On Tue, Jun 23, 2020 at 04:59:39PM +0200, Ard Biesheuvel wrote:
> On Tue, 23 Jun 2020 at 16:52, Will Deacon <w...@kernel.org> wrote:
> >
> > On Mon, Jun 22, 2020 at 01:58:15PM -0700, Kees Cook wrote:
> > > We don't want to depend on the linker's orphan section placement
> > > heuristics as these can vary between linkers, and may change between
> > > versions. All sections need to be explicitly named in the linker
> > > script.
> > >
> > > Explicitly include debug sections when they're present. Add .eh_frame*
> > > to discard as it seems that these are still generated even though
> > > -fno-asynchronous-unwind-tables is being specified. Add .plt and
> > > .data.rel.ro to discards as they are not actually used. Add .got.plt
> > > to the image as it does appear to be mapped near .data. Finally enable
> > > orphan section warnings.
> >
> > Can you elaborate a bit on what .got.plt is being used for, please? I
> > wonder if there's an interaction with an erratum workaround in the linker
> > or something.
> >
>
> .got.plt is not used at all, but it has three magic entries at the
> start that the dynamic linker uses for lazy dispatch, so it turns up
> as a non-empty section of 0x18 bytes.
Is there a way to suppress the generation? I haven't found a way, so I'd
left it as-is.
> We should be able to discard it afaict, but given that it does not
> actually take up any space, it doesn't really matter either way.
I will add it to the discards then.
> > > diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> > > index a0d94d063fa8..3e628983445a 100644
> > > --- a/arch/arm64/Makefile
> > > +++ b/arch/arm64/Makefile
> > > @@ -29,6 +29,10 @@ LDFLAGS_vmlinux += --fix-cortex-a53-843419
> > > endif
> > > endif
> > >
> > > +# We never want expected sections to be placed heuristically by the
> > > +# linker. All sections should be explicitly named in the linker script.
> > > +LDFLAGS_vmlinux += --orphan-handling=warn
> > > +
> > > ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS), y)
> > > ifneq ($(CONFIG_ARM64_LSE_ATOMICS), y)
> > > $(warning LSE atomics not supported by binutils)
> > > diff --git a/arch/arm64/kernel/vmlinux.lds.S
> > > b/arch/arm64/kernel/vmlinux.lds.S
> > > index 5427f502c3a6..c9ecb3b2007d 100644
> > > --- a/arch/arm64/kernel/vmlinux.lds.S
> > > +++ b/arch/arm64/kernel/vmlinux.lds.S
> > > @@ -94,7 +94,8 @@ SECTIONS
> > > /DISCARD/ : {
> > > *(.interp .dynamic)
> > > *(.dynsym .dynstr .hash .gnu.hash)
> > > - *(.eh_frame)
> > > + *(.plt) *(.data.rel.ro)
> > > + *(.eh_frame) *(.init.eh_frame)
> >
> > Do we need to include .eh_frame_hdr here too?
>
> It would be better to build with -fno-unwind-tables, in which case
> these sections should not even exist.
Nothing seems to help with the .eh_frame issue
(even with -fno-asynchronous-unwind-tables and -fno-unwind-tables):
$ aarch64-linux-gnu-gcc -Wp,-MMD,arch/arm64/kernel/.smccc-call.o.d \
-nostdinc -isystem /usr/lib/gcc-cross/aarch64-linux-gnu/9/include \
-I./arch/arm64/include -I./arch/arm64/include/generated -I./include \
-I./arch/arm64/include/uapi -I./arch/arm64/include/generated/uapi \
-I./include/uapi -I./include/generated/uapi -include \
./include/linux/kconfig.h -D__KERNEL__ -mlittle-endian \
-DCC_USING_PATCHABLE_FUNCTION_ENTRY -DKASAN_SHADOW_SCALE_SHIFT=3 \
-D__ASSEMBLY__ -fno-PIE -mabi=lp64 -fno-asynchronous-unwind-tables \
-fno-unwind-tables -DKASAN_SHADOW_SCALE_SHIFT=3 -Wa,-gdwarf-2 -c -o \
arch/arm64/kernel/smccc-call.o arch/arm64/kernel/smccc-call.S
$ readelf -S arch/arm64/kernel/smccc-call.o | grep eh_frame
[17] .eh_frame PROGBITS 0000000000000000 000001f0
[18] .rela.eh_frame RELA 0000000000000000 00000618
> > > }
> > >
> > > . = KIMAGE_VADDR + TEXT_OFFSET;
> > > @@ -209,6 +210,7 @@ SECTIONS
> > > _data = .;
> > > _sdata = .;
> > > RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN)
> > > + .got.plt : ALIGN(8) { *(.got.plt) }
> > >
> > > /*
> > > * Data written with the MMU off but read with the MMU on requires
> > > @@ -244,6 +246,7 @@ SECTIONS
> > > _end = .;
> > >
> > > STABS_DEBUG
> > > + DWARF_DEBUG
> >
> > I know you didn't add it, but do we _really_ care about stabs debug? Who
> > generates that for arm64?
It's also where .comment and the .symtab ends up living. As a result,
I think it's correct to keep it. (If we wanted to split .stabs from
.comment/.symtab, we could do that, but I'd kind of like to avoid it for
this series, as it feels kind of unrelated.)
--
Kees Cook
