <[email protected]> wrote:
>
> On Thu, Mar 26, 2020 at 10:43:14AM -0700, H.J. Lu wrote:
> > With the command-line option, -mx86-used-note=yes, the x86 assembler
>
> I see:
>
> -mx86-used-note=no
> -mx86-used-note=yes
> These options control whether the assembler should generate
> GNU_PROPERTY_X86_ISA_1_USED and GNU_PROPERTY_X86_FEATURE_2_USED GNU property
> notes. The default can be controlled by the --enable-x86-used-note
> configure option.
>
> Is there a plan to use this build option in the kernel in the future or
> all binutils will have it enabled or what's the story here?
>
> Because I don't see -mx86-used-note used anywhere in the kernel...
-mx86-used-note=yes can be enabled by default at binutils configure time:
[hjl@gnu-cfl-2 ~]$ as --help | grep mx86-used-note
-mx86-used-note=[no|yes] (default: yes)
[hjl@gnu-cfl-2 ~]$
I am changing the commit log to
---
With the command-line option, -mx86-used-note=yes, which can also be
enabled at binutils build time with
--enable-x86-used-note generate GNU x86 used ISA and feature properties
the x86 assembler in binutils 2.32 and above generates a program property
note in a note section, .note.gnu.property, to encode used x86 ISAs and
features. But kernel linker script only contains a single NOTE segment:
---
> > in binutils 2.32 and above generates a program property note in a note
> > section, .note.gnu.property, to encode used x86 ISAs and features. But
> > x86 kernel vDSO linker script only contains a single NOTE segment:
> >
> > PHDRS
> > {
> > text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
> > dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
> > note PT_NOTE FLAGS(4); /* PF_R */
> > eh_frame_hdr 0x6474e550;
> > }
> >
> > The NOTE segment generated by vDSO linker script is aligned to 4 bytes.
> > But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
> > we get
> >
> > [hjl@gnu-skx-1 vdso]$ readelf -n vdso64.so
> >
> > Displaying notes found in: .note
> > Owner Data size Description
> > Linux 0x00000004 Unknown note type: (0x00000000)
> > description data: 06 00 00 00
> > readelf: Warning: note with invalid namesz and/or descsz found at offset 0x20
> > readelf: Warning: type: 0x78, namesize: 0x00000100, descsize: 0x756e694c, alignment: 8
> > [hjl@gnu-skx-1 vdso]$
> >
> > Since note.gnu.property section in vDSO is not checked by dynamic linker,
> > this patch discards .note.gnu.property sections in vDSO by adding
>
> Avoid having "This patch" or "This commit" in the commit message. It is
> tautologically useless.
I am changing it to
Since note.gnu.property section in kernel image is never used, discard
.note.gnu.property sections in kernel linker script by adding
/DISCARD/ : {
*(.note.gnu.property)
}
> Also, do
>
> $ git grep 'This patch' Documentation/process
>
> for more details.
Thanks.
--
H.J.
The following commit has been merged into the x86/build branch of tip:
Commit-ID: 4caffe6a28d3157c11cae923a40456a053c520ea
Gitweb: https://git.kernel.org/tip/4caffe6a28d3157c11cae923a40456a053c520ea
Author: H.J. Lu <[email protected]>
AuthorDate: Thu, 26 Mar 2020 10:43:14 -07:00
Committer: Borislav Petkov <[email protected]>
CommitterDate: Fri, 27 Mar 2020 15:53:05 +01:00
x86/vdso: Discard .note.gnu.property sections in vDSO
With the command-line option -mx86-used-note=yes which can also be
enabled at binutils build time with:
--enable-x86-used-note generate GNU x86 used ISA and feature properties
the x86 assembler in binutils 2.32 and above generates a program property
note in a note section, .note.gnu.property, to encode used x86 ISAs and
features. But kernel linker script only contains a single NOTE segment:
PHDRS
{
text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
note PT_NOTE FLAGS(4); /* PF_R */
eh_frame_hdr 0x6474e550;
}
The NOTE segment generated by the vDSO linker script is aligned to 4 bytes.
But the .note.gnu.property section must be aligned to 8 bytes on x86-64:
[hjl@gnu-skx-1 vdso]$ readelf -n vdso64.so
Displaying notes found in: .note
Owner Data size Description
Linux 0x00000004 Unknown note type: (0x00000000)
description data: 06 00 00 00
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x20
readelf: Warning: type: 0x78, namesize: 0x00000100, descsize: 0x756e694c, alignment: 8
Since the note.gnu.property section in the vDSO is not checked by the
dynamic linker, discard the .note.gnu.property sections in the vDSO.
[ bp: Massage. ]
Signed-off-by: H.J. Lu <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/entry/vdso/vdso-layout.lds.S | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/entry/vdso/vdso-layout.lds.S b/arch/x86/entry/vdso/vdso-layout.lds.S
index ea7e015..4d15293 100644
--- a/arch/x86/entry/vdso/vdso-layout.lds.S
+++ b/arch/x86/entry/vdso/vdso-layout.lds.S
@@ -57,6 +57,13 @@ SECTIONS
*(.gnu.linkonce.b.*)
} :text
+ /*
+ * Discard .note.gnu.property sections which are unused and have
+ * different alignment requirement from vDSO note sections.
+ */
+ /DISCARD/ : {
+ *(.note.gnu.property)
+ }
.note : { *(.note.*) } :text :note
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr