Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp5434234ybl; Tue, 14 Jan 2020 08:52:55 -0800 (PST) X-Google-Smtp-Source: APXvYqyptLsyG9mGrUvQX8mMDS9XT04eQfDfdbX7OnE/rA+OtH8/w3dcqNIi6msm5lqMarDaSEZS X-Received: by 2002:a9d:dc1:: with SMTP id 59mr17607547ots.250.1579020775085; Tue, 14 Jan 2020 08:52:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579020775; cv=none; d=google.com; s=arc-20160816; b=hCfADfYChENPrY/N8xeQmo+pWkr4slVyVm8hzO1+G53mU6mlIfyTHbncQEV+jbXBNh wfZNd43ndvQ0FtiacmgT19KW/AbXN2qoHnmWZwZDs+UXyd4RV6ROCPck0fIkjWXqDjSS Z2dyq6CrsSucxGOJop7O8NcFaR3Cr/HzyOV6zjBeWjxsMBSoZkZ6wjHYGNxN9OfMHlDt xzrrv08xjk+DgWcCZ1HfLaGLmZneww5o8kDhRN81KtzbvB9askAgMZIwBqAGTsQWmC56 oeNGTM12Njl6RHcmBvPyrlG8jE+pSBndUTsSUwRLf4m8jYjWu+u1qvZ72RU8qXCPGr96 5rYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=BtKKTqVpr3M7ZGMd0iS27SAgqC0ZISimTY+3jNAM9hs=; b=xBGg5cp4GM/Er/qL3t+0ONoY2cxLohMlW2+pLPykpA0TujLuX6GKbJw2S7uQXyxloo hGOLPIRJXnN/X73A5x0Lkda1tNa/mieMFG/apin0iwd9MEXzK+sTUDBGXrTwPrq+ajUz lovefxwh/J4rj5Ikq5NslLub5acfPA1Pb8W+HvGuVqluDsUvpFjlXd9FuPhFo6FZ61Nr 1AidubkRCcisHOpbA1RCwM9AUkaAGK8MUybNfTXq/JcjfwBDM9NglNO6Ueuxdjp8PZdi 3Z1eaFJLhw+Y9zqfS4up8LZTqGDoxX7SrbN7Vg5j9BLIYtMMRHBzeqKrldO/e4QgFZQR o5Dw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=WVOKEwGT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i12si7608424oik.171.2020.01.14.08.52.44; Tue, 14 Jan 2020 08:52:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=WVOKEwGT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728769AbgANQvo (ORCPT + 99 others); Tue, 14 Jan 2020 11:51:44 -0500 Received: from mail.skyhub.de ([5.9.137.197]:39370 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726270AbgANQvo (ORCPT ); Tue, 14 Jan 2020 11:51:44 -0500 Received: from zn.tnic (p200300EC2F0C77005C63AD969BD3E4FA.dip0.t-ipconnect.de [IPv6:2003:ec:2f0c:7700:5c63:ad96:9bd3:e4fa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id E3E121EC027A; Tue, 14 Jan 2020 17:51:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1579020703; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=BtKKTqVpr3M7ZGMd0iS27SAgqC0ZISimTY+3jNAM9hs=; b=WVOKEwGT6tFuELMy4DDbPsMvsqXndWd/PoD53+prwP/Z5uf8VXQUiWHLAldyGJLJi0siJa xjLmlnGKp3Y1RGsyTt3hHNQNW7aFoz593xugrzeAhdBeoAW44VzyWVh6jApXcPJnt6xpYT RwCynt3OJMmAb9lt9B60+Btu7+iwwro= Date: Tue, 14 Jan 2020 17:51:35 +0100 From: Borislav Petkov To: Kees Cook , "H. Peter Anvin" Cc: Arvind Sankar , Thomas Gleixner , Ingo Molnar , x86@kernel.org, linux-kernel@vger.kernel.org, Thomas Lendacky , Mauro Rossi , Michael Matz Subject: Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils Message-ID: <20200114165135.GK31032@zn.tnic> References: <20200113161310.GA191743@rani.riverdale.lan> <20200113195337.604646-1-nivedita@alum.mit.edu> <202001131750.C1B8468@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <202001131750.C1B8468@keescook> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 13, 2020 at 05:53:32PM -0800, Kees Cook wrote: > NAK: linkers can add things at the end of .text that will go missing from > the kernel if _etext isn't _outside_ the .text section, truly beyond the > end of the .text section. This patch will break Control Flow Integrity > checking since the jump tables are at the end of .text. Err, which linkers are those? Please elaborate. In any case, after reading the thread, I can't help but favor the idea of us bumping min binutils version to 2.23. Michael (on Cc) says that the 2.21 was kinda broken wrt to the symbols fun outside of sections, 2.22 tried to fix it, see fd952815307f ("x86-32, relocs: Whitelist more symbols for ld bug workaround") which Arvind pointed out and 2.23 fixed it for real. Now, 2.23 is still very ancient. I'm looking at our releases: openSUSE 12.1 has the minimum supported gcc version 4.6 by the kernel and also the minimum binutils version 2.21 which we support according to Documentation/process/changes.rst Now, openSUSE 12.1 is ancient and we ourselves advise people to update to current distros so I don't think anyone would still run it. So, considering that upping the binutils version would save us from all this trouble I say we try it after 5.5 releases for a maximum time of a full 5.6 release cycle and see who complains. Considering how no one triggered this yet until Arvind, I think no one would complain. But I might be wrong. So what do people think? hpa? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette