Hi Ingo,
Based on my testing, this is ready to go. I've reviewed the feedback on
v5 and made a few small changes, noted below.
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v6
v6:
- rebase to -tip x86/boot
- remove 0-sized NOLOAD
- move .got.plt to end with INFO (NOLOAD warns)
- add Reviewed-bys
v5: https://lore.kernel.org/lkml/[email protected]/
v4: https://lore.kernel.org/lkml/[email protected]/
v3: https://lore.kernel.org/lkml/[email protected]/
v2: https://lore.kernel.org/lkml/[email protected]/
v1: https://lore.kernel.org/lkml/[email protected]/
A recent bug[1] was solved for builds linked with ld.lld, and tracking
it down took way longer than it needed to (a year). Ultimately, it
boiled down to differences between ld.bfd and ld.lld's handling of
orphan sections. Similar situation have continued to recur, and it's
clear the kernel build needs to be much more explicit about linker
sections. Similarly, the recent FGKASLR series brought up orphan section
handling too[2]. In all cases, it would have been nice if the linker was
running with --orphan-handling=warn so that surprise sections wouldn't
silently get mapped into the kernel image at locations up to the whim
of the linker's orphan handling logic. Instead, all desired sections
should be explicitly identified in the linker script (to be either kept,
discarded, or verified to be zero-sized) with any orphans throwing a
warning. The powerpc architecture has actually been doing this for some
time, so this series just extends that coverage to x86, arm, and arm64.
This has gotten sucecssful build testing under the following matrix:
compiler/linker: gcc+ld.bfd, clang+ld.lld
targets: defconfig, allmodconfig
architectures: x86, i386, arm64, arm
versions: -tip x86/boot
All three architectures depend on the first several commits to
vmlinux.lds.h. x86 depends on Arvind's GOT series (in -tip x86/boot now).
arm64 depends on the efi/libstub patch. As such, I'd like to land this
series as a whole. Ingo has suggested he'd take it into -tip.
Thanks!
-Kees
[1] https://github.com/ClangBuiltLinux/linux/issues/282
[2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/
Kees Cook (28):
vmlinux.lds.h: Create COMMON_DISCARDS
vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
efi/libstub: Disable -mbranch-protection
arm64/mm: Remove needless section quotes
arm64/kernel: Remove needless Call Frame Information annotations
arm64/build: Remove .eh_frame* sections due to unwind tables
arm64/build: Use common DISCARDS in linker script
arm64/build: Add missing DWARF sections
arm64/build: Assert for unwanted sections
arm64/build: Warn on orphan section placement
arm/build: Refactor linker script headers
arm/build: Explicitly keep .ARM.attributes sections
arm/build: Add missing sections
arm/build: Assert for unwanted sections
arm/build: Warn on orphan section placement
arm/boot: Handle all sections explicitly
arm/boot: Warn on orphan section placement
x86/asm: Avoid generating unused kprobe sections
x86/build: Enforce an empty .got.plt section
x86/build: Assert for unwanted sections
x86/build: Warn on orphan section placement
x86/boot/compressed: Reorganize zero-size section asserts
x86/boot/compressed: Remove, discard, or assert for unwanted sections
x86/boot/compressed: Add missing debugging sections to output
x86/boot/compressed: Warn on orphan section placement
Nick Desaulniers (1):
vmlinux.lds.h: add PGO and AutoFDO input sections
arch/alpha/kernel/vmlinux.lds.S | 1 +
arch/arc/kernel/vmlinux.lds.S | 1 +
arch/arm/Makefile | 4 ++
arch/arm/boot/compressed/Makefile | 2 +
arch/arm/boot/compressed/vmlinux.lds.S | 20 +++----
.../arm/{kernel => include/asm}/vmlinux.lds.h | 30 ++++++++--
arch/arm/kernel/vmlinux-xip.lds.S | 8 ++-
arch/arm/kernel/vmlinux.lds.S | 8 ++-
arch/arm64/Makefile | 9 ++-
arch/arm64/kernel/smccc-call.S | 2 -
arch/arm64/kernel/vmlinux.lds.S | 28 +++++++--
arch/arm64/mm/mmu.c | 2 +-
arch/csky/kernel/vmlinux.lds.S | 1 +
arch/hexagon/kernel/vmlinux.lds.S | 1 +
arch/ia64/kernel/vmlinux.lds.S | 1 +
arch/mips/kernel/vmlinux.lds.S | 1 +
arch/nds32/kernel/vmlinux.lds.S | 1 +
arch/nios2/kernel/vmlinux.lds.S | 1 +
arch/openrisc/kernel/vmlinux.lds.S | 1 +
arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
arch/parisc/kernel/vmlinux.lds.S | 1 +
arch/powerpc/kernel/vmlinux.lds.S | 2 +-
arch/riscv/kernel/vmlinux.lds.S | 1 +
arch/s390/kernel/vmlinux.lds.S | 1 +
arch/sh/kernel/vmlinux.lds.S | 1 +
arch/sparc/kernel/vmlinux.lds.S | 1 +
arch/um/kernel/dyn.lds.S | 2 +-
arch/um/kernel/uml.lds.S | 2 +-
arch/x86/Makefile | 4 ++
arch/x86/boot/compressed/Makefile | 2 +
arch/x86/boot/compressed/vmlinux.lds.S | 58 +++++++++++++------
arch/x86/include/asm/asm.h | 6 +-
arch/x86/kernel/vmlinux.lds.S | 39 ++++++++++++-
drivers/firmware/efi/libstub/Makefile | 9 ++-
include/asm-generic/vmlinux.lds.h | 49 +++++++++++++---
35 files changed, 241 insertions(+), 60 deletions(-)
rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (84%)
--
2.25.1
Remove last instance of an .eh_frame section by removing the needless Call
Frame Information annotations which were likely leftovers from 32-bit arm.
Suggested-by: Ard Biesheuvel <[email protected]>
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/kernel/smccc-call.S | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S
index 1f93809528a4..d62447964ed9 100644
--- a/arch/arm64/kernel/smccc-call.S
+++ b/arch/arm64/kernel/smccc-call.S
@@ -9,7 +9,6 @@
#include <asm/assembler.h>
.macro SMCCC instr
- .cfi_startproc
\instr #0
ldr x4, [sp]
stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS]
@@ -21,7 +20,6 @@
b.ne 1f
str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS]
1: ret
- .cfi_endproc
.endm
/*
--
2.25.1
Explicitly include DWARF sections when they're present in the build.
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/kernel/vmlinux.lds.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 082e9efa2b43..16eb2ef806cd 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -239,6 +239,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ELF_DETAILS
HEAD_SYMBOLS
--
2.25.1
Use the common DISCARDS rule for the linker script in an effort to
regularize the linker script to prepare for warning on orphaned
sections. Additionally clean up left-over no-op macros.
Signed-off-by: Kees Cook <[email protected]>
Acked-by: Will Deacon <[email protected]>
---
arch/arm64/kernel/vmlinux.lds.S | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index c2b8426bf4bd..082e9efa2b43 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -6,6 +6,7 @@
*/
#define RO_EXCEPTION_TABLE_ALIGN 8
+#define RUNTIME_DISCARD_EXIT
#include <asm-generic/vmlinux.lds.h>
#include <asm/cache.h>
@@ -88,10 +89,8 @@ SECTIONS
* matching the same input section name. There is no documented
* order of matching.
*/
+ DISCARDS
/DISCARD/ : {
- EXIT_CALL
- *(.discard)
- *(.discard.*)
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
}
--
2.25.1
The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as INFO. This is more sensitive than just blindly
discarding the section.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035cb15f1..4b1b936a6e7d 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
ELF_DETAILS
DISCARDS
-}
+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt (INFO) : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+ SIZEOF(.got.plt) == 0x18,
+#else
+ SIZEOF(.got.plt) == 0xc,
+#endif
+ "Unexpected GOT/PLT entries detected!")
+}
#ifdef CONFIG_X86_32
/*
--
2.25.1
In preparation for warning on orphan sections, use common macros for
debug sections, discards, and text stubs. Add discards for unwanted .note,
and .rel sections.
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/boot/compressed/vmlinux.lds.S | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 09ac33f52814..b914be3a207b 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2000 Russell King
*/
+#include <asm/vmlinux.lds.h>
#ifdef CONFIG_CPU_ENDIAN_BE8
#define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
@@ -17,8 +18,11 @@ ENTRY(_start)
SECTIONS
{
/DISCARD/ : {
+ COMMON_DISCARDS
*(.ARM.exidx*)
*(.ARM.extab*)
+ *(.note.*)
+ *(.rel.*)
/*
* Discard any r/w data - this produces a link error if we have any,
* which is required for PIC decompression. Local data generates
@@ -36,9 +40,7 @@ SECTIONS
*(.start)
*(.text)
*(.text.*)
- *(.gnu.warning)
- *(.glue_7t)
- *(.glue_7)
+ ARM_STUBS_TEXT
}
.table : ALIGN(4) {
_table_start = .;
@@ -128,12 +130,10 @@ SECTIONS
PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
PROVIDE(__pecoff_end = ALIGN(512));
- .stab 0 : { *(.stab) }
- .stabstr 0 : { *(.stabstr) }
- .stab.excl 0 : { *(.stab.excl) }
- .stab.exclstr 0 : { *(.stab.exclstr) }
- .stab.index 0 : { *(.stab.index) }
- .stab.indexstr 0 : { *(.stab.indexstr) }
- .comment 0 : { *(.comment) }
+ STABS_DEBUG
+ DWARF_DEBUG
+ ARM_DETAILS
+
+ ARM_ASSERTS
}
ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");
--
2.25.1
In preparation for warning on orphan sections, enforce
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/include/asm/vmlinux.lds.h | 11 +++++++++++
arch/arm/kernel/vmlinux-xip.lds.S | 2 ++
arch/arm/kernel/vmlinux.lds.S | 2 ++
3 files changed, 15 insertions(+)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 6624dd97475c..4a91428c324d 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,17 @@
ARM_MMU_DISCARD(*(__ex_table)) \
COMMON_DISCARDS
+/*
+ * Sections that should stay zero sized, which is safer to explicitly
+ * check instead of blindly discarding.
+ */
+#define ARM_ASSERTS \
+ .plt : { \
+ *(.iplt) *(.rel.iplt) *(.iplt) *(.igot.plt) \
+ } \
+ ASSERT(SIZEOF(.plt) == 0, \
+ "Unexpected run-time procedure linkages detected!")
+
#define ARM_DETAILS \
ELF_DETAILS \
.ARM.attributes 0 : { *(.ARM.attributes) }
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 11ffa79751da..50136828f5b5 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,8 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ARM_DETAILS
+
+ ARM_ASSERTS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index dc672fe35de3..5f4922e858d0 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,8 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ARM_DETAILS
+
+ ARM_ASSERTS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
--
2.25.1
In preparation for adding --orphan-handling=warn, refactor the linker
script header includes, and extract common macros.
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/{kernel => include/asm}/vmlinux.lds.h | 13 ++++++++-----
arch/arm/kernel/vmlinux-xip.lds.S | 4 +---
arch/arm/kernel/vmlinux.lds.S | 4 +---
3 files changed, 10 insertions(+), 11 deletions(-)
rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (96%)
diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
similarity index 96%
rename from arch/arm/kernel/vmlinux.lds.h
rename to arch/arm/include/asm/vmlinux.lds.h
index 381a8e105fa5..a08f4301b718 100644
--- a/arch/arm/kernel/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -1,4 +1,5 @@
/* SPDX-License-Identifier: GPL-2.0 */
+#include <asm-generic/vmlinux.lds.h>
#ifdef CONFIG_HOTPLUG_CPU
#define ARM_CPU_DISCARD(x)
@@ -49,8 +50,12 @@
EXIT_CALL \
ARM_MMU_DISCARD(*(.text.fixup)) \
ARM_MMU_DISCARD(*(__ex_table)) \
- *(.discard) \
- *(.discard.*)
+ COMMON_DISCARDS
+
+#define ARM_STUBS_TEXT \
+ *(.gnu.warning) \
+ *(.glue_7) \
+ *(.glue_7t)
#define ARM_TEXT \
IDMAP_TEXT \
@@ -64,9 +69,7 @@
CPUIDLE_TEXT \
LOCK_TEXT \
KPROBES_TEXT \
- *(.gnu.warning) \
- *(.glue_7) \
- *(.glue_7t) \
+ ARM_STUBS_TEXT \
. = ALIGN(4); \
*(.got) /* Global offset table */ \
ARM_CPU_KEEP(PROC_INFO)
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3d4e88f08196..904c31fa20ed 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -9,15 +9,13 @@
#include <linux/sizes.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
#include <asm/cache.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/mpu.h>
#include <asm/page.h>
-#include "vmlinux.lds.h"
-
OUTPUT_ARCH(arm)
ENTRY(stext)
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 5592f14b7e35..bb950c896a67 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -9,15 +9,13 @@
#else
#include <linux/pgtable.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
#include <asm/cache.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/mpu.h>
#include <asm/page.h>
-#include "vmlinux.lds.h"
-
OUTPUT_ARCH(arm)
ENTRY(stext)
--
2.25.1
In preparation for adding --orphan-handling=warn, explicitly keep the
.ARM.attributes section (at address 0[1]) by expanding the existing
ELF_DETAILS macro into ARM_DETAILS.
[1] https://reviews.llvm.org/D85867
Suggested-by: Nick Desaulniers <[email protected]>
Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
Reviewed-by: Fangrui Song <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/include/asm/vmlinux.lds.h | 4 ++++
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/kernel/vmlinux.lds.S | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index a08f4301b718..c4af5182ab48 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,10 @@
ARM_MMU_DISCARD(*(__ex_table)) \
COMMON_DISCARDS
+#define ARM_DETAILS \
+ ELF_DETAILS \
+ .ARM.attributes 0 : { *(.ARM.attributes) }
+
#define ARM_STUBS_TEXT \
*(.gnu.warning) \
*(.glue_7) \
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 904c31fa20ed..57fcbf55f913 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,7 +150,7 @@ SECTIONS
_end = .;
STABS_DEBUG
- ELF_DETAILS
+ ARM_DETAILS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index bb950c896a67..1d3d3b599635 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,7 +149,7 @@ SECTIONS
_end = .;
STABS_DEBUG
- ELF_DETAILS
+ ARM_DETAILS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
--
2.25.1
From: Nick Desaulniers <[email protected]>
Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too.
When compiling with profiling information (collected via PGO
instrumentations or AutoFDO sampling), Clang will separate code into
.text.hot, .text.unlikely, or .text.unknown sections based on profiling
information. After D79600 (clang-11), these sections will have a
trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown..
When using -ffunction-sections together with profiling infomation,
either explicitly (FGKASLR) or implicitly (LTO), code may be placed in
sections following the convention:
.text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz>
where <foo>, <bar>, and <baz> are functions. (This produces one section
per function; we generally try to merge these all back via linker script
so that we don't have 50k sections).
For the above cases, we need to teach our linker scripts that such
sections might exist and that we'd explicitly like them grouped
together, otherwise we can wind up with code outside of the
_stext/_etext boundaries that might not be mapped properly for some
architectures, resulting in boot failures.
If the linker script is not told about possible input sections, then
where the section is placed as output is a heuristic-laiden mess that's
non-portable between linkers (ie. BFD and LLD), and has resulted in many
hard to debug bugs. Kees Cook is working on cleaning this up by adding
--orphan-handling=warn linker flag used in ARCH=powerpc to additional
architectures. In the case of linker scripts, borrowing from the Zen of
Python: explicit is better than implicit.
Also, ld.bfd's internal linker script considers .text.hot AND
.text.hot.* to be part of .text, as well as .text.unlikely and
.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't
see Clang producing such code in our kernel builds, but I see code in
LLVM that can produce such section names if profiling information is
missing. That may point to a larger issue with generating or collecting
profiles, but I would much rather be safe and explicit than have to
debug yet another issue related to orphan section placement.
Reported-by: Jian Cai <[email protected]>
Suggested-by: Fāng-ruì Sòng <[email protected]>
Tested-by: Luis Lozano <[email protected]>
Tested-by: Manoj Gupta <[email protected]>
Acked-by: Kees Cook <[email protected]>
Cc: [email protected]
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655
Link: https://reviews.llvm.org/D79600
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760
Debugged-by: Luis Lozano <[email protected]>
Signed-off-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
include/asm-generic/vmlinux.lds.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 98d013dcc11a..91dcfb91ac45 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -581,7 +581,10 @@
*/
#define TEXT_TEXT \
ALIGN_FUNCTION(); \
- *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \
+ *(.text.hot .text.hot.*) \
+ *(TEXT_MAIN .text.fixup) \
+ *(.text.unlikely .text.unlikely.*) \
+ *(.text.unknown .text.unknown.*) \
NOINSTR_TEXT \
*(.text..refcount) \
*(.ref.text) \
--
2.25.1
The .comment section doesn't belong in STABS_DEBUG. Split it out into a
new macro named ELF_DETAILS. This will gain other non-debug sections
that need to be accounted for when linking with --orphan-handling=warn.
