lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 23 May 2020 18:53:55 +0200
From:   Sam Ravnborg <sam@...nborg.org>
To:     Masahiro Yamada <masahiroy@...nel.org>
Cc:     Nicholas Piggin <npiggin@...il.com>,
        linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Michal Marek <michal.lkml@...kovi.net>
Subject: Re: [PATCH] kbuild: reuse vmlinux.o in vmlinux_link

Hi Masahiro.

On Sun, May 24, 2020 at 12:12:35AM +0900, Masahiro Yamada wrote:
> Hi Nicholas,
> (+CC: Sam Ravnborg)
> 
> 
> On Sat, May 23, 2020 at 7:06 PM Nicholas Piggin <npiggin@...il.com> wrote:
> >
> > Excerpts from Masahiro Yamada's message of May 23, 2020 3:44 am:
> > > + Michael, and PPC ML.
> > >
> > > They may know something about the reason of failure.
> >
> > Because the linker can't put branch stubs within object code sections,
> > so when you incrementally link them too large, the linker can't resolve
> > branches into other object files.
> 
> 
> Ah, you are right.
> 
> So, this is a problem not only for PPC
> but also for ARM (both 32 and 64 bit), etc.
> 
> ARM needs to insert a veneer to jump far.
> 
> Prior to thin archive, we could not compile
> ARCH=arm allyesconfig because
> drivers/built-in.o was too large.
> 
> This patch gets us back to the too large
> incremental object situation.
> 
> With my quick compile-testing,
> ARCH=arm allyesconfig
> and ARCH=arm64 allyesconfig are broken.
> 
> 
> > This is why we added incremental linking in the first place. I suppose
> > it could be made conditional for platforms that can use this
> > optimization.
> >
> > What'd be really nice is if we could somehow build and link kallsyms
> > without relinking everything twice, and if we could do section mismatch
> > analysis without making that vmlinux.o as well. I had a few ideas but
> > not enough time to do much work on it.
> 
> 
> Right, kallsyms links 3 times. (not twice)
> 
> 
> Hmm, I think Sami's main motivation is Clang LTO.
> 
> LTO is very time-consuming.
> So, the android common kernel implements Clang LTO
> in the pre modpost stage:
> 
> 
> 1) LTO against vmlinux.o
> 
> 2) modpost against vmlinux.o
> 
> 3) Link vmlinux.o + kallsyms into vmlinux
>    (this requires linking 3 times)

We have kallsyms we had to link three times because the linking
increased the object a little in size so symbols did not match.
The last time was added more or less only to check that we did
have stable symbol addresses.

All this predates LTO stuff which we only introduced later.

The reason for doing modpost on vmlinux.o was that we had cases
where everything in drivers/ was fine but there was section mismatch
references from arch/* to drivers/*
This is back when there were much more drivers in arch/ than what we
have today.
And back then we also had much more to check ad we had cPU hotplug
that could really cause section mismatches - this is no longer the case
which is a good thing.



...
> 
> The following two commits.
> I did not fully understand the background, though.
> 
> I CC'ed Sam in case he may add some comments.
> 
> commit 85bd2fddd68e757da8e1af98f857f61a3c9ce647
> Author: Sam Ravnborg <sam@...nborg.org>
> Date:   Mon Feb 26 15:33:52 2007 +0100
> 
>     kbuild: fix section mismatch check for vmlinux
> 
>     vmlinux does not contain relocation entries which is
>     used by the section mismatch checks.
>     Reported by: Atsushi Nemoto <anemo@....ocn.ne.jp>
> 
>     Use the individual objects as inputs to overcome
>     this limitation.
>     In modpost check the .o files and skip non-ELF files.
> 
>     Signed-off-by: Sam Ravnborg <sam@...nborg.org>


So we checked vmlinx - but vmlinx did have too much stripped away.
so in reality nothing was checked.
To allow the warnings to be as precise as possible move the checks
out to the indovidual .o files.
Sometimes the names was mangled a little so if warnigns was only
reported on vmlinx level in could be difficult to track down the
offender.
This would then also do the check on .o files that had all the
relocation symbols rtequired.

> 
> commit 741f98fe298a73c9d47ed53703c1279a29718581
> Author: Sam Ravnborg <sam@...nborg.org>
> Date:   Tue Jul 17 10:54:06 2007 +0200
> 
>     kbuild: do section mismatch check on full vmlinux
> 
>     Previously we did do the check on the .o files used to link
>     vmlinux but that failed to find questionable references across
>     the .o files.
>     Create a dedicated vmlinux.o file used only for section mismatch checks
>     that uses the defualt linker script so section does not get renamed.
> 
>     The vmlinux.o may later be used as part of the the final link of vmlinux
>     but for now it is used fo section mismatch only.
>     For a defconfig build this is instant but for an allyesconfig this
>     add two minutes to a full build (that anyways takes ~2 hours).
> 
>     Signed-off-by: Sam Ravnborg <sam@...nborg.org>

But when we introduced check of the individual .o fiules we missed when
the references spanned outside the .o files as explained previously.
So included a link of vmlinx.o that did NOT drop the relocations
so we could use it to check for the remaining section mismatch warnings.

Remember - back when we started this we had many hundred warnings
and it was a fight to keep that number low.
But we also wanted to report as much as possible.

There was back then several discussions if this was really worth the
effort. How much was gained from discarding the memory where the
section mismatch warnigns was triggered.
In other words - how about just keeping the init code in memory so there
were no illegal references anymore.
That is something that is maybe worth to consiuder again as we have even
less memory we save by throwing away the init code.
But I think this is a topic for another mail thread.

	Sam

Powered by blists - more mailing lists