Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp642233pxa; Tue, 11 Aug 2020 11:18:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcGInsG/yOv5c8Z4SCjtAPMABFD3XzWo4hDBpn1eKXPaCbZylkHLPmvzjM0aVRH3lbNpnc X-Received: by 2002:aa7:c1ca:: with SMTP id d10mr28285209edp.261.1597169881864; Tue, 11 Aug 2020 11:18:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597169881; cv=none; d=google.com; s=arc-20160816; b=A7GmxrhnmsRpGIJCGn/Bvea1rbk0HqZrXf2ByOM67GujeOt8X66yL19hFY0/I52gOH UtgC9YJYOohUZuPCpSGGNO6KmMT1Z72oEy2hZM1tFaiXHc4PHoIYsM8E4VSH8OOrk1E/ nWh12zBmgZY4kJE6ple9rWFxdHSbOax1h3paVqBRaLoxrASjoXiiqpOwhuj0bhGb3m1Y RC+ushqXxWDYYleBFS+Kjiq5AGBLHP+C/r3yFy83tc64oBT7gpGLAGR+FEI2VepX+Mak V0wjBbMF8yeAon5kCTin0VhnnQzf7L6Yk2H+AqsaborLY+Dd/QnoWZqrJKE5TtmrF8QF lqpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=d2angCcfziZJsj+jE5k0KH3MCZIXsKjqVtB9YbQL44w=; b=Nn9w+/jRsZb73+qBkMQYa5tESIGAGR0fsC0d/iuIusnSJDlKgcJ1kE3AQszEYYFWqk l8VIpY3FuJ3uYO7F1CVXXf8xTAUqOC0gURIOU7D7uMi6oPgQUxkKAkWHRsarNa7nkBfU ukEjsVJ6FGgaVLIM2bzd3/FOhVp9/78Q8Jk9g7jC5+dq3YppDV6bUfTvua9w3sS8HVEg 1V0mQLmIjauhKjSkhh6vad3kemJ7FuYDRkbRzP7rp/XTD69Nooj+empHNmE22bQMERSK QMYWjBuMCodCWVRcI2apQh0h0RJ3042YomCAoSq3FZlLI3ZUOmsnlj7nwUiQtS9XWspH 0IGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b="S9F2yfa/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j21si12930282edy.312.2020.08.11.11.17.38; Tue, 11 Aug 2020 11:18:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b="S9F2yfa/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726274AbgHKSQk (ORCPT + 99 others); Tue, 11 Aug 2020 14:16:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726085AbgHKSQk (ORCPT ); Tue, 11 Aug 2020 14:16:40 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7700C06174A for ; Tue, 11 Aug 2020 11:16:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=d2angCcfziZJsj+jE5k0KH3MCZIXsKjqVtB9YbQL44w=; b=S9F2yfa/UzmRITxVoNJ9lYraVf Dy6MZ/M1ZBoBbV+p6eAQcY0VezPPFBCRlz6gqSuqC23Xcz2ebJ1urP9Gr4WE+izj+2ltXOAqd2QRG XT3q1CfhnyfcEQwSwTLEt3ITXI8YkMcZX3WgZM/f4VbwtJ4hUfnQqouRsm1XNTOZmKxrus69f4AF3 E89nzV8iJViywqhN+D1abbdpG2hHKMw3L4Si6M1UWVTg1vLUVQmQjpCcFeR5j3ZavvHx+NVMhQUKR N9Hvsq7cORsmxq2k8uyLJdhfgVc/0isUCN1i7dVuql95XYZMgJFB8asOHsj0aOuJqZGcIPD1XKw6W TqKbkyhQ==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1k5Yp6-0007wb-7O; Tue, 11 Aug 2020 18:16:32 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 4B5BD3060AE; Tue, 11 Aug 2020 19:59:12 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 32C1820BFC4E4; Tue, 11 Aug 2020 19:59:12 +0200 (CEST) Date: Tue, 11 Aug 2020 19:59:12 +0200 From: peterz@infradead.org To: Jessica Yu Cc: Mauro Carvalho Chehab , linux-kernel@vger.kernel.org, Thomas Gleixner , keescook@chromium.org, Josh Poimboeuf , Miroslav Benes , Mark Rutland , Ard Biesheuvel Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX Message-ID: <20200811175912.GF2674@hirez.programming.kicks-ass.net> References: <20200403171303.GK20760@hirez.programming.kicks-ass.net> <20200808101222.5103093e@coco.lan> <20200810092523.GA8612@linux-8ccs> <20200810150647.GB8612@linux-8ccs> <20200811163427.6edbf343@coco.lan> <20200811145524.GE2674@hirez.programming.kicks-ass.net> <20200811172738.2d632a09@coco.lan> <20200811160134.GA13652@linux-8ccs> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200811160134.GA13652@linux-8ccs> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 11, 2020 at 06:01:35PM +0200, Jessica Yu wrote: > > > On Tue, Aug 11, 2020 at 04:34:27PM +0200, Mauro Carvalho Chehab wrote: > > > > [33] .plt PROGBITS 0000000000000340 00035c80 > > > > 0000000000000001 0000000000000000 WAX 0 0 1 > > > > [34] .init.plt NOBITS 0000000000000341 00035c81 > > > > 0000000000000001 0000000000000000 WA 0 0 1 > > > > [35] .text.ftrace[...] PROGBITS 0000000000000342 00035c81 > > > > 0000000000000001 0000000000000000 WAX 0 0 1 > Interesting, my cross-compiled modules do not have the executable flag - > > [38] .plt NOBITS 0000000000000340 00038fc0 > 0000000000000001 0000000000000000 WA 0 0 1 > [39] .init.plt NOBITS 0000000000000341 00038fc0 > 0000000000000001 0000000000000000 WA 0 0 1 > [40] .text.ftrace_tram NOBITS 0000000000000342 00038fc0 > 0000000000000001 0000000000000000 WA 0 0 1 > I'm a bit confused about what NOLOAD actually implies in this context. From the > ld documentation - "The `(NOLOAD)' directive will mark a section to not be > loaded at run time." But these sections are marked SHF_ALLOC and are referenced > to in the module plt code. Or does it just tell the linker to not initialize it? Yeah, that confusion is wide-spread, so much so that bfd-ld and gold, both in bintils, had different behaviour at some point. Anyway, another clue is that your build has all NOBITS, while Mauro's build has PROGBITS for the broken sections. Anyway, my gcc-10.1/binutils-2.34 cross tool chain (from k.org) generates the same as Jessica's too. I wonder if binutils-2.35 is wonky...