Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1429088ybh;
        Mon, 13 Jul 2020 19:39:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy2W/oEbSVYzgf4aGD2wVcVDlZ2yabRAzU3QnR5Kwyig/fTNMdPpXpti7dZZ1D4e+RU6D0I
X-Received: by 2002:a50:d6dd:: with SMTP id l29mr2274882edj.345.1594694365629;
        Mon, 13 Jul 2020 19:39:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594694365; cv=none;
        d=google.com; s=arc-20160816;
        b=D5umeYvnaZAdtuxQGs4X7GevRvsgQxMVOAT7ldihvU6E8trs8+j5Vg0P6Xki6Gnp9g
         +ztAI5Y7UI4yOrpYCVuMvAm0nA7GNfr2v2w4XqdP7uJtEx93iMNbxHrKP8EwnNWJ/jY/
         y01wV4fugXaoazpvbd7LyOBVGyIKz7fz2SREjcGrEl6bTUsodUlBXITiKpvgL4gzh5FR
         WAXkiOASBzptXEOcv1z8cpoI3a7w2lP6FtRTxP//xn17rrr4h/dF+mexedRbYlMo82+y
         TBUH7tXpR76WTW2T9Hz4r9UPGyG0lM67F3kt3+6y7NjRzAt/FTMUNwBCI8O6BOPH7rpa
         +OBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=OKhnBxItrBTpXf+LwQ8W3IeeewHkHEBu9msI4n5LC4M=;
        b=cWgoBdw0j3nLKoCb9FKXBq1yj3CE0k0UWMTV9IIXbzO1HxYn6ku5tqoIUyyQBaxkPk
         d9V9Q3EG5YG0oh+inFWTwgI8MH4EqYjExqtV28EiSq6K3MYI28UZDh4/dqKAumXlREPn
         QDX/jU3V71T9DD9JNgu+TRbiAdxXmDiiWWA3LQfeHAxNDXt0j5apZeACVBYmO5yzfpVo
         97BATfRq+fNf5h75kUlr6UN6Hc7RgHdB2Yz6xabEHkbFZ33PUQB3COiBx1ogiJSjsUn0
         eQ3yHOlj5dm6W0/8OsBTJPKZvTN/fXlpq83Ks5L09cDuGhsW38+jAjsq8N3pWVFUD5Tb
         VqoA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bc21si10845490edb.51.2020.07.13.19.39.01;
        Mon, 13 Jul 2020 19:39:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726815AbgGNCip (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Mon, 13 Jul 2020 22:38:45 -0400
Received: from mail-qk1-f194.google.com ([209.85.222.194]:40265 "EHLO
        mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726770AbgGNCim (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Jul 2020 22:38:42 -0400
Received: by mail-qk1-f194.google.com with SMTP id 80so14321027qko.7
        for <linux-kernel@vger.kernel.org>; Mon, 13 Jul 2020 19:38:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=OKhnBxItrBTpXf+LwQ8W3IeeewHkHEBu9msI4n5LC4M=;
        b=W7/sBJp3cAuDxC7PoUi6e4109BCB4SveFopbMWAy7y5gP1xmS3iduQHOpHjiLLLQ9s
         zDT86sCAqo9vPQ4l6kQd4BTH99tkIC91pkhm0rH+a6SUvNEhSSDF0lvT8/qNQNgQ9IVH
         3TYzlX2P1bVZLx4Lda9xvfmht7i3IcJvMTJnHH2TBzgyh5Dp8wkSjOGa9C++6SfHqfCA
         mlIN+RqQA22dS2ee52WeFBlGtcoS6XLMoZufXkAX/kNIfC5WdWne9Mi3dDArqmCEwyhi
         WoklfdJmeDU1LIMru9O0ByjS40ttvTc44M/OpPfHHEg+OMaSme3YjdgVmYDwfhnDQlph
         G6rg==
X-Gm-Message-State: AOAM532SHCZYcMYqn4Z7bowPHtJCtg+PyiuHJRwa7NPTRMJYm6EIlWXg
        5Ukv9g/jv5gxtDkgnc77Ldc=
X-Received: by 2002:a37:8b01:: with SMTP id n1mr2609967qkd.370.1594694320996;
        Mon, 13 Jul 2020 19:38:40 -0700 (PDT)
Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f])
        by smtp.gmail.com with ESMTPSA id a22sm21046291qka.64.2020.07.13.19.38.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Jul 2020 19:38:40 -0700 (PDT)
From:   Arvind Sankar <nivedita@alum.mit.edu>
To:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org
Cc:     Nick Desaulniers <ndesaulniers@google.com>,
        Fangrui Song <maskray@google.com>,
        Dmitry Golovin <dima@golovin.in>,
        clang-built-linux@googlegroups.com,
        Ard Biesheuvel <ardb@kernel.org>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Daniel Kiper <daniel.kiper@oracle.com>,
        Sedat Dilek <sedat.dilek@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Nathan Chancellor <natechancellor@gmail.com>,
        Arnd Bergmann <arnd@arndb.de>,
        "H . J . Lu" <hjl@sourceware.org>, linux-kernel@vger.kernel.org
Subject: [PATCH v4 2/7] x86/boot/compressed: Force hidden visibility for all symbol references
Date:   Mon, 13 Jul 2020 22:38:31 -0400
Message-Id: <20200714023836.2310569-3-nivedita@alum.mit.edu>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200629140928.858507-1-nivedita@alum.mit.edu>
References: <20200629140928.858507-1-nivedita@alum.mit.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ard Biesheuvel <ardb@kernel.org>

