| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK7LNAQtpahFZ+pEWO=XfQMi+19QjspqyL3qexW8U28f7mbojQ@mail.gmail.com> Date: Sat, 11 Jan 2025 11:10:06 +0900 From: Masahiro Yamada <masahiroy@...nel.org> To: Ard Biesheuvel <ardb+git@...gle.com> Cc: linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org Subject: Re: [PATCH] kbuild: Strip runtime const RELA sections correctly On Fri, Jan 10, 2025 at 5:28 PM Ard Biesheuvel <ardb+git@...gle.com> wrote: > > From: Ard Biesheuvel <ardb@...nel.org> > > Due to the fact that runtime const ELF sections are named without a > leading period or double underscore, the RSTRIP logic that removes the > static RELA sections from vmlinux fails to identify them. This results > in a situation like below, where some sections that were supposed to get > removed are left behind. > > [Nr] Name Type Address Off Size ES Flg Lk Inf Al > > [58] runtime_shift_d_hash_shift PROGBITS ffffffff83500f50 2900f50 000014 00 A 0 0 1 > [59] .relaruntime_shift_d_hash_shift RELA 0000000000000000 55b6f00 000078 18 I 70 58 8 > [60] runtime_ptr_dentry_hashtable PROGBITS ffffffff83500f68 2900f68 000014 00 A 0 0 1 > [61] .relaruntime_ptr_dentry_hashtable RELA 0000000000000000 55b6f78 000078 18 I 70 60 8 > [62] runtime_ptr_USER_PTR_MAX PROGBITS ffffffff83500f80 2900f80 000238 00 A 0 0 1 > [63] .relaruntime_ptr_USER_PTR_MAX RELA 0000000000000000 55b6ff0 000d50 18 I 70 62 8 > > So tweak the match expression to strip all sections starting with .rel. > While at it, consolidate the logic used by RISC-V, s390 and x86 into a > single shared Makefile library command. > > Cc: Linus Torvalds <torvalds@...ux-foundation.org> > Cc: Masahiro Yamada <masahiroy@...nel.org> > Cc: linux-riscv@...ts.infradead.org > Cc: linux-s390@...r.kernel.org > Link: https://lore.kernel.org/all/CAHk-=wjk3ynjomNvFN8jf9A1k=qSc=JFF591W00uXj-qqNUxPQ@mail.gmail.com/ > Signed-off-by: Ard Biesheuvel <ardb@...nel.org> > --- > arch/riscv/Makefile.postlink | 9 +-------- > arch/s390/Makefile.postlink | 5 ----- > arch/x86/Makefile.postlink | 5 ----- > scripts/Makefile.lib | 3 +++ > 4 files changed, 4 insertions(+), 18 deletions(-) > > diff --git a/arch/riscv/Makefile.postlink b/arch/riscv/Makefile.postlink > index 829b9abc91f6..65652fd6a252 100644 > --- a/arch/riscv/Makefile.postlink > +++ b/arch/riscv/Makefile.postlink > @@ -19,13 +19,6 @@ ifdef CONFIG_RELOCATABLE > quiet_cmd_cp_vmlinux_relocs = CPREL vmlinux.relocs > cmd_cp_vmlinux_relocs = cp vmlinux vmlinux.relocs > > -quiet_cmd_relocs_strip = STRIPREL $@ > -cmd_relocs_strip = $(OBJCOPY) --remove-section='.rel.*' \ > - --remove-section='.rel__*' \ > - --remove-section='.rela.*' \ > - --remove-section='.rela__*' $@ > -endif > - > # `@...e` prevents complaint when there is nothing to be done > > vmlinux: FORCE > @@ -33,7 +26,7 @@ vmlinux: FORCE > ifdef CONFIG_RELOCATABLE > $(call if_changed,relocs_check) > $(call if_changed,cp_vmlinux_relocs) > - $(call if_changed,relocs_strip) > + $(call if_changed,strip_relocs) BTW, when if_changed appears multiple times in the same target, it is always a sign of a bug. See these commits: bb81955fd4a49fffdd86d50afd0c1f2eea044c05 92a4728608a8fd228c572bc8ff50dd98aa0ddf2a Anyway, if_changed does not work in arch/*/Makefile.postlink, and this is completely broken. -- Best Regards Masahiro Yamada
Powered by blists - more mailing lists