lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Apr 2019 05:48:04 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "sashal@...nel.org" <sashal@...nel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "hpa@...or.com" <hpa@...or.com>,
        "andi.kleen@...el.com" <andi.kleen@...el.com>,
        "luto@...nel.org" <luto@...nel.org>,
        "joel@...lfernandes.org" <joel@...lfernandes.org>,
        "astrachan@...gle.com" <astrachan@...gle.com>,
        "kernel-team@...roid.com" <kernel-team@...roid.com>
Subject: Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link

On Fri, Apr 26, 2019 at 11:41:30AM +0000, Rantala, Tommi T. (Nokia - FI/Espoo) wrote:
> On Mon, 2019-04-15 at 20:58 +0200, Greg Kroah-Hartman wrote:
> > commit 379d98ddf41344273d9718556f761420f4dc80b3 upstream.
> > 
> 
> Hi,
> 
> With this patch in 4.14.112 build-id is now missing in vdso32.so:
> 
> $ file arch/x86/entry/vdso/vdso*so*
> arch/x86/entry/vdso/vdso32.so:     ELF 32-bit LSB pie executable, Intel
> 80386, version 1 (SYSV), dynamically linked, stripped
> arch/x86/entry/vdso/vdso32.so.dbg: ELF 32-bit LSB pie executable, Intel
> 80386, version 1 (SYSV), dynamically linked, with debug_info, not
> stripped
> arch/x86/entry/vdso/vdso64.so:     ELF 64-bit LSB pie executable, x86-
> 64, version 1 (SYSV), dynamically linked,
> BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, stripped
> arch/x86/entry/vdso/vdso64.so.dbg: ELF 64-bit LSB pie executable, x86-
> 64, version 1 (SYSV), dynamically linked,
> BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, with
> debug_info, not stripped
> 
> 
> Based on quick check, "$(call ld-option, --build-id)" fails due to some
> 32/64 bit mismatch, so the --build-id linker flag is not used when
> linking vdso32.so
> 
> Perhaps scripts/Kbuild.include is missing some change in 4.14.y to make
> this work properly.
> 

Hi Tommi,

This appears to be fixed by commit 0294e6f4a000 ("kbuild: simplify
ld-option implementation") upstream. Could you test the attached
backport and make sure everything works on your end? Assuming that it
does, I will test the other stable releases and see if this is needed
and send those backports along.

Thanks and sorry for the trouble!
Nathan

> -Tommi
> 
> > The vdso{32,64}.so can fail to link with CC=clang when clang tries to
> > find
> > a suitable GCC toolchain to link these libraries with.
> > 
> > /usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o:
> >   access beyond end of merged section (782)
> > 
> > This happens because the host environment leaked into the cross
> > compiler
> > environment due to the way clang searches for suitable GCC
> > toolchains.
> > 
> > Clang is a retargetable compiler, and each invocation of it must
> > provide
> > --target=<something> --gcc-toolchain=<something> to allow it to find
> > the
> > correct binutils for cross compilation. These flags had been added to
> > KBUILD_CFLAGS, but the vdso code uses CC and not KBUILD_CFLAGS (for
> > various
> > reasons) which breaks clang's ability to find the correct linker when
> > cross
> > compiling.
> > 
> > Most of the time this goes unnoticed because the host linker is new
> > enough
> > to work anyway, or is incompatible and skipped, but this cannot be
> > reliably
> > assumed.
> > 
> > This change alters the vdso makefile to just use LD directly, which
> > bypasses clang and thus the searching problem. The makefile will just
> > use
> > ${CROSS_COMPILE}ld instead, which is always what we want. This
> > matches the
> > method used to link vmlinux.
> > 
> > This drops references to DISABLE_LTO; this option doesn't seem to be
> > set
> > anywhere, and not knowing what its possible values are, it's not
> > clear how
> > to convert it from CC to LD flag.
> > 
> > Signed-off-by: Alistair Strachan <astrachan@...gle.com>
> > Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> > Acked-by: Andy Lutomirski <luto@...nel.org>
> > Cc: "H. Peter Anvin" <hpa@...or.com>
> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > Cc: kernel-team@...roid.com
> > Cc: joel@...lfernandes.org
> > Cc: Andi Kleen <andi.kleen@...el.com>
> > Link: 
> > https://lkml.kernel.org/r/20180803173931.117515-1-astrachan@google.com
> > Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > ---
> >  arch/x86/entry/vdso/Makefile | 22 +++++++++-------------
> >  1 file changed, 9 insertions(+), 13 deletions(-)
> > 
> > diff --git a/arch/x86/entry/vdso/Makefile
> > b/arch/x86/entry/vdso/Makefile
> > index 0a550dc5c525..0defcc939ab4 100644
> > --- a/arch/x86/entry/vdso/Makefile
> > +++ b/arch/x86/entry/vdso/Makefile
> > @@ -48,10 +48,8 @@ targets += $(vdso_img_sodbg)
> >  
> >  export CPPFLAGS_vdso.lds += -P -C
> >  
> > -VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
> > -			-Wl,--no-undefined \
> > -			-Wl,-z,max-page-size=4096 -Wl,-z,common-page-
> > size=4096 \
> > -			$(DISABLE_LTO)
> > +VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --no-
> > undefined \
> > +			-z max-page-size=4096 -z common-page-size=4096
> >  
> >  $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE
> >  	$(call if_changed,vdso)
> > @@ -103,10 +101,8 @@ CFLAGS_REMOVE_vvar.o = -pg
> >  #
> >  
> >  CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)
> > -VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \
> > -			   -Wl,-soname=linux-vdso.so.1 \
> > -			   -Wl,-z,max-page-size=4096 \
> > -			   -Wl,-z,common-page-size=4096
> > +VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-vdso.so.1 \
> > +			   -z max-page-size=4096 -z common-page-
> > size=4096
> >  
> >  # 64-bit objects to re-brand as x32
> >  vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y))
> > @@ -134,7 +130,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds
> > $(vobjx32s) FORCE
> >  	$(call if_changed,vdso)
> >  
> >  CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
> > -VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-soname=linux-
> > gate.so.1
> > +VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1
> >  
> >  # This makes sure the $(obj) subdirectory exists even though vdso32/
> >  # is not a kbuild sub-make subdirectory.
> > @@ -180,13 +176,13 @@ $(obj)/vdso32.so.dbg: FORCE \
> >  # The DSO images are built using a special linker script.
> >  #
> >  quiet_cmd_vdso = VDSO    $@
> > -      cmd_vdso = $(CC) -nostdlib -o $@ \
> > +      cmd_vdso = $(LD) -nostdlib -o $@ \
> >  		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter
> > %.lds,$(^F))) \
> > -		       -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
> > +		       -T $(filter %.lds,$^) $(filter %.o,$^) && \
> >  		 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
> >  
> > -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-
> > style=both) \
> > -	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic
> > $(LTO_CFLAGS)
> > +VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
> > +	$(call ld-option, --build-id) -Bsymbolic
> >  GCOV_PROFILE := n
> >  
> >  #
> 

View attachment "0001-kbuild-simplify-ld-option-implementation.patch" of type "text/plain" (3378 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