From patchwork Wed Sep 2 02:53:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 254244 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0602C433E2 for ; Wed, 2 Sep 2020 02:54:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C081120707 for ; Wed, 2 Sep 2020 02:54:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="kCu8hyTc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726400AbgIBCyD (ORCPT ); Tue, 1 Sep 2020 22:54:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726247AbgIBCxy (ORCPT ); Tue, 1 Sep 2020 22:53:54 -0400 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3A22C061249 for ; Tue, 1 Sep 2020 19:53:52 -0700 (PDT) Received: by mail-pl1-x642.google.com with SMTP id y6so1585306plt.3 for ; Tue, 01 Sep 2020 19:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XPZJbcEtwfQTjOb/c8yhPFEhILSdoB+KS72tNB8EcNI=; b=kCu8hyTcGoY7RYojj6lkArYLYWRPCSJax2BgpnkrA4p6KHwO/KDpfqBFFVqydUb61M KelRtaHdh8yEvhXTfGGBKZyqjY4QUC3HvxL/Mnd4l1/NUfthfp/+uqRjf7TZvXRoaXUv KtH2K7YG+GNs7sb3j+14YNKypSfg/mtqzN72k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XPZJbcEtwfQTjOb/c8yhPFEhILSdoB+KS72tNB8EcNI=; b=f9YDGrCp/KUvy5whpMXQEGPl1yI0NJO69KZe0gPMCD6wSsEMW4g9mdnlM36X3L+fyB ZmCUn3i1S06Ng2ZvqzzaVsmYJhh7YvCNsGzSasopTTtSbq26CB0IGdUTfLanim+MDS/G 3UCbMyTDExhvrnlBsJXiE/ESqcAj6FlWIPG0xaNOZ4WIot5b/ZT+BEU1K9euCdi4xaDB Oe4i3GhdRiIrgZgBuOUihYldsjqn+M8cS58jpyGF/NzWSQFUN+82Z0qODDRs7PNwpQZD zoRJtfRB+p+qkcYro16PIpftInpqT3lAXHLk9dBZglrUbnlW5Tc5r+4I3Rrq+/wBRX+Q 6/gA== X-Gm-Message-State: AOAM532/L1GmoyKf7NkmjbuM9hZ26rwMK1/nqchkxpPdD0w0geAOyhCM mzZ79aStXBxmFYLEKCGkSi/ODw== X-Google-Smtp-Source: ABdhPJxv9F6zTbZLG31keWGzI4N4ccr5wX8ALy3FKGq8wAk/IzXEKUXCP56QRYBrM4KTWBz2JqF6Qg== X-Received: by 2002:a17:902:b20e:: with SMTP id t14mr253940plr.58.1599015232244; Tue, 01 Sep 2020 19:53:52 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id g5sm3575074pfh.168.2020.09.01.19.53.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Sep 2020 19:53:50 -0700 (PDT) From: Kees Cook To: Ingo Molnar Cc: Kees Cook , Borislav Petkov , Catalin Marinas , Mark Rutland , Ard Biesheuvel , Peter Collingbourne , James Morse , Ingo Molnar , Russell King , Masahiro Yamada , Arvind Sankar , Nick Desaulniers , Nathan Chancellor , Arnd Bergmann , x86@kernel.org, clang-built-linux@googlegroups.com, linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH v7 3/5] arm/boot: Warn on orphan section placement Date: Tue, 1 Sep 2020 19:53:45 -0700 Message-Id: <20200902025347.2504702-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200902025347.2504702-1-keescook@chromium.org> References: <20200902025347.2504702-1-keescook@chromium.org> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. With all sections now handled, enable orphan section warning. Signed-off-by: Kees Cook --- arch/arm/boot/compressed/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index b1147b7f2c8d..58028abd05d9 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -123,6 +123,8 @@ endif LDFLAGS_vmlinux += --no-undefined # Delete all temporary local symbols LDFLAGS_vmlinux += -X +# Report orphan sections +LDFLAGS_vmlinux += $(call ld-option, --orphan-handling=warn) # Next argument is a linker script LDFLAGS_vmlinux += -T From patchwork Wed Sep 2 02:53:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 254242 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AD64C433E7 