| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200801014755.GA2700342@rani.riverdale.lan>
Date: Fri, 31 Jul 2020 21:47:55 -0400
From: Arvind Sankar <nivedita@...m.mit.edu>
To: Kees Cook <keescook@...omium.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Will Deacon <will@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Mark Rutland <mark.rutland@....com>,
Ard Biesheuvel <ardb@...nel.org>,
Peter Collingbourne <pcc@...gle.com>,
James Morse <james.morse@....com>,
Borislav Petkov <bp@...e.de>, Ingo Molnar <mingo@...hat.com>,
Russell King <linux@...linux.org.uk>,
Masahiro Yamada <masahiroy@...nel.org>,
Arvind Sankar <nivedita@...m.mit.edu>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nathan Chancellor <natechancellor@...il.com>,
Arnd Bergmann <arnd@...db.de>, x86@...nel.org,
clang-built-linux@...glegroups.com, linux-arch@...r.kernel.org,
linux-efi@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size
section asserts
On Fri, Jul 31, 2020 at 04:08:16PM -0700, Kees Cook wrote:
> For readability, move the zero-sized sections to the end after DISCARDS
> and mark them NOLOAD for good measure.
>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> arch/x86/boot/compressed/vmlinux.lds.S | 42 +++++++++++++++-----------
> 1 file changed, 25 insertions(+), 17 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
> index 3c2ee9a5bf43..42dea70a5091 100644
> --- a/arch/x86/boot/compressed/vmlinux.lds.S
> +++ b/arch/x86/boot/compressed/vmlinux.lds.S
> @@ -42,18 +42,16 @@ SECTIONS
> *(.rodata.*)
> _erodata = . ;
> }
> - .rel.dyn : {
> - *(.rel.*)
> - }
> - .rela.dyn : {
> - *(.rela.*)
> - }
> - .got : {
> - *(.got)
> - }
> .got.plt : {
> *(.got.plt)
> }
> + ASSERT(SIZEOF(.got.plt) == 0 ||
> +#ifdef CONFIG_X86_64
> + SIZEOF(.got.plt) == 0x18,
> +#else
> + SIZEOF(.got.plt) == 0xc,
> +#endif
> + "Unexpected GOT/PLT entries detected!")
>
> .data : {
> _data = . ;
> @@ -85,13 +83,23 @@ SECTIONS
> ELF_DETAILS
>
> DISCARDS
> -}
>
> -ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
> -#ifdef CONFIG_X86_64
> -ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, "Unexpected GOT/PLT entries detected!")
> -#else
> -ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT entries detected!")
> -#endif
> + /*
> + * Sections that should stay zero sized, which is safer to
> + * explicitly check instead of blindly discarding.
> + */
> + .got (NOLOAD) : {
> + *(.got)
> + }
> + ASSERT(SIZEOF(.got) == 0, "Unexpected GOT entries detected!")
>
> -ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations detected!")
> + /* ld.lld does not like .rel* sections being made "NOLOAD". */
> + .rel.dyn : {
> + *(.rel.*)
> + }
> + ASSERT(SIZEOF(.rel.dyn) == 0, "Unexpected run-time relocations (.rel) detected!")
> + .rela.dyn : {
> + *(.rela.*)
> + }
> + ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!")
> +}
> --
> 2.25.1
>
There's no point in marking zero-size sections NOLOAD -- if the ASSERT's
passed, they won't be present in the file at all anyway.
The only section for which there might be a point is .got.plt, which is
non-empty on 32-bit, and only if it is first moved to the end. That
saves a few bytes.
Powered by blists - more mailing lists