From 9e2276fa6eb39817dcc4cda415f0199fb7016b37 Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Thu, 26 Sep 2019 10:32:26 +0100 Subject: [PATCH 01/31] arch/x86/boot: Use prefix map to avoid embedded paths It was observed that the kernel embeds the absolute build path in the x86 boot image when the __FILE__ macro is expanded. > From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458: If you turn on the buildpaths QA test, or try a reproducible build, you discover that the kernel image contains build paths. $ strings bzImage-5.0.19-yocto-standard |grep tmp/ out of pgt_buf in /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!? But what's this in the top-level Makefile: $ git grep prefix-map Makefile:KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) So the __FILE__ shouldn't be using the full path. However arch/x86/boot/compressed/Makefile has this: KBUILD_CFLAGS := -m$(BITS) -O2 So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option. Use -fmacro-prefix-map to have relative paths in the boot image too. [ bp: Massage commit message and put the KBUILD_CFLAGS addition in ..boot/Makefile after the KBUILD_AFLAGS assignment because gas doesn't support -fmacro-prefix-map. ] Signed-off-by: Bruce Ashfield Signed-off-by: Ross Burton Signed-off-by: Borislav Petkov Cc: "H. Peter Anvin" Cc: George Rimar Cc: Ingo Molnar Cc: Masahiro Yamada Cc: Nathan Chancellor Cc: Thomas Gleixner Cc: x86-ml Link: https://lkml.kernel.org/r/20190926093226.8568-1-ross.burton@intel.com Link: https://bugzilla.kernel.org/show_bug.cgi?id=204333 --- arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index e2839b5c246c2..3e9f5544820a8 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -67,6 +67,7 @@ clean-files += cpustr.h KBUILD_CFLAGS := $(REALMODE_CFLAGS) -D_SETUP KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ +KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) GCOV_PROFILE := n UBSAN_SANITIZE := n diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 6b84afdd75382..b246f18c5857a 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -38,6 +38,7 @@ KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector) KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member) KBUILD_CFLAGS += $(call cc-disable-warning, gnu) KBUILD_CFLAGS += -Wno-pointer-sign +KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n From ec556271bbb33809b73cdb238f8cb357345908e8 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:23 -0700 Subject: [PATCH 02/31] powerpc: Rename "notes" PT_NOTE to "note" The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Note that there was discussion about changing all architectures to use "notes" instead, but I prefer to avoid that at this time. Changing only powerpc is the smallest change to standardize the entire kernel. And while this standardization does use singular "note" for a section that has more than one note in it, this is just an internal identifier. It matches the ELF "PT_NOTE", and is 4 characters (like "text", and "data") for pretty alignment. The more exposed macro, "NOTES", use the more sensible plural wording. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Michael Ellerman Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-2-keescook@chromium.org --- arch/powerpc/kernel/vmlinux.lds.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 060a1acd7c6d7..81e6726547898 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -19,7 +19,7 @@ ENTRY(_stext) PHDRS { kernel PT_LOAD FLAGS(7); /* RWX */ - notes PT_NOTE FLAGS(0); + note PT_NOTE FLAGS(0); dummy PT_NOTE FLAGS(0); /* binutils < 2.18 has a bug that makes it misbehave when taking an @@ -177,7 +177,7 @@ SECTIONS #endif EXCEPTION_TABLE(0) - NOTES :kernel :notes + NOTES :kernel :note /* The dummy segment contents for the bug workaround mentioned above near PHDRS. */ From 6fc4000656a10fb679ab6566dcd516ee672f1706 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:24 -0700 Subject: [PATCH 03/31] powerpc: Remove PT_NOTE workaround In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Michael Ellerman Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86@kernel.org Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-3-keescook@chromium.org --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 81e6726547898..a3c8492b2b194 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -20,20 +20,6 @@ ENTRY(_stext) PHDRS { kernel PT_LOAD FLAGS(7); /* RWX */ note PT_NOTE FLAGS(0); - dummy PT_NOTE FLAGS(0); - - /* binutils < 2.18 has a bug that makes it misbehave when taking an - ELF file with all segments at load address 0 as input. This - happens when running "strip" on vmlinux, because of the AT() magic - in this linker script. People using GCC >= 4.2 won't run into - this problem, because the "build-id" support will put some data - into the "notes" segment (at a non-zero load address). - - To work around this, we force some data into both the "dummy" - segment and the kernel segment, so the dummy segment will get a - non-zero load address. It's not enough to always create the - "notes" segment, since if nothing gets assigned to it, its load - address will be zero. */ } #ifdef CONFIG_PPC64 @@ -178,14 +164,8 @@ SECTIONS EXCEPTION_TABLE(0) NOTES :kernel :note - - /* The dummy segment contents for the bug workaround mentioned above - near PHDRS. */ - .dummy : AT(ADDR(.dummy) - LOAD_OFFSET) { - LONG(0) - LONG(0) - LONG(0) - } :kernel :dummy + /* Restore program header away from PT_NOTE. */ + .dummy : { *(.dummy) } :kernel /* * Init sections discarded at runtime From af0f3e9e205c3d1bad91ad83e06bfd04df9712b2 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:25 -0700 Subject: [PATCH 04/31] powerpc: Rename PT_LOAD identifier "kernel" to "text" In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Michael Ellerman Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86@kernel.org Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-4-keescook@chromium.org --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index a3c8492b2b194..e184a63aa5b06 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -18,7 +18,7 @@ ENTRY(_stext) PHDRS { - kernel PT_LOAD FLAGS(7); /* RWX */ + text PT_LOAD FLAGS(7); /* RWX */ note PT_NOTE FLAGS(0); } @@ -63,7 +63,7 @@ SECTIONS #else /* !CONFIG_PPC64 */ HEAD_TEXT #endif - } :kernel + } :text __head_end = .; @@ -112,7 +112,7 @@ SECTIONS __got2_end = .; #endif /* CONFIG_PPC32 */ - } :kernel + } :text . = ALIGN(ETEXT_ALIGN_SIZE); _etext = .; @@ -163,9 +163,9 @@ SECTIONS #endif EXCEPTION_TABLE(0) - NOTES :kernel :note + NOTES :text :note /* Restore program header away from PT_NOTE. */ - .dummy : { *(.dummy) } :kernel + .dummy : { *(.dummy) } :text /* * Init sections discarded at runtime @@ -180,7 +180,7 @@ SECTIONS #ifdef CONFIG_PPC64 *(.tramp.ftrace.init); #endif - } :kernel + } :text /* .exit.text is discarded at runtime, not link time, * to deal with references from __bug_table From 65182e6e36195fbf9340808ac4a00d1c146bc05c Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:26 -0700 Subject: [PATCH 05/31] alpha: Rename PT_LOAD identifier "kernel" to "text" In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: Ivan Kokshaysky Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Matt Turner Cc: Michael Ellerman Cc: Michal Simek Cc: Richard Henderson Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-5-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index c4b5ceceab52f..781090cacc96d 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -8,7 +8,7 @@ OUTPUT_FORMAT("elf64-alpha") OUTPUT_ARCH(alpha) ENTRY(__start) -PHDRS { kernel PT_LOAD; note PT_NOTE; } +PHDRS { text PT_LOAD; note PT_NOTE; } jiffies = jiffies_64; SECTIONS { @@ -27,14 +27,14 @@ SECTIONS LOCK_TEXT *(.fixup) *(.gnu.warning) - } :kernel + } :text swapper_pg_dir = SWAPPER_PGD; _etext = .; /* End of text section */ - NOTES :kernel :note + NOTES :text :note .dummy : { *(.dummy) - } :kernel + } :text RODATA EXCEPTION_TABLE(16) From 430c6b2647e215c4129f36646ad28a725996b410 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:27 -0700 Subject: [PATCH 06/31] ia64: Rename PT_LOAD identifier "code" to "text" In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Fenghua Yu Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Tony Luck Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-6-keescook@chromium.org --- arch/ia64/kernel/vmlinux.lds.S | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index d9d4e21107cdb..2c4f23c390ad2 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -13,7 +13,7 @@ ENTRY(phys_start) jiffies = jiffies_64; PHDRS { - code PT_LOAD; + text PT_LOAD; percpu PT_LOAD; data PT_LOAD; note PT_NOTE; @@ -36,7 +36,7 @@ SECTIONS { phys_start = _start - LOAD_OFFSET; code : { - } :code + } :text . = KERNEL_START; _text = .; @@ -68,9 +68,9 @@ SECTIONS { /* * Read-only data */ - NOTES :code :note /* put .notes in text and mark in PT_NOTE */ + NOTES :text :note /* put .notes in text and mark in PT_NOTE */ code_continues : { - } : code /* switch back to regular program... */ + } :text /* switch back to regular program... */ EXCEPTION_TABLE(16) @@ -102,9 +102,9 @@ SECTIONS { __start_unwind = .; *(.IA_64.unwind*) __end_unwind = .; - } :code :unwind + } :text :unwind code_continues2 : { - } : code + } :text RODATA @@ -214,7 +214,7 @@ SECTIONS { _end = .; code : { - } :code + } :text STABS_DEBUG DWARF_DEBUG From 6434efbd9aefa3786b446c8e4745d1f49d2983b4 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:28 -0700 Subject: [PATCH 07/31] s390: Move RO_DATA into "text" PT_LOAD Program Header In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-7-keescook@chromium.org --- arch/s390/kernel/vmlinux.lds.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 7e0eb40209177..13294fef473e5 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -52,7 +52,7 @@ SECTIONS NOTES :text :note - .dummy : { *(.dummy) } :data + .dummy : { *(.dummy) } :text RO_DATA_SECTION(PAGE_SIZE) @@ -64,7 +64,7 @@ SECTIONS .data..ro_after_init : { *(.data..ro_after_init) JUMP_TABLE_DATA - } + } :data EXCEPTION_TABLE(16) . = ALIGN(PAGE_SIZE); __end_ro_after_init = .; From 7a42d41d9dc2829bdf589db855ce3f948de2da6b Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:29 -0700 Subject: [PATCH 08/31] x86/vmlinux: Restore "text" Program Header with dummy section In a linker script, if one places a section in one or more segments using ":PHDR", then the linker will place all subsequent allocatable sections, which do not specify ":PHDR", into the same segments. In order to have the NOTES section in both PT_LOAD (":text") and PT_NOTE (":note"), both segments are marked, and the only way to undo this to keep subsequent sections out of PT_NOTE is to mark the following section with just the single desired PT_LOAD (":text"). In preparation for having a common NOTES macro, perform the segment assignment using a dummy section (as done by other architectures). Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: Yoshinori Sato Cc: x86-ml Link: https://lkml.kernel.org/r/20191029211351.13243-8-keescook@chromium.org --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e2feacf921a03..788e78978030f 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -147,8 +147,9 @@ SECTIONS } :text = 0x9090 NOTES :text :note + .dummy : { *(.dummy) } :text - EXCEPTION_TABLE(16) :text = 0x9090 + EXCEPTION_TABLE(16) /* .text should occupy whole number of pages */ . = ALIGN(PAGE_SIZE); From 441110a547f86a2fd0c40bf04b274853622c53cc Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:30 -0700 Subject: [PATCH 09/31] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens # s390 Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-9-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S | 2 ++ arch/mips/kernel/vmlinux.lds.S | 12 ++++++------ arch/powerpc/kernel/vmlinux.lds.S | 1 + arch/s390/kernel/vmlinux.lds.S | 2 ++ arch/x86/kernel/vmlinux.lds.S | 2 ++ include/asm-generic/vmlinux.lds.h | 8 ++++++++ 7 files changed, 24 insertions(+), 6 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index 781090cacc96d..363a60ba7c31a 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -1,4 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 */ + +#define EMITS_PT_NOTE + #include #include #include diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 2c4f23c390ad2..7cf4958b732d0 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -5,6 +5,8 @@ #include #include +#define EMITS_PT_NOTE + #include OUTPUT_FORMAT("elf64-ia64-little") diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S index 33ee0d18fb0ad..1c95612eb8005 100644 --- a/arch/mips/kernel/vmlinux.lds.S +++ b/arch/mips/kernel/vmlinux.lds.S @@ -10,6 +10,11 @@ */ #define BSS_FIRST_SECTIONS *(.bss..swapper_pg_dir) +/* Cavium Octeon should not have a separate PT_NOTE Program Header. */ +#ifndef CONFIG_CAVIUM_OCTEON_SOC +#define EMITS_PT_NOTE +#endif + #include #undef mips @@ -76,12 +81,7 @@ SECTIONS __stop___dbe_table = .; } -#ifdef CONFIG_CAVIUM_OCTEON_SOC -#define NOTES_HEADER -#else /* CONFIG_CAVIUM_OCTEON_SOC */ -#define NOTES_HEADER :note -#endif /* CONFIG_CAVIUM_OCTEON_SOC */ - NOTES :text NOTES_HEADER + NOTES NOTES_HEADERS .dummy : { *(.dummy) } :text _sdata = .; /* Start of data section */ diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index e184a63aa5b06..7e26e20c83245 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -6,6 +6,7 @@ #endif #define BSS_FIRST_SECTIONS *(.bss.prominit) +#define EMITS_PT_NOTE #include #include diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 13294fef473e5..646d939346dfa 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -15,6 +15,8 @@ /* Handle ro_after_init data on our own. */ #define RO_AFTER_INIT_DATA +#define EMITS_PT_NOTE + #include #include diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 788e78978030f..2e18bf5c1aed0 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -21,6 +21,8 @@ #define LOAD_OFFSET __START_KERNEL_map #endif +#define EMITS_PT_NOTE + #include #include #include diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index dae64600ccbff..f5dd45ce73f16 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -54,6 +54,14 @@ #define LOAD_OFFSET 0 #endif +/* + * Only some architectures want to have the .notes segment visible in + * a separate PT_NOTE ELF Program Header. + */ +#ifdef EMITS_PT_NOTE +#define NOTES_HEADERS :text :note +#endif + /* Align . to a 8 byte boundary equals to maximum function alignment. */ #define ALIGN_FUNCTION() . = ALIGN(8) From fbe6a8e618a2d70621cff277e24f6eb338d3d149 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:31 -0700 Subject: [PATCH 10/31] vmlinux.lds.h: Move Program Header restoration into NOTES macro In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens # s390 Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-10-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 5 +---- arch/ia64/kernel/vmlinux.lds.S | 4 +--- arch/mips/kernel/vmlinux.lds.S | 3 +-- arch/powerpc/kernel/vmlinux.lds.S | 4 +--- arch/s390/kernel/vmlinux.lds.S | 4 +--- arch/x86/kernel/vmlinux.lds.S | 3 +-- include/asm-generic/vmlinux.lds.h | 13 +++++++++++-- 7 files changed, 17 insertions(+), 19 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index 363a60ba7c31a..cdfdc91ce64c7 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -34,10 +34,7 @@ SECTIONS swapper_pg_dir = SWAPPER_PGD; _etext = .; /* End of text section */ - NOTES :text :note - .dummy : { - *(.dummy) - } :text + NOTES RODATA EXCEPTION_TABLE(16) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 7cf4958b732d0..bfc937ec168c3 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -70,9 +70,7 @@ SECTIONS { /* * Read-only data */ - NOTES :text :note /* put .notes in text and mark in PT_NOTE */ - code_continues : { - } :text /* switch back to regular program... */ + NOTES EXCEPTION_TABLE(16) diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S index 1c95612eb8005..6a22f531d815c 100644 --- a/arch/mips/kernel/vmlinux.lds.S +++ b/arch/mips/kernel/vmlinux.lds.S @@ -81,8 +81,7 @@ SECTIONS __stop___dbe_table = .; } - NOTES NOTES_HEADERS - .dummy : { *(.dummy) } :text + NOTES _sdata = .; /* Start of data section */ RODATA diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 7e26e20c83245..4f19d814d5929 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -164,9 +164,7 @@ SECTIONS #endif EXCEPTION_TABLE(0) - NOTES :text :note - /* Restore program header away from PT_NOTE. */ - .dummy : { *(.dummy) } :text + NOTES /* * Init sections discarded at runtime diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index 646d939346dfa..f88eedeb915a3 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -52,9 +52,7 @@ SECTIONS _etext = .; /* End of text section */ } :text = 0x0700 - NOTES :text :note - - .dummy : { *(.dummy) } :text + NOTES RO_DATA_SECTION(PAGE_SIZE) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 2e18bf5c1aed0..8be25b09c2b7a 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -148,8 +148,7 @@ SECTIONS _etext = .; } :text = 0x9090 - NOTES :text :note - .dummy : { *(.dummy) } :text + NOTES EXCEPTION_TABLE(16) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index f5dd45ce73f16..97d4299f14dc1 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -56,10 +56,18 @@ /* * Only some architectures want to have the .notes segment visible in - * a separate PT_NOTE ELF Program Header. + * a separate PT_NOTE ELF Program Header. When this happens, it needs + * to be visible in both the kernel text's PT_LOAD and the PT_NOTE + * Program Headers. In this case, though, the PT_LOAD needs to be made + * the default again so that all the following sections don't also end + * up in the PT_NOTE Program Header. */ #ifdef EMITS_PT_NOTE #define NOTES_HEADERS :text :note +#define NOTES_HEADERS_RESTORE __restore_ph : { *(.__restore_ph) } :text +#else +#define NOTES_HEADERS +#define NOTES_HEADERS_RESTORE #endif /* Align . to a 8 byte boundary equals to maximum function alignment. */ @@ -798,7 +806,8 @@ __start_notes = .; \ KEEP(*(.note.*)) \ __stop_notes = .; \ - } + } NOTES_HEADERS \ + NOTES_HEADERS_RESTORE #define INIT_SETUP(initsetup_align) \ . = ALIGN(initsetup_align); \ From eaf937075c9a42eb8ba51eb3050773d7205d3595 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:32 -0700 Subject: [PATCH 11/31] vmlinux.lds.h: Move NOTES into RO_DATA The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens # s390 Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-11-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S | 2 -- arch/arm/kernel/vmlinux-xip.lds.S | 2 -- arch/arm/kernel/vmlinux.lds.S | 2 -- arch/arm64/kernel/vmlinux.lds.S | 1 - arch/c6x/kernel/vmlinux.lds.S | 1 - arch/csky/kernel/vmlinux.lds.S | 1 - arch/h8300/kernel/vmlinux.lds.S | 1 - arch/hexagon/kernel/vmlinux.lds.S | 1 - arch/ia64/kernel/vmlinux.lds.S | 2 -- arch/microblaze/kernel/vmlinux.lds.S | 1 - arch/mips/kernel/vmlinux.lds.S | 2 -- arch/nds32/kernel/vmlinux.lds.S | 1 - arch/nios2/kernel/vmlinux.lds.S | 1 - arch/openrisc/kernel/vmlinux.lds.S | 1 - arch/parisc/kernel/vmlinux.lds.S | 1 - arch/powerpc/kernel/vmlinux.lds.S | 2 -- arch/riscv/kernel/vmlinux.lds.S | 1 - arch/s390/kernel/vmlinux.lds.S | 2 -- arch/sh/kernel/vmlinux.lds.S | 1 - arch/sparc/kernel/vmlinux.lds.S | 1 - arch/um/include/asm/common.lds.S | 1 - arch/unicore32/kernel/vmlinux.lds.S | 1 - arch/x86/kernel/vmlinux.lds.S | 2 -- arch/xtensa/kernel/vmlinux.lds.S | 1 - include/asm-generic/vmlinux.lds.h | 9 +++++---- 26 files changed, 5 insertions(+), 38 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index cdfdc91ce64c7..bf28043485f6e 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -34,8 +34,6 @@ SECTIONS swapper_pg_dir = SWAPPER_PGD; _etext = .; /* End of text section */ - NOTES - RODATA EXCEPTION_TABLE(16) diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index 6c693a9d29b6d..1d6eef4b69762 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -118,8 +118,6 @@ SECTIONS /DISCARD/ : { *(.eh_frame) } #endif - NOTES - . = ALIGN(PAGE_SIZE); _end = . ; diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 8c74037ade229..d2a9651c24ad3 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -70,8 +70,6 @@ SECTIONS ARM_UNWIND_SECTIONS #endif - NOTES - _etext = .; /* End of text and rodata section */ ARM_VECTORS diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 23150c0f0f4d4..068db6860867f 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -81,8 +81,6 @@ SECTIONS ARM_UNWIND_SECTIONS #endif - NOTES - #ifdef CONFIG_STRICT_KERNEL_RWX . = ALIGN(1< Date: Tue, 29 Oct 2019 14:13:33 -0700 Subject: [PATCH 12/31] vmlinux.lds.h: Replace RODATA with RO_DATA There's no reason to keep the RODATA macro: replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-12-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel/vmlinux.lds.S | 2 +- arch/um/include/asm/common.lds.S | 2 +- arch/xtensa/kernel/vmlinux.lds.S | 2 +- include/asm-generic/vmlinux.lds.h | 4 +--- 7 files changed, 7 insertions(+), 9 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index bf28043485f6e..af411817dd7d5 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -34,7 +34,7 @@ SECTIONS swapper_pg_dir = SWAPPER_PGD; _etext = .; /* End of text section */ - RODATA + RO_DATA(4096) EXCEPTION_TABLE(16) /* Will be freed after init */ diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index fae077595756b..11d5115bc44d2 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -104,7 +104,7 @@ SECTIONS { code_continues2 : { } :text - RODATA + RO_DATA(4096) .opd : AT(ADDR(.opd) - LOAD_OFFSET) { __start_opd = .; diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index d008e50bb212a..2299694748ea5 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -51,7 +51,7 @@ SECTIONS { } . = ALIGN(16); - RODATA + RO_DATA(4096) EXCEPTION_TABLE(16) /* diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S index 91e566defc168..a5f00ec73ea6e 100644 --- a/arch/mips/kernel/vmlinux.lds.S +++ b/arch/mips/kernel/vmlinux.lds.S @@ -82,7 +82,7 @@ SECTIONS } _sdata = .; /* Start of data