Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1160200pxa; Thu, 13 Aug 2020 02:01:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhyNARvaDOSqPgmGQb4nQbx5Wt7r2uW/1si1U7XpiDS0SVCwcOBrUk4z23FbgFlXvU7Evg X-Received: by 2002:a17:906:71d3:: with SMTP id i19mr3727238ejk.459.1597309273619; Thu, 13 Aug 2020 02:01:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597309273; cv=none; d=google.com; s=arc-20160816; b=npoR4ob3l9PpYwTig66oc8FV8Kw2hhforr1tKO0FmVJ/vsIT0HVUvzIRQt+VNKhwYs 1bGvFFIMVVuUqkTi9asxt2u5AQa4c3diDxfS0rFdxMB+AiTw6MelThdK3lfWtgi6QiZN j+3M1yT12bEaEfrhyCiVas+Srme9hr9gBxaOoxzdPBMKj+nprh2q+HxPkGe4vj/1W2kp T83Dz1ptVuK+Lh+Zoy5WR/6/czl0hgC+XpQPyryVWKi1XVyYCJ+/82QNbaPrQqlk0OFI WetUmysahz8d0Z9LlWJkffLJoLuKXjIX16gG2onab1B/NhjXsfckznz3KJ1xa/EdR5R0 4igg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=QAsNuOimnv0NdLOfa9bGCVzjqK1BlyxHbtBQy7LEPYQ=; b=Xl3UTHiRLlwaN9tZjKOllhIv/dl5JXMFVy781uxbvPbcq0NrQdHLugtnrrfHFvfJQW sOX1p2/NogsMfAUDeuhbHmzDJoZLqXW8K4zhg3TCUGkoBcEqZ67rC+cyrrqV/U+9hm7a Sj8F2U0xMsJYAvPSpK9TXdUKbD9vIZhSqVNzPlfx+4ScWArNYogPVZiY6SmHi+oxhhrm nRSOqtnvGo1dgHfMYakHXEq5fo8DVRDB2q8TB2HTUaMkROTsWu3PH1KsaqvHeWTGMZEM T2EGftuUuBvfCeudCx14nuz4A4dUen4RCDrwAaL1rLt752QrfeLY+Y42NX1aNT9MQRU7 Ti9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=06aQ79qZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r2si2885910edy.17.2020.08.13.02.00.50; Thu, 13 Aug 2020 02:01:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=06aQ79qZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726583AbgHMJAO (ORCPT + 99 others); Thu, 13 Aug 2020 05:00:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:36610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726249AbgHMJAN (ORCPT ); Thu, 13 Aug 2020 05:00:13 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3E8DE20771; Thu, 13 Aug 2020 09:00:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597309212; bh=nxJfY0GDp7W2K3CU3jLZpVw53XoSNI4mAsvj9BpugmI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=06aQ79qZAgWaNvqgB0OTgqnkPG6MnwOgAcbZ3bzg4T0gaJY+GsoEcBFtrXPsO6gho PzT2SHsSVrS3t3Se8GYVNxhiA9y0k8mM3jsX/txeWROkFCQZuO2LTmVxfMRZVWHyFk 9Bb7tSPDxOVc+duio7n5WE3Lv6Jph+Bo8mlXBu2Y= Date: Thu, 13 Aug 2020 10:00:06 +0100 From: Will Deacon To: Szabolcs Nagy Cc: Ard Biesheuvel , Jessica Yu , Peter Zijlstra , Mauro Carvalho Chehab , Linux Kernel Mailing List , Thomas Gleixner , Kees Cook , Josh Poimboeuf , Miroslav Benes , Mark Rutland , nd Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX Message-ID: <20200813090006.GA9829@willie-the-truck> References: <20200811145524.GE2674@hirez.programming.kicks-ass.net> <20200811172738.2d632a09@coco.lan> <20200811160134.GA13652@linux-8ccs> <20200812104005.GN2674@hirez.programming.kicks-ass.net> <20200812125645.GA8675@willie-the-truck> <20200812141557.GQ14398@arm.com> <20200812160017.GA30302@linux-8ccs> <20200812164205.GS14398@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200812164205.GS14398@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 12, 2020 at 05:42:05PM +0100, Szabolcs Nagy wrote: > The 08/12/2020 18:37, Ard Biesheuvel wrote: > > On Wed, 12 Aug 2020 at 18:00, Jessica Yu wrote: > > > +++ Szabolcs Nagy [12/08/20 15:15 +0100]: > > > >for me it bisects to > > > > > > > >https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8c803a2dd7d3d742a3d0071914f557ef465afe71 > > > > > > > >i will have to investigate further what's going on. > > > > > > Thanks for the hint. I'm almost certain it's due to this excerpt from > > > the changelog: "we now init sh_type and sh_flags for all known ABI sections > > > in _bfd_elf_new_section_hook." > > > > > > Indeed, .plt and .text.* are listed as special sections in bfd/elf.c. > > > The former requires an exact match and the latter only has to match > > > the prefix ".text." Since the code considers ".plt" and > > > ".text.ftrace_trampoline" special sections, their sh_type and sh_flags > > > are now set by default. Now I guess the question is whether this can > > > be overriden by a linker script.. > > > > > > > If this is even possible to begin with, doing this in a way that is > > portable across the various linkers that we claim to support is going > > to be tricky. > > > > I suppose this is the downside of using partially linked objects as > > our module format - using ordinary shared libraries (along with the > > appropriate dynamic relocations which are mostly portable across > > architectures) would get rid of most of the PLT and trampoline issues, > > and of a lot of complex static relocation processing code. > > > > I know there is little we can do at this point, apart from ignoring > > the permissions - perhaps we should just defer the w^x check until > > after calling module_frob_arch_sections()? > > i opened > > https://sourceware.org/bugzilla/show_bug.cgi?id=26378 > > and waiting for binutils maintainers if this is intentional. Thanks, Szabolcs. It's looking this is intentional behaviour (a bug fix), so we'll have to suck it up in the module loader. Will