Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

[PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES · Kees Cook <hidden> · 2019-09-26
[PATCH 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text" · Kees Cook <hidden> · 2019-09-26
[PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header · Kees Cook <hidden> · 2019-09-26
[PATCH 05/29] ia64: Rename PT_LOAD identifier "code" to "text" · Kees Cook <hidden> · 2019-09-26
[PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA · Kees Cook <hidden> · 2019-09-26
[PATCH 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 26/29] x86/mm: Remove redundant &s on addresses · Kees Cook <hidden> · 2019-09-26
[PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem · Borislav Petkov <bp@alien8.de> · 2019-10-10
[PATCH 27/29] x86/mm: Report which part of kernel image is freed · Kees Cook <hidden> · 2019-09-26
[PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes · Kees Cook <hidden> · 2019-09-26
[PATCH 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment · Will Deacon <will@kernel.org> · 2019-10-01
Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-10-01
[PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes · Borislav Petkov <bp@alien8.de> · 2019-10-10
[PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA · Kees Cook <hidden> · 2019-09-26
[PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA · Will Deacon <will@kernel.org> · 2019-10-01
Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA · Borislav Petkov <bp@alien8.de> · 2019-10-10
Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA · Kees Cook <hidden> · 2019-10-10
[PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro · Kees Cook <hidden> · 2019-09-26
[PATCH 07/29] x86: Restore "text" Program Header with dummy section · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 07/29] x86: Restore "text" Program Header with dummy section · Borislav Petkov <bp@alien8.de> · 2019-10-10
Re: [PATCH 07/29] x86: Restore "text" Program Header with dummy section · Kees Cook <hidden> · 2019-10-10
[PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA · Kees Cook <hidden> · 2019-09-26
[PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text" · Kees Cook <hidden> · 2019-09-26
[PATCH 02/29] powerpc: Remove PT_NOTE workaround · Kees Cook <hidden> · 2019-09-26
[PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note" · Kees Cook <hidden> · 2019-09-26
[PATCH 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA · Kees Cook <hidden> · 2019-09-26
[PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment · Kees Cook <hidden> · 2019-09-26
[PATCH 15/29] x86: Actually use _etext for end of text segment · Kees Cook <hidden> · 2019-09-26
Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES · Borislav Petkov <bp@alien8.de> · 2019-10-10
Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES · Kees Cook <hidden> · 2019-10-10
Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES · hpa@zytor.com · 2019-10-11

From: hpa@zytor.com
Date: 2019-10-11 01:39:30
Also in: linux-alpha, linux-arch, linux-s390, lkml

On October 10, 2019 4:57:36 PM PDT, Kees Cook [off-list ref] wrote:

On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote:

quoted

On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote:

quoted

This series works to move the linker sections for NOTES and
EXCEPTION_TABLE into the RO_DATA area, where they belong on most
(all?) architectures. The problem being addressed was the discovery
by Rick Edgecombe that the exception table was accidentally marked
executable while he was developing his execute-only-memory series.

When

quoted

permissions were flipped from readable-and-executable to

only-executable,

quoted

the exception table became unreadable, causing things to explode

rather

quoted

badly. :)

Roughly speaking, the steps are:

- regularize the linker names for PT_NOTE and PT_LOAD program

headers

quoted

  (to "note" and "text" respectively)
- regularize restoration of linker section to program header

assignment

quoted

  (when PT_NOTE exists)
- move NOTES into RO_DATA
- finish macro naming conversions for RO_DATA and RW_DATA
- move EXCEPTION_TABLE into RO_DATA on architectures where this is

clear

quoted

- clean up some x86-specific reporting of kernel memory resources
- switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just

because

quoted

  I finally realized what that trailing ": 0x9090" meant -- and we

should

quoted

  trap, not slide, if execution lands in section padding

Yap, nice patchset overall.

Thanks!

quoted

Since these changes are treewide, I'd love to get

architecture-maintainer

quoted

Acks and either have this live in x86 -tip or in my own tree,

however

quoted

people think it should go.

Sure, I don't mind taking v2 through tip once I get ACKs from the
respective arch maintainers.

Okay, excellent. I've only had acks from arm64, but I'll call it out
again in v2. Thanks for the review!

I would like to once again advocate for the generalized link table mechanism. It is nuts that each individual table should need vmlinux.lds hacking across architectures.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help