Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2995063ybt; Mon, 29 Jun 2020 12:23:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUtCOumNVr5o+IiTRRcsQIgAq90AJIeBnTjhHN4P8pOKpL0ogPs70LuL8qpuev9iHbIGNr X-Received: by 2002:a17:906:6b8d:: with SMTP id l13mr15118388ejr.136.1593458618396; Mon, 29 Jun 2020 12:23:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593458618; cv=none; d=google.com; s=arc-20160816; b=Jp4cUYjYD4TA8LGmt2nldLeokk159nOhD01vbAc6oeq/PVl6IXnkt/rNeWyD2una+e 2EIXAjud50I/irGVxOTTq/sn9LBUwVwvF0A5L4fOAc3+r0OKUbyzbll9Vv3Fn1CgqoNx iJlQHwySDU0loG+zbRQUbHV+ao1c/dTWv2Gd/L4vVN/nCDXhXo0VqhhR7EbaipULl4Ka 1Zin/HnIDc29SXkwsHakV/+vbgRh49LNI2n+YGbbdkcs5CmmMOizDPj+A/yPAJwb3G22 zb69IUxNQ7eRaQpQcqQ8hB0FqkZrXjTSr5kI61y8yTqKlr2qpyxOw2IlV/ZZt0dZd6tj 6yng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:date:from :dkim-signature; bh=jVlqHQzn01y7nrvyopD8q2AIuA6aQSm3TomDB97NTFc=; b=dgTAMpZChXPOZPNl+92GOGm7/PjRGez8F9vSn4JrZHMhhP+bd8nxeutfMXsF1vm08t 89kbB9JIgOOwi90xa5Gj9KUqQJ6dvSBbfHYKwplLevKwjB93FlrkM8wkDKyHh3DxLKWE 83Umn4QCeHW2ynoxRzEpXDAYERHt3EG2yk1Kk9Bn7HqNdT+Z5xwaUq9N+FzjabVIQ/04 QD81P4Fa1CVaUjIhlKUSfWWYzf/TkdNAi39r8A7JOS9UwHC1bi18232cAeX1WZ/vFheN sDDehphXaH50BKrrC5X6XbxrrugqKrlv2eN6o52z7EptMMlprxeCVvnFl5zDyssl8b0p 7BnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=lR1BCUsf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cx20si220445edb.568.2020.06.29.12.23.13; Mon, 29 Jun 2020 12:23:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=lR1BCUsf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732302AbgF2TWt (ORCPT + 99 others); Mon, 29 Jun 2020 15:22:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730465AbgF2TWp (ORCPT ); Mon, 29 Jun 2020 15:22:45 -0400 Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9C06C030F37 for ; Mon, 29 Jun 2020 09:56:06 -0700 (PDT) Received: by mail-qt1-x844.google.com with SMTP id z2so13379016qts.5 for ; Mon, 29 Jun 2020 09:56:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=jVlqHQzn01y7nrvyopD8q2AIuA6aQSm3TomDB97NTFc=; b=lR1BCUsfkUS71XdEnnVOCmF2jxtwngF92vJX/PeOQsQLmTGoEDhzaHs6wZvenZ7OaC hVsnLfapx01e/VzCMZlqnlSQ1vrv6IhYO1SVe4iLR0pJlWEUk5br5l65moUUxmrodr0j zX0+ENopxhC3q1hQI5veDb6yA3x37zpjNQhutCraS+KO2dd7/vjLXaPCedITuyoA6q/e U4Ld1QPNhRl+8mclEdvItGaUXKG+9CAyFssq4VIj6fP6wqyThTvI4nuVszIGGgb3TPaJ gXiafYz/0D0CB7cEYZ1hI5Sxq1O8W0iqO2I30N7Q9iXkQS2c5W4TXqR/M9pdHHLOez1Z iHAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=jVlqHQzn01y7nrvyopD8q2AIuA6aQSm3TomDB97NTFc=; b=H2rzASVDqewmcik3vc5E8uourAeybqWDGzZ/LgDA8SrzGNt17i92A6jJS3YT7r1yBp Swst99tRPziyBxynuKFAxOAz7O5aUpYbf/NiDiv6+EFcQhw1tpclOg4uPWfuAEgjwqXg FdHpcMDj0j7typrBl/DyKCB3r6Z0ejQMLNZ5qsdVQjxOYn0C9wcgvnHRiArNdy42xLl0 Yc67m3oHSHbm8GGlIZjZy0gRbHLvBo3KK+AjDlH2/c/kiXliPzaTorWOljTcfAWS440c gnmOtiqdgDV4fXvGK4nByMaMHXB0iLF4DywxgZ6HMscPIcaWFIAlc3jJQCri4GdZ+zrI Ov+A== X-Gm-Message-State: AOAM532z4D0lVQQ3CT+N477egzS5IIbnWpl7q+moVOY4mKDrkSaLShwq FayLw/Nj2+ou91bKJnZcnHs= X-Received: by 2002:aed:2359:: with SMTP id i25mr16769164qtc.194.1593449766079; Mon, 29 Jun 2020 09:56:06 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id p25sm361142qki.107.2020.06.29.09.56.