lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXGzrn6i20LvUBnz_mGi946=GCogNHHUL=mNsv513qYv7A@mail.gmail.com>
Date: Thu, 3 Apr 2025 18:11:13 +0300
From: Ard Biesheuvel <ardb@...nel.org>
To: Alexandre Ghiti <alexghiti@...osinc.com>
Cc: Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, 
	Alexandre Ghiti <alex@...ti.fr>, Björn Töpel <bjorn@...osinc.com>, 
	Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, 
	Nicolas Schier <nicolas@...sle.eu>, Charlie Jenkins <charlie@...osinc.com>, linux-kernel@...r.kernel.org, 
	linux-riscv@...ts.infradead.org, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v2] scripts: Do not strip .rela.dyn section

On Thu, 3 Apr 2025 at 16:42, Alexandre Ghiti <alexghiti@...osinc.com> wrote:
>
> riscv uses the .rela.dyn section to relocate the kernel at runtime but
> that section is stripped from vmlinux. That prevents kexec to
> successfully load vmlinux since it does not contain the relocations info
> needed.
>

Maybe explain that .rela.dyn contains runtime relocations, which are
only emitted if they are actually needed - as opposed to the static
relocations that are not emitted as SHF_ALLOC sections, and are not
considered to be part of the runtime image in the first place. It
would be nice if we could use --remove-relocations= here, which only
removes static relocations, but unfortunately, llvm-objcopy does not
support this.

Also, I wonder if this should apply to all of .rel.dyn, .rela.dyn and
.relr.dyn, as they all carry runtime relocations.

Finally, I'd be curious to know why RISC-V relies on --emit-relocs in
the first place? Is the relocs check really needed? If not, it would
be a nice opportunity to get rid of Makefile.postlink entirely.

In any case, for this change, or a variation along the lines of what I
wrote above,

Acked-by: Ard Biesheuvel <ardb@...nel.org>


> Fixes: 71d815bf5dfd ("kbuild: Strip runtime const RELA sections correctly")
> Signed-off-by: Alexandre Ghiti <alexghiti@...osinc.com>
> ---
>  scripts/Makefile.lib | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index cad20f0e66ee..0a1f1e67a0ed 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -377,7 +377,7 @@ quiet_cmd_objcopy = OBJCOPY $@
>  cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
>
>  quiet_cmd_strip_relocs = RSTRIP  $@
> -cmd_strip_relocs = $(OBJCOPY) --remove-section='.rel*' $@
> +cmd_strip_relocs = $(OBJCOPY) --remove-section='.rel*' --remove-section=!.rela.dyn $@
>
>  # Gzip
>  # ---------------------------------------------------------------------------
> --
> 2.39.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