lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wjk3ynjomNvFN8jf9A1k=qSc=JFF591W00uXj-qqNUxPQ@mail.gmail.com>
Date: Mon, 14 Oct 2024 11:10:35 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org, 
	Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, 
	Suren Baghdasaryan <surenb@...gle.com>, Kent Overstreet <kent.overstreet@...ux.dev>, 
	Arnd Bergmann <arnd@...db.de>, linux-arch@...r.kernel.org, linux-mm@...ck.org, 
	linux-kbuild@...r.kernel.org
Subject: Re: [PATCH 0/2] Use dot prefixes for section names

On Mon, 14 Oct 2024 at 10:44, Ard Biesheuvel <ardb@...nel.org> wrote:
>
> We have this code in arch/x86/Makefile.postlink:
>
> quiet_cmd_strip_relocs = RSTRIP  $@
>       cmd_strip_relocs = \
>         $(OBJCOPY) --remove-section='.rel.*' --remove-section='.rel__*' \
>                    --remove-section='.rela.*' --remove-section='.rela__*' $@
>
> Of course, that could easily be fixed, I was just being cautious in
> case there is other, out-of-tree tooling for live patch or kexec etc
> that has similar assumptions wrt section names.

I'd actually much rather just make strip_relocs not have that "." and
"__" pattern at all, and just say "we strip all sections that start
with '.rel'".

And then we make the rule that we do *not* create sections named ".rel*".

That seems like a much simpler rule, and would seem to simplify
strip_relocs too, which would just become

        $(OBJCOPY) --remove-section='.rel*' $@

(We seem to have three different copies of that complex pattern with
.rel vs .rela and "." vs "__" - it's in s390, riscv, and x86. So we'd
do that simplification in three places)

IOW, I'd much rather make our section rules simpler rather than more complex.

Of course, if there is some active and acute problem report with this
thing, we might not have that option, but in the absence of any
*known* issue with just simplifying things, I'd rather do that.

I feel that our linker scripts - and linking rules in general - are
already quite complicated, which is why I'd really like to take this
as a time to try to simplify the rules.

              Linus

              Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