Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp5849799ybl; Tue, 14 Jan 2020 16:22:53 -0800 (PST) X-Google-Smtp-Source: APXvYqz5Olwud8wZMy94+/gwHbfOPVARidALSg2qzCUITqL5zYpAaBNq5jiBNxpa4Dh84jD+yWR6 X-Received: by 2002:aca:c68f:: with SMTP id w137mr19576715oif.179.1579047772901; Tue, 14 Jan 2020 16:22:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579047772; cv=none; d=google.com; s=arc-20160816; b=PcmRAo03a9B6NHc2lXQgVQcRL0EfDZdLFjvEQNx1Zo38GrCnLsBNMDZG8p6syAOUYz ycW2EOJ0KvreymnNHW60D9iGdV/0REgXwwcIL8G81m73R0azATcFc3Ew8tU4TlTMfNtq uXK7113DMWSCn1lDR2x3kukGy0fEmIQZhMbhAZzsAPmc3Yl9htMlZ/VKaNku8Kj643q7 TZfOPL68P5c3IeA94v0S2Nlf0m7akAulLfToflMxSiS0nNN0YqK4y6wBM4IgIlqcvID3 LdTfMvr5vHXHVsFwGqnGs3SOsnJdhTozJwi3vsCRXrrgvVe5qDtLG1dpbIjDfrZ3M4S2 BqBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=UxwVzZAl/9qlrzZun9B/nNh1T9A8qomSi5TcQ/Q+olk=; b=ZKx+urKJWwldg3G5ouP7vF5HykS26QLwrkD1czqXQc5IrO3I6OTEtVllsBQ/BVRI1U ycoRzxLj+6mq4Z2LvrZTSjHfL+xZ2N6i6Wpuc/2s4WKtGur6KHVAB1D+izczVs2RLPK9 Dk1NelRgGou7GJcS9jVrn4VaLnTpDw3kOUEczbS2l4KYT/KG3SnXRrV5Hh2F2NaI9xrx Q7HWlF+Ta9La+USFCLsDrZS+DoYu0h2d/Sn4wxQNbaAcGQndfo58c/irBAGM51H4Ai9c eE3fDt0qcFJheaFjKbDqxknvuZK3zn4u4/dA8spkfAO7V6q8fbYr5eMc7t/hREds1BT5 QHkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=NdVXSo44; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f14si9960041oto.46.2020.01.14.16.22.39; Tue, 14 Jan 2020 16:22:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=NdVXSo44; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728844AbgAOAVf (ORCPT + 99 others); Tue, 14 Jan 2020 19:21:35 -0500 Received: from mail-qk1-f195.google.com ([209.85.222.195]:36810 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728774AbgAOAVf (ORCPT ); Tue, 14 Jan 2020 19:21:35 -0500 Received: by mail-qk1-f195.google.com with SMTP id a203so14113313qkc.3 for ; Tue, 14 Jan 2020 16:21:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=UxwVzZAl/9qlrzZun9B/nNh1T9A8qomSi5TcQ/Q+olk=; b=NdVXSo44flwST5J5jMsU2lvQ3yaMXFMtUaxSvE9mb1l2ZMMTMblpNr8seMd5/QGgOs /FDxHwHiF1FKFNrIpJIe1rRAHmpvgCI22foQi+yRJ41kq7/ReqK0D4nCnuC90/TAOW80 80ScOLSoCPJuWyBJTs+U9DKsR2Z5U7y7PVmfYWtP0Ba8rJYZf/nGhWpB39P44TRX2STN fKEUsO/Ppv8d4pwo+qxmacXmFBiul4zd/P9cQDIrvDv39EwODeMoBJogPbHlaZ+HUVyr /eEsU6npNymdv040GOkOk4+H/eYmvjCzeiLYJZr6TOwlbotj828aM1nI7qMZgXHtc9ud sbAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=UxwVzZAl/9qlrzZun9B/nNh1T9A8qomSi5TcQ/Q+olk=; b=g2FDb27YMvVngGQ8faowbiiG7EWg9EgPTWa7mQT+gcXGHnZEoJqC3AWenq7XmIohwr n6Wn5BXEiICjl+eFX3rD1tFq4x+QgFzql3lVrI5JdbwklRkM0a4s2x22z81Nhleqpw5M c1fXaIJYI7FW36s50ZHioXU6uM/Q7YJ62QkqrI+40d3fts6Xp3dHFxXddNBE7W/r9t4C R6FyOHDEd2Eo70pXTsRcV4sBmY+CiGck5IpYUKqW7iDwZ9FWMRvVor06LNUHat8C1QYt GbCTExfFCv8r86L17bkmVGIltr7/ZANUWTeMp8iGFzw8UwxrsPl4SfF2+If1dhIQwmYT PLfA== X-Gm-Message-State: APjAAAUfsLdsuuwCYV0BwP419yqybrqLtXn517HTITd6eRDoPVOJb9Os OjJw+OPY0s45X+d6onA0/eI= X-Received: by 2002:a37:a98e:: with SMTP id s136mr19838938qke.253.1579047694256; Tue, 14 Jan 2020 16:21:34 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id k88sm8393335qte.32.2020.01.14.16.21.