Signed-off-by: Kees Cook <[email protected]>
---
arch/alpha/kernel/vmlinux.lds.S | 1 +
arch/arc/kernel/vmlinux.lds.S | 1 +
arch/arm/kernel/vmlinux-xip.lds.S | 1 +
arch/arm/kernel/vmlinux.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
arch/csky/kernel/vmlinux.lds.S | 1 +
arch/hexagon/kernel/vmlinux.lds.S | 1 +
arch/ia64/kernel/vmlinux.lds.S | 1 +
arch/mips/kernel/vmlinux.lds.S | 1 +
arch/nds32/kernel/vmlinux.lds.S | 1 +
arch/nios2/kernel/vmlinux.lds.S | 1 +
arch/openrisc/kernel/vmlinux.lds.S | 1 +
arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
arch/parisc/kernel/vmlinux.lds.S | 1 +
arch/powerpc/kernel/vmlinux.lds.S | 2 +-
arch/riscv/kernel/vmlinux.lds.S | 1 +
arch/s390/kernel/vmlinux.lds.S | 1 +
arch/sh/kernel/vmlinux.lds.S | 1 +
arch/sparc/kernel/vmlinux.lds.S | 1 +
arch/um/kernel/dyn.lds.S | 2 +-
arch/um/kernel/uml.lds.S | 2 +-
arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
arch/x86/kernel/vmlinux.lds.S | 1 +
include/asm-generic/vmlinux.lds.h | 8 ++++++--
24 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S
index bc6f727278fd..5b78d640725d 100644
--- a/arch/alpha/kernel/vmlinux.lds.S
+++ b/arch/alpha/kernel/vmlinux.lds.S
@@ -72,6 +72,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index 54139a6f469b..33ce59d91461 100644
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -122,6 +122,7 @@ SECTIONS
_end = . ;
STABS_DEBUG
+ ELF_DETAILS
DISCARDS
.arcextmap 0 : {
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 6d2be994ae58..3d4e88f08196 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7f24bc08403e..5592f14b7e35 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index ec8e894684a7..13fc2ec46aae 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -241,6 +241,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
HEAD_SYMBOLS
}
diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S
index f05b413df328..f03033e17c29 100644
--- a/arch/csky/kernel/vmlinux.lds.S
+++ b/arch/csky/kernel/vmlinux.lds.S
@@ -109,6 +109,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S
index 0ca2471ddb9f..35b18e55eae8 100644
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -67,5 +67,6 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
}
diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
index d259690eb91a..9b265783be6a 100644
--- a/arch/ia64/kernel/vmlinux.lds.S
+++ b/arch/ia64/kernel/vmlinux.lds.S
@@ -218,6 +218,7 @@ SECTIONS {
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Default discards */
DISCARDS
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index f185a85a27c1..5e97e9d02f98 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -202,6 +202,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* These must appear regardless of . */
.gptab.sdata : {
diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S
index 7a6c1cefe3fe..6a91b965fb1e 100644
--- a/arch/nds32/kernel/vmlinux.lds.S
+++ b/arch/nds32/kernel/vmlinux.lds.S
@@ -64,6 +64,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S
index c55a7cfa1075..126e114744cb 100644
--- a/arch/nios2/kernel/vmlinux.lds.S
+++ b/arch/nios2/kernel/vmlinux.lds.S
@@ -58,6 +58,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S
index 60449fd7f16f..d287dbb84d0f 100644
--- a/arch/openrisc/kernel/vmlinux.lds.S
+++ b/arch/openrisc/kernel/vmlinux.lds.S
@@ -115,6 +115,7 @@ SECTIONS
/* Throw in the debugging sections */
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Sections to be discarded -- must be last */
DISCARDS
diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S
index 2ac3a643f2eb..ab7b43990857 100644
--- a/arch/parisc/boot/compressed/vmlinux.lds.S
+++ b/arch/parisc/boot/compressed/vmlinux.lds.S
@@ -84,6 +84,7 @@ SECTIONS
}
STABS_DEBUG
+ ELF_DETAILS
.note 0 : { *(.note) }
/* Sections to be discarded */
diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S
index 53e29d88f99c..2769eb991f58 100644
--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -164,6 +164,7 @@ SECTIONS
_end = . ;
STABS_DEBUG
+ ELF_DETAILS
.note 0 : { *(.note) }
/* Sections to be discarded */
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 326e113d2e45..e0548b4950de 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -360,8 +360,8 @@ SECTIONS
PROVIDE32 (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
/DISCARD/ : {
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index f3586e31ed1e..6f3af7bbc49d 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -97,6 +97,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 37695499717d..177ccfbda40a 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -181,6 +181,7 @@ SECTIONS
/* Debugging sections. */
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Sections to be discarded */
DISCARDS
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index bde7a6c01aaf..3161b9ccd2a5 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -76,6 +76,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
index f99e99e58075..d55ae65a07ad 100644
--- a/arch/sparc/kernel/vmlinux.lds.S
+++ b/arch/sparc/kernel/vmlinux.lds.S
@@ -187,6 +187,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index f5001481010c..dacbfabf66d8 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -164,8 +164,8 @@ SECTIONS
PROVIDE (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 3b6dab3d4501..45d957d7004c 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -108,8 +108,8 @@ SECTIONS
PROVIDE (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 29df99b6cc64..3c2ee9a5bf43 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -82,6 +82,8 @@ SECTIONS
. = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */
_end = .;
+ ELF_DETAILS
+
DISCARDS
}
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9a03e5b23135..0cc035cb15f1 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -411,6 +411,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 6b89a03e636e..cadcbc3cdabd 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -34,6 +34,7 @@
*
* STABS_DEBUG
* DWARF_DEBUG
+ * ELF_DETAILS
*
* DISCARDS // must be the last
* }
@@ -811,14 +812,17 @@
.debug_macro 0 : { *(.debug_macro) } \
.debug_addr 0 : { *(.debug_addr) }
- /* Stabs debugging sections. */
+/* Stabs debugging sections. */
#define STABS_DEBUG \
.stab 0 : { *(.stab) } \
.stabstr 0 : { *(.stabstr) } \
.stab.excl 0 : { *(.stab.excl) } \
.stab.exclstr 0 : { *(.stab.exclstr) } \
.stab.index 0 : { *(.stab.index) } \
- .stab.indexstr 0 : { *(.stab.indexstr) } \
+ .stab.indexstr 0 : { *(.stab.indexstr) }
+
+/* Required sections not related to debugging. */
+#define ELF_DETAILS \
.comment 0 : { *(.comment) }
#ifdef CONFIG_GENERIC_BUG
--
2.25.1
When linking vmlinux with LLD, the synthetic sections .symtab, .strtab,
and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section
so there will be no warnings when --orphan-handling=warn is used more
widely. (They are added above comment as it is the more common
order[1].)
ld.lld: warning: <internal>:(.symtab) is being placed in '.symtab'
ld.lld: warning: <internal>:(.shstrtab) is being placed in '.shstrtab'
ld.lld: warning: <internal>:(.strtab) is being placed in '.strtab'
[1] https://lore.kernel.org/lkml/[email protected]/
Reported-by: Fangrui Song <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
include/asm-generic/vmlinux.lds.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index cadcbc3cdabd..98d013dcc11a 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -823,7 +823,10 @@
/* Required sections not related to debugging. */
#define ELF_DETAILS \
- .comment 0 : { *(.comment) }
+ .comment 0 : { *(.comment) } \
+ .symtab 0 : { *(.symtab) } \
+ .strtab 0 : { *(.strtab) } \
+ .shstrtab 0 : { *(.shstrtab) }
#ifdef CONFIG_GENERIC_BUG
#define BUG_TABLE \
--
2.25.1
In preparation for adding --orphan-handling=warn to more architectures,
disable -mbranch-protection, as EFI does not yet support it[1]. This was
noticed due to it producing unwanted .note.gnu.property sections (prefixed
with .init due to the objcopy build step).
However, we must also work around a bug in Clang where the section is
still emitted for code-less object files[2], so also remove the section
during the objcopy.
[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
[2] https://bugs.llvm.org/show_bug.cgi?id=46480
Cc: Arvind Sankar <[email protected]>
Cc: Atish Patra <[email protected]>
Cc: [email protected]
Acked-by: Ard Biesheuvel <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
drivers/firmware/efi/libstub/Makefile | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 5eefd60917df..0c911e391d75 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \
# arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
# disable the stackleak plugin
cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpie $(DISABLE_STACKLEAK_PLUGIN)
+ -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+ $(call cc-option,-mbranch-protection=none)
cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
$(call cc-option,-mno-single-pic-base)
@@ -66,6 +67,12 @@ lib-$(CONFIG_X86) += x86-stub.o
CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+# Even when -mbranch-protection=none is set, Clang will generate a
+# .note.gnu.property for code-less object files (like lib/ctype.c),
+# so work around this by explicitly removing the unwanted section.
+# https://bugs.llvm.org/show_bug.cgi?id=46480
+STUBCOPY_FLAGS-y += --remove-section=.note.gnu.property
+
#
# For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
# .bss section, so the .bss section of the EFI stub needs to be included in the
--
2.25.1
In preparation for warning on orphan sections, enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/kernel/vmlinux.lds.S | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4b1b936a6e7d..45d72447df84 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -427,6 +427,30 @@ SECTIONS
SIZEOF(.got.plt) == 0xc,
#endif
"Unexpected GOT/PLT entries detected!")
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .got : {
+ *(.got) *(.igot.*)
+ }
+ ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+ .plt : {
+ *(.plt) *(.plt.*) *(.iplt)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+ .rel.dyn : {
+ *(.rel.*) *(.rel_*)
+ }
+ ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
+
+ .rela.dyn : {
+ *(.rela.*) *(.rela_*)
+ }
+ ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
}
#ifdef CONFIG_X86_32
--
2.25.1
Add missing text stub sections .vfp11_veneer and .v4_bx, as well as
missing DWARF sections, when present in the build.
Reviewed-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/include/asm/vmlinux.lds.h | 4 +++-
arch/arm/kernel/vmlinux-xip.lds.S | 1 +
arch/arm/kernel/vmlinux.lds.S | 1 +
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index c4af5182ab48..6624dd97475c 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -59,7 +59,9 @@
#define ARM_STUBS_TEXT \
*(.gnu.warning) \
*(.glue_7) \
- *(.glue_7t)
+ *(.glue_7t) \
+ *(.vfp11_veneer) \
+ *(.v4_bx)
#define ARM_TEXT \
IDMAP_TEXT \
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 57fcbf55f913..11ffa79751da 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,6 +150,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ARM_DETAILS
}
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 1d3d3b599635..dc672fe35de3 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ARM_DETAILS
}
--
2.25.1
Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS
contain -fno-asychronous-unwind-tables and -fno-unwind-tables.
With all sources of .eh_frame now removed from the build, drop this
DISCARD so we can be alerted in the future if it returns unexpectedly
once orphan section warnings have been enabled.
Suggested-by: Ard Biesheuvel <[email protected]>
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/Makefile | 5 ++++-
arch/arm64/kernel/vmlinux.lds.S | 1 -
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 55bc8546d9c7..6de7f551b821 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -47,13 +47,16 @@ endif
KBUILD_CFLAGS += -mgeneral-regs-only \
$(compat_vdso) $(cc_has_k_constraint)
-KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
KBUILD_CFLAGS += $(call cc-disable-warning, psabi)
KBUILD_AFLAGS += $(compat_vdso)
KBUILD_CFLAGS += $(call cc-option,-mabi=lp64)
KBUILD_AFLAGS += $(call cc-option,-mabi=lp64)
+# Avoid generating .eh_frame* sections.
+KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
+
ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
prepare: stack_protector_prepare
stack_protector_prepare: prepare0
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 13fc2ec46aae..c2b8426bf4bd 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -94,7 +94,6 @@ SECTIONS
*(.discard.*)
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
- *(.eh_frame)
}
. = KIMAGE_VADDR + TEXT_OFFSET;
--
2.25.1
Fix a case of needless quotes in __section(), which Clang doesn't like.
Acked-by: Will Deacon <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/mm/mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 75df62fea1b6..e43c805b7b8c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -43,7 +43,7 @@
u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
-u64 __section(".mmuoff.data.write") vabits_actual;
+u64 __section(.mmuoff.data.write) vabits_actual;
EXPORT_SYMBOL(vabits_actual);
u64 kimage_voffset __ro_after_init;
--
2.25.1
KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread)
produce unwanted[1] .eh_frame and .init_array.* sections. Add them to
COMMON_DISCARDS, except with CONFIG_CONSTRUCTORS, which wants to keep
.init_array.* sections.
[1] https://bugs.llvm.org/show_bug.cgi?id=46478
Tested-by: Marco Elver <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index f1f02a2f71b7..6b89a03e636e 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,7 +954,27 @@
EXIT_DATA
#endif
+/*
+ * Clang's -fsanitize=kernel-address and -fsanitize=thread produce
+ * unwanted sections (.eh_frame and .init_array.*), but
+ * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections.
+ * https://bugs.llvm.org/show_bug.cgi?id=46478
+ */
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
+# ifdef CONFIG_CONSTRUCTORS
+# define SANITIZER_DISCARDS \
+ *(.eh_frame)
+# else
+# define SANITIZER_DISCARDS \
+ *(.init_array) *(.init_array.*) \
+ *(.eh_frame)
+# endif
+#else
+# define SANITIZER_DISCARDS
+#endif
+
#define COMMON_DISCARDS \
+ SANITIZER_DISCARDS \
*(.discard) \
*(.discard.*) \
*(.modinfo) \
--
2.25.1
Include the missing DWARF and STABS sections in the compressed image,
when they are present.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 02f6feb0e55b..112b2375d021 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -69,6 +69,8 @@ SECTIONS
. = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */
_end = .;
+ STABS_DEBUG
+ DWARF_DEBUG
ELF_DETAILS
DISCARDS
--
2.25.1
We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.
Specifically, this would have made a recently fixed bug very obvious:
ld: warning: orphan section `.fixup' from `arch/arm/lib/copy_from_user.o' being placed in section `.fixup'
With all sections handled, enable orphan section warning.
Reviewed-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 4e877354515f..0aa133c4ddec 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -16,6 +16,10 @@ LDFLAGS_vmlinux += --be8
KBUILD_LDFLAGS_MODULE += --be8
endif
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
ifeq ($(CONFIG_ARM_MODULE_PLTS),y)
KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds
endif
--
2.25.1
For readability, move the zero-sized sections to the end after DISCARDS.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/boot/compressed/vmlinux.lds.S | 44 +++++++++++++++-----------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 3c2ee9a5bf43..ca544a16724b 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -42,19 +42,6 @@ SECTIONS
*(.rodata.*)
_erodata = . ;
}
- .rel.dyn : {
- *(.rel.*)
- }
- .rela.dyn : {
- *(.rela.*)
- }
- .got : {
- *(.got)
- }
- .got.plt : {
- *(.got.plt)
- }
-
.data : {
_data = . ;
*(.data)
@@ -85,13 +72,34 @@ SECTIONS
ELF_DETAILS
DISCARDS
-}
-ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+ .got.plt (INFO) : {
+ *(.got.plt)
+ }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
#ifdef CONFIG_X86_64
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
+ SIZEOF(.got.plt) == 0x18,
#else
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
+ SIZEOF(.got.plt) == 0xc,
#endif
+ "Unexpected GOT/PLT entries detected!")
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .got : {
+ *(.got)
+ }
+ ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+ .rel.dyn : {
+ *(.rel.*)
+ }
+ ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
-ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!")
+ .rela.dyn : {
+ *(.rela.*)
+ }
+ ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
+}
--
2.25.1
We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.
Now that all sections are explicitly handled, enable orphan section
warnings.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/boot/compressed/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 5b7f6e175b03..647e15837a28 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -54,6 +54,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
# Compressed kernel should be built as PIE since it may be loaded at any
# address by the bootloader.
LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
+LDFLAGS_vmlinux += --orphan-handling=warn
LDFLAGS_vmlinux += -T
hostprogs := mkpiggy
--
2.25.1
We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker
script.
With all sections now handled, enable orphan section warnings.
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 6de7f551b821..61a46f56ff33 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -29,6 +29,10 @@ LDFLAGS_vmlinux += --fix-cortex-a53-843419
endif
endif
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y)
ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y)
$(warning LSE atomics not supported by binutils)
--
2.25.1
In preparation for warning on orphan sections, stop the linker from
generating the .eh_frame* sections, discard unwanted non-zero-sized
generated sections, and enforce other expected-to-be-zero-sized sections
(since discarding them might hide problems with them suddenly gaining
unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/vmlinux.lds.S | 14 ++++++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 753d57266757..5b7f6e175b03 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -50,6 +50,7 @@ GCOV_PROFILE := n
UBSAN_SANITIZE :=n
KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
# Compressed kernel should be built as PIE since it may be loaded at any
# address by the bootloader.
LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index ca544a16724b..02f6feb0e55b 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -72,6 +72,11 @@ SECTIONS
ELF_DETAILS
DISCARDS
+ /DISCARD/ : {
+ *(.dynamic) *(.dynsym) *(.dynstr) *(.dynbss)
+ *(.hash) *(.gnu.hash)
+ *(.note.*)
+ }
.got.plt (INFO) : {
*(.got.plt)
@@ -93,13 +98,18 @@ SECTIONS
}
ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+ .plt : {
+ *(.plt) *(.plt.*)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
.rel.dyn : {
- *(.rel.*)
+ *(.rel.*) *(.rel_*)
}
ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
.rela.dyn : {
- *(.rela.*)
+ *(.rela.*) *(.rela_*)
}
ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
}
--
2.25.1
In preparation for warning on orphan sections, discard
unwanted non-zero-sized generated sections, and enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Suggested-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm64/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 16eb2ef806cd..6ccf19fd2b39 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -121,6 +121,14 @@ SECTIONS
*(.got) /* Global offset table */
}
+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
+ "Unexpected GOT/PLT entries detected!")
