lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK8P3a2bLKe3js4SKeZoGp8B51+rpW6G3KvpbJ5=y83sxHSu6g@mail.gmail.com>
Date:   Sat, 27 Feb 2021 10:49:37 +0100
From:   Arnd Bergmann <arnd@...nel.org>
To:     Fangrui Song <maskray@...gle.com>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Arnd Bergmann <arnd@...db.de>,
        Kees Cook <keescook@...omium.org>,
        Mark Brown <broonie@...nel.org>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Kristina Martsenko <kristina.martsenko@....com>,
        Ionela Voinescu <ionela.voinescu@....com>,
        Mark Rutland <mark.rutland@....com>,
        Andrew Scull <ascull@...gle.com>,
        David Brazdil <dbrazdil@...gle.com>,
        Marc Zyngier <maz@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        Nicholas Piggin <npiggin@...il.com>
Subject: Re: [PATCH] [RFC] arm64: enable HAVE_LD_DEAD_CODE_DATA_ELIMINATION

On Fri, Feb 26, 2021 at 10:13 PM 'Fangrui Song' via Clang Built Linux
<clang-built-linux@...glegroups.com> wrote:
>
> For folks who are interested in --gc-sections on metadata sections,
> I want to bring you awareness of the implication of __start_/__stop_ symbols and C identifier name sections.
> You can see https://github.com/ClangBuiltLinux/linux/issues/1307 for a summary.
> (Its linked blog article has some examples.)
>
> In the kernel linker scripts, most C identifier name sections begin with double-underscore __.
> Some are surrounded by `KEEP(...)`, some are not.
>
> * A `KEEP` keyword has GC root semantics and makes ld --gc-sections ineffectful.
> * Without `KEEP`, __start_/__stop_ references from a live input section
>    can unnecessarily retain all the associated C identifier name input
>    sections. The new ld.lld option `-z start-stop-gc` can defeat this rule.
>
> As an example, a __start___jump_table reference from a live section
> causes all `__jump_table` input section to be retained, even if you
> change `KEEP(__jump_table)` to `(__jump_table)`.
> (If you change the symbol name from `__start_${section}` to something
> else (e.g. `__start${section}`), the rule will not apply.)

I suspect the __start_* symbols are cargo-culted by many developers
copying stuff around between kernel linker scripts, that's certainly how I
approach making changes to it normally without a deeper understanding
of how the linker actually works or what the different bits of syntax mean
there.

I see the original vmlinux.lds linker script showed up in linux-2.1.23, and
it contained

+  . = ALIGN(16);               /* Exception table */
+  __start___ex_table = .;
+  __ex_table : { *(__ex_table) }
+  __stop___ex_table = .;
+
+  __start___ksymtab = .;       /* Kernel symbol table */
+  __ksymtab : { *(__ksymtab) }
+  __stop___ksymtab = .;

originally for arch/sparc, and shortly afterwards for i386. The magic
__ex_table section was first used in linux-2.1.7 without a linker
script. It's probably a good idea to try cleaning these up by using
non-magic start/stop symbols for all sections, and relying on KEEP()
instead where needed.

> There are a lot of KEEP usage. Perhaps some can be dropped to facilitate
> ld --gc-sections.

I see a lot of these were added by Nick Piggin (added to Cc) in this commit:

commit 266ff2a8f51f02b429a987d87634697eb0d01d6a
Author: Nicholas Piggin <npiggin@...il.com>
Date:   Wed May 9 22:59:58 2018 +1000

    kbuild: Fix asm-generic/vmlinux.lds.h for LD_DEAD_CODE_DATA_ELIMINATION

    KEEP more tables, and add the function/data section wildcard to more
    section selections.

    This is a little ad-hoc at the moment, but kernel code should be moved
    to consistently use .text..x (note: double dots) for explicit sections
    and all references to it in the linker script can be made with
    TEXT_MAIN, and similarly for other sections.

    For now, let's see if major architectures move to enabling this option
    then we can do some refactoring passes. Otherwise if it remains unused
    or superseded by LTO, this may not be required.

    Signed-off-by: Nicholas Piggin <npiggin@...il.com>
    Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>

which apparently was intentionally cautious.

Unlike what Nick expected in his submission, I now think the annotations
will be needed for LTO just like they are for --gc-sections.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