section */ - RODATA + RO_DATA(4096) /* writeable */ .data : { /* Data */ diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S index 91aca356095fb..7145ce6999822 100644 --- a/arch/um/include/asm/common.lds.S +++ b/arch/um/include/asm/common.lds.S @@ -9,7 +9,7 @@ _sdata = .; PROVIDE (sdata = .); - RODATA + RO_DATA(4096) .unprotected : { *(.unprotected) } . = ALIGN(4096); diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index a0a8437456956..b97e5798b9cfa 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -124,7 +124,7 @@ SECTIONS . = ALIGN(16); - RODATA + RO_DATA(4096) /* Relocation table */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index dc3390ec6b60c..a0a989fbe411a 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -518,9 +518,7 @@ . = ALIGN((align)); \ __end_rodata = .; -/* RODATA & RO_DATA provided for backward compatibility. - * All archs are supposed to use RO_DATA() */ -#define RODATA RO_DATA_SECTION(4096) +/* All archs are supposed to use RO_DATA() */ #define RO_DATA(align) RO_DATA_SECTION(align) /* From 93240b327929ff03c1878ea8badc5c6bd86f053f Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:34 -0700 Subject: [PATCH 13/31] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens # s390 Acked-by: Geert Uytterhoeven # m68k Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-13-keescook@chromium.org --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +- arch/csky/kernel/vmlinux.lds.S | 2 +- arch/h8300/kernel/vmlinux.lds.S | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 2 +- arch/m68k/kernel/vmlinux-nommu.lds | 2 +- arch/nds32/kernel/vmlinux.lds.S | 2 +- arch/nios2/kernel/vmlinux.lds.S | 2 +- arch/openrisc/kernel/vmlinux.lds.S | 4 ++-- arch/parisc/kernel/vmlinux.lds.S | 4 ++-- arch/riscv/kernel/vmlinux.lds.S | 2 +- arch/s390/kernel/vmlinux.lds.S | 2 +- arch/unicore32/kernel/vmlinux.lds.S | 2 +- include/asm-generic/vmlinux.lds.h | 7 ++----- 14 files changed, 17 insertions(+), 20 deletions(-) diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index 1d6eef4b69762..7d1d27066deba 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -95,7 +95,7 @@ SECTIONS _etext = .; _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) /* * 1. this is .data essentially diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index d6e3802536b3c..a3547f9d415ba 100644 --- a/arch/c6x/kernel/vmlinux.lds.S +++ b/arch/c6x/kernel/vmlinux.lds.S @@ -82,7 +82,7 @@ SECTIONS EXCEPTION_TABLE(16) - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) .const : { *(.const .const.* .gnu.linkonce.r.*) diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S index 75dd31412242c..8598bd7a7bcd0 100644 --- a/arch/csky/kernel/vmlinux.lds.S +++ b/arch/csky/kernel/vmlinux.lds.S @@ -49,7 +49,7 @@ SECTIONS _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 88776e7852450..d3247d33b1151 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -38,7 +38,7 @@ SECTIONS _etext = . ; } EXCEPTION_TABLE(16) - RO_DATA_SECTION(4) + RO_DATA(4) ROMEND = .; #if defined(CONFIG_ROMKERNEL) . = RAMTOP; diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S index 6a6e8fc422eef..0145251fa317e 100644 --- a/arch/hexagon/kernel/vmlinux.lds.S +++ b/arch/hexagon/kernel/vmlinux.lds.S @@ -50,7 +50,7 @@ SECTIONS _sdata = .; RW_DATA_SECTION(32,PAGE_SIZE,_THREAD_SIZE) - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) _edata = .; EXCEPTION_TABLE(16) diff --git a/arch/m68k/kernel/vmlinux-nommu.lds b/arch/m68k/kernel/vmlinux-nommu.lds index cf6edda389719..de80f8b8ae783 100644 --- a/arch/m68k/kernel/vmlinux-nommu.lds +++ b/arch/m68k/kernel/vmlinux-nommu.lds @@ -60,7 +60,7 @@ SECTIONS { #endif _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) RW_DATA_SECTION(16, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S index c4f1c5a604c34..10ff570ba95b5 100644 --- a/arch/nds32/kernel/vmlinux.lds.S +++ b/arch/nds32/kernel/vmlinux.lds.S @@ -53,7 +53,7 @@ SECTIONS _etext = .; /* End of text and rodata section */ _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S index 20e4078b3477d..318804a2c7a14 100644 --- a/arch/nios2/kernel/vmlinux.lds.S +++ b/arch/nios2/kernel/vmlinux.lds.S @@ -49,7 +49,7 @@ SECTIONS __init_end = .; _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S index 142c51c994f56..f73e0d3ea09f6 100644 --- a/arch/openrisc/kernel/vmlinux.lds.S +++ b/arch/openrisc/kernel/vmlinux.lds.S @@ -67,8 +67,8 @@ SECTIONS _sdata = .; - /* Page alignment required for RO_DATA_SECTION */ - RO_DATA_SECTION(PAGE_SIZE) + /* Page alignment required for RO_DATA */ + RO_DATA(PAGE_SIZE) _e_kernel_ro = .; /* Whatever comes after _e_kernel_ro had better be page-aligend, too */ diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 168d12b2ebb85..e1c563c7dca1b 100644 --- a/arch/parisc/kernel/vmlinux.lds.S +++ b/arch/parisc/kernel/vmlinux.lds.S @@ -109,7 +109,7 @@ SECTIONS _sdata = .; /* Architecturally we need to keep __gp below 0x1000000 and thus - * in front of RO_DATA_SECTION() which stores lots of tracepoint + * in front of RO_DATA() which stores lots of tracepoint * and ftrace symbols. */ #ifdef CONFIG_64BIT . = ALIGN(16); @@ -127,7 +127,7 @@ SECTIONS } #endif - RO_DATA_SECTION(8) + RO_DATA(8) /* RO because of BUILDTIME_EXTABLE_SORT */ EXCEPTION_TABLE(8) diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index df5229c4034db..66dc17d24dd9a 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -52,7 +52,7 @@ SECTIONS /* Start of data section */ _sdata = .; - RO_DATA_SECTION(L1_CACHE_BYTES) + RO_DATA(L1_CACHE_BYTES) .srodata : { *(.srodata*) } diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index beb4df053e20b..b33c4823f8b5b 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -52,7 +52,7 @@ SECTIONS _etext = .; /* End of text section */ } :text = 0x0700 - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) . = ALIGN(PAGE_SIZE); _sdata = .; /* Start of data section */ diff --git a/arch/unicore32/kernel/vmlinux.lds.S b/arch/unicore32/kernel/vmlinux.lds.S index 78c4c56057b0c..367c80313becc 100644 --- a/arch/unicore32/kernel/vmlinux.lds.S +++ b/arch/unicore32/kernel/vmlinux.lds.S @@ -43,7 +43,7 @@ SECTIONS _etext = .; _sdata = .; - RO_DATA_SECTION(PAGE_SIZE) + RO_DATA(PAGE_SIZE) RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index a0a989fbe411a..061e57c609f6f 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -23,7 +23,7 @@ * _etext = .; * * _sdata = .; - * RO_DATA_SECTION(PAGE_SIZE) + * RO_DATA(PAGE_SIZE) * RW_DATA_SECTION(...) * _edata = .; * @@ -363,7 +363,7 @@ /* * Read only Data */ -#define RO_DATA_SECTION(align) \ +#define RO_DATA(align) \ . = ALIGN((align)); \ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ __start_rodata = .; \ @@ -518,9 +518,6 @@ . = ALIGN((align)); \ __end_rodata = .; -/* All archs are supposed to use RO_DATA() */ -#define RO_DATA(align) RO_DATA_SECTION(align) - /* * .text section. Map to function alignment to avoid address changes * during second ld run in second ld pass when generating System.map From c9174047b48d700a785b633319dd7d27288b86be Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:35 -0700 Subject: [PATCH 14/31] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Heiko Carstens # s390 Acked-by: Geert Uytterhoeven # m68k Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-14-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/arm/kernel/vmlinux-xip.lds.S | 2 +- arch/arm/kernel/vmlinux.lds.S | 2 +- arch/arm64/kernel/vmlinux.lds.S | 2 +- arch/csky/kernel/vmlinux.lds.S | 2 +- arch/h8300/kernel/vmlinux.lds.S | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 2 +- arch/m68k/kernel/vmlinux-nommu.lds | 2 +- arch/m68k/kernel/vmlinux-std.lds | 2 +- arch/m68k/kernel/vmlinux-sun3.lds | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/nds32/kernel/vmlinux.lds.S | 2 +- arch/nios2/kernel/vmlinux.lds.S | 2 +- arch/openrisc/kernel/vmlinux.lds.S | 2 +- arch/parisc/kernel/vmlinux.lds.S | 2 +- arch/riscv/kernel/vmlinux.lds.S | 2 +- arch/s390/kernel/vmlinux.lds.S | 2 +- arch/sh/kernel/vmlinux.lds.S | 2 +- arch/sparc/kernel/vmlinux.lds.S | 2 +- arch/unicore32/kernel/vmlinux.lds.S | 2 +- arch/xtensa/kernel/vmlinux.lds.S | 2 +- include/asm-generic/vmlinux.lds.h | 4 ++-- 23 files changed, 24 insertions(+), 24 deletions(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index af411817dd7d5..edc45f45523b4 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -50,7 +50,7 @@ SECTIONS _sdata = .; /* Start of rw data section */ _data = .; - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) .got : { *(.got) diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index 7d1d27066deba..54139a6f469b9 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -101,7 +101,7 @@ SECTIONS * 1. this is .data essentially * 2. THREAD_SIZE for init.task, must be kernel-stk sz aligned */ - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index d2a9651c24ad3..21b8b271c80d2 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -112,7 +112,7 @@ SECTIONS . = ALIGN(THREAD_SIZE); _sdata = .; - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) .data.ro_after_init : AT(ADDR(.data.ro_after_init) - LOAD_OFFSET) { *(.data..ro_after_init) } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 068db6860867f..319ccb10846a6 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -141,7 +141,7 @@ SECTIONS __init_end = .; _sdata = .; - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; BSS_SECTION(0, 0, 0) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index e7dafc29b1fa0..a4b3e6c0680cd 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -214,7 +214,7 @@ SECTIONS _data = .; _sdata = .; - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN) /* * Data written with the MMU off but read with the MMU on requires diff --git a/arch/csky/kernel/vmlinux.lds.S b/arch/csky/kernel/vmlinux.lds.S index 8598bd7a7bcd0..2ff37beaf2bf3 100644 --- a/arch/csky/kernel/vmlinux.lds.S +++ b/arch/csky/kernel/vmlinux.lds.S @@ -50,7 +50,7 @@ SECTIONS _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; EXCEPTION_TABLE(L1_CACHE_BYTES) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index d3247d33b1151..2ac7bdcd2fe01 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -47,7 +47,7 @@ SECTIONS #endif _sdata = . ; __data_start = . ; - RW_DATA_SECTION(0, PAGE_SIZE, THREAD_SIZE) + RW_DATA(0, PAGE_SIZE, THREAD_SIZE) #if defined(CONFIG_ROMKERNEL) #undef ADDR #endif diff --git a/arch/hexagon/kernel/vmlinux.lds.S b/arch/hexagon/kernel/vmlinux.lds.S index 0145251fa317e..0ca2471ddb9fb 100644 --- a/arch/hexagon/kernel/vmlinux.lds.S +++ b/arch/hexagon/kernel/vmlinux.lds.S @@ -49,7 +49,7 @@ SECTIONS INIT_DATA_SECTION(PAGE_SIZE) _sdata = .; - RW_DATA_SECTION(32,PAGE_SIZE,_THREAD_SIZE) + RW_DATA(32,PAGE_SIZE,_THREAD_SIZE) RO_DATA(PAGE_SIZE) _edata = .; diff --git a/arch/m68k/kernel/vmlinux-nommu.lds b/arch/m68k/kernel/vmlinux-nommu.lds index de80f8b8ae783..7b975420c3d9d 100644 --- a/arch/m68k/kernel/vmlinux-nommu.lds +++ b/arch/m68k/kernel/vmlinux-nommu.lds @@ -61,7 +61,7 @@ SECTIONS { _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(16, PAGE_SIZE, THREAD_SIZE) + RW_DATA(16, PAGE_SIZE, THREAD_SIZE) _edata = .; EXCEPTION_TABLE(16) diff --git a/arch/m68k/kernel/vmlinux-std.lds b/arch/m68k/kernel/vmlinux-std.lds index 625a5785804fa..6e7eb49ed985e 100644 --- a/arch/m68k/kernel/vmlinux-std.lds +++ b/arch/m68k/kernel/vmlinux-std.lds @@ -33,7 +33,7 @@ SECTIONS RODATA - RW_DATA_SECTION(16, PAGE_SIZE, THREAD_SIZE) + RW_DATA(16, PAGE_SIZE, THREAD_SIZE) BSS_SECTION(0, 0, 0) diff --git a/arch/m68k/kernel/vmlinux-sun3.lds b/arch/m68k/kernel/vmlinux-sun3.lds index 9868270b09844..1a0ad6b6dd8c3 100644 --- a/arch/m68k/kernel/vmlinux-sun3.lds +++ b/arch/m68k/kernel/vmlinux-sun3.lds @@ -30,7 +30,7 @@ SECTIONS EXCEPTION_TABLE(16) :data _sdata = .; /* Start of rw data section */ - RW_DATA_SECTION(16, PAGE_SIZE, THREAD_SIZE) :data + RW_DATA(16, PAGE_SIZE, THREAD_SIZE) :data /* End of data goes *here* so that freeing init code works properly. */ _edata = .; NOTES diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index 2299694748ea5..b8efb08204a17 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -69,7 +69,7 @@ SECTIONS { } _sdata = . ; - RW_DATA_SECTION(32, PAGE_SIZE, THREAD_SIZE) + RW_DATA(32, PAGE_SIZE, THREAD_SIZE) _edata = . ; /* Under the microblaze ABI, .sdata and .sbss must be contiguous */ diff --git a/arch/nds32/kernel/vmlinux.lds.S b/arch/nds32/kernel/vmlinux.lds.S index 10ff570ba95b5..f679d33974366 100644 --- a/arch/nds32/kernel/vmlinux.lds.S +++ b/arch/nds32/kernel/vmlinux.lds.S @@ -54,7 +54,7 @@ SECTIONS _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; EXCEPTION_TABLE(16) diff --git a/arch/nios2/kernel/vmlinux.lds.S b/arch/nios2/kernel/vmlinux.lds.S index 318804a2c7a14..c55a7cfa10759 100644 --- a/arch/nios2/kernel/vmlinux.lds.S +++ b/arch/nios2/kernel/vmlinux.lds.S @@ -50,7 +50,7 @@ SECTIONS _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; BSS_SECTION(0, 0, 0) diff --git a/arch/openrisc/kernel/vmlinux.lds.S b/arch/openrisc/kernel/vmlinux.lds.S index f73e0d3ea09f6..60449fd7f16f3 100644 --- a/arch/openrisc/kernel/vmlinux.lds.S +++ b/arch/openrisc/kernel/vmlinux.lds.S @@ -74,7 +74,7 @@ SECTIONS /* Whatever comes after _e_kernel_ro had better be page-aligend, too */ /* 32 here is cacheline size... recheck this */ - RW_DATA_SECTION(32, PAGE_SIZE, PAGE_SIZE) + RW_DATA(32, PAGE_SIZE, PAGE_SIZE) _edata = .; diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index e1c563c7dca1b..12b3d7d5e9e45 100644 --- a/arch/parisc/kernel/vmlinux.lds.S +++ b/arch/parisc/kernel/vmlinux.lds.S @@ -148,7 +148,7 @@ SECTIONS data_start = .; /* Data */ - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, PAGE_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, PAGE_SIZE) /* PA-RISC locks requires 16-byte alignment */ . = ALIGN(16); diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index 66dc17d24dd9a..12f42f96d46e0 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -57,7 +57,7 @@ SECTIONS *(.srodata*) } - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) .sdata : { __global_pointer$ = . + 0x800; *(.sdata*) diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index b33c4823f8b5b..37695499717da 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -67,7 +67,7 @@ SECTIONS . = ALIGN(PAGE_SIZE); __end_ro_after_init = .; - RW_DATA_SECTION(0x100, PAGE_SIZE, THREAD_SIZE) + RW_DATA(0x100, PAGE_SIZE, THREAD_SIZE) BOOT_DATA_PRESERVED _edata = .; /* End of data section */ diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S index fef39054cc70e..c60b19958c350 100644 --- a/arch/sh/kernel/vmlinux.lds.S +++ b/arch/sh/kernel/vmlinux.lds.S @@ -51,7 +51,7 @@ SECTIONS _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; DWARF_EH_FRAME diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S index 8929fbc35a80f..7ec79918b566b 100644 --- a/arch/sparc/kernel/vmlinux.lds.S +++ b/arch/sparc/kernel/vmlinux.lds.S @@ -67,7 +67,7 @@ SECTIONS .data1 : { *(.data1) } - RW_DATA_SECTION(SMP_CACHE_BYTES, 0, THREAD_SIZE) + RW_DATA(SMP_CACHE_BYTES, 0, THREAD_SIZE) /* End of data section */ _edata = .; diff --git a/arch/unicore32/kernel/vmlinux.lds.S b/arch/unicore32/kernel/vmlinux.lds.S index 367c80313becc..6fb320b337efd 100644 --- a/arch/unicore32/kernel/vmlinux.lds.S +++ b/arch/unicore32/kernel/vmlinux.lds.S @@ -44,7 +44,7 @@ SECTIONS _sdata = .; RO_DATA(PAGE_SIZE) - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) + RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) _edata = .; EXCEPTION_TABLE(L1_CACHE_BYTES) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index b97e5798b9cfa..bdbd7c4056c18 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -134,7 +134,7 @@ SECTIONS /* Data section */ _sdata = .; - RW_DATA_SECTION(XCHAL_ICACHE_LINESIZE, PAGE_SIZE, THREAD_SIZE) + RW_DATA(XCHAL_ICACHE_LINESIZE, PAGE_SIZE, THREAD_SIZE) _edata = .; /* Initialization code and data: */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 061e57c609f6f..356078e50a5c8 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -24,7 +24,7 @@ * * _sdata = .; * RO_DATA(PAGE_SIZE) - * RW_DATA_SECTION(...) + * RW_DATA(...) * _edata = .; * * EXCEPTION_TABLE(...) @@ -975,7 +975,7 @@ * matches the requirement of PAGE_ALIGNED_DATA. * * use 0 as page_align if page_aligned data is not used */ -#define RW_DATA_SECTION(cacheline, pagealigned, inittask) \ +#define RW_DATA(cacheline, pagealigned, inittask) \ . = ALIGN(PAGE_SIZE); \ .data : AT(ADDR(.data) - LOAD_OFFSET) { \ INIT_TASK_DATA(inittask) \ From b8c2f776164c8f74ac31c5e370ca3f029be0aa19 