+
. = ALIGN(SEGMENT_ALIGN);
_etext = .; /* End of text section */
@@ -243,6 +251,18 @@ SECTIONS
ELF_DETAILS
HEAD_SYMBOLS
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .plt : {
+ *(.plt) *(.plt.*) *(.iplt) *(.igot)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+ .data.rel.ro : { *(.data.rel.ro) }
+ ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
}
#include "image-vars.h"
--
2.25.1
When !CONFIG_KPROBES, do not generate kprobe sections. This makes
sure there are no unexpected sections encountered by the linker scripts.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/include/asm/asm.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 5c15f95b1ba7..4712206c4325 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -138,11 +138,15 @@
# define _ASM_EXTABLE_FAULT(from, to) \
_ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-# define _ASM_NOKPROBE(entry) \
+# ifdef CONFIG_KPROBES
+# define _ASM_NOKPROBE(entry) \
.pushsection "_kprobe_blacklist","aw" ; \
_ASM_ALIGN ; \
_ASM_PTR (entry); \
.popsection
+# else
+# define _ASM_NOKPROBE(entry)
+# endif
#else /* ! __ASSEMBLY__ */
# define _EXPAND_EXTABLE_HANDLE(x) #x
--
2.25.1
We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker script.
Now that all sections are explicitly handled, enable orphan section
warnings.
Signed-off-by: Kees Cook <[email protected]>
---
arch/x86/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 4346ffb2e39f..ccacbf808552 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -209,6 +209,10 @@ ifdef CONFIG_X86_64
LDFLAGS_vmlinux += -z max-page-size=0x200000
endif
+# We never want expected sections to be placed heuristically by the
+# linker. All sections should be explicitly named in the linker script.
+LDFLAGS_vmlinux += --orphan-handling=warn
+
archscripts: scripts_basic
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
--
2.25.1
We don't want to depend on the linker's orphan section placement
heuristics as these can vary between linkers, and may change between
versions. All sections need to be explicitly handled in the linker script.
With all sections now handled, enable orphan section warning.
Signed-off-by: Kees Cook <[email protected]>
---
arch/arm/boot/compressed/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index b1147b7f2c8d..d6cd2688ad7e 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -123,6 +123,8 @@ endif
LDFLAGS_vmlinux += --no-undefined
# Delete all temporary local symbols
LDFLAGS_vmlinux += -X
+# Report orphan sections
+LDFLAGS_vmlinux += --orphan-handling=warn
# Next argument is a linker script
LDFLAGS_vmlinux += -T
--
2.25.1
On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> In preparation for warning on orphan sections, stop the linker from
> generating the .eh_frame* sections, discard unwanted non-zero-sized
> generated sections, and enforce other expected-to-be-zero-sized sections
> (since discarding them might hide problems with them suddenly gaining
> unexpected entries).
>
> Signed-off-by: Kees Cook <[email protected]>
> .rel.dyn : {
> - *(.rel.*)
> + *(.rel.*) *(.rel_*)
> }
> ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
>
> .rela.dyn : {
> - *(.rela.*)
> + *(.rela.*) *(.rela_*)
> }
> ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> }
> --
> 2.25.1
>
When do you get .rela_?
On Fri, Aug 21, 2020 at 04:01:59PM -0400, Arvind Sankar wrote:
> On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> > In preparation for warning on orphan sections, stop the linker from
> > generating the .eh_frame* sections, discard unwanted non-zero-sized
> > generated sections, and enforce other expected-to-be-zero-sized sections
> > (since discarding them might hide problems with them suddenly gaining
> > unexpected entries).
> >
> > Signed-off-by: Kees Cook <[email protected]>
> > .rel.dyn : {
> > - *(.rel.*)
> > + *(.rel.*) *(.rel_*)
> > }
> > ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
> >
> > .rela.dyn : {
> > - *(.rela.*)
> > + *(.rela.*) *(.rela_*)
> > }
> > ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> > }
> > --
> > 2.25.1
> >
>
> When do you get .rela_?
i386 builds, IIRC. I can try to hunt that down if you want?
--
Kees Cook
On Fri, Aug 21, 2020 at 02:21:34PM -0700, Kees Cook wrote:
> On Fri, Aug 21, 2020 at 04:01:59PM -0400, Arvind Sankar wrote:
> > On Fri, Aug 21, 2020 at 12:43:08PM -0700, Kees Cook wrote:
> > > In preparation for warning on orphan sections, stop the linker from
> > > generating the .eh_frame* sections, discard unwanted non-zero-sized
> > > generated sections, and enforce other expected-to-be-zero-sized sections
> > > (since discarding them might hide problems with them suddenly gaining
> > > unexpected entries).
> > >
> > > Signed-off-by: Kees Cook <[email protected]>
> > > .rel.dyn : {
> > > - *(.rel.*)
> > > + *(.rel.*) *(.rel_*)
> > > }
> > > ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
> > >
> > > .rela.dyn : {
> > > - *(.rela.*)
> > > + *(.rela.*) *(.rela_*)
> > > }
> > > ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> > > }
> > > --
> > > 2.25.1
> > >
> >
> > When do you get .rela_?
>
> i386 builds, IIRC. I can try to hunt that down if you want?
>
> --
> Kees Cook
Nah, just curious.
Thanks.
On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> Hi Ingo,
>
> Based on my testing, this is ready to go. I've reviewed the feedback on
> v5 and made a few small changes, noted below.
If no one objects, I'll pop this into my tree for -next. I'd prefer it
go via -tip though! :)
Thanks!
-Kees
>
>
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=linker/orphans/warn/v6
>
> v6:
> - rebase to -tip x86/boot
> - remove 0-sized NOLOAD
> - move .got.plt to end with INFO (NOLOAD warns)
> - add Reviewed-bys
> v5: https://lore.kernel.org/lkml/[email protected]/
> v4: https://lore.kernel.org/lkml/[email protected]/
> v3: https://lore.kernel.org/lkml/[email protected]/
> v2: https://lore.kernel.org/lkml/[email protected]/
> v1: https://lore.kernel.org/lkml/[email protected]/
>
> A recent bug[1] was solved for builds linked with ld.lld, and tracking
> it down took way longer than it needed to (a year). Ultimately, it
> boiled down to differences between ld.bfd and ld.lld's handling of
> orphan sections. Similar situation have continued to recur, and it's
> clear the kernel build needs to be much more explicit about linker
> sections. Similarly, the recent FGKASLR series brought up orphan section
> handling too[2]. In all cases, it would have been nice if the linker was
> running with --orphan-handling=warn so that surprise sections wouldn't
> silently get mapped into the kernel image at locations up to the whim
> of the linker's orphan handling logic. Instead, all desired sections
> should be explicitly identified in the linker script (to be either kept,
> discarded, or verified to be zero-sized) with any orphans throwing a
> warning. The powerpc architecture has actually been doing this for some
> time, so this series just extends that coverage to x86, arm, and arm64.
>
> This has gotten sucecssful build testing under the following matrix:
>
> compiler/linker: gcc+ld.bfd, clang+ld.lld
> targets: defconfig, allmodconfig
> architectures: x86, i386, arm64, arm
> versions: -tip x86/boot
>
> All three architectures depend on the first several commits to
> vmlinux.lds.h. x86 depends on Arvind's GOT series (in -tip x86/boot now).
> arm64 depends on the efi/libstub patch. As such, I'd like to land this
> series as a whole. Ingo has suggested he'd take it into -tip.
>
> Thanks!
>
> -Kees
>
> [1] https://github.com/ClangBuiltLinux/linux/issues/282
> [2] https://lore.kernel.org/lkml/202002242122.AA4D1B8@keescook/
>
> Kees Cook (28):
> vmlinux.lds.h: Create COMMON_DISCARDS
> vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS
> vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
> vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
> vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
> efi/libstub: Disable -mbranch-protection
> arm64/mm: Remove needless section quotes
> arm64/kernel: Remove needless Call Frame Information annotations
> arm64/build: Remove .eh_frame* sections due to unwind tables
> arm64/build: Use common DISCARDS in linker script
> arm64/build: Add missing DWARF sections
> arm64/build: Assert for unwanted sections
> arm64/build: Warn on orphan section placement
> arm/build: Refactor linker script headers
> arm/build: Explicitly keep .ARM.attributes sections
> arm/build: Add missing sections
> arm/build: Assert for unwanted sections
> arm/build: Warn on orphan section placement
> arm/boot: Handle all sections explicitly
> arm/boot: Warn on orphan section placement
> x86/asm: Avoid generating unused kprobe sections
> x86/build: Enforce an empty .got.plt section
> x86/build: Assert for unwanted sections
> x86/build: Warn on orphan section placement
> x86/boot/compressed: Reorganize zero-size section asserts
> x86/boot/compressed: Remove, discard, or assert for unwanted sections
> x86/boot/compressed: Add missing debugging sections to output
> x86/boot/compressed: Warn on orphan section placement
>
> Nick Desaulniers (1):
> vmlinux.lds.h: add PGO and AutoFDO input sections
>
> arch/alpha/kernel/vmlinux.lds.S | 1 +
> arch/arc/kernel/vmlinux.lds.S | 1 +
> arch/arm/Makefile | 4 ++
> arch/arm/boot/compressed/Makefile | 2 +
> arch/arm/boot/compressed/vmlinux.lds.S | 20 +++----
> .../arm/{kernel => include/asm}/vmlinux.lds.h | 30 ++++++++--
> arch/arm/kernel/vmlinux-xip.lds.S | 8 ++-
> arch/arm/kernel/vmlinux.lds.S | 8 ++-
> arch/arm64/Makefile | 9 ++-
> arch/arm64/kernel/smccc-call.S | 2 -
> arch/arm64/kernel/vmlinux.lds.S | 28 +++++++--
> arch/arm64/mm/mmu.c | 2 +-
> arch/csky/kernel/vmlinux.lds.S | 1 +
> arch/hexagon/kernel/vmlinux.lds.S | 1 +
> arch/ia64/kernel/vmlinux.lds.S | 1 +
> arch/mips/kernel/vmlinux.lds.S | 1 +
> arch/nds32/kernel/vmlinux.lds.S | 1 +
> arch/nios2/kernel/vmlinux.lds.S | 1 +
> arch/openrisc/kernel/vmlinux.lds.S | 1 +
> arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
> arch/parisc/kernel/vmlinux.lds.S | 1 +
> arch/powerpc/kernel/vmlinux.lds.S | 2 +-
> arch/riscv/kernel/vmlinux.lds.S | 1 +
> arch/s390/kernel/vmlinux.lds.S | 1 +
> arch/sh/kernel/vmlinux.lds.S | 1 +
> arch/sparc/kernel/vmlinux.lds.S | 1 +
> arch/um/kernel/dyn.lds.S | 2 +-
> arch/um/kernel/uml.lds.S | 2 +-
> arch/x86/Makefile | 4 ++
> arch/x86/boot/compressed/Makefile | 2 +
> arch/x86/boot/compressed/vmlinux.lds.S | 58 +++++++++++++------
> arch/x86/include/asm/asm.h | 6 +-
> arch/x86/kernel/vmlinux.lds.S | 39 ++++++++++++-
> drivers/firmware/efi/libstub/Makefile | 9 ++-
> include/asm-generic/vmlinux.lds.h | 49 +++++++++++++---
> 35 files changed, 241 insertions(+), 60 deletions(-)
> rename arch/arm/{kernel => include/asm}/vmlinux.lds.h (84%)
>
> --
> 2.25.1
>
--
Kees Cook
* Kees Cook <[email protected]> wrote:
> On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > Hi Ingo,
> >
> > Based on my testing, this is ready to go. I've reviewed the feedback on
> > v5 and made a few small changes, noted below.
>
> If no one objects, I'll pop this into my tree for -next. I'd prefer it
> go via -tip though! :)
>
> Thanks!
I'll pick it up today, it all looks very good now!
Thanks,
Ingo
* Ingo Molnar <[email protected]> wrote:
>
> * Kees Cook <[email protected]> wrote:
>
> > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > Hi Ingo,
> > >
> > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > v5 and made a few small changes, noted below.
> >
> > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > go via -tip though! :)
> >
> > Thanks!
>
> I'll pick it up today, it all looks very good now!
One thing I found in testing is that it doesn't handler older LD
versions well enough:
ld: unrecognized option '--orphan-handling=warn'
Could we just detect the availability of this flag, and emit a warning
if it doesn't exist but otherwise not abort the build?
This is with:
GNU ld version 2.25-17.fc23
Thanks,
Ingo
* Ingo Molnar <[email protected]> wrote:
>
> * Ingo Molnar <[email protected]> wrote:
>
> >
> > * Kees Cook <[email protected]> wrote:
> >
> > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > Hi Ingo,
> > > >
> > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > v5 and made a few small changes, noted below.
> > >
> > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > go via -tip though! :)
> > >
> > > Thanks!
> >
> > I'll pick it up today, it all looks very good now!
>
> One thing I found in testing is that it doesn't handler older LD
> versions well enough:
>
> ld: unrecognized option '--orphan-handling=warn'
>
> Could we just detect the availability of this flag, and emit a warning
> if it doesn't exist but otherwise not abort the build?
