| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Sep 2014 23:25:48 +0200 From: Ard Biesheuvel <ard.biesheuvel@...aro.org> To: Michael Brown <mbrown@...systems.co.uk> Cc: Maarten Lankhorst <maarten.lankhorst@...onical.com>, Matt Fleming <matt@...sole-pimps.org>, Ulf Winkelvos <ulf@...kelvos.de>, Matt Fleming <matt.fleming@...el.com>, LKML <linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, Seth Forshee <seth.forshee@...onical.com>, Matthew Garrett <mjg59@...f.ucam.org> Subject: Re: [REGRESSION] "efi: efistub: Convert into static library" and preparation patches On 4 September 2014 21:12, Ard Biesheuvel <ard.biesheuvel@...aro.org> wrote: > On 4 September 2014 14:54, Michael Brown <mbrown@...systems.co.uk> wrote: >> On 04/09/14 11:48, Maarten Lankhorst wrote: >>>>> >>>>> If not, Ard please go ahead with option #2 above. Overkill yes, but I've >>>>> done the single __attribute__() hacks in other projects and someone >>>>> (usually me) always eventually forgets to tag some instance. >>>>> >>>> It appears we just got lucky on arm64, since we don't have any global >>>> variables, but the issue does exist there as well. >>>> >>> FWIW, visibility pushing doesn't seem to work for functions declared with >>> extern. >>> Following seems to get rid of all GOTPCREL: >> >> >> Are you sure? The iPXE build process relies on this: >> >> /* Force visibility of all symbols to "hidden", i.e. inform gcc that >> * all symbol references resolve strictly within our final binary. >> * This avoids unnecessary PLT/GOT entries on x86_64. >> * >> * This is a stronger claim than specifying "-fvisibility=hidden", >> * since it also affects symbols marked with "extern". >> */ >> #ifndef ASSEMBLY >> #if __GNUC__ >= 4 >> #pragma GCC visibility push(hidden) >> #endif >> #endif /* ASSEMBLY */ >> >> and https://gcc.gnu.org/wiki/Visibility states that >> >> "#pragma GCC visibility is stronger than -fvisibility; it affects extern >> declarations as well. -fvisibility only affects definitions, so that >> existing code can be recompiled with minimal changes. This is more true for >> C than C++; C++ interfaces tend use classes, which are affected by >> -fvisibility." >> > > This is exactly the reason I suggested using the #pragma in the first > place, only you need to take care to put it before #includes or it > won't apply to extern declarations contained in those. > > But my later suggestion was to apply the attribute to extern > declarations explicitly, it is probably more portable, and if we can > assert that the GOT is empty, we can easily spot new ones popping up > before they make it into the tree. > Since Maarten's research seems to suggest that using the visibility > attribute is feasible as it dates back to the GCC 3.x days, I will go > ahead and implement the fix I suggested. > As it turns out, this breaks 32-bit, and the linker script is shared. So I suggest that we go with Matt's suggestion, i.e., move/clone the GOT fixup code so that it runs exactly once in each code path, but early enough so that the embedded EFI application gets the treatment too. And don't forget head_32.S ... Cheers, Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists