Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp181120ybt; Tue, 23 Jun 2020 18:53:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzNGHGyT0NOsMM8Qz0wmW617g0Kc5soAjPwO1+VCjzIX8WLlugT0w4XTzztwhm07LiyblyY X-Received: by 2002:a17:906:ae88:: with SMTP id md8mr23947968ejb.347.1592963614681; Tue, 23 Jun 2020 18:53:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592963614; cv=none; d=google.com; s=arc-20160816; b=T5bg7fxQ5BTRrPoy8YRA1VTwJcsykBdgU9PaePR1mXJxsMVSPejRi6nZQ3N9kjo/Ne ZJwGdVe0zkI3KZ+dc5QjRyerheS7UXPu0U5U9+Ri7868hw2071A0f3kUqOe/sRoyvvqK f43aQO3TLGmtnKXLK3DDRTlWGzrygXyIqcrWUAitKQb9J732lLzmRtRSeg5pV+kPmpeI 9N3h10ggdKoJAXiGaZq/cLnRd07tQnVcSxArwz9HSkqF152Q+tvAPCw0oyhvO2IdbG2X t7RuiHo4PFAEB9wV4IaVH8xgCVaym55gRZcLRORvHVaTkoEz6PW+zE9Aj7vgOO40Jv5F 4t1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1dy932Q1L6bL01oX9ZyNGxMZGfZc9HBFmwG4K7Tai+w=; b=YVbfgN2EbsZlxAn5ecr4bOh6uxvS2QmOCX7RSnWoIw38bM8+aDOW+KU3xu92Qx+TEe 0iMIEEnWZ2H5tf3KQs0+lZx9CXSVkGeWMlOBTBFxhP/iVXXss7YFRIV8VdKKDq8L29w+ 5p3LQ8eOhRPwECE3YKoSQWGtiY4GrPCFptHzoSkLCr8i3Ct7ASv2HLAyBO9pr2fKB3Po IwP7MJT+mHEVP8PkzBfSNxBeOXPJtMY2S/Ywae6ZN5NNZrbF0L6wn2E+lUfXy+NR/HMG sU1BvacLSbxnCODGd+J4R4pKxpPBFWrsmFYxX277Vphkcg2F3sKHTm6rjsZwhAq6K6Jm nQPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TdJYKQfK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a24si1809957ejk.208.2020.06.23.18.53.11; Tue, 23 Jun 2020 18:53:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TdJYKQfK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388677AbgFXBu0 (ORCPT + 99 others); Tue, 23 Jun 2020 21:50:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388540AbgFXBtv (ORCPT ); Tue, 23 Jun 2020 21:49:51 -0400 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECDBFC061573 for ; Tue, 23 Jun 2020 18:49:49 -0700 (PDT) Received: by mail-pl1-x642.google.com with SMTP id g17so319487plq.12 for ; Tue, 23 Jun 2020 18:49:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1dy932Q1L6bL01oX9ZyNGxMZGfZc9HBFmwG4K7Tai+w=; b=TdJYKQfKuVwGeVGHEDD2vnD1lvuUL7cKVDKIPrO6knxxj6QtsEWzxUWr99rLFOCPfK 9ohQqyEVVZpfo0ViNiWBQ3Ut68BJePEhP9nQaLhMsRG6OBio29yJbdvSaN570AxQ3PxD VtIPRHCizmozN4OWucFCQVq6c7qciUfkrqN+w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1dy932Q1L6bL01oX9ZyNGxMZGfZc9HBFmwG4K7Tai+w=; b=umf8q1MJReGyZrTH6ae65K8MzBeN4eUjt7/x4nVNtqusjXmNs8+bkvH9+V8WKTkDfN 9wjo399LuhmDxWZB17EwmsomkPpsRW7RkXZ/qzU+8wVy2bZVIF+Xwk+Ak2Y2xK6pQtez 4Q3rvV/illTAzoWx4Lx2mldkCmQeTJkedjEwfRXbHWHLK3rSIMgIq/a4jjZHACo2tvm4 7viinA378AQiv2S7EvpXPHbZ/4MGlQi//gijqQ4E/BbVE0ZPKoOgFmXOkf+QVYd+fOPt mxnCBaejfoAHGvEe5z6WNvigtVxzfGwUtexW/1siE5W2rocMjsKccDUaJz8gmPlZe4hm 9pIw== X-Gm-Message-State: AOAM533pmvdUc5or9q6DVTUrnC39b6AAI6YvYMbcVZEwGYXv9HsD3jgB kSqCKNuK0PKC+41Sq3+T9J+0jg== X-Received: by 2002:a17:902:9693:: with SMTP id n19mr16693200plp.253.1592963389555; Tue, 23 Jun 2020 18:49:49 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d22sm172748pfd.105.2020.06.23.18.49.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jun 2020 18:49:46 -0700 (PDT) From: Kees Cook To: Will Deacon Cc: Kees Cook , Catalin Marinas , Mark Rutland , Ard Biesheuvel , Peter Collingbourne , James Morse , Borislav Petkov , Thomas Gleixner , Ingo Molnar , Russell King , Masahiro Yamada , Arvind Sankar , Nick Desaulniers , Nathan Chancellor , Arnd Bergmann , x86@kernel.org, clang-built-linux@googlegroups.com, linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 4/9] x86/build: Warn on orphan section placement Date: Tue, 23 Jun 2020 18:49:35 -0700 Message-Id: <20200624014940.1204448-5-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200624014940.1204448-1-keescook@chromium.org> References: <20200624014940.1204448-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly named in the linker script. Discards the unused rela, plt, and got sections that are not needed in the final vmlinux, stop emitting kprobe sections without kprobes, and enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/Makefile | 4 ++++ arch/x86/include/asm/asm.h | 6 +++++- arch/x86/kernel/vmlinux.lds.S | 6 ++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 00e378de8bc0..f8a5b2333729 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -51,6 +51,10 @@ ifdef CONFIG_X86_NEED_RELOCS LDFLAGS_vmlinux := --emit-relocs --discard-none endif +# We never want expected sections to be placed heuristically by the +# linker. All sections should be explicitly named in the linker script. +LDFLAGS_vmlinux += --orphan-handling=warn + # # Prevent GCC from generating any FP code by mistake. # diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h index 0f63585edf5f..92feec0f0a12 100644 --- a/arch/x86/include/asm/asm.h +++ b/arch/x86/include/asm/asm.h @@ -138,11 +138,15 @@ # define _ASM_EXTABLE_FAULT(from, to) \ _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault) -# define _ASM_NOKPROBE(entry) \ +# ifdef CONFIG_KPROBES +# define _ASM_NOKPROBE(entry) \ .pushsection "_kprobe_blacklist","aw" ; \ _ASM_ALIGN ; \ _ASM_PTR (entry); \ .popsection +# else +# define _ASM_NOKPROBE(entry) +# endif #else # define _EXPAND_EXTABLE_HANDLE(x) #x diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 3bfc8dd8a43d..bb085ceeaaad 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -412,6 +412,12 @@ SECTIONS DWARF_DEBUG DISCARDS + /DISCARD/ : { + *(.rela.*) *(.rela_*) + *(.rel.*) *(.rel_*) + *(.got) *(.got.*) + *(.igot.*) *(.iplt) + } } -- 2.25.1