>
> This is with:
>
> GNU ld version 2.25-17.fc23
I've resolved this for now by not applying the 5 patches that add the
actual orphan section warnings:
arm64/build: Warn on orphan section placement
arm/build: Warn on orphan section placement
arm/boot: Warn on orphan section placement
x86/build: Warn on orphan section placement
x86/boot/compressed: Warn on orphan section placement
The new asserts plus the actual fixes/enhancements are enough changes
to test for now in any case. :-)
Thanks,
Ingo
The following commit has been merged into the core/build branch of tip:
Commit-ID: d7e3b065dc98e95f2dae6d2da031dd4c243bd7be
Gitweb: https://git.kernel.org/tip/d7e3b065dc98e95f2dae6d2da031dd4c243bd7be
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:56 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:17 +02:00
arm/build: Refactor linker script headers
In preparation for adding --orphan-handling=warn, refactor the linker
script header includes, and extract common macros.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Russell King <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm/include/asm/vmlinux.lds.h | 130 ++++++++++++++++++++++++++++-
arch/arm/kernel/vmlinux-xip.lds.S | 4 +-
arch/arm/kernel/vmlinux.lds.S | 4 +-
arch/arm/kernel/vmlinux.lds.h | 127 +---------------------------
4 files changed, 132 insertions(+), 133 deletions(-)
create mode 100644 arch/arm/include/asm/vmlinux.lds.h
delete mode 100644 arch/arm/kernel/vmlinux.lds.h
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
new file mode 100644
index 0000000..a08f430
--- /dev/null
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -0,0 +1,130 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#include <asm-generic/vmlinux.lds.h>
+
+#ifdef CONFIG_HOTPLUG_CPU
+#define ARM_CPU_DISCARD(x)
+#define ARM_CPU_KEEP(x) x
+#else
+#define ARM_CPU_DISCARD(x) x
+#define ARM_CPU_KEEP(x)
+#endif
+
+#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
+ defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL)
+#define ARM_EXIT_KEEP(x) x
+#define ARM_EXIT_DISCARD(x)
+#else
+#define ARM_EXIT_KEEP(x)
+#define ARM_EXIT_DISCARD(x) x
+#endif
+
+#ifdef CONFIG_MMU
+#define ARM_MMU_KEEP(x) x
+#define ARM_MMU_DISCARD(x)
+#else
+#define ARM_MMU_KEEP(x)
+#define ARM_MMU_DISCARD(x) x
+#endif
+
+#define PROC_INFO \
+ . = ALIGN(4); \
+ __proc_info_begin = .; \
+ *(.proc.info.init) \
+ __proc_info_end = .;
+
+#define IDMAP_TEXT \
+ ALIGN_FUNCTION(); \
+ __idmap_text_start = .; \
+ *(.idmap.text) \
+ __idmap_text_end = .; \
+
+#define ARM_DISCARD \
+ *(.ARM.exidx.exit.text) \
+ *(.ARM.extab.exit.text) \
+ *(.ARM.exidx.text.exit) \
+ *(.ARM.extab.text.exit) \
+ ARM_CPU_DISCARD(*(.ARM.exidx.cpuexit.text)) \
+ ARM_CPU_DISCARD(*(.ARM.extab.cpuexit.text)) \
+ ARM_EXIT_DISCARD(EXIT_TEXT) \
+ ARM_EXIT_DISCARD(EXIT_DATA) \
+ EXIT_CALL \
+ ARM_MMU_DISCARD(*(.text.fixup)) \
+ ARM_MMU_DISCARD(*(__ex_table)) \
+ COMMON_DISCARDS
+
+#define ARM_STUBS_TEXT \
+ *(.gnu.warning) \
+ *(.glue_7) \
+ *(.glue_7t)
+
+#define ARM_TEXT \
+ IDMAP_TEXT \
+ __entry_text_start = .; \
+ *(.entry.text) \
+ __entry_text_end = .; \
+ IRQENTRY_TEXT \
+ SOFTIRQENTRY_TEXT \
+ TEXT_TEXT \
+ SCHED_TEXT \
+ CPUIDLE_TEXT \
+ LOCK_TEXT \
+ KPROBES_TEXT \
+ ARM_STUBS_TEXT \
+ . = ALIGN(4); \
+ *(.got) /* Global offset table */ \
+ ARM_CPU_KEEP(PROC_INFO)
+
+/* Stack unwinding tables */
+#define ARM_UNWIND_SECTIONS \
+ . = ALIGN(8); \
+ .ARM.unwind_idx : { \
+ __start_unwind_idx = .; \
+ *(.ARM.exidx*) \
+ __stop_unwind_idx = .; \
+ } \
+ .ARM.unwind_tab : { \
+ __start_unwind_tab = .; \
+ *(.ARM.extab*) \
+ __stop_unwind_tab = .; \
+ }
+
+/*
+ * The vectors and stubs are relocatable code, and the
+ * only thing that matters is their relative offsets
+ */
+#define ARM_VECTORS \
+ __vectors_start = .; \
+ .vectors 0xffff0000 : AT(__vectors_start) { \
+ *(.vectors) \
+ } \
+ . = __vectors_start + SIZEOF(.vectors); \
+ __vectors_end = .; \
+ \
+ __stubs_start = .; \
+ .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { \
+ *(.stubs) \
+ } \
+ . = __stubs_start + SIZEOF(.stubs); \
+ __stubs_end = .; \
+ \
+ PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
+
+#define ARM_TCM \
+ __itcm_start = ALIGN(4); \
+ .text_itcm ITCM_OFFSET : AT(__itcm_start - LOAD_OFFSET) { \
+ __sitcm_text = .; \
+ *(.tcm.text) \
+ *(.tcm.rodata) \
+ . = ALIGN(4); \
+ __eitcm_text = .; \
+ } \
+ . = __itcm_start + SIZEOF(.text_itcm); \
+ \
+ __dtcm_start = .; \
+ .data_dtcm DTCM_OFFSET : AT(__dtcm_start - LOAD_OFFSET) { \
+ __sdtcm_data = .; \
+ *(.tcm.data) \
+ . = ALIGN(4); \
+ __edtcm_data = .; \
+ } \
+ . = __dtcm_start + SIZEOF(.data_dtcm);
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3d4e88f..904c31f 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -9,15 +9,13 @@
#include <linux/sizes.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
#include <asm/cache.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/mpu.h>
#include <asm/page.h>
-#include "vmlinux.lds.h"
-
OUTPUT_ARCH(arm)
ENTRY(stext)
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 5592f14..bb950c8 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -9,15 +9,13 @@
#else
#include <linux/pgtable.h>
-#include <asm-generic/vmlinux.lds.h>
+#include <asm/vmlinux.lds.h>
#include <asm/cache.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/mpu.h>
#include <asm/page.h>
-#include "vmlinux.lds.h"
-
OUTPUT_ARCH(arm)
ENTRY(stext)
diff --git a/arch/arm/kernel/vmlinux.lds.h b/arch/arm/kernel/vmlinux.lds.h
deleted file mode 100644
index 381a8e1..0000000
--- a/arch/arm/kernel/vmlinux.lds.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-
-#ifdef CONFIG_HOTPLUG_CPU
-#define ARM_CPU_DISCARD(x)
-#define ARM_CPU_KEEP(x) x
-#else
-#define ARM_CPU_DISCARD(x) x
-#define ARM_CPU_KEEP(x)
-#endif
-
-#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
- defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL)
-#define ARM_EXIT_KEEP(x) x
-#define ARM_EXIT_DISCARD(x)
-#else
-#define ARM_EXIT_KEEP(x)
-#define ARM_EXIT_DISCARD(x) x
-#endif
-
-#ifdef CONFIG_MMU
-#define ARM_MMU_KEEP(x) x
-#define ARM_MMU_DISCARD(x)
-#else
-#define ARM_MMU_KEEP(x)
-#define ARM_MMU_DISCARD(x) x
-#endif
-
-#define PROC_INFO \
- . = ALIGN(4); \
- __proc_info_begin = .; \
- *(.proc.info.init) \
- __proc_info_end = .;
-
-#define IDMAP_TEXT \
- ALIGN_FUNCTION(); \
- __idmap_text_start = .; \
- *(.idmap.text) \
- __idmap_text_end = .; \
-
-#define ARM_DISCARD \
- *(.ARM.exidx.exit.text) \
- *(.ARM.extab.exit.text) \
- *(.ARM.exidx.text.exit) \
- *(.ARM.extab.text.exit) \
- ARM_CPU_DISCARD(*(.ARM.exidx.cpuexit.text)) \
- ARM_CPU_DISCARD(*(.ARM.extab.cpuexit.text)) \
- ARM_EXIT_DISCARD(EXIT_TEXT) \
- ARM_EXIT_DISCARD(EXIT_DATA) \
- EXIT_CALL \
- ARM_MMU_DISCARD(*(.text.fixup)) \
- ARM_MMU_DISCARD(*(__ex_table)) \
- *(.discard) \
- *(.discard.*)
-
-#define ARM_TEXT \
- IDMAP_TEXT \
- __entry_text_start = .; \
- *(.entry.text) \
- __entry_text_end = .; \
- IRQENTRY_TEXT \
- SOFTIRQENTRY_TEXT \
- TEXT_TEXT \
- SCHED_TEXT \
- CPUIDLE_TEXT \
- LOCK_TEXT \
- KPROBES_TEXT \
- *(.gnu.warning) \
- *(.glue_7) \
- *(.glue_7t) \
- . = ALIGN(4); \
- *(.got) /* Global offset table */ \
- ARM_CPU_KEEP(PROC_INFO)
-
-/* Stack unwinding tables */
-#define ARM_UNWIND_SECTIONS \
- . = ALIGN(8); \
- .ARM.unwind_idx : { \
- __start_unwind_idx = .; \
- *(.ARM.exidx*) \
- __stop_unwind_idx = .; \
- } \
- .ARM.unwind_tab : { \
- __start_unwind_tab = .; \
- *(.ARM.extab*) \
- __stop_unwind_tab = .; \
- }
-
-/*
- * The vectors and stubs are relocatable code, and the
- * only thing that matters is their relative offsets
- */
-#define ARM_VECTORS \
- __vectors_start = .; \
- .vectors 0xffff0000 : AT(__vectors_start) { \
- *(.vectors) \
- } \
- . = __vectors_start + SIZEOF(.vectors); \
- __vectors_end = .; \
- \
- __stubs_start = .; \
- .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { \
- *(.stubs) \
- } \
- . = __stubs_start + SIZEOF(.stubs); \
- __stubs_end = .; \
- \
- PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
-
-#define ARM_TCM \
- __itcm_start = ALIGN(4); \
- .text_itcm ITCM_OFFSET : AT(__itcm_start - LOAD_OFFSET) { \
- __sitcm_text = .; \
- *(.tcm.text) \
- *(.tcm.rodata) \
- . = ALIGN(4); \
- __eitcm_text = .; \
- } \
- . = __itcm_start + SIZEOF(.text_itcm); \
- \
- __dtcm_start = .; \
- .data_dtcm DTCM_OFFSET : AT(__dtcm_start - LOAD_OFFSET) { \
- __sdtcm_data = .; \
- *(.tcm.data) \
- . = ALIGN(4); \
- __edtcm_data = .; \
- } \
- . = __dtcm_start + SIZEOF(.data_dtcm);
The following commit has been merged into the core/build branch of tip:
Commit-ID: 3b14aefb84320ac430cecbdc87b680317916b2bd
Gitweb: https://git.kernel.org/tip/3b14aefb84320ac430cecbdc87b680317916b2bd
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:57 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
arm/build: Explicitly keep .ARM.attributes sections
In preparation for adding --orphan-handling=warn, explicitly keep the
.ARM.attributes section (at address 0[1]) by expanding the existing
ELF_DETAILS macro into ARM_DETAILS.
[1] https://reviews.llvm.org/D85867
Suggested-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Reviewed-by: Fangrui Song <[email protected]>
Cc: Russell King <[email protected]>
Link: https://lore.kernel.org/lkml/CAKwvOdk-racgq5pxsoGS6Vtifbtrk5fmkmnoLxrQMaOvV0nPWw@mail.gmail.com/
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm/include/asm/vmlinux.lds.h | 4 ++++
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/kernel/vmlinux.lds.S | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index a08f430..c4af518 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,10 @@
ARM_MMU_DISCARD(*(__ex_table)) \
COMMON_DISCARDS
+#define ARM_DETAILS \
+ ELF_DETAILS \
+ .ARM.attributes 0 : { *(.ARM.attributes) }
+
#define ARM_STUBS_TEXT \
*(.gnu.warning) \
*(.glue_7) \
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 904c31f..57fcbf5 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,7 +150,7 @@ SECTIONS
_end = .;
STABS_DEBUG
- ELF_DETAILS
+ ARM_DETAILS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index bb950c8..1d3d3b5 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,7 +149,7 @@ SECTIONS
_end = .;
STABS_DEBUG
- ELF_DETAILS
+ ARM_DETAILS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
The following commit has been merged into the core/build branch of tip:
Commit-ID: 5354e84598f264793265cc99b4be2a2295826c86
Gitweb: https://git.kernel.org/tip/5354e84598f264793265cc99b4be2a2295826c86
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:05 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/build: Add asserts for unwanted sections
In preparation for warning on orphan sections, enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/kernel/vmlinux.lds.S | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 4b1b936..45d7244 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -427,6 +427,30 @@ SECTIONS
SIZEOF(.got.plt) == 0xc,
#endif
"Unexpected GOT/PLT entries detected!")
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .got : {
+ *(.got) *(.igot.*)
+ }
+ ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+ .plt : {
+ *(.plt) *(.plt.*) *(.iplt)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+ .rel.dyn : {
+ *(.rel.*) *(.rel_*)
+ }
+ ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
+
+ .rela.dyn : {
+ *(.rela.*) *(.rela_*)
+ }
+ ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
}
#ifdef CONFIG_X86_32
The following commit has been merged into the core/build branch of tip:
Commit-ID: 34b4a5c54c429d12bcc783a27650752237c49a36
Gitweb: https://git.kernel.org/tip/34b4a5c54c429d12bcc783a27650752237c49a36
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:50 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
arm64/kernel: Remove needless Call Frame Information annotations
Remove last instance of an .eh_frame section by removing the needless Call
Frame Information annotations which were likely leftovers from 32-bit ARM.
Suggested-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Acked-by: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/kernel/smccc-call.S | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S
index 1f93809..d624479 100644
--- a/arch/arm64/kernel/smccc-call.S
+++ b/arch/arm64/kernel/smccc-call.S
@@ -9,7 +9,6 @@
#include <asm/assembler.h>
.macro SMCCC instr
- .cfi_startproc
\instr #0
ldr x4, [sp]
stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS]
@@ -21,7 +20,6 @@
b.ne 1f
str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS]
1: ret
- .cfi_endproc
.endm
/*
The following commit has been merged into the core/build branch of tip:
Commit-ID: e2179a09ab089d3423751bd2b0c884ddb3eabe84
Gitweb: https://git.kernel.org/tip/e2179a09ab089d3423751bd2b0c884ddb3eabe84
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:48 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
efi/libstub: Disable -mbranch-protection
In preparation for adding --orphan-handling=warn to more architectures,
disable -mbranch-protection, as EFI does not yet support it[1]. This was
noticed due to it producing unwanted .note.gnu.property sections (prefixed
with .init due to the objcopy build step).
However, we must also work around a bug in Clang where the section is
still emitted for code-less object files[2], so also remove the section
during the objcopy.
[1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com
[2] https://bugs.llvm.org/show_bug.cgi?id=46480
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
drivers/firmware/efi/libstub/Makefile | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 5eefd60..0c911e3 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -18,7 +18,8 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \
# arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
# disable the stackleak plugin
cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpie $(DISABLE_STACKLEAK_PLUGIN)
+ -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+ $(call cc-option,-mbranch-protection=none)
cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
$(call cc-option,-mno-single-pic-base)
@@ -66,6 +67,12 @@ lib-$(CONFIG_X86) += x86-stub.o
CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+# Even when -mbranch-protection=none is set, Clang will generate a
+# .note.gnu.property for code-less object files (like lib/ctype.c),
+# so work around this by explicitly removing the unwanted section.
+# https://bugs.llvm.org/show_bug.cgi?id=46480
+STUBCOPY_FLAGS-y += --remove-section=.note.gnu.property
+
#
# For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the
# .bss section, so the .bss section of the EFI stub needs to be included in the
The following commit has been merged into the core/build branch of tip:
Commit-ID: a840c4de569f610bc5ee043b613c35b779d23186
Gitweb: https://git.kernel.org/tip/a840c4de569f610bc5ee043b613c35b779d23186
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:46 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00
vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS
When linking vmlinux with LLD, the synthetic sections .symtab, .strtab,
and .shstrtab are listed as orphaned. Add them to the ELF_DETAILS section
so there will be no warnings when --orphan-handling=warn is used more
widely. (They are added above comment as it is the more common
order[1].)
ld.lld: warning: <internal>:(.symtab) is being placed in '.symtab'
ld.lld: warning: <internal>:(.shstrtab) is being placed in '.shstrtab'
ld.lld: warning: <internal>:(.strtab) is being placed in '.strtab'
[1] https://lore.kernel.org/lkml/[email protected]/
Reported-by: Fangrui Song <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
---
include/asm-generic/vmlinux.lds.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index cadcbc3..98d013d 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -823,7 +823,10 @@
/* Required sections not related to debugging. */
#define ELF_DETAILS \
- .comment 0 : { *(.comment) }
+ .comment 0 : { *(.comment) } \
+ .symtab 0 : { *(.symtab) } \
+ .strtab 0 : { *(.strtab) } \
+ .shstrtab 0 : { *(.shstrtab) }
#ifdef CONFIG_GENERIC_BUG
#define BUG_TABLE \
The following commit has been merged into the core/build branch of tip:
Commit-ID: 2883352bf801d093a04f269800b48bb8aa2515fb
Gitweb: https://git.kernel.org/tip/2883352bf801d093a04f269800b48bb8aa2515fb
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:52 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
arm64/build: Use common DISCARDS in linker script
Use the common DISCARDS rule for the linker script in an effort to
regularize the linker script to prepare for warning on orphaned
sections. Additionally clean up left-over no-op macros.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Acked-by: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/kernel/vmlinux.lds.S | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index c2b8426..082e9ef 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -6,6 +6,7 @@
*/
#define RO_EXCEPTION_TABLE_ALIGN 8
+#define RUNTIME_DISCARD_EXIT
#include <asm-generic/vmlinux.lds.h>
#include <asm/cache.h>
@@ -88,10 +89,8 @@ SECTIONS
* matching the same input section name. There is no documented
* order of matching.
*/
+ DISCARDS
/DISCARD/ : {
- EXIT_CALL
- *(.discard)
- *(.discard.*)
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
}
The following commit has been merged into the core/build branch of tip:
Commit-ID: 578d7f0fd6a5ec8a369a4537c664eb2c8374c134
Gitweb: https://git.kernel.org/tip/578d7f0fd6a5ec8a369a4537c664eb2c8374c134
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:53 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
arm64/build: Add missing DWARF sections
Explicitly include DWARF sections when they're present in the build.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/kernel/vmlinux.lds.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 082e9ef..16eb2ef 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -239,6 +239,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ELF_DETAILS
HEAD_SYMBOLS
The following commit has been merged into the core/build branch of tip:
Commit-ID: b4ca91027d8226ae423ce498f03f5b348cf84e36
Gitweb: https://git.kernel.org/tip/b4ca91027d8226ae423ce498f03f5b348cf84e36
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:49 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
arm64/mm: Remove needless section quotes
Fix a case of needless quotes in __section(), which Clang doesn't like.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Acked-by: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/mm/mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 75df62f..e43c805 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -43,7 +43,7 @@
u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
-u64 __section(".mmuoff.data.write") vabits_actual;
+u64 __section(.mmuoff.data.write) vabits_actual;
EXPORT_SYMBOL(vabits_actual);
u64 kimage_voffset __ro_after_init;
The following commit has been merged into the core/build branch of tip:
Commit-ID: eff8728fe69880d3f7983bec3fb6cea4c306261f
Gitweb: https://git.kernel.org/tip/eff8728fe69880d3f7983bec3fb6cea4c306261f
Author: Nick Desaulniers <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:47 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00
vmlinux.lds.h: Add PGO and AutoFDO input sections
Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too.
When compiling with profiling information (collected via PGO
instrumentations or AutoFDO sampling), Clang will separate code into
.text.hot, .text.unlikely, or .text.unknown sections based on profiling
information. After D79600 (clang-11), these sections will have a
trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown..
When using -ffunction-sections together with profiling infomation,
either explicitly (FGKASLR) or implicitly (LTO), code may be placed in
sections following the convention:
.text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz>
where <foo>, <bar>, and <baz> are functions. (This produces one section
per function; we generally try to merge these all back via linker script
so that we don't have 50k sections).