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jun 2020 09:56:05 -0700 (PDT) From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Mon, 29 Jun 2020 12:56:03 -0400 To: Kees Cook Cc: Ard Biesheuvel , Arvind Sankar , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , Nick Desaulniers , Fangrui Song , Dmitry Golovin , clang-built-linux , Masahiro Yamada , Daniel Kiper , Sedat Dilek , Nathan Chancellor , Arnd Bergmann , "H . J . Lu" , Linux Kernel Mailing List Subject: Re: [PATCH v3 7/7] x86/boot: Check that there are no runtime relocations Message-ID: <20200629165603.GD900899@rani.riverdale.lan> References: <20200629140928.858507-1-nivedita@alum.mit.edu> <20200629140928.858507-8-nivedita@alum.mit.edu> <202006290907.E5EF18A@keescook> <202006290919.93C759C62@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <202006290919.93C759C62@keescook> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 29, 2020 at 09:20:31AM -0700, Kees Cook wrote: > On Mon, Jun 29, 2020 at 06:11:59PM +0200, Ard Biesheuvel wrote: > > On Mon, 29 Jun 2020 at 18:09, Kees Cook wrote: > > > > > > On Mon, Jun 29, 2020 at 10:09:28AM -0400, Arvind Sankar wrote: > > > > Add a linker script check that there are no runtime relocations, and > > > > remove the old one that tries to check via looking for specially-named > > > > sections in the object files. > > > > > > > > Drop the tests for -fPIE compiler option and -pie linker option, as they > > > > are available in all supported gcc and binutils versions (as well as > > > > clang and lld). > > > > > > > > Signed-off-by: Arvind Sankar > > > > Reviewed-by: Ard Biesheuvel > > > > Reviewed-by: Fangrui Song > > > > --- > > > > arch/x86/boot/compressed/Makefile | 28 +++----------------------- > > > > arch/x86/boot/compressed/vmlinux.lds.S | 8 ++++++++ > > > > 2 files changed, 11 insertions(+), 25 deletions(-) > > > > > > Reviewed-by: Kees Cook > > > > > > question below ... > > > > > > > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S > > > > index a4a4a59a2628..a78510046eec 100644 > > > > --- a/arch/x86/boot/compressed/vmlinux.lds.S > > > > +++ b/arch/x86/boot/compressed/vmlinux.lds.S > > > > @@ -42,6 +42,12 @@ SECTIONS > > > > *(.rodata.*) > > > > _erodata = . ; > > > > } > > > > + .rel.dyn : { > > > > + *(.rel.*) > > > > + } > > > > + .rela.dyn : { > > > > + *(.rela.*) > > > > + } > > > > .got : { > > > > *(.got) > > > > } > > > > > > Should these be marked (INFO) as well? > > > > > > > Given that sections marked as (INFO) will still be emitted into the > > ELF image, it does not really make a difference to do this for zero > > sized sections. > > Oh, I misunderstood -- I though they were _not_ emitted; I see now what > you said was not allocated. So, disk space used for the .got.plt case, > but not memory space used. Sorry for the confusion! > > -Kees In the case of the REL[A] and .got sections, they are actually already not emitted at all into the ELF file now that they are zero size. For .got.plt, it is only emitted for 32-bit (with the 3 reserved entries), the 64-bit linker seems to get rid of it.