| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <73866ab0-a5d8-7afb-2e57-a12789617b64@csgroup.eu>
Date: Wed, 7 Sep 2022 05:33:00 +0000
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Nicholas Piggin <npiggin@...il.com>,
Michael Ellerman <mpe@...erman.id.au>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>
Subject: Re: [PATCH v2] powerpc/vdso: link with -z noexecstack
Le 07/09/2022 à 06:36, Nicholas Piggin a écrit :
> On Sat Sep 3, 2022 at 1:25 AM AEST, Christophe Leroy wrote:
>> With recent binutils, the following warning appears:
>>
>> VDSO32L arch/powerpc/kernel/vdso/vdso32.so.dbg
>> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: warning: arch/powerpc/kernel/vdso/getcpu-32.o: missing .note.GNU-stack section implies executable stack
>> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
>>
>> To avoid that, explicitely tell the linker we don't
>> want executable stack.
>>
>> For more explanations, see commit ffcf9c5700e4 ("x86: link vdso
>> and boot with -z noexecstack --no-warn-rwx-segments")
>>
>> Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
>> ---
>> v2: Removed unrelated change in arch/powerpc/kernel/Makefile
>
> Seems okay. Here too, commit 0d362be5b1420 ("Makefile: link with -z
> noexecstack --no-warn-rwx-segments"). Core and x86 are using
> no-warn-rwx-segments as well, should we have that just to match
> too?
I think the RWX segment stuff in unrelated to VDSO. For VDSO x86 only
does noexecstack, refer commit ffcf9c5700e4 ("x86: link vdso and boot
with -z noexecstack --no-warn-rwx-segments")
And as no-warn-rwx-segments is in the top level Makefile, I don't think
architectures need it, do they ?
x86 have it only in arch/x86/boot/compressed/Makefile, maybe powerpc
needs it in arch/powerpc/boot/ ? Anyway that would be another patch.
Christophe
>
> Reviewed-by: Nicholas Piggin <npiggin@...il.com>
>
>> ---
>> arch/powerpc/kernel/vdso/Makefile | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile
>> index 096b0bf1335f..a2e7b0ce5b19 100644
>> --- a/arch/powerpc/kernel/vdso/Makefile
>> +++ b/arch/powerpc/kernel/vdso/Makefile
>> @@ -92,13 +92,13 @@ include/generated/vdso64-offsets.h: $(obj)/vdso64.so.dbg FORCE
>>
>> # actual build commands
>> quiet_cmd_vdso32ld_and_check = VDSO32L $@
>> - cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
>> + cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
>> quiet_cmd_vdso32as = VDSO32A $@
>> cmd_vdso32as = $(VDSOCC) $(a_flags) $(CC32FLAGS) $(AS32FLAGS) -c -o $@ $<
>> quiet_cmd_vdso32cc = VDSO32C $@
>> cmd_vdso32cc = $(VDSOCC) $(c_flags) $(CC32FLAGS) -c -o $@ $<
>>
>> quiet_cmd_vdso64ld_and_check = VDSO64L $@
>> - cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
>> + cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
>> quiet_cmd_vdso64as = VDSO64A $@
>> cmd_vdso64as = $(VDSOCC) $(a_flags) $(CC64FLAGS) $(AS64FLAGS) -c -o $@ $<
>> --
>> 2.37.1
>
Powered by blists - more mailing lists