For the above cases, we need to teach our linker scripts that such
sections might exist and that we'd explicitly like them grouped
together, otherwise we can wind up with code outside of the
_stext/_etext boundaries that might not be mapped properly for some
architectures, resulting in boot failures.
If the linker script is not told about possible input sections, then
where the section is placed as output is a heuristic-laiden mess that's
non-portable between linkers (ie. BFD and LLD), and has resulted in many
hard to debug bugs. Kees Cook is working on cleaning this up by adding
--orphan-handling=warn linker flag used in ARCH=powerpc to additional
architectures. In the case of linker scripts, borrowing from the Zen of
Python: explicit is better than implicit.
Also, ld.bfd's internal linker script considers .text.hot AND
.text.hot.* to be part of .text, as well as .text.unlikely and
.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't
see Clang producing such code in our kernel builds, but I see code in
LLVM that can produce such section names if profiling information is
missing. That may point to a larger issue with generating or collecting
profiles, but I would much rather be safe and explicit than have to
debug yet another issue related to orphan section placement.
Reported-by: Jian Cai <[email protected]>
Suggested-by: Fāng-ruì Sòng <[email protected]>
Signed-off-by: Nick Desaulniers <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Tested-by: Luis Lozano <[email protected]>
Tested-by: Manoj Gupta <[email protected]>
Acked-by: Kees Cook <[email protected]>
Cc: [email protected]
Cc: [email protected]
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655
Link: https://reviews.llvm.org/D79600
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760
Link: https://lore.kernel.org/r/[email protected]
Debugged-by: Luis Lozano <[email protected]>
---
include/asm-generic/vmlinux.lds.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 98d013d..91dcfb9 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -581,7 +581,10 @@
*/
#define TEXT_TEXT \
ALIGN_FUNCTION(); \
- *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \
+ *(.text.hot .text.hot.*) \
+ *(TEXT_MAIN .text.fixup) \
+ *(.text.unlikely .text.unlikely.*) \
+ *(.text.unknown .text.unknown.*) \
NOINSTR_TEXT \
*(.text..refcount) \
*(.ref.text) \
The following commit has been merged into the core/build branch of tip:
Commit-ID: c604abc3f6e3030f3a3022b184ed7d3780c34d30
Gitweb: https://git.kernel.org/tip/c604abc3f6e3030f3a3022b184ed7d3780c34d30
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:45 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00
vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG
The .comment section doesn't belong in STABS_DEBUG. Split it out into a
new macro named ELF_DETAILS. This will gain other non-debug sections
that need to be accounted for when linking with --orphan-handling=warn.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
---
arch/alpha/kernel/vmlinux.lds.S | 1 +
arch/arc/kernel/vmlinux.lds.S | 1 +
arch/arm/kernel/vmlinux-xip.lds.S | 1 +
arch/arm/kernel/vmlinux.lds.S | 1 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
arch/csky/kernel/vmlinux.lds.S | 1 +
arch/hexagon/kernel/vmlinux.lds.S | 1 +
arch/ia64/kernel/vmlinux.lds.S | 1 +
arch/mips/kernel/vmlinux.lds.S | 1 +
arch/nds32/kernel/vmlinux.lds.S | 1 +
arch/nios2/kernel/vmlinux.lds.S | 1 +
arch/openrisc/kernel/vmlinux.lds.S | 1 +
arch/parisc/boot/compressed/vmlinux.lds.S | 1 +
arch/parisc/kernel/vmlinux.lds.S | 1 +
arch/powerpc/kernel/vmlinux.lds.S | 2 +-
arch/riscv/kernel/vmlinux.lds.S | 1 +
arch/s390/kernel/vmlinux.lds.S | 1 +
arch/sh/kernel/vmlinux.lds.S | 1 +
arch/sparc/kernel/vmlinux.lds.S | 1 +
arch/um/kernel/dyn.lds.S | 2 +-
arch/um/kernel/uml.lds.S | 2 +-
arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
arch/x86/kernel/vmlinux.lds.S | 1 +
include/asm-generic/vmlinux.lds.h | 8 ++++++--
24 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S
index bc6f727..5b78d64 100644
--- a/arch/alpha/kernel/vmlinux.lds.S
+++ b/arch/alpha/kernel/vmlinux.lds.S
@@ -72,6 +72,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index 54139a6..33ce59d 100644
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -122,6 +122,7 @@ SECTIONS
_end = . ;
STABS_DEBUG
+ ELF_DETAILS
DISCARDS
.arcextmap 0 : {
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 6d2be99..3d4e88f 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 7f24bc0..5592f14 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index ec8e894..13fc2ec 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -241,6 +241,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ ELF_DETAILS
HEAD_SYMBOLS
}
diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S
index f05b413..f03033e 100644
--- a/arch/csky/kernel/vmlinux.lds.S
+++ b/arch/csky/kernel/vmlinux.lds.S
@@ -109,6 +109,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S
index 0ca2471..35b18e5 100644
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -67,5 +67,6 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
}
diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
index d259690..9b26578 100644
--- a/arch/ia64/kernel/vmlinux.lds.S
+++ b/arch/ia64/kernel/vmlinux.lds.S
@@ -218,6 +218,7 @@ SECTIONS {
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Default discards */
DISCARDS
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index f185a85..5e97e9d 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -202,6 +202,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* These must appear regardless of . */
.gptab.sdata : {
diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S
index 7a6c1ce..6a91b96 100644
--- a/arch/nds32/kernel/vmlinux.lds.S
+++ b/arch/nds32/kernel/vmlinux.lds.S
@@ -64,6 +64,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S
index c55a7cf..126e114 100644
--- a/arch/nios2/kernel/vmlinux.lds.S
+++ b/arch/nios2/kernel/vmlinux.lds.S
@@ -58,6 +58,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S
index 60449fd..d287dbb 100644
--- a/arch/openrisc/kernel/vmlinux.lds.S
+++ b/arch/openrisc/kernel/vmlinux.lds.S
@@ -115,6 +115,7 @@ SECTIONS
/* Throw in the debugging sections */
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Sections to be discarded -- must be last */
DISCARDS
diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S
index 2ac3a64..ab7b439 100644
--- a/arch/parisc/boot/compressed/vmlinux.lds.S
+++ b/arch/parisc/boot/compressed/vmlinux.lds.S
@@ -84,6 +84,7 @@ SECTIONS
}
STABS_DEBUG
+ ELF_DETAILS
.note 0 : { *(.note) }
/* Sections to be discarded */
diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S
index 53e29d8..2769eb9 100644
--- a/arch/parisc/kernel/vmlinux.lds.S
+++ b/arch/parisc/kernel/vmlinux.lds.S
@@ -164,6 +164,7 @@ SECTIONS
_end = . ;
STABS_DEBUG
+ ELF_DETAILS
.note 0 : { *(.note) }
/* Sections to be discarded */
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 326e113..e0548b4 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -360,8 +360,8 @@ SECTIONS
PROVIDE32 (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
/DISCARD/ : {
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index f3586e3..6f3af7b 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -97,6 +97,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 3769549..177ccfb 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -181,6 +181,7 @@ SECTIONS
/* Debugging sections. */
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
/* Sections to be discarded */
DISCARDS
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index bde7a6c..3161b9c 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -76,6 +76,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
index f99e99e..d55ae65 100644
--- a/arch/sparc/kernel/vmlinux.lds.S
+++ b/arch/sparc/kernel/vmlinux.lds.S
@@ -187,6 +187,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index f500148..dacbfab 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -164,8 +164,8 @@ SECTIONS
PROVIDE (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 3b6dab3..45d957d 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -108,8 +108,8 @@ SECTIONS
PROVIDE (end = .);
STABS_DEBUG
-
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 29df99b..3c2ee9a 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -82,6 +82,8 @@ SECTIONS
. = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */
_end = .;
+ ELF_DETAILS
+
DISCARDS
}
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9a03e5b..0cc035c 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -411,6 +411,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
+ ELF_DETAILS
DISCARDS
}
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 6b89a03..cadcbc3 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -34,6 +34,7 @@
*
* STABS_DEBUG
* DWARF_DEBUG
+ * ELF_DETAILS
*
* DISCARDS // must be the last
* }
@@ -811,14 +812,17 @@
.debug_macro 0 : { *(.debug_macro) } \
.debug_addr 0 : { *(.debug_addr) }
- /* Stabs debugging sections. */
+/* Stabs debugging sections. */
#define STABS_DEBUG \
.stab 0 : { *(.stab) } \
.stabstr 0 : { *(.stabstr) } \
.stab.excl 0 : { *(.stab.excl) } \
.stab.exclstr 0 : { *(.stab.exclstr) } \
.stab.index 0 : { *(.stab.index) } \
- .stab.indexstr 0 : { *(.stab.indexstr) } \
+ .stab.indexstr 0 : { *(.stab.indexstr) }
+
+/* Required sections not related to debugging. */
+#define ELF_DETAILS \
.comment 0 : { *(.comment) }
#ifdef CONFIG_GENERIC_BUG
The following commit has been merged into the core/build branch of tip:
Commit-ID: 0c918e753f8c03b0308a635c0721a8c24d738d4a
Gitweb: https://git.kernel.org/tip/0c918e753f8c03b0308a635c0721a8c24d738d4a
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:59 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
arm/build: Assert for unwanted sections
In preparation for warning on orphan sections, enforce
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Russell King <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm/include/asm/vmlinux.lds.h | 11 +++++++++++
arch/arm/kernel/vmlinux-xip.lds.S | 2 ++
arch/arm/kernel/vmlinux.lds.S | 2 ++
3 files changed, 15 insertions(+)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 6624dd9..4a91428 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -52,6 +52,17 @@
ARM_MMU_DISCARD(*(__ex_table)) \
COMMON_DISCARDS
+/*
+ * Sections that should stay zero sized, which is safer to explicitly
+ * check instead of blindly discarding.
+ */
+#define ARM_ASSERTS \
+ .plt : { \
+ *(.iplt) *(.rel.iplt) *(.iplt) *(.igot.plt) \
+ } \
+ ASSERT(SIZEOF(.plt) == 0, \
+ "Unexpected run-time procedure linkages detected!")
+
#define ARM_DETAILS \
ELF_DETAILS \
.ARM.attributes 0 : { *(.ARM.attributes) }
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 11ffa79..5013682 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -152,6 +152,8 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ARM_DETAILS
+
+ ARM_ASSERTS
}
/*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index dc672fe..5f4922e 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -151,6 +151,8 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ARM_DETAILS
+
+ ARM_ASSERTS
}
#ifdef CONFIG_STRICT_KERNEL_RWX
The following commit has been merged into the core/build branch of tip:
Commit-ID: a850958c072404f75dd41782cb4ff34b8625b47d
Gitweb: https://git.kernel.org/tip/a850958c072404f75dd41782cb4ff34b8625b47d
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:03 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/asm: Avoid generating unused kprobe sections
When !CONFIG_KPROBES, do not generate kprobe sections. This makes
sure there are no unexpected sections encountered by the linker scripts.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/include/asm/asm.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 5c15f95..4712206 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -138,11 +138,15 @@
# define _ASM_EXTABLE_FAULT(from, to) \
_ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-# define _ASM_NOKPROBE(entry) \
+# ifdef CONFIG_KPROBES
+# define _ASM_NOKPROBE(entry) \
.pushsection "_kprobe_blacklist","aw" ; \
_ASM_ALIGN ; \
_ASM_PTR (entry); \
.popsection
+# else
+# define _ASM_NOKPROBE(entry)
+# endif
#else /* ! __ASSEMBLY__ */
# define _EXPAND_EXTABLE_HANDLE(x) #x
The following commit has been merged into the core/build branch of tip:
Commit-ID: be2881824ae9eb92a35b094f734f9ca7339ddf6d
Gitweb: https://git.kernel.org/tip/be2881824ae9eb92a35b094f734f9ca7339ddf6d
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:54 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:37 +02:00
arm64/build: Assert for unwanted sections
In preparation for warning on orphan sections, discard
unwanted non-zero-sized generated sections, and enforce other
expected-to-be-zero-sized sections (since discarding them might hide
problems with them suddenly gaining unexpected entries).
Suggested-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 16eb2ef..e8847ca 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -121,6 +121,14 @@ SECTIONS
*(.got) /* Global offset table */
}
+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
+ "Unexpected GOT/PLT entries detected!")
+
. = ALIGN(SEGMENT_ALIGN);
_etext = .; /* End of text section */
@@ -243,6 +251,18 @@ SECTIONS
ELF_DETAILS
HEAD_SYMBOLS
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .plt : {
+ *(.plt) *(.plt.*) *(.iplt) *(.igot)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
+ .data.rel.ro : { *(.data.rel.ro) }
+ ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
}
#include "image-vars.h"
The following commit has been merged into the core/build branch of tip:
Commit-ID: 6e0a66d10c5b629369afa47b753d0ec46fa812dd
Gitweb: https://git.kernel.org/tip/6e0a66d10c5b629369afa47b753d0ec46fa812dd
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:51 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:36 +02:00
arm64/build: Remove .eh_frame* sections due to unwind tables
Avoid .eh_frame* section generation by making sure both CFLAGS and AFLAGS
contain -fno-asychronous-unwind-tables and -fno-unwind-tables.
With all sources of .eh_frame now removed from the build, drop this
DISCARD so we can be alerted in the future if it returns unexpectedly
once orphan section warnings have been enabled.
Suggested-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Acked-by: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm64/Makefile | 5 ++++-
arch/arm64/kernel/vmlinux.lds.S | 1 -
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 55bc854..6de7f55 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -47,13 +47,16 @@ endif
KBUILD_CFLAGS += -mgeneral-regs-only \
$(compat_vdso) $(cc_has_k_constraint)
-KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
KBUILD_CFLAGS += $(call cc-disable-warning, psabi)
KBUILD_AFLAGS += $(compat_vdso)
KBUILD_CFLAGS += $(call cc-option,-mabi=lp64)
KBUILD_AFLAGS += $(call cc-option,-mabi=lp64)
+# Avoid generating .eh_frame* sections.
+KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
+KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
+
ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
prepare: stack_protector_prepare
stack_protector_prepare: prepare0
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 13fc2ec..c2b8426 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -94,7 +94,6 @@ SECTIONS
*(.discard.*)
*(.interp .dynamic)
*(.dynsym .dynstr .hash .gnu.hash)
- *(.eh_frame)
}
. = KIMAGE_VADDR + TEXT_OFFSET;
The following commit has been merged into the core/build branch of tip:
Commit-ID: d1c0272bc1c068f8c2cb3d1b395173602b0df6e7
Gitweb: https://git.kernel.org/tip/d1c0272bc1c068f8c2cb3d1b395173602b0df6e7
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:08 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/boot/compressed: Remove, discard, or assert for unwanted sections
In preparation for warning on orphan sections, stop the linker from
generating the .eh_frame* sections, discard unwanted non-zero-sized
generated sections, and enforce other expected-to-be-zero-sized sections
(since discarding them might hide problems with them suddenly gaining
unexpected entries).
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/vmlinux.lds.S | 14 ++++++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 753d572..5b7f6e1 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -50,6 +50,7 @@ GCOV_PROFILE := n
UBSAN_SANITIZE :=n
KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info)
# Compressed kernel should be built as PIE since it may be loaded at any
# address by the bootloader.
LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index ca544a1..02f6feb 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -72,6 +72,11 @@ SECTIONS
ELF_DETAILS
DISCARDS
+ /DISCARD/ : {
+ *(.dynamic) *(.dynsym) *(.dynstr) *(.dynbss)
+ *(.hash) *(.gnu.hash)
+ *(.note.*)
+ }
.got.plt (INFO) : {
*(.got.plt)
@@ -93,13 +98,18 @@ SECTIONS
}
ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+ .plt : {
+ *(.plt) *(.plt.*)
+ }
+ ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
+
.rel.dyn : {
- *(.rel.*)
+ *(.rel.*) *(.rel_*)
}
ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
.rela.dyn : {
- *(.rela.*)
+ *(.rela.*) *(.rela_*)
}
ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
}
The following commit has been merged into the core/build branch of tip:
Commit-ID: 414d2ff5e5f21049b6b242271a6a8579f9dffc1b
Gitweb: https://git.kernel.org/tip/414d2ff5e5f21049b6b242271a6a8579f9dffc1b
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:09 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/boot/compressed: Add missing debugging sections to output
Include the missing DWARF and STABS sections in the compressed image,
when they are present.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/boot/compressed/vmlinux.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 02f6feb..112b237 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -69,6 +69,8 @@ SECTIONS
. = ALIGN(PAGE_SIZE); /* keep ZO size page aligned */
_end = .;
+ STABS_DEBUG
+ DWARF_DEBUG
ELF_DETAILS
DISCARDS
The following commit has been merged into the core/build branch of tip:
Commit-ID: 815d680771ae09080d2da83dac2647c08cdf99ce
Gitweb: https://git.kernel.org/tip/815d680771ae09080d2da83dac2647c08cdf99ce
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:04 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/build: Enforce an empty .got.plt section
The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as INFO. This is more sensitive than just blindly
discarding the section.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035c..4b1b936 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
ELF_DETAILS
DISCARDS
-}
+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt (INFO) : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+ SIZEOF(.got.plt) == 0x18,
+#else
+ SIZEOF(.got.plt) == 0xc,
+#endif
+ "Unexpected GOT/PLT entries detected!")