Eliminate all GOT entries in the decompressor binary, by forcing hidden
visibility for all symbol references, which informs the compiler that
such references will be resolved at link time without the need for
allocating GOT entries.

To ensure that no GOT entries will creep back in, add an assertion to
the decompressor linker script that will fire if the .got section has
a non-zero size.

[Arvind: move hidden.h to include/linux instead of making a copy]

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
From: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20200523120021.34996-3-ardb@kernel.org
---
 arch/x86/boot/compressed/Makefile      |  1 +
 arch/x86/boot/compressed/vmlinux.lds.S |  1 +
 drivers/firmware/efi/libstub/Makefile  |  2 +-
 drivers/firmware/efi/libstub/hidden.h  |  6 ------
 include/linux/hidden.h                 | 19 +++++++++++++++++++
 5 files changed, 22 insertions(+), 7 deletions(-)
 delete mode 100644 drivers/firmware/efi/libstub/hidden.h
 create mode 100644 include/linux/hidden.h

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 7619742f91c9..c829d874dcac 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -42,6 +42,7 @@ KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
 KBUILD_CFLAGS += -Wno-pointer-sign
 KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
+KBUILD_CFLAGS += -include $(srctree)/include/linux/hidden.h
 
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index b17d218ccdf9..4bcc943842ab 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -81,6 +81,7 @@ SECTIONS
 	DISCARDS
 }
 
+ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
 #ifdef CONFIG_X86_64
 ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
 #else
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 4cce372edaf4..609157a40493 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -27,7 +27,7 @@ cflags-$(CONFIG_ARM)		:= $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
 cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
 
 KBUILD_CFLAGS			:= $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \
-				   -include $(srctree)/drivers/firmware/efi/libstub/hidden.h \
+				   -include $(srctree)/include/linux/hidden.h \
 				   -D__NO_FORTIFY \
 				   $(call cc-option,-ffreestanding) \
 				   $(call cc-option,-fno-stack-protector) \
diff --git a/drivers/firmware/efi/libstub/hidden.h b/drivers/firmware/efi/libstub/hidden.h
deleted file mode 100644
index 3493b041f419..000000000000
--- a/drivers/firmware/efi/libstub/hidden.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-/*
- * To prevent the compiler from emitting GOT-indirected (and thus absolute)
- * references to any global symbols, override their visibility as 'hidden'
- */
-#pragma GCC visibility push(hidden)
diff --git a/include/linux/hidden.h b/include/linux/hidden.h
new file mode 100644
index 000000000000..49a17b6b5962
--- /dev/null
+++ b/include/linux/hidden.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * When building position independent code with GCC using the -fPIC option,
+ * (or even the -fPIE one on older versions), it will assume that we are
+ * building a dynamic object (either a shared library or an executable) that
+ * may have symbol references that can only be resolved at load time. For a
+ * variety of reasons (ELF symbol preemption, the CoW footprint of the section
+ * that is modified by the loader), this results in all references to symbols
+ * with external linkage to go via entries in the Global Offset Table (GOT),
+ * which carries absolute addresses which need to be fixed up when the
+ * executable image is loaded at an offset which is different from its link
+ * time offset.
+ *
+ * Fortunately, there is a way to inform the compiler that such symbol
+ * references will be satisfied at link time rather than at load time, by
+ * giving them 'hidden' visibility.
+ */
+
+#pragma GCC visibility push(hidden)
-- 
2.26.2