lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190426133422.GA8796@archlinux-i9>
Date:   Fri, 26 Apr 2019 06:34:22 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "sashal@...nel.org" <sashal@...nel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "hpa@...or.com" <hpa@...or.com>,
        "andi.kleen@...el.com" <andi.kleen@...el.com>,
        "luto@...nel.org" <luto@...nel.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "joel@...lfernandes.org" <joel@...lfernandes.org>,
        "astrachan@...gle.com" <astrachan@...gle.com>,
        "kernel-team@...roid.com" <kernel-team@...roid.com>
Subject: Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link

On Fri, Apr 26, 2019 at 01:23:17PM +0000, Rantala, Tommi T. (Nokia - FI/Espoo) wrote:
> On Fri, 2019-04-26 at 05:48 -0700, Nathan Chancellor wrote:
> > On Fri, Apr 26, 2019 at 11:41:30AM +0000, Rantala, Tommi T. (Nokia -
> > FI/Espoo) wrote:
> > > On Mon, 2019-04-15 at 20:58 +0200, Greg Kroah-Hartman wrote:
> > > > commit 379d98ddf41344273d9718556f761420f4dc80b3 upstream.
> > > > 
> > > 
> > > Hi,
> > > 
> > > With this patch in 4.14.112 build-id is now missing in vdso32.so:
> > > 
> > > $ file arch/x86/entry/vdso/vdso*so*
> > > arch/x86/entry/vdso/vdso32.so:     ELF 32-bit LSB pie executable,
> > > Intel
> > > 80386, version 1 (SYSV), dynamically linked, stripped
> > > arch/x86/entry/vdso/vdso32.so.dbg: ELF 32-bit LSB pie executable,
> > > Intel
> > > 80386, version 1 (SYSV), dynamically linked, with debug_info, not
> > > stripped
> > > arch/x86/entry/vdso/vdso64.so:     ELF 64-bit LSB pie executable,
> > > x86-
> > > 64, version 1 (SYSV), dynamically linked,
> > > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, stripped
> > > arch/x86/entry/vdso/vdso64.so.dbg: ELF 64-bit LSB pie executable,
> > > x86-
> > > 64, version 1 (SYSV), dynamically linked,
> > > BuildID[sha1]=d80730a5b561a3161e488a369d1c76c250b584b4, with
> > > debug_info, not stripped
> > > 
> > > 
> > > Based on quick check, "$(call ld-option, --build-id)" fails due to
> > > some
> > > 32/64 bit mismatch, so the --build-id linker flag is not used when
> > > linking vdso32.so
> > > 
> > > Perhaps scripts/Kbuild.include is missing some change in 4.14.y to
> > > make
> > > this work properly.
> > > 
> > 
> > Hi Tommi,
> > 
> > This appears to be fixed by commit 0294e6f4a000 ("kbuild: simplify
> > ld-option implementation") upstream. Could you test the attached
> > backport and make sure everything works on your end? Assuming that it
> > does, I will test the other stable releases and see if this is needed
> > and send those backports along.
> 
> Yes this patch fixes it. Many thanks!

Thanks for verifying!

Greg, attached are backports for that commit for 4.4, 4.9, and 4.14. It
appeared in 4.16 so it is not needed with a newer version.

Thanks,
Nathan

> 
> -Tommi
> 
> > Thanks and sorry for the trouble!
> > Nathan
> > 
> > > -Tommi
> > > 
> > > > The vdso{32,64}.so can fail to link with CC=clang when clang
> > > > tries to
> > > > find
> > > > a suitable GCC toolchain to link these libraries with.
> > > > 
> > > > /usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o:
> > > >   access beyond end of merged section (782)
> > > > 
> > > > This happens because the host environment leaked into the cross
> > > > compiler
> > > > environment due to the way clang searches for suitable GCC
> > > > toolchains.
> > > > 
> > > > Clang is a retargetable compiler, and each invocation of it must
> > > > provide
> > > > --target=<something> --gcc-toolchain=<something> to allow it to
> > > > find
> > > > the
> > > > correct binutils for cross compilation. These flags had been
> > > > added to
> > > > KBUILD_CFLAGS, but the vdso code uses CC and not KBUILD_CFLAGS
> > > > (for
> > > > various
> > > > reasons) which breaks clang's ability to find the correct linker
> > > > when
> > > > cross
> > > > compiling.
> > > > 
> > > > Most of the time this goes unnoticed because the host linker is
> > > > new
> > > > enough
> > > > to work anyway, or is incompatible and skipped, but this cannot
> > > > be
> > > > reliably
> > > > assumed.
> > > > 
> > > > This change alters the vdso makefile to just use LD directly,
> > > > which
> > > > bypasses clang and thus the searching problem. The makefile will
> > > > just
> > > > use
> > > > ${CROSS_COMPILE}ld instead, which is always what we want. This
> > > > matches the
> > > > method used to link vmlinux.
> > > > 
> > > > This drops references to DISABLE_LTO; this option doesn't seem to
> > > > be
> > > > set
> > > > anywhere, and not knowing what its possible values are, it's not
> > > > clear how
> > > > to convert it from CC to LD flag.
> > > > 
> > > > Signed-off-by: Alistair Strachan <astrachan@...gle.com>
> > > > Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> > > > Acked-by: Andy Lutomirski <luto@...nel.org>
> > > > Cc: "H. Peter Anvin" <hpa@...or.com>
> > > > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > > Cc: kernel-team@...roid.com
> > > > Cc: joel@...lfernandes.org
> > > > Cc: Andi Kleen <andi.kleen@...el.com>
> > > > Link: 
> > > > https://lkml.kernel.org/r/20180803173931.117515-1-astrachan@google.com
> > > > Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> > > > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > > > ---
> > > >  arch/x86/entry/vdso/Makefile | 22 +++++++++-------------
> > > >  1 file changed, 9 insertions(+), 13 deletions(-)
> > > > 
> > > > diff --git a/arch/x86/entry/vdso/Makefile
> > > > b/arch/x86/entry/vdso/Makefile
> > > > index 0a550dc5c525..0defcc939ab4 100644
> > > > --- a/arch/x86/entry/vdso/Makefile
> > > > +++ b/arch/x86/entry/vdso/Makefile
> > > > @@ -48,10 +48,8 @@ targets += $(vdso_img_sodbg)
> > > >  
> > > >  export CPPFLAGS_vdso.lds += -P -C
> > > >  
> > > > -VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
> > > > -			-Wl,--no-undefined \
> > > > -			-Wl,-z,max-page-size=4096 -Wl,-z,common-page-
> > > > size=4096 \
> > > > -			$(DISABLE_LTO)
> > > > +VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --
> > > > no-
> > > > undefined \
> > > > +			-z max-page-size=4096 -z common-page-size=4096
> > > >  
> > > >  $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE
> > > >  	$(call if_changed,vdso)
> > > > @@ -103,10 +101,8 @@ CFLAGS_REMOVE_vvar.o = -pg
> > > >  #
> > > >  
> > > >  CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)
> > > > -VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \
> > > > -			   -Wl,-soname=linux-vdso.so.1 \
> > > > -			   -Wl,-z,max-page-size=4096 \
> > > > -			   -Wl,-z,common-page-size=4096
> > > > +VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-
> > > > vdso.so.1 \
> > > > +			   -z max-page-size=4096 -z common-page-
> > > > size=4096
> > > >  
> > > >  # 64-bit objects to re-brand as x32
> > > >  vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y))
> > > > @@ -134,7 +130,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds
> > > > $(vobjx32s) FORCE
> > > >  	$(call if_changed,vdso)
> > > >  
> > > >  CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
> > > > -VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-
> > > > soname=linux-
> > > > gate.so.1
> > > > +VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1
> > > >  
> > > >  # This makes sure the $(obj) subdirectory exists even though
> > > > vdso32/
> > > >  # is not a kbuild sub-make subdirectory.
> > > > @@ -180,13 +176,13 @@ $(obj)/vdso32.so.dbg: FORCE \
> > > >  # The DSO images are built using a special linker script.
> > > >  #
> > > >  quiet_cmd_vdso = VDSO    $@
> > > > -      cmd_vdso = $(CC) -nostdlib -o $@ \
> > > > +      cmd_vdso = $(LD) -nostdlib -o $@ \
> > > >  		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter
> > > > %.lds,$(^F))) \
> > > > -		       -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
> > > > +		       -T $(filter %.lds,$^) $(filter %.o,$^) && \
> > > >  		 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
> > > >  
> > > > -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)
> > > > --hash-
> > > > style=both) \
> > > > -	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic
> > > > $(LTO_CFLAGS)
> > > > +VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
> > > > +	$(call ld-option, --build-id) -Bsymbolic
> > > >  GCOV_PROFILE := n
> > > >  
> > > >  #
> 

View attachment "4.4-0294e6f4a000.patch" of type "text/plain" (3378 bytes)

View attachment "4.9-0294e6f4a000.patch" of type "text/plain" (3381 bytes)

View attachment "4.14-0294e6f4a000.patch" of type "text/plain" (3383 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