Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2420506imu; Wed, 21 Nov 2018 11:20:24 -0800 (PST) X-Google-Smtp-Source: AFSGD/UvWTR7BP04MrC0VEX6KwHGF4H6iDhsYIhYdgWlZfd8cv4EXTEN+TBclBbTQsh2J1OzG6IU X-Received: by 2002:a63:7f4f:: with SMTP id p15mr7160230pgn.296.1542828024669; Wed, 21 Nov 2018 11:20:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542828024; cv=none; d=google.com; s=arc-20160816; b=fOInTR8B3O/UzBrowSlmT+yMq7JlORX0WwISKPfu7mNi6w+tpoW1m+OpIqNA09DXb6 JR46gI0r45Ac5bYqMgZY7UwWh+ku7IK54UlSTDuZqzDF6DcnDT6bGzdh670Zfo+E4z5T tZPq6A2LejPtBiKFhLBj3jEyScCpMnpas5rDGlYC3hCi5RZvxSAc/kEEGEIOPH8vNU/z HXAUifcsFQeOUORF6GolZvyK7DQU0gGqbJo/2dAir1CmNZ0284LmxPuBKw9qsiJ2ah5K r3DbGpATuo1H831vbCehihxh/3Ax3VO59K2ba4/d3qOOWiMJi71p1JmveWLoW12rt/vv oUWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=837tklEgnI77rAaYZfybjpnLCVJDLVa7QJRSc7ip9Es=; b=rk+Z1XJVICpJpFFlMRj9kbz3tnGvIBRDwFNFQCIjDV1ZyKIjcF+K6KP63lxP4Xi4/G QzRx78oLDBgJA/pj/Zk4L+MNsEO8SWkDxnxSC8EhndEzG+8TPDV2s/cl3osOHvvy6EmY qONHCRSaK/u51rKFVZyBxj12CeViJIw741XRJJleIeclxzFMZzpzvcHHdMNiPCMM33Jw wSvBe3l7wxfA0wypsTIAnbVLKQcH8/6hApWnI+MwFV2i6jXGZPb1U5X+XUy5/8oOIRrD QnGqShzkvfbkJeAlVasWrq18M8B2nCvRaKjHK4NMQ2GVnSRdrz22n4vt4Gji9Y83kJ68 g0bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hrpsJOLZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h32si11454404pgh.276.2018.11.21.11.20.09; Wed, 21 Nov 2018 11:20:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hrpsJOLZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388951AbeKVFqy (ORCPT + 99 others); Thu, 22 Nov 2018 00:46:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:42248 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730565AbeKVFqx (ORCPT ); Thu, 22 Nov 2018 00:46:53 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0342E214D9; Wed, 21 Nov 2018 19:11:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542827479; bh=LbTbpD/BuAdDdYjouaE5FY136OFEO1GAK1V+73PR+IY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hrpsJOLZlNa3g+8fwRx173wnEl1GlizHAX7NtkIdotkA0t22F03GH8Qx41nRTFrwM 8pJn4m4s8WMbaZduJ45nhLNp4PTU5fYnv9SjU2g7B5r5US0OZU7/ClUPqLhyPhWSDI GA5cbeUbVdcZsP1olk4B5o1wpLgdiSk4SqPe/vnY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Linus Torvalds , Matt Fleming , Peter Zijlstra , Thomas Gleixner , linux-efi@vger.kernel.org, Ingo Molnar , Nick Desaulniers Subject: [PATCH 4.9 30/59] efi/libstub: Preserve .debug sections after absolute relocation check Date: Wed, 21 Nov 2018 20:06:45 +0100 Message-Id: <20181121183509.434200105@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121183508.262873520@linuxfoundation.org> References: <20181121183508.262873520@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit 696204faa6e8a318320ebb49d9fa69bc8275644d upstream. The build commands for the ARM and arm64 EFI stubs strip the .debug sections and other sections that may legally contain absolute relocations, in order to inspect the remaining sections for the presence of such relocations. This leaves us without debugging symbols in the stub for no good reason, considering that these sections are omitted from the kernel binary anyway, and that these relocations are thus only consumed by users of the ELF binary, such as debuggers. So move to 'strip' for performing the relocation check, and if it succeeds, invoke objcopy as before, but leaving the .debug sections in place. Note that these sections may refer to ksymtab/kcrctab contents, so leave those in place as well. Signed-off-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1485868902-20401-11-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar Signed-off-by: Nick Desaulniers Signed-off-by: Greg Kroah-Hartman --- drivers/firmware/efi/libstub/Makefile | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -11,7 +11,7 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__K -mno-mmx -mno-sse cflags-$(CONFIG_ARM64) := $(subst -pg,,$(KBUILD_CFLAGS)) -cflags-$(CONFIG_ARM) := $(subst -pg,,$(KBUILD_CFLAGS)) -g0 \ +cflags-$(CONFIG_ARM) := $(subst -pg,,$(KBUILD_CFLAGS)) \ -fno-builtin -fpic -mno-single-pic-base cflags-$(CONFIG_EFI_ARMSTUB) += -I$(srctree)/scripts/dtc/libfdt @@ -60,7 +60,7 @@ CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$ extra-$(CONFIG_EFI_ARMSTUB) := $(lib-y) lib-$(CONFIG_EFI_ARMSTUB) := $(patsubst %.o,%.stub.o,$(lib-y)) -STUBCOPY_FLAGS-y := -R .debug* -R *ksymtab* -R *kcrctab* +STUBCOPY_RM-y := -R *ksymtab* -R *kcrctab* STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \ --prefix-symbols=__efistub_ STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS @@ -68,17 +68,25 @@ STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARC $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,stubcopy) +# +# Strip debug sections and some other sections that may legally contain +# absolute relocations, so that we can inspect the remaining sections for +# such relocations. If none are found, regenerate the output object, but +# this time, use objcopy and leave all sections in place. +# quiet_cmd_stubcopy = STUBCPY $@ - cmd_stubcopy = if $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@; then \ - $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y) \ - && (echo >&2 "$@: absolute symbol references not allowed in the EFI stub"; \ - rm -f $@; /bin/false); else /bin/false; fi + cmd_stubcopy = if $(STRIP) --strip-debug $(STUBCOPY_RM-y) -o $@ $<; \ + then if $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y); \ + then (echo >&2 "$@: absolute symbol references not allowed in the EFI stub"; \ + rm -f $@; /bin/false); \ + else $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@; fi \ + else /bin/false; fi # # ARM discards the .data section because it disallows r/w data in the # decompressor. So move our .data to .data.efistub, which is preserved # explicitly by the decompressor linker script. # -STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub \ - -R ___ksymtab+sort -R ___kcrctab+sort +STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub +STUBCOPY_RM-$(CONFIG_ARM) += -R ___ksymtab+sort -R ___kcrctab+sort STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS