lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0dbe840a89d279be2b66d6c612d25eba4cc4c2e2.camel@nokia.com>
Date:   Fri, 26 Apr 2019 13:23:17 +0000
From:   "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>
To:     "natechancellor@...il.com" <natechancellor@...il.com>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "sashal@...nel.org" <sashal@...nel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "hpa@...or.com" <hpa@...or.com>,
        "andi.kleen@...el.com" <andi.kleen@...el.com>,
        "luto@...nel.org" <luto@...nel.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "joel@...lfernandes.org" <joel@...lfernandes.org>,
        "astrachan@...gle.com" <astrachan@...gle.com>,
        "kernel-team@...roid.com" <kernel-team@...roid.com>
Subject: Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link

On Fri, 2019-04-26 at 05:48 -0700, Nathan Chancellor wrote:
> On Fri, Apr 26, 2019 at 11:41:30AM +0000, Rantala, Tommi T. (Nokia -
> FI/Espoo) wrote:
> > On Mon, 2019-04-15 at 20:58 +0200, Greg Kroah-Hartman wrote:
> > > commit 379d98ddf41344273d9718556f761420f4dc80b3 upstream.
> > > 
> > 
> > Hi,
> > 
> > With this patch in 4.14.112 build-id is now missing in vdso32.so:
> > 
> > $ file arch/x86/entry/vdso/vdso*so*
> > arch/x86/entry/vdso/vdso32.so:     ELF 32-bit LSB pie executable,
> > Intel
> > 80386, version 1 (SYSV), dynamically linked, stripped
> > arch/x86/entry/vdso/vdso32.so.dbg: ELF 32-bit LSB pie executable,
> > Intel
> > 80386, version 1 (SYSV), dynamically linked, with debug_info, not
> > stripped
> > arch/x86/entry/vdso/vdso64.so:     ELF 64-bit LSB pie executable,
> > x86-
> > 64, version 1 (SYSV), dynamically linked,
> > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, stripped
> > arch/x86/entry/vdso/vdso64.so.dbg: ELF 64-bit LSB pie executable,
> > x86-
> > 64, version 1 (SYSV), dynamically linked,
> > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, with
> > debug_info, not stripped
> > 
> > 
> > Based on quick check, "$(call ld-option, --build-id)" fails due to
> > some
> > 32/64 bit mismatch, so the --build-id linker flag is not used when
> > linking vdso32.so
> > 
> > Perhaps scripts/Kbuild.include is missing some change in 4.14.y to
> > make
> > this work properly.
> > 
> 
> Hi Tommi,
> 
> This appears to be fixed by commit 0294e6f4a000 ("kbuild: simplify
> ld-option implementation") upstream. Could you test the attached
> backport and make sure everything works on your end? Assuming that it
> does, I will test the other stable releases and see if this is needed
> and send those backports along.

Yes this patch fixes it. Many thanks!

-Tommi

> Thanks and sorry for the trouble!
> Nathan
> 
> > -Tommi
> > 
> > > The vdso{32,64}.so can fail to link with CC=clang when clang
> > > tries to
> > > find
> > > a suitable GCC toolchain to link these libraries with.
> > > 
> > > /usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o:
> > >   access beyond end of merged section (782)
> > > 
> > > This happens because the host environment leaked into the cross
> > > compiler
> > > environment due to the way clang searches for suitable GCC
> > > toolchains.
> > > 
> > > Clang is a retargetable compiler, and each invocation of it must
> > > provide
> > > --target=<something> --gcc-toolchain=<something> to allow it to
> > > find
> > > the
> > > correct binutils for cross compilation. These flags had been
> > > added to
> > > KBUILD_CFLAGS, but the vdso code uses CC and not KBUILD_CFLAGS
> > > (for
> > > various
> > > reasons) which breaks clang's ability to find the correct linker
> > > when
> > > cross
> > > compiling.
> > > 
> > > Most of the time this goes unnoticed because the host linker is
> > > new
> > > enough
> > > to work anyway, or is incompatible and skipped, but this cannot
> > > be
> > > reliably
> > > assumed.
> > > 
> > > This change alters the vdso makefile to just use LD directly,
> > > which
> > > bypasses clang and thus the searching problem. The makefile will
> > > just
> > > use
> > > ${CROSS_COMPILE}ld instead, which is always what we want. This
> > > matches the
> > > method used to link vmlinux.
> > > 
> > > This drops references to DISABLE_LTO; this option doesn't seem to
> > > be
> > > set
> > > anywhere, and not knowing what its possible values are, it's not
> > > clear how
> > > to convert it from CC to LD flag.
> > > 
> > > Signed-off-by: Alistair Strachan <astrachan@...gle.com>
> > > Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> > > Acked-by: Andy Lutomirski <luto@...nel.org>
> > > Cc: "H. Peter Anvin" <hpa@...or.com>
> > > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > Cc: kernel-team@...roid.com
> > > Cc: joel@...lfernandes.org
> > > Cc: Andi Kleen <andi.kleen@...el.com>
> > > Link: 
> > > https://lkml.kernel.org/r/20180803173931.117515-1-astrachan@google.com
> > > Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> > > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > > ---
> > >  arch/x86/entry/vdso/Makefile | 22 +++++++++-------------
> > >  1 file changed, 9 insertions(+), 13 deletions(-)
> > > 
> > > diff --git a/arch/x86/entry/vdso/Makefile
> > > b/arch/x86/entry/vdso/Makefile
> > > index 0a550dc5c525..0defcc939ab4 100644
> > > --- a/arch/x86/entry/vdso/Makefile
> > > +++ b/arch/x86/entry/vdso/Makefile
> > > @@ -48,10 +48,8 @@ targets += $(vdso_img_sodbg)
> > >  
> > >  export CPPFLAGS_vdso.lds += -P -C
> > >  
> > > -VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
> > > -			-Wl,--no-undefined \
> > > -			-Wl,-z,max-page-size=4096 -Wl,-z,common-page-
> > > size=4096 \
> > > -			$(DISABLE_LTO)
> > > +VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --
> > > no-
> > > undefined \
> > > +			-z max-page-size=4096 -z common-page-size=4096
> > >  
> > >  $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE
> > >  	$(call if_changed,vdso)
> > > @@ -103,10 +101,8 @@ CFLAGS_REMOVE_vvar.o = -pg
> > >  #
> > >  
> > >  CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)
> > > -VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \
> > > -			   -Wl,-soname=linux-vdso.so.1 \
> > > -			   -Wl,-z,max-page-size=4096 \
> > > -			   -Wl,-z,common-page-size=4096
> > > +VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-
> > > vdso.so.1 \
> > > +			   -z max-page-size=4096 -z common-page-
> > > size=4096
> > >  
> > >  # 64-bit objects to re-brand as x32
> > >  vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y))
> > > @@ -134,7 +130,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds
> > > $(vobjx32s) FORCE
> > >  	$(call if_changed,vdso)
> > >  
> > >  CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
> > > -VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-
> > > soname=linux-
> > > gate.so.1
> > > +VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1
> > >  
> > >  # This makes sure the $(obj) subdirectory exists even though
> > > vdso32/
> > >  # is not a kbuild sub-make subdirectory.
> > > @@ -180,13 +176,13 @@ $(obj)/vdso32.so.dbg: FORCE \
> > >  # The DSO images are built using a special linker script.
> > >  #
> > >  quiet_cmd_vdso = VDSO    $@
> > > -      cmd_vdso = $(CC) -nostdlib -o $@ \
> > > +      cmd_vdso = $(LD) -nostdlib -o $@ \
> > >  		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter
> > > %.lds,$(^F))) \
> > > -		       -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
> > > +		       -T $(filter %.lds,$^) $(filter %.o,$^) && \
> > >  		 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
> > >  
> > > -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)
> > > --hash-
> > > style=both) \
> > > -	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic
> > > $(LTO_CFLAGS)
> > > +VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
> > > +	$(call ld-option, --build-id) -Bsymbolic
> > >  GCOV_PROFILE := n
> > >  
> > >  #

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