lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKv+Gu_sLmkBHF-9GyPUgfAbLYirQTD4vk63o6HzdZhm6s_e0g@mail.gmail.com>
Date:	Thu, 4 Sep 2014 23:25:48 +0200
From:	Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:	Michael Brown <mbrown@...systems.co.uk>
Cc:	Maarten Lankhorst <maarten.lankhorst@...onical.com>,
	Matt Fleming <matt@...sole-pimps.org>,
	Ulf Winkelvos <ulf@...kelvos.de>,
	Matt Fleming <matt.fleming@...el.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"x86@...nel.org" <x86@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
	Seth Forshee <seth.forshee@...onical.com>,
	Matthew Garrett <mjg59@...f.ucam.org>
Subject: Re: [REGRESSION] "efi: efistub: Convert into static library" and
 preparation patches

On 4 September 2014 21:12, Ard Biesheuvel <ard.biesheuvel@...aro.org> wrote:
> On 4 September 2014 14:54, Michael Brown <mbrown@...systems.co.uk> wrote:
>> On 04/09/14 11:48, Maarten Lankhorst wrote:
>>>>>
>>>>> If not, Ard please go ahead with option #2 above. Overkill yes, but I've
>>>>> done the single __attribute__() hacks in other projects and someone
>>>>> (usually me) always eventually forgets to tag some instance.
>>>>>
>>>> It appears we just got lucky on arm64, since we don't have any global
>>>> variables, but the issue does exist there as well.
>>>>
>>> FWIW, visibility pushing doesn't seem to work for functions declared with
>>> extern.
>>> Following seems to get rid of all GOTPCREL:
>>
>>
>> Are you sure?  The iPXE build process relies on this:
>>
>>   /* Force visibility of all symbols to "hidden", i.e. inform gcc that
>>    * all symbol references resolve strictly within our final binary.
>>    * This avoids unnecessary PLT/GOT entries on x86_64.
>>    *
>>    * This is a stronger claim than specifying "-fvisibility=hidden",
>>    * since it also affects symbols marked with "extern".
>>    */
>>   #ifndef ASSEMBLY
>>   #if __GNUC__ >= 4
>>   #pragma GCC visibility push(hidden)
>>   #endif
>>   #endif /* ASSEMBLY */
>>
>> and https://gcc.gnu.org/wiki/Visibility states that
>>
>>   "#pragma GCC visibility is stronger than -fvisibility; it affects extern
>> declarations as well. -fvisibility only affects definitions, so that
>> existing code can be recompiled with minimal changes. This is more true for
>> C than C++; C++ interfaces tend use classes, which are affected by
>> -fvisibility."
>>
>
> This is exactly the reason I suggested using the #pragma in the first
> place, only you need to take care to put it before #includes or it
> won't apply to extern declarations contained in those.
>
> But my later suggestion was to apply the attribute to extern
> declarations explicitly, it is probably more portable, and if we can
> assert that the GOT is empty, we can easily spot new ones popping up
> before they make it into the tree.
> Since Maarten's research seems to suggest that using the visibility
> attribute is feasible as it dates back to the GCC 3.x days, I will go
> ahead and implement the fix I suggested.
>

As it turns out, this breaks 32-bit, and the linker script is shared.

So I suggest that we go with Matt's suggestion, i.e., move/clone the
GOT fixup code so that it runs exactly once in each code path, but
early enough so that the embedded EFI application gets the treatment
too.
And don't forget head_32.S ...

Cheers,
Ard.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