Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4768089ybl; Mon, 13 Jan 2020 20:33:57 -0800 (PST) X-Google-Smtp-Source: APXvYqwq7DEVA/Q7HvA42xcERecvzdH9J+61I28SNibxeSvBGd+yHtVmUSsNLa9SdwSP5FZI0OMU X-Received: by 2002:a9d:560f:: with SMTP id e15mr15598677oti.301.1578976437502; Mon, 13 Jan 2020 20:33:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578976437; cv=none; d=google.com; s=arc-20160816; b=cGQKYP4hSF3d8il0EJHj0gXwWbKHoEGK/wX6q0Qt0VGpgkBB+6p3yDoobET8PeIuAy Kdxo2n2moDxOMhnASOTgce3DSABjOAM0hM4ldg2Y3kOvC1QTq3KJyhDU7Q+s2UeH9JVL NCSrmu4/1T+AtFlHIiUxp/tjIJwvJLDWlBZWl5S6Fwm/5J5uLTF5bclVUEvJA47sSm5N bCjgj9lXaD1ff8j2/e8iBi7Pm+VOG0tcfCGKkKcwexKTFuQzx9Cyz//OJBTV8hjs5cUx VclFxtp/ngH7ql5kJlNiW+C/w08EGjnzhAP+9rRFk+Y40yIAbi8tkKS9VxGbC9G1Q45a vF8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=ztJ1V0LnCB/uV/QxWONsGT2VGSCtiLH36uJ9ZnQL11k=; b=Wyb1rpExcDwTmSHtYOZisG9Zf+kX2OFGT5ms7I2gA1UnBX+8ZXvgaWlsTbEesj08Fr g7Caa2m+yS3wwCVojHqLXReU4WgrPDtbMr3t0uOdZkzVWmIHFhAyj5QHgwBsdP9BMuEq Xkcl7H1LL/1V6jAq1NfCib3OyoJvb899v1LektMtr8qvCoIMRb3YNfVpuaXwexGBJGxp UgNrUU6rgHRtQUwlhtGkvRbIuzc/LI5DO8LTKcxwwN1T+Vnz9MXttv+e9Rg8AnsfBEVU 4Qhh+TdIhyCU05ZZo6MWzh2/39b0canXeTyusbdKEd0naA/vGDHZgYRKTb60L/vRZua4 AOvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=Jha953gw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p22si7683803ota.43.2020.01.13.20.33.45; Mon, 13 Jan 2020 20:33:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=Jha953gw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729522AbgAND7C (ORCPT + 99 others); Mon, 13 Jan 2020 22:59:02 -0500 Received: from mail-qv1-f66.google.com ([209.85.219.66]:40475 "EHLO mail-qv1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728894AbgAND7C (ORCPT ); Mon, 13 Jan 2020 22:59:02 -0500 Received: by mail-qv1-f66.google.com with SMTP id dp13so5069371qvb.7 for ; Mon, 13 Jan 2020 19:59:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ztJ1V0LnCB/uV/QxWONsGT2VGSCtiLH36uJ9ZnQL11k=; b=Jha953gwcEctikRVgy1BwWSp1AOSzwFroA4riLAgjF0Ca759v22jbjV6iiC+XaTfXd whRDyHz7vYanB9Kbv1TaGdNr20mF5tma/3L64IpziirlGRzyNL+TUUsyRxFx3ZzbBAkX Q3pLbZ06A91feXTg5mHcE6vEHdcNDYbo5qR3zLa+atvldUi4GwpZ2K/VH1/6GQaT1qxK qPJ258Ob6IzYE0d33dlAXW+8diQ6lSN4BFImIbf616k9h7tl+hlSAJXKYh9DMY+5qnFv CyCaaeGsZYWARlUSH178E286UJxnp3dn/E7c5yst3iFbuyU/VuBPpQ8tPp3UTJrfrq3v SPVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=ztJ1V0LnCB/uV/QxWONsGT2VGSCtiLH36uJ9ZnQL11k=; b=O5tk/nGRUU1MxrQ4FaNnACqXdlUoEr5doHEaafqb7JXdS/F4zxQOe4MtXKxTQqj5TK muiLcsY1wiWeiTdT/hj9IyeUIM8ZwHfjGWXi7pMp9xLXDCYyKeEqNbQ6iPPtpsJ23GMe umX6HUEAUe3KWIx7U8W6P3i937QUB1ppp8+0HcWN31JtKZY4bhiVMBfgjZgei+Dsylx9 uVQz5r+dkVJ+uY1mDUPRAFZzy5S8jAxBmE94dKJiH0G+0AQ0Bi1ReiKKqi3tKaK8Mfq5 BCXJ1FeAhq8HNZC/VXW9K41tgaL2GLSZ7LOOgF5bGvcNJfxODDx1lctdNslkL4u7U2A8 +s5Q== X-Gm-Message-State: APjAAAUGV5qk47/MWuEyCz/V4V+VkIzFA1BtlxCTRdS+qLJ5UE7uV1jp orOv98nje1vRuDdzyrPBNOc= X-Received: by 2002:ad4:4dc3:: with SMTP id cw3mr18642276qvb.130.1578974341294; Mon, 13 Jan 2020 19:59:01 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id v5sm6967439qth.70.2020.01.13.19.59.