+}
#ifdef CONFIG_X86_32
/*
The following commit has been merged into the core/build branch of tip:
Commit-ID: 7cf891a40057f851af74e68bacb01b90bd775b5d
Gitweb: https://git.kernel.org/tip/7cf891a40057f851af74e68bacb01b90bd775b5d
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:07 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/boot/compressed: Reorganize zero-size section asserts
For readability, move the zero-sized sections to the end after DISCARDS.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/boot/compressed/vmlinux.lds.S | 44 ++++++++++++++-----------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index 3c2ee9a..ca544a1 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -42,19 +42,6 @@ SECTIONS
*(.rodata.*)
_erodata = . ;
}
- .rel.dyn : {
- *(.rel.*)
- }
- .rela.dyn : {
- *(.rela.*)
- }
- .got : {
- *(.got)
- }
- .got.plt : {
- *(.got.plt)
- }
-
.data : {
_data = . ;
*(.data)
@@ -85,13 +72,34 @@ SECTIONS
ELF_DETAILS
DISCARDS
-}
-ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+ .got.plt (INFO) : {
+ *(.got.plt)
+ }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
#ifdef CONFIG_X86_64
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
+ SIZEOF(.got.plt) == 0x18,
#else
-ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
+ SIZEOF(.got.plt) == 0xc,
#endif
+ "Unexpected GOT/PLT entries detected!")
+
+ /*
+ * Sections that should stay zero sized, which is safer to
+ * explicitly check instead of blindly discarding.
+ */
+ .got : {
+ *(.got)
+ }
+ ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
+
+ .rel.dyn : {
+ *(.rel.*)
+ }
+ ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
-ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!")
+ .rela.dyn : {
+ *(.rela.*)
+ }
+ ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
+}
The following commit has been merged into the core/build branch of tip:
Commit-ID: d812db78288d76d1e8c6df3a840c41a8875f6468
Gitweb: https://git.kernel.org/tip/d812db78288d76d1e8c6df3a840c41a8875f6468
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:44 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 09:50:35 +02:00
vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections
KASAN (-fsanitize=kernel-address) and KCSAN (-fsanitize=thread)
produce unwanted[1] .eh_frame and .init_array.* sections. Add them to
COMMON_DISCARDS, except with CONFIG_CONSTRUCTORS, which wants to keep
.init_array.* sections.
[1] https://bugs.llvm.org/show_bug.cgi?id=46478
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Tested-by: Marco Elver <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
---
include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index f1f02a2..6b89a03 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -954,7 +954,27 @@
EXIT_DATA
#endif
+/*
+ * Clang's -fsanitize=kernel-address and -fsanitize=thread produce
+ * unwanted sections (.eh_frame and .init_array.*), but
+ * CONFIG_CONSTRUCTORS wants to keep any .init_array.* sections.
+ * https://bugs.llvm.org/show_bug.cgi?id=46478
+ */
+#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
+# ifdef CONFIG_CONSTRUCTORS
+# define SANITIZER_DISCARDS \
+ *(.eh_frame)
+# else
+# define SANITIZER_DISCARDS \
+ *(.init_array) *(.init_array.*) \
+ *(.eh_frame)
+# endif
+#else
+# define SANITIZER_DISCARDS
+#endif
+
#define COMMON_DISCARDS \
+ SANITIZER_DISCARDS \
*(.discard) \
*(.discard.*) \
*(.modinfo) \
The following commit has been merged into the core/build branch of tip:
Commit-ID: 512dd2eebe5585893412e0c8bec8dbfe2dead6c8
Gitweb: https://git.kernel.org/tip/512dd2eebe5585893412e0c8bec8dbfe2dead6c8
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:42:58 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
arm/build: Add missing sections
Add missing text stub sections .vfp11_veneer and .v4_bx, as well as
missing DWARF sections, when present in the build.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Cc: Russell King <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm/include/asm/vmlinux.lds.h | 4 +++-
arch/arm/kernel/vmlinux-xip.lds.S | 1 +
arch/arm/kernel/vmlinux.lds.S | 1 +
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index c4af518..6624dd9 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -59,7 +59,9 @@
#define ARM_STUBS_TEXT \
*(.gnu.warning) \
*(.glue_7) \
- *(.glue_7t)
+ *(.glue_7t) \
+ *(.vfp11_veneer) \
+ *(.v4_bx)
#define ARM_TEXT \
IDMAP_TEXT \
diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 57fcbf5..11ffa79 100644
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -150,6 +150,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ARM_DETAILS
}
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index 1d3d3b5..dc672fe 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -149,6 +149,7 @@ SECTIONS
_end = .;
STABS_DEBUG
+ DWARF_DEBUG
ARM_DETAILS
}
The following commit has been merged into the core/build branch of tip:
Commit-ID: 7e8c4ed2638d08a1604c87b60ed7161bf92e6f86
Gitweb: https://git.kernel.org/tip/7e8c4ed2638d08a1604c87b60ed7161bf92e6f86
Author: Kees Cook <[email protected]>
AuthorDate: Fri, 21 Aug 2020 12:43:01 -07:00
Committer: Ingo Molnar <[email protected]>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
arm/boot: Handle all sections explicitly
In preparation for warning on orphan sections, use common macros for
debug sections, discards, and text stubs. Add discards for unwanted .note,
and .rel sections.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Russell King <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/arm/boot/compressed/vmlinux.lds.S | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 09ac33f..b914be3 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2000 Russell King
*/
+#include <asm/vmlinux.lds.h>
#ifdef CONFIG_CPU_ENDIAN_BE8
#define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
@@ -17,8 +18,11 @@ ENTRY(_start)
SECTIONS
{
/DISCARD/ : {
+ COMMON_DISCARDS
*(.ARM.exidx*)
*(.ARM.extab*)
+ *(.note.*)
+ *(.rel.*)
/*
* Discard any r/w data - this produces a link error if we have any,
* which is required for PIC decompression. Local data generates
@@ -36,9 +40,7 @@ SECTIONS
*(.start)
*(.text)
*(.text.*)
- *(.gnu.warning)
- *(.glue_7t)
- *(.glue_7)
+ ARM_STUBS_TEXT
}
.table : ALIGN(4) {
_table_start = .;
@@ -128,12 +130,10 @@ SECTIONS
PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
PROVIDE(__pecoff_end = ALIGN(512));
- .stab 0 : { *(.stab) }
- .stabstr 0 : { *(.stabstr) }
- .stab.excl 0 : { *(.stab.excl) }
- .stab.exclstr 0 : { *(.stab.exclstr) }
- .stab.index 0 : { *(.stab.index) }
- .stab.indexstr 0 : { *(.stab.indexstr) }
- .comment 0 : { *(.comment) }
+ STABS_DEBUG
+ DWARF_DEBUG
+ ARM_DETAILS
+
+ ARM_ASSERTS
}
ASSERT(_edata_real == _edata, "error: zImage file size is incorrect");
On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
>
> * Ingo Molnar <[email protected]> wrote:
>
> >
> > * Ingo Molnar <[email protected]> wrote:
> >
> > >
> > > * Kees Cook <[email protected]> wrote:
> > >
> > > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > > Hi Ingo,
> > > > >
> > > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > > v5 and made a few small changes, noted below.
> > > >
> > > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > > go via -tip though! :)
> > > >
> > > > Thanks!
> > >
> > > I'll pick it up today, it all looks very good now!
> >
> > One thing I found in testing is that it doesn't handler older LD
> > versions well enough:
> >
> > ld: unrecognized option '--orphan-handling=warn'
Oh! Uhm, yikes. Thanks for noticing this.
> > Could we just detect the availability of this flag, and emit a warning
> > if it doesn't exist but otherwise not abort the build?
Yeah, I'll respin those patches.
> > This is with:
> >
> > GNU ld version 2.25-17.fc23
(At best, this is from 2015 ... but yes, min binutils in 2.23.)
>
> I've resolved this for now by not applying the 5 patches that add the
> actual orphan section warnings:
>
> arm64/build: Warn on orphan section placement
> arm/build: Warn on orphan section placement
> arm/boot: Warn on orphan section placement
> x86/build: Warn on orphan section placement
> x86/boot/compressed: Warn on orphan section placement
>
> The new asserts plus the actual fixes/enhancements are enough changes
> to test for now in any case. :-)
Yup! I'll respin the enabling patches. Thanks again!
--
Kees Cook
On Tue, Sep 1, 2020 at 8:17 AM Kees Cook <[email protected]> wrote:
>
> On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
> >
> > * Ingo Molnar <[email protected]> wrote:
> >
> > >
> > > * Ingo Molnar <[email protected]> wrote:
> > >
> > > >
> > > > * Kees Cook <[email protected]> wrote:
> > > >
> > > > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote:
> > > > > > Hi Ingo,
> > > > > >
> > > > > > Based on my testing, this is ready to go. I've reviewed the feedback on
> > > > > > v5 and made a few small changes, noted below.
> > > > >
> > > > > If no one objects, I'll pop this into my tree for -next. I'd prefer it
> > > > > go via -tip though! :)
> > > > >
> > > > > Thanks!
> > > >
> > > > I'll pick it up today, it all looks very good now!
> > >
> > > One thing I found in testing is that it doesn't handler older LD
> > > versions well enough:
> > >
> > > ld: unrecognized option '--orphan-handling=warn'
>
> Oh! Uhm, yikes. Thanks for noticing this.
>
> > > Could we just detect the availability of this flag, and emit a warning
> > > if it doesn't exist but otherwise not abort the build?
>
> Yeah, I'll respin those patches.
>
> > > This is with:
> > >
> > > GNU ld version 2.25-17.fc23
>
> (At best, this is from 2015 ... but yes, min binutils in 2.23.)
Ah, crap! Indeed arch/powerpc/Makefile wraps this in ld-option.
Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
me; let me send patches) How is that not an error? Yes, guilty,
officer.
commit 055efab3120b ("kbuild: drop support for cc-ldoption").
Did I not know how to use grep, or? No, it is
commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
that is wrong.
--
Thanks,
~Nick Desaulniers
On Tue, Sep 01, 2020 at 11:02:02AM -0700, Nick Desaulniers wrote:
> On Tue, Sep 1, 2020 at 8:17 AM Kees Cook <[email protected]> wrote:
> >
> > On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote:
> > > > This is with:
> > > >
> > > > GNU ld version 2.25-17.fc23
> >
> > (At best, this is from 2015 ... but yes, min binutils in 2.23.)
>
> Ah, crap! Indeed arch/powerpc/Makefile wraps this in ld-option.
Yeah, I totally missed that too. :)
> Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
> me; let me send patches) How is that not an error? Yes, guilty,
> officer.
> commit 055efab3120b ("kbuild: drop support for cc-ldoption").
> Did I not know how to use grep, or? No, it is
> commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
> that is wrong.
Eek, yeah, the vdso needs fixing; whoops. Lucky for my series, I only need
ld-option! ;)
(Doing test builds now...)
--
Kees Cook
On Tue, Sep 1, 2020 at 4:18 PM Kees Cook <[email protected]> wrote:
>
> On Tue, Sep 01, 2020 at 11:02:02AM -0700, Nick Desaulniers wrote:
> > Uh oh, the ppc vdso uses cc-ldoption which was removed! (I think by
> > me; let me send patches) How is that not an error? Yes, guilty,
> > officer.
> > commit 055efab3120b ("kbuild: drop support for cc-ldoption").
> > Did I not know how to use grep, or? No, it is
> > commit f2af201002a8 ("powerpc/build: vdso linker warning for orphan sections")
> > that is wrong.
>
> Eek, yeah, the vdso needs fixing; whoops. Lucky for my series, I only need
> ld-option! ;)
>
I didn't cc everyone here on that thread, but here's the series I sent
for it: https://lore.kernel.org/lkml/[email protected]/T/#u
.
--
Thanks,
~Nick Desaulniers
Hi Kees,
On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > In preparation for warning on orphan sections, discard
> > unwanted non-zero-sized generated sections, and enforce other
> > expected-to-be-zero-sized sections (since discarding them might hide
> > problems with them suddenly gaining unexpected entries).
> >
> > Suggested-by: Ard Biesheuvel <[email protected]>
> > Signed-off-by: Kees Cook <[email protected]>
>
> This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> sections") in v5.10-rc1, and is causing the following error with
> renesas_defconfig[1]:
>
> aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> `kernel/bpf/core.o' being placed in section `.eh_frame'
> aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
>
> I cannot reproduce this with the standard arm64 defconfig.
>
> I bisected the error to the aforementioned commit, but understand this
> is not the real reason. If I revert this commit, I still get:
>
> aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> `arch/arm64/kernel/head.o' being placed in section `.plt'
> aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> `kernel/bpf/core.o' being placed in section `.eh_frame'
>
> I.e. including the ".eh_frame" warning. I have tried bisecting that
> warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> placement"), which is another red herring.
kernel/bpf/core.o is the only file containing an eh_frame section,
causing the warning.
If I compile core.c with "-g" added, like arm64 defconfig does, the
eh_frame section is no longer emitted.
Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> Note that even on plain be2881824ae9eb92, I get:
>
> aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
>
> The parent commit obviously doesn't show that (but probably still has
> the problem).
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Hi Kees,
On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> In preparation for warning on orphan sections, discard
> unwanted non-zero-sized generated sections, and enforce other
> expected-to-be-zero-sized sections (since discarding them might hide
> problems with them suddenly gaining unexpected entries).
>
> Suggested-by: Ard Biesheuvel <[email protected]>
> Signed-off-by: Kees Cook <[email protected]>
This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
sections") in v5.10-rc1, and is causing the following error with
renesas_defconfig[1]:
aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'
aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
I cannot reproduce this with the standard arm64 defconfig.
I bisected the error to the aforementioned commit, but understand this
is not the real reason. If I revert this commit, I still get:
aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
`arch/arm64/kernel/head.o' being placed in section `.got.plt'
aarch64-linux-gnu-ld: warning: orphan section `.plt' from
`arch/arm64/kernel/head.o' being placed in section `.plt'
aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
`arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'
I.e. including the ".eh_frame" warning. I have tried bisecting that
warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
placement"), which is another red herring.
Note that even on plain be2881824ae9eb92, I get:
aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
The parent commit obviously doesn't show that (but probably still has
the problem).
Do you have a clue!
Thanks!
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -121,6 +121,14 @@ SECTIONS
> *(.got) /* Global offset table */
> }
>
> + /*
> + * Make sure that the .got.plt is either completely empty or it
> + * contains only the lazy dispatch entries.
> + */
> + .got.plt : { *(.got.plt) }
> + ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
> + "Unexpected GOT/PLT entries detected!")
> +
> . = ALIGN(SEGMENT_ALIGN);
> _etext = .; /* End of text section */
>
> @@ -243,6 +251,18 @@ SECTIONS
> ELF_DETAILS
>
> HEAD_SYMBOLS
> +
> + /*
> + * Sections that should stay zero sized, which is safer to
> + * explicitly check instead of blindly discarding.
> + */
> + .plt : {
> + *(.plt) *(.plt.*) *(.iplt) *(.igot)
> + }
> + ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
> +
> + .data.rel.ro : { *(.data.rel.ro) }
> + ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
> }
>
> #include "image-vars.h"
[1] https://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel.git/log/?h=topic/renesas-defconfig
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > In preparation for warning on orphan sections, discard
> > > unwanted non-zero-sized generated sections, and enforce other
> > > expected-to-be-zero-sized sections (since discarding them might hide
> > > problems with them suddenly gaining unexpected entries).
> > >
> > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > Signed-off-by: Kees Cook <[email protected]>
> >
> > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > sections") in v5.10-rc1, and is causing the following error with
> > renesas_defconfig[1]:
> >
> > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> >
> > I cannot reproduce this with the standard arm64 defconfig.
> >
> > I bisected the error to the aforementioned commit, but understand this
> > is not the real reason. If I revert this commit, I still get:
> >
> > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > `kernel/bpf/core.o' being placed in section `.eh_frame'
> >
> > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > placement"), which is another red herring.
>
> kernel/bpf/core.o is the only file containing an eh_frame section,
> causing the warning.
> If I compile core.c with "-g" added, like arm64 defconfig does, the
> eh_frame section is no longer emitted.
>
> Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
>
> > Note that even on plain be2881824ae9eb92, I get:
> >
> > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> >
> > The parent commit obviously doesn't show that (but probably still has
> > the problem).
Reverting both
b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
seems to solve my problems, without any ill effects?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
>
> On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > In preparation for warning on orphan sections, discard
> > > > unwanted non-zero-sized generated sections, and enforce other
> > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > problems with them suddenly gaining unexpected entries).
> > > >
> > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > Signed-off-by: Kees Cook <[email protected]>
> > >
> > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > sections") in v5.10-rc1, and is causing the following error with
> > > renesas_defconfig[1]:
> > >
> > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > >
> > > I cannot reproduce this with the standard arm64 defconfig.
> > >
> > > I bisected the error to the aforementioned commit, but understand this
> > > is not the real reason. If I revert this commit, I still get:
> > >
> > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > >
> > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > placement"), which is another red herring.
> >
> > kernel/bpf/core.o is the only file containing an eh_frame section,
> > causing the warning.
> > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > eh_frame section is no longer emitted.
> >
> > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> >
> > > Note that even on plain be2881824ae9eb92, I get:
> > >
> > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > >
> > > The parent commit obviously doesn't show that (but probably still has
> > > the problem).