for ; Wed, 2 Sep 2020 02:54:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0801A20707 for ; Wed, 2 Sep 2020 02:54:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="bNeNVIUp" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726244AbgIBCyf (ORCPT ); Tue, 1 Sep 2020 22:54:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726386AbgIBCyD (ORCPT ); Tue, 1 Sep 2020 22:54:03 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93D1BC061263 for ; Tue, 1 Sep 2020 19:53:56 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id l191so1786889pgd.5 for ; Tue, 01 Sep 2020 19:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JcvEo160LuHDQD7qfOvAP7KcCyAU7p1FFARh/mGAmoY=; b=bNeNVIUp5wLd20zY7GcMyTGEK+1iPazVe7pNUjLaD0gXYItCy+3Sdv//WvvNwoKDM6 Uv+a9vaUg3+t1WxF84thK1gkM5sHMKI+Rq2tNAhA7rAZnF0RzdZRMP6vmNwRs2hT7jbC A2ZuOezSk/Jtm5d8lXaE6Ct1Du9kbe7yDRf6I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JcvEo160LuHDQD7qfOvAP7KcCyAU7p1FFARh/mGAmoY=; b=hJ7SX2x4XtNzPPx01gaW7emiwMFpHrbXe0GxLI69O7b+dFtlsiQYAGeT3wqm7Cjgm+ NTdn7txzv9hSeL4LYSsra8iEqWP/G3PRWU6XnXex4LiX6gYtN4AMt0161U+XnxqJZO4v atVCwm6mYV0W/rJBDoQFCWYn3MYgK10WEQQ3lcNrtQRfYehucQb8Y9UDTXtVeaU+dzoR MFh6jM6wIdNxNIFQzuamSkrMy/7lA6dbcJI/8OAy+rLx6JR4oCZeSOC8ZrKFbrSdmmbz PY/BoCFrxA1IaR+2TLkqzzheZNCaqkcAPVyRp7E7uDWtVX0cgvc7cWeoj7LG1x97p0q/ 8Qyg== X-Gm-Message-State: AOAM532L7IxAwbswsZmWbwtGmz0mI6b9CkMUWBYeb1or4nq5tSuvsNiN hz8dXFV3RyzuLw75uRtMPLhVgQ== X-Google-Smtp-Source: ABdhPJy0HGMfDCWkJW2ahd3RYXmS5RA7xjHg6pHP5/RCgQANMg7x7X7wDQT+vfbBEud/U6454iTChQ== X-Received: by 2002:a63:d34e:: with SMTP id u14mr235066pgi.122.1599015236142; Tue, 01 Sep 2020 19:53:56 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id o192sm3673517pfg.81.2020.09.01.19.53.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Sep 2020 19:53:54 -0700 (PDT) From: Kees Cook To: Ingo Molnar Cc: Kees Cook , Borislav Petkov , Catalin Marinas , Mark Rutland , Ard Biesheuvel , Peter Collingbourne , James Morse , Ingo Molnar , Russell King , Masahiro Yamada , Arvind Sankar , Nick Desaulniers , Nathan Chancellor , Arnd Bergmann , x86@kernel.org, clang-built-linux@googlegroups.com, linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH v7 5/5] x86/boot/compressed: Warn on orphan section placement Date: Tue, 1 Sep 2020 19:53:47 -0700 Message-Id: <20200902025347.2504702-6-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200902025347.2504702-1-keescook@chromium.org> References: <20200902025347.2504702-1-keescook@chromium.org> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org We don't want to depend on the linker's orphan section placement heuristics as these can vary between linkers, and may change between versions. All sections need to be explicitly handled in the linker script. Now that all sections are explicitly handled, enable orphan section warnings. Signed-off-by: Kees Cook --- arch/x86/boot/compressed/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 5b7f6e175b03..871cc071c925 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -54,6 +54,7 @@ KBUILD_LDFLAGS += $(call ld-option,--no-ld-generated-unwind-info) # Compressed kernel should be built as PIE since it may be loaded at any # address by the bootloader. LDFLAGS_vmlinux := -pie $(call ld-option, --no-dynamic-linker) +LDFLAGS_vmlinux += $(call ld-option, --orphan-handling=warn) LDFLAGS_vmlinux += -T hostprogs := mkpiggy