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2020 19:59:00 -0800 (PST) From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Mon, 13 Jan 2020 22:58:59 -0500 To: "H. Peter Anvin" Cc: Kees Cook , Arvind Sankar , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, linux-kernel@vger.kernel.org, Thomas Lendacky , Mauro Rossi , Michael Matz Subject: Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils Message-ID: <20200114035858.GA2536335@rani.riverdale.lan> References: <20200113161310.GA191743@rani.riverdale.lan> <20200113195337.604646-1-nivedita@alum.mit.edu> <202001131750.C1B8468@keescook> <261ae869-4169-296e-f673-5c08ff34bdde@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <261ae869-4169-296e-f673-5c08ff34bdde@zytor.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 13, 2020 at 05:57:23PM -0800, H. Peter Anvin wrote: > On 2020-01-13 17:53, Kees Cook wrote:>> > >> diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S > >> index 3a1a819da137..bad4e22384dc 100644 > >> --- a/arch/x86/kernel/vmlinux.lds.S > >> +++ b/arch/x86/kernel/vmlinux.lds.S > >> @@ -144,10 +144,12 @@ SECTIONS > >> *(.text.__x86.indirect_thunk) > >> __indirect_thunk_end = .; > >> #endif > >> + > >> + /* End of text section */ > >> + _etext = .; > >> } :text =0xcccc > >> > >> - /* End of text section, which should occupy whole number of pages */ > >> - _etext = .; > >> + /* .text should occupy whole number of pages */ > >> . = ALIGN(PAGE_SIZE); > > > > NAK: linkers can add things at the end of .text that will go missing from > > the kernel if _etext isn't _outside_ the .text section, truly beyond the > > end of the .text section. This patch will break Control Flow Integrity > > checking since the jump tables are at the end of .text. > > > > Boris, we're always working around weird linker problems; I don't see a > > problem with the v2 patch to fix up old binutils... > > > > Why not add the marker into a separate section instead of leaving it as an > absolute "floater"? Very old binutils would botch that case, but I think that > has been long since addressed well below our current minimum version. > > -hpa > > > Kees, thanks, I noted in the other email that you had mentioned this in a since-reverted commit, but you did not mention in the most recent commit. hpa, I think this runs afoul of the bug you noted in commit fd952815307f ("x86-32, relocs: Whitelist more symbols for ld bug workaround"), ld version 2.22.52.0.[12] can incorrectly promote relative symbols to absolute, if the output section they appear in is otherwise empty. That's 2.22, which is more recent than the 2.21 that the kernel documents as supported.