>
> Reverting both
> b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> seems to solve my problems, without any ill effects?
>
I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
The presence of .data.rel.ro and .got.plt sections suggests that the
toolchain is using -fpie and/or -z relro to build shared objects
rather than a fully linked bare metal binary.
Which toolchain are you using? Does adding -fno-pie to the compiler
command line and/or adding -z norelro to the linker command line make
any difference?
Hi Ard,
On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > In preparation for warning on orphan sections, discard
> > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > problems with them suddenly gaining unexpected entries).
> > > > >
> > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > Signed-off-by: Kees Cook <[email protected]>
> > > >
> > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > sections") in v5.10-rc1, and is causing the following error with
> > > > renesas_defconfig[1]:
> > > >
> > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > I cannot reproduce this with the standard arm64 defconfig.
> > > >
> > > > I bisected the error to the aforementioned commit, but understand this
> > > > is not the real reason. If I revert this commit, I still get:
> > > >
> > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > >
> > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > placement"), which is another red herring.
> > >
> > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > causing the warning.
> > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > eh_frame section is no longer emitted.
> > >
> > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > >
> > > > Note that even on plain be2881824ae9eb92, I get:
> > > >
> > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > The parent commit obviously doesn't show that (but probably still has
> > > > the problem).
> >
> > Reverting both
> > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > seems to solve my problems, without any ill effects?
> >
>
> I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
>
> The presence of .data.rel.ro and .got.plt sections suggests that the
> toolchain is using -fpie and/or -z relro to build shared objects
> rather than a fully linked bare metal binary.
>
> Which toolchain are you using? Does adding -fno-pie to the compiler
gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) from Ubuntu 20.04LTS.
> command line and/or adding -z norelro to the linker command line make
> any difference?
I'll give that a try later...
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
<[email protected]> wrote:
>
> Hi Ard,
>
> On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > In preparation for warning on orphan sections, discard
> > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > problems with them suddenly gaining unexpected entries).
> > > > > >
> > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > >
> > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > renesas_defconfig[1]:
> > > > >
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > >
> > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > is not the real reason. If I revert this commit, I still get:
> > > > >
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >
> > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > placement"), which is another red herring.
> > > >
> > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > causing the warning.
When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
missing from someone's KBUILD_CFLAGS.
But I don't see anything curious in kernel/bpf/Makefile, unless
cc-disable-warning is somehow broken.
> > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > eh_frame section is no longer emitted.
> > > >
> > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > >
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > The presence of .data.rel.ro and .got.plt sections suggests that the
> > toolchain is using -fpie and/or -z relro to build shared objects
> > rather than a fully linked bare metal binary.
> >
> > Which toolchain are you using? Does adding -fno-pie to the compiler
>
> gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) from Ubuntu 20.04LTS.
>
> > command line and/or adding -z norelro to the linker command line make
> > any difference?
>
> I'll give that a try later...
This patch just got picked up into the for-next branch of the arm64
tree; it enables `-z norelro` regardless of configs.
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
If you apply that, that should help you test `-z norelro` quickly.
--
Thanks,
~Nick Desaulniers
Hi Nick,
On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
<[email protected]> wrote:
> On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > >
> > > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > > >
> > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > renesas_defconfig[1]:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > >
> > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > is not the real reason. If I revert this commit, I still get:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >
> > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > placement"), which is another red herring.
> > > > >
> > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > causing the warning.
>
> When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> missing from someone's KBUILD_CFLAGS.
> But I don't see anything curious in kernel/bpf/Makefile, unless
> cc-disable-warning is somehow broken.
Yeah, I noticed it's added in arch/arm64/Makefile, and verified that it is
actually passed when building kernel/bpf/core.o.
> > > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > > eh_frame section is no longer emitted.
> > > > >
> > > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > > >
> > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > the problem).
> > > >
> > > > Reverting both
> > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > seems to solve my problems, without any ill effects?
> > > >
> > >
> > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > The presence of .data.rel.ro and .got.plt sections suggests that the
> > > toolchain is using -fpie and/or -z relro to build shared objects
> > > rather than a fully linked bare metal binary.
> > >
> > > Which toolchain are you using? Does adding -fno-pie to the compiler
> >
> > gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) from Ubuntu 20.04LTS.
> >
> > > command line and/or adding -z norelro to the linker command line make
> > > any difference?
> >
> > I'll give that a try later...
>
> This patch just got picked up into the for-next branch of the arm64
> tree; it enables `-z norelro` regardless of configs.
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
> If you apply that, that should help you test `-z norelro` quickly.
Thanks, will give that a try, too.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Hi Ard,
On Mon, Oct 26, 2020 at 6:43 PM Geert Uytterhoeven <[email protected]> wrote:
> On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > In preparation for warning on orphan sections, discard
> > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > problems with them suddenly gaining unexpected entries).
> > > > > >
> > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > >
> > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > renesas_defconfig[1]:
> > > > >
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > >
> > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > is not the real reason. If I revert this commit, I still get:
> > > > >
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > >
> > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > placement"), which is another red herring.
> > > >
> > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > causing the warning.
> > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > eh_frame section is no longer emitted.
> > > >
> > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > >
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > The presence of .data.rel.ro and .got.plt sections suggests that the
> > toolchain is using -fpie and/or -z relro to build shared objects
> > rather than a fully linked bare metal binary.
> >
> > Which toolchain are you using? Does adding -fno-pie to the compiler
>
> gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) from Ubuntu 20.04LTS.
>
> > command line and/or adding -z norelro to the linker command line make
> > any difference?
>
> I'll give that a try later...
Adding -fno-pie to KBUILD_AFLAGS and KBUILD_CFLAGS doesn't
make a difference.
Same for adding -z norelno to the final link command:
aarch64-linux-gnu-ld: warning: -z norelno ignored
aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
`kernel/bpf/core.o' being placed in section `.eh_frame'
aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Hi Jean-Philippe,
On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
<[email protected]> wrote:
> On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > >
> > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > >
> > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > the problem).
> > >
> > > Reverting both
> > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > seems to solve my problems, without any ill effects?
> > >
> >
> > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
>
> I have the same problem with one of my debug configs and Linux v5.10-rc1,
> and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> defconfig and disabling CONFIG_MODULES:
>
> ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> ld: Unexpected GOT/PLT entries detected!
> ld: Unexpected run-time procedure linkages detected!
>
> Adding -fno-pie to this command doesn't fix the problem.
>
> Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> addition to the error, but I don't get that warning with the 8.3.0
> toolchain.
Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
Enabling that fixes the link error due to unexpected entries, but the
.eh_frame orphan section warning is still there.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Tue, 27 Oct 2020 at 17:00, Ard Biesheuvel <[email protected]> wrote:
>
> On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <[email protected]> wrote:
> >
> > Hi Jean-Philippe,
> >
> > On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > > defconfig and disabling CONFIG_MODULES:
> > >
> > > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > > ld: Unexpected GOT/PLT entries detected!
> > > ld: Unexpected run-time procedure linkages detected!
ld: Unexpected GOT/PLT entries detected!
ld: Unexpected run-time procedure linkages detected!
The arm64 build error fixed by (I have tested defconfig)
[PATCH] soc: qcom: QCOM_RPMH fix build with modular QCOM_RPMH
https://lore.kernel.org/linux-arm-msm/[email protected]/
---
When building allmodconfig leading to the following link error with
CONFIG_QCOM_RPMH=y and CONFIG_QCOM_COMMAND_DB=m:
aarch64-linux-gnu-ld: drivers/clk/qcom/clk-rpmh.o: in function `clk_rpmh_probe':
drivers/clk/qcom/clk-rpmh.c:474: undefined reference to `cmd_db_read_addr'
drivers/clk/qcom/clk-rpmh.c:474:(.text+0x254): relocation truncated
to fit: R_AARCH64_CALL26 against undefined symbol `cmd_db_read_addr'
Fix this by adding a Kconfig depenency and forcing QCOM_RPMH to be a
module when QCOM_COMMAND_DB is a module. Also removing the dependency on
'ARCH_QCOM || COMPILE_TEST' since that is already a dependency for
QCOM_COMMAND_DB.
Fixes: 778279f4f5e4 ("soc: qcom: cmd-db: allow loading as a module")
Signed-off-by: Anders Roxell <[email protected]>
---
drivers/soc/qcom/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 9b4ae9c16ba7..3bdd1604f78f 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -109,7 +109,7 @@ config QCOM_RMTFS_MEM
config QCOM_RPMH
tristate "Qualcomm RPM-Hardened (RPMH) Communication"
- depends on ARCH_QCOM || COMPILE_TEST
+ depends on QCOM_COMMAND_DB
help
Support for communication with the hardened-RPM blocks in
Qualcomm Technologies Inc (QTI) SoCs. RPMH communication uses an
--
2.28.0
- Naresh
Hi Nick,
On Mon, Oct 26, 2020 at 6:53 PM Geert Uytterhoeven <[email protected]> wrote:
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > > >
> > > > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > > > >
> > > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > > renesas_defconfig[1]:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > > >
> > > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > > is not the real reason. If I revert this commit, I still get:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> Yeah, I noticed it's added in arch/arm64/Makefile, and verified that it is
> actually passed when building kernel/bpf/core.o.
>
> > > > > > If I compile core.c with "-g" added, like arm64 defconfig does, the
> > > > > > eh_frame section is no longer emitted.
> > > > > >
> > > > > > Hence setting CONFIG_DEBUG_INFO=y, cfr. arm64 defconfig, the warning
> > > > > > is gone, but I'm back to the the "Unexpected GOT/PLT entries" below...
> > > > > >
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > > >
> > > > The presence of .data.rel.ro and .got.plt sections suggests that the
> > > > toolchain is using -fpie and/or -z relro to build shared objects
> > > > rather than a fully linked bare metal binary.
> > > >
> > > > Which toolchain are you using? Does adding -fno-pie to the compiler
> > >
> > > gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) from Ubuntu 20.04LTS.
> > >
> > > > command line and/or adding -z norelro to the linker command line make
> > > > any difference?
> > >
> > > I'll give that a try later...
> >
> > This patch just got picked up into the for-next branch of the arm64
> > tree; it enables `-z norelro` regardless of configs.
> > https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?h=for-next/core&id=3b92fa7485eba16b05166fddf38ab42f2ff6ab95
> > If you apply that, that should help you test `-z norelro` quickly.
>
> Thanks, will give that a try, too.
Commit 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 is part of v5.10-rc1,
so it was already included, and thus doesn't fix the issue.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Hi,
On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > Note that even on plain be2881824ae9eb92, I get:
> > > >
> > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > >
> > > > The parent commit obviously doesn't show that (but probably still has
> > > > the problem).
> >
> > Reverting both
> > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > seems to solve my problems, without any ill effects?
> >
>
> I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
I have the same problem with one of my debug configs and Linux v5.10-rc1,
and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
defconfig and disabling CONFIG_MODULES:
ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
ld: Unexpected GOT/PLT entries detected!
ld: Unexpected run-time procedure linkages detected!
Adding -fno-pie to this command doesn't fix the problem.
Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
addition to the error, but I don't get that warning with the 8.3.0
toolchain.
Thanks,
Jean
>
> The presence of .data.rel.ro and .got.plt sections suggests that the
> toolchain is using -fpie and/or -z relro to build shared objects
> rather than a fully linked bare metal binary.
>
> Which toolchain are you using? Does adding -fno-pie to the compiler
> command line and/or adding -z norelro to the linker command line make
> any difference?
>
> _______________________________________________
> linux-arm-kernel mailing list
> [email protected]
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <[email protected]> wrote:
>
> Hi Jean-Philippe,
>
> On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > the problem).
> > > >
> > > > Reverting both
> > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > seems to solve my problems, without any ill effects?
> > > >
> > >
> > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> >
> > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > defconfig and disabling CONFIG_MODULES:
> >
> > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > ld: Unexpected GOT/PLT entries detected!
> > ld: Unexpected run-time procedure linkages detected!
> >
> > Adding -fno-pie to this command doesn't fix the problem.
> >
> > Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> > get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> > addition to the error, but I don't get that warning with the 8.3.0
> > toolchain.
>
> Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
> Enabling that fixes the link error due to unexpected entries, but the
> .eh_frame orphan section warning is still there.
>
Looks like this is caused by the VFIO driver doing nasty things with
symbol_get(), resulting in weak symbol references being emitted. Since
taking the address of a weak symbol can yield NULL, the only way for
the linker to accommodate this is to use GOT indirection for the
direct symbol reference, so that the GOT entry can be set to NULL if
the reference is not satisfied at link time.
On Tue, 27 Oct 2020 at 12:29, Ard Biesheuvel <[email protected]> wrote:
>
> On Tue, 27 Oct 2020 at 11:20, Geert Uytterhoeven <[email protected]> wrote:
> >
> > Hi Jean-Philippe,
> >
> > On Tue, Oct 27, 2020 at 11:09 AM Jean-Philippe Brucker
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 06:38:46PM +0100, Ard Biesheuvel wrote:
> > > > > > > Note that even on plain be2881824ae9eb92, I get:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > The parent commit obviously doesn't show that (but probably still has
> > > > > > > the problem).
> > > > >
> > > > > Reverting both
> > > > > b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section placement")
> > > > > be2881824ae9eb92 ("arm64/build: Assert for unwanted sections")
> > > > > seems to solve my problems, without any ill effects?
> > > > >
> > > >
> > > > I cannot reproduce the issue here with my distro GCC+binutils (Debian 8.3.0)
> > >
> > > I have the same problem with one of my debug configs and Linux v5.10-rc1,
> > > and can reproduce with the Debian 8.3.0 toolchain, by using the arm64
> > > defconfig and disabling CONFIG_MODULES:
> > >
> > > ld -EL -maarch64elf --no-undefined -X -z norelro -shared -Bsymbolic -z notext --no-apply-dynamic-relocs --fix-cortex-a53-843419 --orphan-handling=warn --build-id=sha1 --strip-debug -o .tmp_vmlinux.kallsyms1 -T ./arch/arm64/kernel/vmlinux.lds --whole-archive arch/arm64/kernel/head.o init/built-in.a usr/built-in.a arch/arm64/built-in.a kernel/built-in.a certs/built-in.a mm/built-in.a fs/built-in.a ipc/built-in.a security/built-in.a crypto/built-in.a block/built-in.a arch/arm64/lib/built-in.a lib/built-in.a drivers/built-in.a sound/built-in.a net/built-in.a virt/built-in.a --no-whole-archive --start-group arch/arm64/lib/lib.a lib/lib.a ./drivers/firmware/efi/libstub/lib.a --end-group
> > > ld: Unexpected GOT/PLT entries detected!
> > > ld: Unexpected run-time procedure linkages detected!
> > >
> > > Adding -fno-pie to this command doesn't fix the problem.
> > >
> > > Note that when cross-building with a GCC 10.2 and binutils 2.35.1 I also
> > > get several "aarch64-linux-gnu-ld: warning: -z norelro ignored" in
> > > addition to the error, but I don't get that warning with the 8.3.0
> > > toolchain.
> >
> > Thanks, my config (renesas_defconfig) also had CONFIG_MODULES disabled.
> > Enabling that fixes the link error due to unexpected entries, but the
> > .eh_frame orphan section warning is still there.
> >
>
> Looks like this is caused by the VFIO driver doing nasty things with
> symbol_get(), resulting in weak symbol references being emitted. Since
> taking the address of a weak symbol can yield NULL, the only way for
> the linker to accommodate this is to use GOT indirection for the
> direct symbol reference, so that the GOT entry can be set to NULL if
> the reference is not satisfied at link time.
This seems to do the trick for me.
diff --git a/include/linux/module.h b/include/linux/module.h
index 7ccdf87f376f..6264617bab4d 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -740,7 +740,7 @@ static inline bool within_module(unsigned long
addr, const struct module *mod)
}
/* Get/put a kernel symbol (calls should be symmetric) */
-#define symbol_get(x) ({ extern typeof(x) x __attribute__((weak)); &(x); })
+#define symbol_get(x) ({ extern typeof(x) x
__attribute__((weak,visibility("hidden"))); &(x); })
#define symbol_put(x) do { } while (0)
#define symbol_put_addr(x) do { } while (0)
Hi Nick,
CC Josh
On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
<[email protected]> wrote:
> On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > >
> > > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > > >
> > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > renesas_defconfig[1]:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > >
> > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > >
> > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > is not the real reason. If I revert this commit, I still get:
> > > > > >
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > >
> > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > placement"), which is another red herring.
> > > > >
> > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > causing the warning.
>
> When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> missing from someone's KBUILD_CFLAGS.
> But I don't see anything curious in kernel/bpf/Makefile, unless
> cc-disable-warning is somehow broken.
I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
is generated. Removing the __no_fgcse tag fixes that.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Tue, 27 Oct 2020 at 20:25, Geert Uytterhoeven <[email protected]> wrote:
>
> Hi Nick,
>
> CC Josh
>
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Fri, Aug 21, 2020 at 9:56 PM Kees Cook <[email protected]> wrote:
> > > > > > > > In preparation for warning on orphan sections, discard
> > > > > > > > unwanted non-zero-sized generated sections, and enforce other
> > > > > > > > expected-to-be-zero-sized sections (since discarding them might hide
> > > > > > > > problems with them suddenly gaining unexpected entries).
