Re: [PATCH v3] x86/vmlinux: Fix vmlinux.lds.S with pre-2.23 binutils
From: hpa
Date: Tue Jan 14 2020 - 00:05:38 EST
On January 13, 2020 7:58:59 PM PST, Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote:
>On Mon, Jan 13, 2020 at 05:57:23PM -0800, H. Peter Anvin wrote:
>> On 2020-01-13 17:53, Kees Cook wrote:>>
>> >> diff --git a/arch/x86/kernel/vmlinux.lds.S
>b/arch/x86/kernel/vmlinux.lds.S
>> >> index 3a1a819da137..bad4e22384dc 100644
>> >> --- a/arch/x86/kernel/vmlinux.lds.S
>> >> +++ b/arch/x86/kernel/vmlinux.lds.S
>> >> @@ -144,10 +144,12 @@ SECTIONS
>> >> *(.text.__x86.indirect_thunk)
>> >> __indirect_thunk_end = .;
>> >> #endif
>> >> +
>> >> + /* End of text section */
>> >> + _etext = .;
>> >> } :text =0xcccc
>> >>
>> >> - /* End of text section, which should occupy whole number of
>pages */
>> >> - _etext = .;
>> >> + /* .text should occupy whole number of pages */
>> >> . = ALIGN(PAGE_SIZE);
>> >
>> > NAK: linkers can add things at the end of .text that will go
>missing from
>> > the kernel if _etext isn't _outside_ the .text section, truly
>beyond the
>> > end of the .text section. This patch will break Control Flow
>Integrity
>> > checking since the jump tables are at the end of .text.
>> >
>> > Boris, we're always working around weird linker problems; I don't
>see a
>> > problem with the v2 patch to fix up old binutils...
>> >
>>
>> Why not add the marker into a separate section instead of leaving it
>as an
>> absolute "floater"? Very old binutils would botch that case, but I
>think that
>> has been long since addressed well below our current minimum version.
>>
>> -hpa
>>
>>
>>
>
>Kees, thanks, I noted in the other email that you had mentioned this in
>a since-reverted commit, but you did not mention in the most recent
>commit.
>
>hpa, I think this runs afoul of the bug you noted in commit
>fd952815307f
>("x86-32, relocs: Whitelist more symbols for ld bug workaround"), ld
>version 2.22.52.0.[12] can incorrectly promote relative symbols to
>absolute, if the output section they appear in is otherwise empty.
>
>That's 2.22, which is more recent than the 2.21 that the kernel
>documents as supported.
Oh right... they introduced that little piece of drain bramage.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.