Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp672831ybt;
        Wed, 24 Jun 2020 08:29:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzLIBd/S7WAFYOwdNq1K4qX88U5G06DG84kZdxOwlPpJGhGpwsXSt1L+/7RKsx6PGorrfhf
X-Received: by 2002:a17:906:d92e:: with SMTP id rn14mr18362712ejb.314.1593012570439;
        Wed, 24 Jun 2020 08:29:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593012570; cv=none;
        d=google.com; s=arc-20160816;
        b=WCLakCWMoRGL5qw2hwkJrXnDsufvyPs/PBY1iKNiATz52tiiQJNnpuBqurGxZ7bqJe
         d/SKD//SbwycZ1j0goZooODk1vpkTXpZrA0Jw5vpefhBxIcacVGNc17MXeHjvA9otQPs
         OwwbYvL0k2WbnPlxwsIJFMmox2XfT75pVnXcLq71uZ9LuFQpbPms3nZQhZvt5+u+QSiU
         5Y5BP/ijWGlRxvb/U8k2IKGBjyikHg+Iqa6k+m3AZZfo8fC3ZRrRuGBiyfGbTATS/Wz/
         L9mn89JsJJ5iKBD5gcDuzXd4W0uzaEWRvKAxUtj++14bvti8EZos6HAgozmumOsf609S
         OrJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=bS6n8FFfWvjN9Mt3p8uq12YOqkYE906JL7ez0Yg0Nwk=;
        b=PCMQlIgd5ln6OrGJNuowWzVfdswr7NWBzKO7XazfAK1v3/5IhfL3GiXY5iWhKx154N
         OH7/JuBkFoei4SNiT44DCft32Fdn5R7CIUJGOBzlk3Sybed61y/YitzpxhruwPo3UY8T
         ztbeNkwozAGPSAukImUKEzSmEIPkdedo0CKoXnnJ1Zf6kSQy4KaDWqDvl1Pgvi/Cpjcg
         cJjw3QViWufV0Mt+pJp4e911v7Zwm6BoZq0nRe5+uMHLfmwCYnqyCQDF0hPzYyzLdXiL
         LWcMmYgfoUUFv/RZna7unXH5CbG6zyEKqR+UbJtLnw8m+jEsSKXlmqQfSRbCZqc3I3hF
         m5aQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=r3bJkm2M;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b6si11999580edr.597.2020.06.24.08.29.07;
        Wed, 24 Jun 2020 08:29:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=r3bJkm2M;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2404382AbgFXP0y (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Wed, 24 Jun 2020 11:26:54 -0400
Received: from mail.kernel.org ([198.145.29.99]:58176 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2404162AbgFXP0y (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 24 Jun 2020 11:26:54 -0400
Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id C1DC420723;
        Wed, 24 Jun 2020 15:26:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1593012413;
        bh=kbsPqR41mDQFRVRa/Xnpp1Pv9SDbHGBQli339a9qb5g=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=r3bJkm2MXiop59E/l6uaJdpBwnsGC+S1xUHZEXGDiL9v5WJjP6SMvcWpkPkWKQwDR
         hIEtVuLG9LyErnHjnp7nb3rWM4L4oiqJF0/Vnan8sFUoo2M+2SQcdbSXcCA6n/7TaZ
         OJwgw+Tte6/JzW6hAJvlS1k70DYSB7MB0dJPcdU0=
Date:   Wed, 24 Jun 2020 16:26:46 +0100
From:   Will Deacon <will@kernel.org>
To:     Dave Martin <Dave.Martin@arm.com>
Cc:     Ard Biesheuvel <ardb@kernel.org>,
        Mark Rutland <mark.rutland@arm.com>,
        linux-arch <linux-arch@vger.kernel.org>,
        linux-efi <linux-efi@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Fangrui Song <maskray@google.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Masahiro Yamada <masahiroy@kernel.org>,
        X86 ML <x86@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Russell King <linux@armlinux.org.uk>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        clang-built-linux <clang-built-linux@googlegroups.com>,
        Arvind Sankar <nivedita@alum.mit.edu>,
        Ingo Molnar <mingo@redhat.com>,
        James Morse <james.morse@arm.com>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@suse.de>,
        Peter Collingbourne <pcc@google.com>,
        Nathan Chancellor <natechancellor@gmail.com>,
        Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH v3 3/9] efi/libstub: Remove .note.gnu.property
Message-ID: <20200624152646.GA6768@willie-the-truck>
References: <20200624014940.1204448-1-keescook@chromium.org>
 <20200624014940.1204448-4-keescook@chromium.org>
 <20200624033142.cinvg6rbg252j46d@google.com>
 <202006232143.66828CD3@keescook>
 <20200624104356.GA6134@willie-the-truck>
 <CAMj1kXHBT4ei0xhyL4jD7=CNRsn1rh7w6jeYDLjVOv4na0Z38Q@mail.gmail.com>
 <20200624112647.GC6134@willie-the-truck>
 <20200624134854.GF25945@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200624134854.GF25945@arm.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 24, 2020 at 02:48:55PM +0100, Dave Martin wrote:
> On Wed, Jun 24, 2020 at 12:26:47PM +0100, Will Deacon wrote:
> > On Wed, Jun 24, 2020 at 12:46:32PM +0200, Ard Biesheuvel wrote:
> > > On Wed, 24 Jun 2020 at 12:44, Will Deacon <will@kernel.org> wrote:
> > > > For the kernel Image, how do we remove these sections? The objcopy flags
> > > > in arch/arm64/boot/Makefile look both insufficient and out of date. My
> > > > vmlinux ends up with both a ".notes" and a ".init.note.gnu.property"
> > > > segment.
> > > 
> > > The latter is the fault of the libstub make rules, that prepend .init
> > > to all section names.
> > 
> > Hmm. I tried adding -mbranch-protection=none to arm64 cflags for the stub,
> > but I still see this note in vmlinux. It looks like it comes in via the
> > stub copy of lib-ctype.o, but I don't know why that would force the
> > note. The cflags look ok to me [1] and I confirmed that the note is
> > being generated by the compiler.
> > 
> > > I'm not sure if there is a point to having PAC and/or BTI in the EFI
> > > stub, given that it runs under the control of the firmware, with its
> > > memory mappings and PAC configuration etc.
> > 
> > Agreed, I just can't figure out how to get rid of the note.
> 
> Because this section is generated by the linker itself I think you might
> have to send it to /DISCARD/ in the link, or strip it explicitly after
> linking.

Right, but why is the linker generating that section in the first place? I'm
compiling with -mbranch-protection=none and all the other objects linked
into the stub do not have the section.

I wonder if it's because lib/ctype.c doesn't have any executable code...

Will