Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section

[PATCH v5 00/36] Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 04/36] x86/boot: Add .text.* to setup.ld · Kees Cook <hidden> · 2020-07-31
[PATCH v5 02/36] x86/boot/compressed: Force hidden visibility for all symbol references · Kees Cook <hidden> · 2020-07-31
[PATCH v5 08/36] vmlinux.lds.h: Create COMMON_DISCARDS · Kees Cook <hidden> · 2020-07-31
[PATCH v5 07/36] x86/boot: Check that there are no run-time relocations · Kees Cook <hidden> · 2020-07-31
[PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Kees Cook <hidden> · 2020-08-01
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Andi Kleen <hidden> · 2020-08-03
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Arvind Sankar <hidden> · 2020-08-03
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Fāng-ruì Sòng <hidden> · 2020-08-04
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Andi Kleen <hidden> · 2020-08-04
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Fāng-ruì Sòng <hidden> · 2020-08-04
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Arvind Sankar <hidden> · 2020-08-04
Re: [PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections · Kees Cook <hidden> · 2020-08-21
[PATCH v5 20/36] arm64/build: Assert for unwanted sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 35/36] x86/boot/compressed: Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 36/36] arm/build: Assert for unwanted sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 34/36] x86/boot/compressed: Add missing debugging sections to output · Kees Cook <hidden> · 2020-07-31
[PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Kees Cook <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Kees Cook <hidden> · 2020-08-21
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Kees Cook <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 32/36] x86/boot/compressed: Reorganize zero-size section asserts · Kees Cook <hidden> · 2020-08-21
[PATCH v5 33/36] x86/boot/compressed: Remove, discard, or assert for unwanted sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 31/36] x86/build: Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 30/36] x86/build: Assert for unwanted sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 21/36] arm64/build: Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 16/36] arm64/kernel: Remove needless Call Frame Information annotations · Kees Cook <hidden> · 2020-07-31
[PATCH v5 14/36] efi/libstub: Disable -mbranch-protection · Kees Cook <hidden> · 2020-07-31
[PATCH v5 11/36] vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG · Kees Cook <hidden> · 2020-07-31
[PATCH v5 12/36] vmlinux.lds.h: Add .symtab, .strtab, and .shstrtab to ELF_DETAILS · Kees Cook <hidden> · 2020-07-31
[PATCH v5 10/36] vmlinux.lds.h: Avoid KASAN and KCSAN's unwanted sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 06/36] x86/boot: Remove run-time relocations from head_{32,64}.S · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 06/36] x86/boot: Remove run-time relocations from head_{32,64}.S · Nick Desaulniers <hidden> · 2020-08-07
Re: [PATCH v5 06/36] x86/boot: Remove run-time relocations from head_{32,64}.S · Arvind Sankar <hidden> · 2020-08-07
[PATCH v5 09/36] vmlinux.lds.h: Add .gnu.version* to COMMON_DISCARDS · Kees Cook <hidden> · 2020-07-31
[PATCH v5 05/36] x86/boot: Remove run-time relocations from .head.text code · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 05/36] x86/boot: Remove run-time relocations from .head.text code · Nick Desaulniers <hidden> · 2020-07-31
[PATCH v5 03/36] x86/boot/compressed: Get rid of GOT fixup code · Kees Cook <hidden> · 2020-07-31
[PATCH v5 01/36] x86/boot/compressed: Move .got.plt entries out of the .got section · Kees Cook <hidden> · 2020-07-31
[PATCH v5 28/36] x86/asm: Avoid generating unused kprobe sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 15/36] arm64/mm: Remove needless section quotes · Kees Cook <hidden> · 2020-07-31
[PATCH v5 22/36] arm/build: Refactor linker script headers · Kees Cook <hidden> · 2020-07-31
[PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections · Nick Desaulniers <hidden> · 2020-08-03
Re: [PATCH v5 23/36] arm/build: Explicitly keep .ARM.attributes sections · Fangrui Song <hidden> · 2020-08-17
[PATCH v5 24/36] arm/build: Add missing sections · Kees Cook <hidden> · 2020-07-31
[PATCH v5 25/36] arm/build: Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 26/36] arm/boot: Handle all sections explicitly · Kees Cook <hidden> · 2020-07-31
[PATCH v5 29/36] x86/build: Enforce an empty .got.plt section · Kees Cook <hidden> · 2020-07-31
Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section · Arvind Sankar <hidden> · 2020-08-01
Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section · Kees Cook <hidden> · 2020-08-01
Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section · Kees Cook <hidden> · 2020-08-21
[PATCH v5 27/36] arm/boot: Warn on orphan section placement · Kees Cook <hidden> · 2020-07-31
[PATCH v5 17/36] arm64/build: Remove .eh_frame* sections due to unwind tables · Kees Cook <hidden> · 2020-07-31
[PATCH v5 18/36] arm64/build: Use common DISCARDS in linker script · Kees Cook <hidden> · 2020-07-31
[PATCH v5 19/36] arm64/build: Add missing DWARF sections · Kees Cook <hidden> · 2020-07-31

From: Arvind Sankar <hidden>
Date: 2020-08-01 02:12:56
Also in: linux-arch, linux-efi, lkml

On Fri, Jul 31, 2020 at 04:08:13PM -0700, Kees Cook wrote:

quoted hunk ↗ jump to hunk

The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as NOLOAD. This is more sensitive than just blindly
discarding the section.

Signed-off-by: Kees Cook <redacted>
---
 arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035cb15f1..7faffe7414d6 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S

@@ -414,8 +414,20 @@ SECTIONS
 	ELF_DETAILS
 
 	DISCARDS
-}
 
+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt (NOLOAD) : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+	       SIZEOF(.got.plt) == 0x18,
+#else
+	       SIZEOF(.got.plt) == 0xc,
+#endif
+	       "Unexpected GOT/PLT entries detected!")
+}
 
 #ifdef CONFIG_X86_32
 /*

-- 
2.25.1

Is this actually needed? vmlinux is a position-dependent executable, and
it doesn't get linked with any shared libraries, so it should never have
a .got or .got.plt at all I think? Does it show up as an orphan without
this?

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help