Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp504564pxa; Fri, 21 Aug 2020 12:55:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqfPUFXp6KUJe5CyYs4WGXoq/Qt/xOIfJ02j1zArA3/cdqaHDLIUm27EaAOSwa4xT95C7o X-Received: by 2002:a17:906:3c43:: with SMTP id i3mr4698254ejg.133.1598039743482; Fri, 21 Aug 2020 12:55:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598039743; cv=none; d=google.com; s=arc-20160816; b=JVb9wbTjJS05JkjpBA7tzfn0ljY9w0LXJBDeVOaoHrj33AU4CIV8UHD4mTsL7yCVFC 4Wv6TeiJyF3544Fo+ML81OhLQMkZo9KFjCUujKQdEKklS+zjLs/xKwMR1W4orsk4K8DK 7Q63txXob0igFK88V6PlesiOsjfJDExXdzJ4mUxx9T9K7pDaHPE3yV8xoFpixma7MhNO yvUT9h9nd8JTHLELYsk1Lck/EY9TaF0vA7aAw/DU8FRqM+Z6mdGW2PB6BEfkHR+NIGEH WFdopp2xvmg3I8kPYm6M85k2kKRF+eejv+W6boZ7g+JV/UZvlLG0CzozlG9uC3ok63Mo 4lhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X1pLED4dOZHjJehTtWdStx3hbiXOC8sBHN8PPW1XfeE=; b=TTQcVZPR2AkrvZ1gCgPz3kxoh7ePCPeS19WSI5TTHI4+yWk0HZsse5VEAUxYSq9ORv TQYwQMSShvwZRkWJSY9wo2wf2T61clC9+eT7VMMS0S1I/zKXoBFQjLsvoz9tP8c6Dp6b ZPN51SZuiIDgMt45K1lR8o/cRgxHgtITnagQnOLAzW0pTgba7loWygnYtUT60m4q/oTi PC8awS9NrYUZAE6Ljkdrvy13Y9evDskklr3ucBS0VaQXUCoYerUvmmxeKb3E25w05l+c rFlm7hTYxl6oWa2cF7Xt85OTbAvDZsG/x7Y7Uhz49ExpbU4cBOBin5o4LoSPiQRoF6Mo Q3nQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PH6uKvVh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n26si1881362ejs.509.2020.08.21.12.55.19; Fri, 21 Aug 2020 12:55:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PH6uKvVh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726746AbgHUTya (ORCPT + 99 others); Fri, 21 Aug 2020 15:54:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726731AbgHUTyG (ORCPT ); Fri, 21 Aug 2020 15:54:06 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FF57C061575 for ; Fri, 21 Aug 2020 12:54:04 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id bh1so1340464plb.12 for ; Fri, 21 Aug 2020 12:54:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X1pLED4dOZHjJehTtWdStx3hbiXOC8sBHN8PPW1XfeE=; b=PH6uKvVhsYajnUeu9WI2S5GhMXGTVSnkPRxAIXL2PQfyslzAd+tUmyU2hUVqyaQiNq R753MmTdw4LGV1AeWW4YF/PEX9V5Kij7VQwCWXLgHNxh+7mIIWrxJDxeVUGxkMY13cGg ETS7WkMSrGy3ull8otZSIbk81u4Ez6PoMkmzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X1pLED4dOZHjJehTtWdStx3hbiXOC8sBHN8PPW1XfeE=; b=kihMtwBIdd3eOQvcOtb97p34v4tuWYQ0PbfvHmUcOjrWM1oT9htLawI9G2JP7iXHOT AUXZHAQjwWfcRR9WxgngQbKS601o+Ytd1qOwHvpqUSkG0eol95nNlsXs+9L2zT5z+cSM BKtbu/z4XK3gSawJbbo0pj6dHBXRw/TNbjaOIvB1dSQxzKm01jPfJnqkjwFsR3B8PvZL ypYl6ShegI4Zbp+KL6Nyn9HOanbwdJR2zvYtLxsifuevW7sGltDtaBhveomYr99MqvTY G0tIhercSMICjVtAcuk5nMJJx0mOh7UPT/y4KL3f4AcRMDRoMwXvKfZFCZtXrx/FEvs9 XlvA== X-Gm-Message-State: AOAM532514quIC4TudVhl76QGizoFIhD3KjbOt72Pb+s6jTKp+GpnMxJ x7NkddNXHBYQ2xNRXb2qiEsAhg== X-Received: by 2002:a17:902:a60f:: with SMTP id u15mr2567999plq.239.1598039644162; Fri, 21 Aug 2020 12:54:04 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h18sm3442336pfo.21.2020.08.21.12.54.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Aug 2020 12:54:02 -0700 (PDT) From: Kees Cook To: Ingo Molnar Cc: Kees Cook , Catalin Marinas , Mark Rutland , Ard Biesheuvel , Peter Collingbourne , James Morse , Borislav Petkov , Ingo Molnar , Russell King , Masahiro Yamada , Arvind Sankar , Nick Desaulniers , Nathan Chancellor , Arnd Bergmann , x86@kernel.org, clang-built-linux@googlegroups.com, linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 29/29] x86/boot/compressed: Warn on orphan section placement Date: Fri, 21 Aug 2020 12:43:10 -0700 Message-Id: <20200821194310.3089815-30-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200821194310.3089815-1-keescook@chromium.org> References: <20200821194310.3089815-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Now that all sections are explicitly handled, enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 5b7f6e175b03..647e15837a28 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -54,6 +54,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux += --orphan-handling=warn LDFLAGS_vmlinux += -T hostprogs := mkpiggy -- 2.25.1