> > > > > > > >
> > > > > > > > Suggested-by: Ard Biesheuvel <[email protected]>
> > > > > > > > Signed-off-by: Kees Cook <[email protected]>
> > > > > > >
> > > > > > > This is now commit be2881824ae9eb92 ("arm64/build: Assert for unwanted
> > > > > > > sections") in v5.10-rc1, and is causing the following error with
> > > > > > > renesas_defconfig[1]:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > > aarch64-linux-gnu-ld: Unexpected GOT/PLT entries detected!
> > > > > > > aarch64-linux-gnu-ld: Unexpected run-time procedure linkages detected!
> > > > > > >
> > > > > > > I cannot reproduce this with the standard arm64 defconfig.
> > > > > > >
> > > > > > > I bisected the error to the aforementioned commit, but understand this
> > > > > > > is not the real reason. If I revert this commit, I still get:
> > > > > > >
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.got.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.got.plt'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.plt' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.plt'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.data.rel.ro' from
> > > > > > > `arch/arm64/kernel/head.o' being placed in section `.data.rel.ro'
> > > > > > > aarch64-linux-gnu-ld: warning: orphan section `.eh_frame' from
> > > > > > > `kernel/bpf/core.o' being placed in section `.eh_frame'
> > > > > > >
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
>
> Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> is generated. Removing the __no_fgcse tag fixes that.
>
Given that it was added for issues related to retpolines, ORC and
objtool, it should be safe to make that annotation x86-only.
On Tue, Oct 27, 2020 at 08:33:00PM +0100, Ard Biesheuvel wrote:
> On Tue, 27 Oct 2020 at 20:25, Geert Uytterhoeven <[email protected]> wrote:
> > >
> > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > missing from someone's KBUILD_CFLAGS.
> > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > cc-disable-warning is somehow broken.
> >
> > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> >
> > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > is generated. Removing the __no_fgcse tag fixes that.
> >
>
>
> Given that it was added for issues related to retpolines, ORC and
> objtool, it should be safe to make that annotation x86-only.
The optimize attribute is not meant for production use. I had mentioned
this at the time but it got lost: the optimize attribute apparently does
not add options, it replaces them completely. So I'm guessing this one
is dropping the -fno-asynchronous-unwind-tables and causing the eh_frame
sections, though I don't know why that doesn't cause eh_frame on x86?
https://lore.kernel.org/lkml/[email protected]/
On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
<[email protected]> wrote:
>
> Hi Nick,
>
> CC Josh
>
> On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> <[email protected]> wrote:
> > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > placement"), which is another red herring.
> > > > > >
> > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > causing the warning.
> >
> > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > missing from someone's KBUILD_CFLAGS.
> > But I don't see anything curious in kernel/bpf/Makefile, unless
> > cc-disable-warning is somehow broken.
>
> I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
>
> Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> is generated. Removing the __no_fgcse tag fixes that.
That's weird. I feel pretty strongly that unless we're working around
a well understood compiler bug with a comment that links to a
submitted bug report, turning off rando compiler optimizations is a
terrible hack for which one must proceed straight to jail; do not pass
go; do not collect $200. But maybe I'd feel differently for this case
given the context of the change that added it. (Ard mentions
retpolines+orc+objtool; can someone share the relevant SHA if you have
it handy so I don't have to go digging?) (I feel the same about there
being an empty asm(); statement in the definition of asm_volatile_goto
for compiler-gcc.h). Might be time to "fix the compiler."
(It sounds like Arvind is both in agreement with my sentiment, and has
the root cause).
--
Thanks,
~Nick Desaulniers
On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <[email protected]> wrote:
>
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <[email protected]> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <[email protected]> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated. Removing the __no_fgcse tag fixes that.
> >
> > That's weird. I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200. But maybe I'd feel differently for this case
> > given the context of the change that added it. (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
>
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <[email protected]>
> Date: Wed Jul 17 20:36:45 2019 -0500
>
> bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
>
> has
>
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
>
> and mentions objtool and CONFIG_RETPOLINE.
>
> > (I feel the same about there
> > being an empty asm(); statement in the definition of asm_volatile_goto
> > for compiler-gcc.h). Might be time to "fix the compiler."
> >
> > (It sounds like Arvind is both in agreement with my sentiment, and has
> > the root cause).
> >
>
> I agree that the __no_fgcse hack is terrible. Does Clang support the
> following pragmas?
>
> #pragma GCC push_options
> #pragma GCC optimize ("-fno-gcse")
> #pragma GCC pop_options
>
> ?
Put it in godbolt.org. Pretty sure it's `#pragma clang` though.
`#pragma GCC` might be supported in clang or silently ignored, but
IIRC pragmas were a bit of a compat nightmare. I think Arnd wrote
some macros to set pragmas based on toolchain. (Uses _Pragma, for
pragmas in macros, IIRC).
--
Thanks,
~Nick Desaulniers
(+ right linux-toolchains mailing list, apologies for adding the wrong
one, I'm forever doomed to have gmail autocomplete to the wrong one
now that I've sent to it before)
On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <[email protected]> wrote:
>
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <[email protected]> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <[email protected]> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated. Removing the __no_fgcse tag fixes that.
> >
> > That's weird. I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200. But maybe I'd feel differently for this case
> > given the context of the change that added it. (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
>
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <[email protected]>
> Date: Wed Jul 17 20:36:45 2019 -0500
>
> bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
>
> has
>
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
>
> and mentions objtool and CONFIG_RETPOLINE.
Thanks for the context. It might be time to revisit the above commit.
If I revert it (small conflict that's easy to fixup),
kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
obtool did get smart enough to handle that case? Probably regresses
the performance of that main dispatch loop for BPF, but not sure what
folks are expecting when retpolines are enabled.
--
Thanks,
~Nick Desaulniers
On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> On Tue, Oct 27, 2020 at 1:15 PM Ard Biesheuvel <[email protected]> wrote:
> >
> > On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <[email protected]> wrote:
> > >
> > > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > > <[email protected]> wrote:
> > > >
> > > > Hi Nick,
> > > >
> > > > CC Josh
> > > >
> > > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > > <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > > <[email protected]> wrote:
> > > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > > placement"), which is another red herring.
> > > > > > > > >
> > > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > > causing the warning.
> > > > >
> > > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > > missing from someone's KBUILD_CFLAGS.
> > > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > > cc-disable-warning is somehow broken.
> > > >
> > > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > > >
> > > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > > is generated. Removing the __no_fgcse tag fixes that.
> > >
> > > That's weird. I feel pretty strongly that unless we're working around
> > > a well understood compiler bug with a comment that links to a
> > > submitted bug report, turning off rando compiler optimizations is a
> > > terrible hack for which one must proceed straight to jail; do not pass
> > > go; do not collect $200. But maybe I'd feel differently for this case
> > > given the context of the change that added it. (Ard mentions
> > > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > > it handy so I don't have to go digging?)
> >
> > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > Author: Josh Poimboeuf <[email protected]>
> > Date: Wed Jul 17 20:36:45 2019 -0500
> >
> > bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> >
> > has
> >
> > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> >
> > and mentions objtool and CONFIG_RETPOLINE.
> >
> > > (I feel the same about there
> > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > for compiler-gcc.h). Might be time to "fix the compiler."
> > >
> > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > the root cause).
> > >
> >
> > I agree that the __no_fgcse hack is terrible. Does Clang support the
> > following pragmas?
> >
> > #pragma GCC push_options
> > #pragma GCC optimize ("-fno-gcse")
> > #pragma GCC pop_options
> >
> > ?
>
> Put it in godbolt.org. Pretty sure it's `#pragma clang` though.
> `#pragma GCC` might be supported in clang or silently ignored, but
> IIRC pragmas were a bit of a compat nightmare. I think Arnd wrote
> some macros to set pragmas based on toolchain. (Uses _Pragma, for
> pragmas in macros, IIRC).
>
> --
> Thanks,
> ~Nick Desaulniers
https://gcc.gnu.org/onlinedocs/gcc/Function-Specific-Option-Pragmas.html#Function-Specific-Option-Pragmas
#pragma GCC optimize is equivalent to the function attribute, so does
that actually help?
Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
4.9, so the hack could be dropped now?
On Tue, Oct 27, 2020 at 01:28:02PM -0700, Nick Desaulniers wrote:
> > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > Author: Josh Poimboeuf <[email protected]>
> > Date: Wed Jul 17 20:36:45 2019 -0500
> >
> > bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> >
> > has
> >
> > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> >
> > and mentions objtool and CONFIG_RETPOLINE.
>
> Thanks for the context. It might be time to revisit the above commit.
> If I revert it (small conflict that's easy to fixup),
> kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
> obtool did get smart enough to handle that case? Probably regresses
> the performance of that main dispatch loop for BPF, but not sure what
> folks are expecting when retpolines are enabled.
> --
> Thanks,
> ~Nick Desaulniers
The objtool issue was with RETPOLINE disabled.
On Tue, Oct 27, 2020 at 1:30 PM Arvind Sankar <[email protected]> wrote:
>
> On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> > > > (I feel the same about there
> > > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > > for compiler-gcc.h). Might be time to "fix the compiler."
> > > >
> > > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > > the root cause).
> > > >
> Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
> 4.9, so the hack could be dropped now?
https://lore.kernel.org/lkml/[email protected]/
For the life of me I can't find Linus' response. Maybe he shot it
down in the PR, but I can't find it...Miguel do you recall? I could
paraphrase, but might be better to not rely on my memory.
--
Thanks,
~Nick Desaulniers
On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <[email protected]> wrote:
>
> On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> <[email protected]> wrote:
> >
> > Hi Nick,
> >
> > CC Josh
> >
> > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > <[email protected]> wrote:
> > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > placement"), which is another red herring.
> > > > > > >
> > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > causing the warning.
> > >
> > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > missing from someone's KBUILD_CFLAGS.
> > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > cc-disable-warning is somehow broken.
> >
> > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> >
> > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > is generated. Removing the __no_fgcse tag fixes that.
>
> That's weird. I feel pretty strongly that unless we're working around
> a well understood compiler bug with a comment that links to a
> submitted bug report, turning off rando compiler optimizations is a
> terrible hack for which one must proceed straight to jail; do not pass
> go; do not collect $200. But maybe I'd feel differently for this case
> given the context of the change that added it. (Ard mentions
> retpolines+orc+objtool; can someone share the relevant SHA if you have
> it handy so I don't have to go digging?)
commit 3193c0836f203a91bef96d88c64cccf0be090d9c
Author: Josh Poimboeuf <[email protected]>
Date: Wed Jul 17 20:36:45 2019 -0500
bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
has
Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
and mentions objtool and CONFIG_RETPOLINE.
> (I feel the same about there
> being an empty asm(); statement in the definition of asm_volatile_goto
> for compiler-gcc.h). Might be time to "fix the compiler."
>
> (It sounds like Arvind is both in agreement with my sentiment, and has
> the root cause).
>
I agree that the __no_fgcse hack is terrible. Does Clang support the
following pragmas?
#pragma GCC push_options
#pragma GCC optimize ("-fno-gcse")
#pragma GCC pop_options
?
On Tue, Oct 27, 2020 at 1:32 PM Arvind Sankar <[email protected]> wrote:
>
> On Tue, Oct 27, 2020 at 01:28:02PM -0700, Nick Desaulniers wrote:
> > > commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> > > Author: Josh Poimboeuf <[email protected]>
> > > Date: Wed Jul 17 20:36:45 2019 -0500
> > >
> > > bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
> > >
> > > has
> > >
> > > Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
> > >
> > > and mentions objtool and CONFIG_RETPOLINE.
> >
> > Thanks for the context. It might be time to revisit the above commit.
> > If I revert it (small conflict that's easy to fixup),
> > kernel/bpf/core.o builds cleanly with defconfig+GCC-9.3, so maybe
> > obtool did get smart enough to handle that case? Probably regresses
> > the performance of that main dispatch loop for BPF, but not sure what
> > folks are expecting when retpolines are enabled.
> > --
> > Thanks,
> > ~Nick Desaulniers
>
> The objtool issue was with RETPOLINE disabled.
Ah, sorry, in that case default-CONFIG_RETPOLINE+gcc-9.3:
kernel/bpf/core.o: warning: objtool: ___bpf_prog_run()+0x8d4: sibling
call from callable instruction with modified stack frame
--
Thanks,
~Nick Desaulniers
On Tue, Oct 27, 2020 at 01:40:43PM -0700, Nick Desaulniers wrote:
> On Tue, Oct 27, 2020 at 1:30 PM Arvind Sankar <[email protected]> wrote:
> >
> > On Tue, Oct 27, 2020 at 01:17:55PM -0700, Nick Desaulniers wrote:
> > > > > (I feel the same about there
> > > > > being an empty asm(); statement in the definition of asm_volatile_goto
> > > > > for compiler-gcc.h). Might be time to "fix the compiler."
> > > > >
> > > > > (It sounds like Arvind is both in agreement with my sentiment, and has
> > > > > the root cause).
> > > > >
> > Btw, the bug mentioned in asm_volatile_goto seems like its been fixed in
> > 4.9, so the hack could be dropped now?
>
> https://lore.kernel.org/lkml/[email protected]/
>
> For the life of me I can't find Linus' response. Maybe he shot it
> down in the PR, but I can't find it...Miguel do you recall? I could
> paraphrase, but might be better to not rely on my memory.
> --
> Thanks,
> ~Nick Desaulniers
You couldn't find it in July either :)
https://lkml.org/lkml/2020/7/10/1026
Possibly he didn't like the version check? That should be unnecessary now.
On Tue, Oct 27, 2020 at 09:15:17PM +0100, Ard Biesheuvel wrote:
> On Tue, 27 Oct 2020 at 21:12, Nick Desaulniers <[email protected]> wrote:
> >
> > On Tue, Oct 27, 2020 at 12:25 PM Geert Uytterhoeven
> > <[email protected]> wrote:
> > >
> > > Hi Nick,
> > >
> > > CC Josh
> > >
> > > On Mon, Oct 26, 2020 at 6:49 PM Nick Desaulniers
> > > <[email protected]> wrote:
> > > > On Mon, Oct 26, 2020 at 10:44 AM Geert Uytterhoeven
> > > > <[email protected]> wrote:
> > > > > On Mon, Oct 26, 2020 at 6:39 PM Ard Biesheuvel <[email protected]> wrote:
> > > > > > On Mon, 26 Oct 2020 at 17:01, Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > On Mon, Oct 26, 2020 at 2:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > On Mon, Oct 26, 2020 at 1:29 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > > > > > > I.e. including the ".eh_frame" warning. I have tried bisecting that
> > > > > > > > > warning (i.e. with be2881824ae9eb92 reverted), but that leads me to
> > > > > > > > > commit b3e5d80d0c48c0cc ("arm64/build: Warn on orphan section
> > > > > > > > > placement"), which is another red herring.
> > > > > > > >
> > > > > > > > kernel/bpf/core.o is the only file containing an eh_frame section,
> > > > > > > > causing the warning.
> > > >
> > > > When I see .eh_frame, I think -fno-asynchronous-unwind-tables is
> > > > missing from someone's KBUILD_CFLAGS.
> > > > But I don't see anything curious in kernel/bpf/Makefile, unless
> > > > cc-disable-warning is somehow broken.
> > >
> > > I tracked it down to kernel/bpf/core.c:___bpf_prog_run() being tagged
> > > with __no_fgcse aka __attribute__((optimize("-fno-gcse"))).
> > >
> > > Even if the function is trivially empty ("return 0;"), a ".eh_frame" section
> > > is generated. Removing the __no_fgcse tag fixes that.
> >
> > That's weird. I feel pretty strongly that unless we're working around
> > a well understood compiler bug with a comment that links to a
> > submitted bug report, turning off rando compiler optimizations is a
> > terrible hack for which one must proceed straight to jail; do not pass
> > go; do not collect $200. But maybe I'd feel differently for this case
> > given the context of the change that added it. (Ard mentions
> > retpolines+orc+objtool; can someone share the relevant SHA if you have
> > it handy so I don't have to go digging?)
>
> commit 3193c0836f203a91bef96d88c64cccf0be090d9c
> Author: Josh Poimboeuf <[email protected]>
> Date: Wed Jul 17 20:36:45 2019 -0500
>
> bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
>
> has
>
> Fixes: e55a73251da3 ("bpf: Fix ORC unwinding in non-JIT BPF code")
That commit is broken.
I had this patch in my queue:
-#define __no_fgcse __attribute__((optimize("-fno-gcse")))
+#define __no_fgcse __attribute__((optimize("-fno-gcse,-fno-omit-frame-pointer")))
Sounds like you want to add -fno-asynchronous-unwind-tables to the above list?
> and mentions objtool and CONFIG_RETPOLINE.
>
> > (I feel the same about there
> > being an empty asm(); statement in the definition of asm_volatile_goto
> > for compiler-gcc.h). Might be time to "fix the compiler."
> >
> > (It sounds like Arvind is both in agreement with my sentiment, and has
> > the root cause).
> >
>
> I agree that the __no_fgcse hack is terrible. Does Clang support the
> following pragmas?
>
> #pragma GCC push_options
> #pragma GCC optimize ("-fno-gcse")
> #pragma GCC pop_options
That will work too, but optimize("-fno...,-fno..,-fno..") is imo cleaner.