lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230223175331.7tsgvkvcur6wl7h7@oracle.com>
Date:   Thu, 23 Feb 2023 11:53:31 -0600
From:   Tom Saeger <tom.saeger@...cle.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Sasha Levin <sashal@...nel.org>,
        Naresh Kamboju <naresh.kamboju@...aro.org>,
        John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
        Rich Felker <dalias@...c.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Dennis Gilmore <dennis@...il.us>,
        Palmer Dabbelt <palmer@...osinc.com>,
        Arnd Bergmann <arnd@...db.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        stable@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arch@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-riscv@...ts.infradead.org, linuxppc-dev@...ts.ozlabs.org,
        linux-s390@...r.kernel.org, linux-sh@...r.kernel.org
Subject: Re: [PATCH 5.15 v2 1/5] arch: fix broken BuildID for arm64 and riscv

On Thu, Feb 23, 2023 at 10:51:45AM +0100, Greg Kroah-Hartman wrote:
> On Fri, Feb 10, 2023 at 01:18:40PM -0700, Tom Saeger wrote:
> > From: Masahiro Yamada <masahiroy@...nel.org>
> > 
> > commit 99cb0d917ffa1ab628bb67364ca9b162c07699b1 upstream.
> > 
> > Dennis Gilmore reports that the BuildID is missing in the arm64 vmlinux
> > since commit 994b7ac1697b ("arm64: remove special treatment for the
> > link order of head.o").
> > 
> > The issue is that the type of .notes section, which contains the BuildID,
> > changed from NOTES to PROGBITS.
> > 
> > Ard Biesheuvel figured out that whichever object gets linked first gets
> > to decide the type of a section. The PROGBITS type is the result of the
> > compiler emitting .note.GNU-stack as PROGBITS rather than NOTE.
> > 
> > While Ard provided a fix for arm64, I want to fix this globally because
> > the same issue is happening on riscv since commit 2348e6bf4421 ("riscv:
> > remove special treatment for the link order of head.o"). This problem
> > will happen in general for other architectures if they start to drop
> > unneeded entries from scripts/head-object-list.txt.
> > 
> > Discard .note.GNU-stack in include/asm-generic/vmlinux.lds.h.
> > 
> > Link: https://lore.kernel.org/lkml/CAABkxwuQoz1CTbyb57n0ZX65eSYiTonFCU8-LCQc=74D=xE=rA@mail.gmail.com/
> > Fixes: 994b7ac1697b ("arm64: remove special treatment for the link order of head.o")
> > Fixes: 2348e6bf4421 ("riscv: remove special treatment for the link order of head.o")
> 
> Why are we adding a commit to 5.15.y that fixes an issue that only
> showed up in 6.1.y?

Only in 6.1.y?  No, not true. It was just the
observed manifestation of 'ld' quirkiness at that time in mainline.

This same issue "missing Build ID in arm64 vmlinux"
also exists in stable with CONFIG_MODVERSIONS=y arm64 since:
5.15.60+
5.10.136+
5.4.210+

These all had backports of:
0d362be5b142 ("Makefile: link with -z noexecstack --no-warn-rwx-segments")
which with CONFIG_MODVERSIONS=y brought about an observable 'ld' quirkiness.

Both are related to a behavior change in different versions of binutils ld and the
kernel's linker script.

99cb0d917ffa ("arch: fix broken BuildID for arm64 and riscv")
IS the mechanism which works-around the ld quirkiness, by adjusting
kernel's linker script.

a494398bde27 ("s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36")
Documents the binutils commit which changed ld's behavior.

The entire sequence (dependencies and fixes) IS the 5.4 patch series I sent.
It provides the kernel linker script mechanism and architecture hooks to
work with 'ld' versions before and after...

5.10, and 5.15 are similar, but already had dependency patches.

Please reconsider applying the 5.15, 5.10, and 5.4 series, as they fix a
real problem.

> 
> We need a good comment somewhere saying why this is needed...

Does the above suffice?

> 
> thanks,
> 
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