| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Aug 2021 23:43:33 -0700
From: Kees Cook <keescook@...omium.org>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: linux-kbuild@...r.kernel.org,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-kernel@...r.kernel.org,
Michal Marek <michal.lkml@...kovi.net>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
clang-built-linux@...glegroups.com
Subject: Re: [PATCH 11/13] kbuild: always postpone CRC links for module
versioning
On Thu, Aug 19, 2021 at 09:57:42AM +0900, Masahiro Yamada wrote:
> When CONFIG_MODVERSIONS=y, the CRCs of EXPORT_SYMBOL are linked into
> *.o files in-place.
>
> It is impossible for Clang LTO because *.o files are not ELF, but LLVM
> bitcode. The CRCs are stored in separate *.symversions files, and then
> supplied to the modpost link.
>
> Let's do so for CONFIG_LTO_CLANG=n is possible, and unify the module
> versioning code.
I worry about this also now being "unparallelized", but it is a nice
cleanup.
Reviewed-by: Kees Cook <keescook@...omium.org>
-Kees
>
> Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> ---
>
> scripts/Makefile.build | 32 ++++++--------------------------
> scripts/link-vmlinux.sh | 22 ++++++++++++++--------
> 2 files changed, 20 insertions(+), 34 deletions(-)
>
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index 957addea830b..874e84a1f3fc 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -158,17 +158,12 @@ quiet_cmd_cc_o_c = CC $(quiet_modtag) $@
> ifdef CONFIG_MODVERSIONS
> # When module versioning is enabled the following steps are executed:
> # o compile a <file>.o from <file>.c
> -# o if <file>.o doesn't contain a __ksymtab version, i.e. does
> -# not export symbols, it's done.
> +# o if <file>.o doesn't contain __ksymtab* symbols, i.e. does
> +# not export symbols, create an empty *.symversions
> # o otherwise, we calculate symbol versions using the good old
> # genksyms on the preprocessed source and postprocess them in a way
> # that they are usable as a linker script
> -# o generate .tmp_<file>.o from <file>.o using the linker to
> -# replace the unresolved symbols __crc_exported_symbol with
> -# the actual value of the checksum generated by genksyms
> -# o remove .tmp_<file>.o to <file>.o
>
> -ifdef CONFIG_LTO_CLANG
> # Generate .o.symversions files for each .o with exported symbols, and link these
> # to the kernel and/or modules at the end.
> cmd_modversions_c = \
> @@ -178,18 +173,6 @@ cmd_modversions_c = \
> else \
> rm -f $@...mversions; \
> fi;
> -else
> -cmd_modversions_c = \
> - if $(OBJDUMP) -h $@ | grep -q __ksymtab; then \
> - $(call cmd_gensymtypes_c,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \
> - > $(@D)/.tmp_$(@F:.o=.ver); \
> - \
> - $(LD) $(KBUILD_LDFLAGS) -r -o $(@D)/.tmp_$(@F) $@ \
> - -T $(@D)/.tmp_$(@F:.o=.ver); \
> - mv -f $(@D)/.tmp_$(@F) $@; \
> - rm -f $(@D)/.tmp_$(@F:.o=.ver); \
> - fi
> -endif
> endif
>
> ifdef CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT
> @@ -348,12 +331,9 @@ ifdef CONFIG_ASM_MODVERSIONS
> cmd_modversions_S = \
> if $(OBJDUMP) -h $@ | grep -q __ksymtab; then \
> $(call cmd_gensymtypes_S,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \
> - > $(@D)/.tmp_$(@F:.o=.ver); \
> - \
> - $(LD) $(KBUILD_LDFLAGS) -r -o $(@D)/.tmp_$(@F) $@ \
> - -T $(@D)/.tmp_$(@F:.o=.ver); \
> - mv -f $(@D)/.tmp_$(@F) $@; \
> - rm -f $(@D)/.tmp_$(@F:.o=.ver); \
> + > $@...mversions; \
> + else \
> + rm -rf $@...mversions; \
> fi
> endif
>
> @@ -424,7 +404,7 @@ $(obj)/lib.a: $(lib-y) FORCE
> # Rule to prelink modules
> #
>
> -ifeq ($(CONFIG_LTO_CLANG) $(CONFIG_MODVERSIONS),y y)
> +ifdef CONFIG_MODVERSIONS
>
> cmd_merge_symver = \
> rm -f $@; \
> diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
> index 17976609c2d8..66ced6ff8e65 100755
> --- a/scripts/link-vmlinux.sh
> +++ b/scripts/link-vmlinux.sh
> @@ -59,8 +59,7 @@ append_symversion()
> fi
> }
>
> -# If CONFIG_LTO_CLANG is selected, collect generated symbol versions into
> -# .tmp_symversions.lds
> +# Collect generated symbol versions into .tmp_symversions.lds
> gen_symversions()
> {
> info GEN .tmp_symversions.lds
> @@ -94,14 +93,13 @@ modpost_link()
> ${KBUILD_VMLINUX_LIBS} \
> --end-group"
>
> + if [ -n "${CONFIG_MODVERSIONS}" ]; then
> + lds="${lds} -T .tmp_symversions.lds"
> + fi
> +
> if [ -n "${CONFIG_LTO_CLANG}" ]; then
> gen_initcalls
> - lds="-T .tmp_initcalls.lds"
> -
> - if [ -n "${CONFIG_MODVERSIONS}" ]; then
> - gen_symversions
> - lds="${lds} -T .tmp_symversions.lds"
> - fi
> + lds="${lds} -T .tmp_initcalls.lds"
>
> # This might take a while, so indicate that we're doing
> # an LTO link
> @@ -198,6 +196,10 @@ vmlinux_link()
>
> ldflags="${ldflags} ${wl}--script=${objtree}/${KBUILD_LDS}"
>
> + if [ -n "${CONFIG_MODVERSIONS}" ]; then
> + ldflags="${ldflags} ${wl}--script=.tmp_symversions.lds"
> + fi
> +
> # The kallsyms linking does not need debug symbols included.
> if [ "$output" != "${output#.tmp_vmlinux.kallsyms}" ] ; then
> ldflags="${ldflags} ${wl}--strip-debug"
> @@ -351,6 +353,10 @@ fi;
> # final build of init/
> ${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init need-builtin=1
>
> +if [ -n "${CONFIG_MODVERSIONS}" ]; then
> + gen_symversions
> +fi
> +
> #link vmlinux.o
> modpost_link vmlinux.o
> objtool_link vmlinux.o
> --
> 2.30.2
>
--
Kees Cook
Powered by blists - more mailing lists