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jan 2020 16:21:33 -0800 (PST) From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Tue, 14 Jan 2020 19:21:32 -0500 To: Borislav Petkov Cc: Kees Cook , "H. Peter Anvin" , Arvind Sankar , Thomas Gleixner , Ingo Molnar , x86@kernel.org, linux-kernel@vger.kernel.org, Thomas Lendacky , Mauro Rossi , Michael Matz Subject: Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils Message-ID: <20200115002131.GA3258770@rani.riverdale.lan> References: <20200113161310.GA191743@rani.riverdale.lan> <20200113195337.604646-1-nivedita@alum.mit.edu> <202001131750.C1B8468@keescook> <20200114165135.GK31032@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200114165135.GK31032@zn.tnic> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 14, 2020 at 05:51:35PM +0100, Borislav Petkov wrote: > On Mon, Jan 13, 2020 at 05:53:32PM -0800, Kees Cook wrote: > > NAK: linkers can add things at the end of .text that will go missing from > > the kernel if _etext isn't _outside_ the .text section, truly beyond the > > end of the .text section. This patch will break Control Flow Integrity > > checking since the jump tables are at the end of .text. > > Err, which linkers are those? Please elaborate. > > In any case, after reading the thread, I can't help but favor the idea > of us bumping min binutils version to 2.23. > > Michael (on Cc) says that the 2.21 was kinda broken wrt to the symbols > fun outside of sections, 2.22 tried to fix it, see > > fd952815307f ("x86-32, relocs: Whitelist more symbols for ld bug workaround") > > which Arvind pointed out and 2.23 fixed it for real. > > Now, 2.23 is still very ancient. I'm looking at our releases: openSUSE > 12.1 has the minimum supported gcc version 4.6 by the kernel and > also the minimum binutils version 2.21 which we support according to > Documentation/process/changes.rst > > Now, openSUSE 12.1 is ancient and we ourselves advise people to update > to current distros so I don't think anyone would still run it. RHEL7 looks to have been released with 2.23 and we already don't support the version in RHEL6, so that should be good too. > > So, considering that upping the binutils version would save us from all > this trouble I say we try it after 5.5 releases for a maximum time of a > full 5.6 release cycle and see who complains. > > Considering how no one triggered this yet until Arvind, I think no one > would complain. But I might be wrong. > > So what do people think? hpa? > Thumbs up from me -- I had thought there were a few other reports earlier about these, but looking at those threads, it seems like they're all actually with ld.gold, which we already decided to drop support for in commit 75959d44f9dc ("kbuild: Fail if gold linker is detected"). > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette