| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2019 13:23:17 +0000
From: "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>
To: "natechancellor@...il.com" <natechancellor@...il.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"sashal@...nel.org" <sashal@...nel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
"hpa@...or.com" <hpa@...or.com>,
"andi.kleen@...el.com" <andi.kleen@...el.com>,
"luto@...nel.org" <luto@...nel.org>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"joel@...lfernandes.org" <joel@...lfernandes.org>,
"astrachan@...gle.com" <astrachan@...gle.com>,
"kernel-team@...roid.com" <kernel-team@...roid.com>
Subject: Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link
On Fri, 2019-04-26 at 05:48 -0700, Nathan Chancellor wrote:
> On Fri, Apr 26, 2019 at 11:41:30AM +0000, Rantala, Tommi T. (Nokia -
> FI/Espoo) wrote:
> > On Mon, 2019-04-15 at 20:58 +0200, Greg Kroah-Hartman wrote:
> > > commit 379d98ddf41344273d9718556f761420f4dc80b3 upstream.
> > >
> >
> > Hi,
> >
> > With this patch in 4.14.112 build-id is now missing in vdso32.so:
> >
> > $ file arch/x86/entry/vdso/vdso*so*
> > arch/x86/entry/vdso/vdso32.so: ELF 32-bit LSB pie executable,
> > Intel
> > 80386, version 1 (SYSV), dynamically linked, stripped
> > arch/x86/entry/vdso/vdso32.so.dbg: ELF 32-bit LSB pie executable,
> > Intel
> > 80386, version 1 (SYSV), dynamically linked, with debug_info, not
> > stripped
> > arch/x86/entry/vdso/vdso64.so: ELF 64-bit LSB pie executable,
> > x86-
> > 64, version 1 (SYSV), dynamically linked,
> > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, stripped
> > arch/x86/entry/vdso/vdso64.so.dbg: ELF 64-bit LSB pie executable,
> > x86-
> > 64, version 1 (SYSV), dynamically linked,
> > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, with
> > debug_info, not stripped
> >
> >
> > Based on quick check, "$(call ld-option, --build-id)" fails due to
> > some
> > 32/64 bit mismatch, so the --build-id linker flag is not used when
> > linking vdso32.so
> >
> > Perhaps scripts/Kbuild.include is missing some change in 4.14.y to
> > make
> > this work properly.
> >
>
> Hi Tommi,
>
> This appears to be fixed by commit 0294e6f4a000 ("kbuild: simplify
> ld-option implementation") upstream. Could you test the attached
> backport and make sure everything works on your end? Assuming that it
> does, I will test the other stable releases and see if this is needed
> and send those backports along.
Yes this patch fixes it. Many thanks!
-Tommi
> Thanks and sorry for the trouble!
> Nathan
>
> > -Tommi
> >
> > > The vdso{32,64}.so can fail to link with CC=clang when clang
> > > tries to
> > > find
> > > a suitable GCC toolchain to link these libraries with.
> > >
> > > /usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o:
> > > access beyond end of merged section (782)
> > >
> > > This happens because the host environment leaked into the cross
> > > compiler
> > > environment due to the way clang searches for suitable GCC
> > > toolchains.
> > >
> > > Clang is a retargetable compiler, and each invocation of it must
> > > provide
> > > --target=<something> --gcc-toolchain=<something> to allow it to
> > > find
> > > the
> > > correct binutils for cross compilation. These flags had been
> > > added to
> > > KBUILD_CFLAGS, but the vdso code uses CC and not KBUILD_CFLAGS
> > > (for
> > > various
> > > reasons) which breaks clang's ability to find the correct linker
> > > when
> > > cross
> > > compiling.
> > >
> > > Most of the time this goes unnoticed because the host linker is
> > > new
> > > enough
> > > to work anyway, or is incompatible and skipped, but this cannot
> > > be
> > > reliably
> > > assumed.
> > >
> > > This change alters the vdso makefile to just use LD directly,
> > > which
> > > bypasses clang and thus the searching problem. The makefile will
> > > just
> > > use
> > > ${CROSS_COMPILE}ld instead, which is always what we want. This
> > > matches the
> > > method used to link vmlinux.
> > >
> > > This drops references to DISABLE_LTO; this option doesn't seem to
> > > be
> > > set
> > > anywhere, and not knowing what its possible values are, it's not
> > > clear how
> > > to convert it from CC to LD flag.
> > >
> > > Signed-off-by: Alistair Strachan <astrachan@...gle.com>
> > > Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> > > Acked-by: Andy Lutomirski <luto@...nel.org>
> > > Cc: "H. Peter Anvin" <hpa@...or.com>
> > > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > Cc: kernel-team@...roid.com
> > > Cc: joel@...lfernandes.org
> > > Cc: Andi Kleen <andi.kleen@...el.com>
> > > Link:
> > > https://lkml.kernel.org/r/20180803173931.117515-1-astrachan@google.com
> > > Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> > > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > > ---
> > > arch/x86/entry/vdso/Makefile | 22 +++++++++-------------
> > > 1 file changed, 9 insertions(+), 13 deletions(-)
> > >
> > > diff --git a/arch/x86/entry/vdso/Makefile
> > > b/arch/x86/entry/vdso/Makefile
> > > index 0a550dc5c525..0defcc939ab4 100644
> > > --- a/arch/x86/entry/vdso/Makefile
> > > +++ b/arch/x86/entry/vdso/Makefile
> > > @@ -48,10 +48,8 @@ targets += $(vdso_img_sodbg)
> > >
> > > export CPPFLAGS_vdso.lds += -P -C
> > >
> > > -VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
> > > - -Wl,--no-undefined \
> > > - -Wl,-z,max-page-size=4096 -Wl,-z,common-page-
> > > size=4096 \
> > > - $(DISABLE_LTO)
> > > +VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --
> > > no-
> > > undefined \
> > > + -z max-page-size=4096 -z common-page-size=4096
> > >
> > > $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE
> > > $(call if_changed,vdso)
> > > @@ -103,10 +101,8 @@ CFLAGS_REMOVE_vvar.o = -pg
> > > #
> > >
> > > CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)
> > > -VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \
> > > - -Wl,-soname=linux-vdso.so.1 \
> > > - -Wl,-z,max-page-size=4096 \
> > > - -Wl,-z,common-page-size=4096
> > > +VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-
> > > vdso.so.1 \
> > > + -z max-page-size=4096 -z common-page-
> > > size=4096
> > >
> > > # 64-bit objects to re-brand as x32
> > > vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y))
> > > @@ -134,7 +130,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds
> > > $(vobjx32s) FORCE
> > > $(call if_changed,vdso)
> > >
> > > CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
> > > -VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-
> > > soname=linux-
> > > gate.so.1
> > > +VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1
> > >
> > > # This makes sure the $(obj) subdirectory exists even though
> > > vdso32/
> > > # is not a kbuild sub-make subdirectory.
> > > @@ -180,13 +176,13 @@ $(obj)/vdso32.so.dbg: FORCE \
> > > # The DSO images are built using a special linker script.
> > > #
> > > quiet_cmd_vdso = VDSO $@
> > > - cmd_vdso = $(CC) -nostdlib -o $@ \
> > > + cmd_vdso = $(LD) -nostdlib -o $@ \
> > > $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter
> > > %.lds,$(^F))) \
> > > - -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
> > > + -T $(filter %.lds,$^) $(filter %.o,$^) && \
> > > sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
> > >
> > > -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)
> > > --hash-
> > > style=both) \
> > > - $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic
> > > $(LTO_CFLAGS)
> > > +VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
> > > + $(call ld-option, --build-id) -Bsymbolic
> > > GCOV_PROFILE := n
> > >
> > > #
Powered by blists - more mailing lists