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:36 -0700 Subject: [PATCH 15/31] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA Many architectures have an EXCEPTION_TABLE that needs to be only readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Will Deacon Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-15-keescook@chromium.org --- include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 356078e50a5c8..9867d8e41eedd 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -69,6 +69,17 @@ #define NOTES_HEADERS_RESTORE #endif +/* + * Some architectures have non-executable read-only exception tables. + * They can be added to the RO_DATA segment by specifying their desired + * alignment. + */ +#ifdef RO_EXCEPTION_TABLE_ALIGN +#define RO_EXCEPTION_TABLE EXCEPTION_TABLE(RO_EXCEPTION_TABLE_ALIGN) +#else +#define RO_EXCEPTION_TABLE +#endif + /* Align . to a 8 byte boundary equals to maximum function alignment. */ #define ALIGN_FUNCTION() . = ALIGN(8) @@ -513,6 +524,7 @@ __stop___modver = .; \ } \ \ + RO_EXCEPTION_TABLE \ NOTES \ \ . = ALIGN((align)); \ From b907693883fdcff5b492cf0cd02a0e264623055e Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:37 -0700 Subject: [PATCH 16/31] x86/vmlinux: Actually use _etext for the end of the text segment Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Desaulniers Cc: Peter Zijlstra Cc: Rick Edgecombe Cc: Ross Zwisler Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Thomas Lendacky Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-16-keescook@chromium.org --- arch/x86/include/asm/sections.h | 1 - arch/x86/kernel/vmlinux.lds.S | 7 +++---- arch/x86/mm/init_64.c | 6 +++--- arch/x86/mm/pti.c | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h index 71b32f2570abc..036c360910c5d 100644 --- a/arch/x86/include/asm/sections.h +++ b/arch/x86/include/asm/sections.h @@ -6,7 +6,6 @@ #include extern char __brk_base[], __brk_limit[]; -extern struct exception_table_entry __stop___ex_table[]; extern char __end_rodata_aligned[]; #if defined(CONFIG_X86_64) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 41362e90142d7..a1a758e25b2b2 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -143,15 +143,14 @@ SECTIONS *(.text.__x86.indirect_thunk) __indirect_thunk_end = .; #endif - - /* End of text section */ - _etext = .; } :text = 0x9090 EXCEPTION_TABLE(16) - /* .text should occupy whole number of pages */ + /* End of text section, which should occupy whole number of pages */ + _etext = .; . = ALIGN(PAGE_SIZE); + X86_ALIGN_RODATA_BEGIN RO_DATA(PAGE_SIZE) X86_ALIGN_RODATA_END diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index a6b5c653727ba..26299e9ce6da7 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1263,7 +1263,7 @@ int kernel_set_to_readonly; void set_kernel_text_rw(void) { unsigned long start = PFN_ALIGN(_text); - unsigned long end = PFN_ALIGN(__stop___ex_table); + unsigned long end = PFN_ALIGN(_etext); if (!kernel_set_to_readonly) return; @@ -1282,7 +1282,7 @@ void set_kernel_text_rw(void) void set_kernel_text_ro(void) { unsigned long start = PFN_ALIGN(_text); - unsigned long end = PFN_ALIGN(__stop___ex_table); + unsigned long end = PFN_ALIGN(_etext); if (!kernel_set_to_readonly) return; @@ -1301,7 +1301,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long rodata_start = PFN_ALIGN(__start_rodata); unsigned long end = (unsigned long) &__end_rodata_hpage_align; - unsigned long text_end = PFN_ALIGN(&__stop___ex_table); + unsigned long text_end = PFN_ALIGN(&_etext); unsigned long rodata_end = PFN_ALIGN(&__end_rodata); unsigned long all_end; diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 7f2140414440d..44a9f068eee00 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -574,7 +574,7 @@ static void pti_clone_kernel_text(void) */ unsigned long start = PFN_ALIGN(_text); unsigned long end_clone = (unsigned long)__end_rodata_aligned; - unsigned long end_global = PFN_ALIGN((unsigned long)__stop___ex_table); + unsigned long end_global = PFN_ALIGN((unsigned long)_etext); if (!pti_kernel_image_global_ok()) return; From f0d7ee17d57c7a8510518a1e60366d053e2f3ff5 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:38 -0700 Subject: [PATCH 17/31] x86/vmlinux: Move EXCEPTION_TABLE to RO_DATA segment The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Ross Zwisler Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Thomas Lendacky Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-17-keescook@chromium.org --- arch/x86/kernel/vmlinux.lds.S | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index a1a758e25b2b2..b06d6e1188deb 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -22,6 +22,7 @@ #endif #define EMITS_PT_NOTE +#define RO_EXCEPTION_TABLE_ALIGN 16 #include #include @@ -145,8 +146,6 @@ SECTIONS #endif } :text = 0x9090 - EXCEPTION_TABLE(16) - /* End of text section, which should occupy whole number of pages */ _etext = .; . = ALIGN(PAGE_SIZE); From 172c8b85dccf331826deda9ef6d7e75fa4f2b3e2 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:39 -0700 Subject: [PATCH 18/31] alpha: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: Ivan Kokshaysky Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Matt Turner Cc: Michael Ellerman Cc: Michal Simek Cc: Richard Henderson Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86@kernel.org Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-18-keescook@chromium.org --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b4..bc6f727278fd8 100644 --- a/arch/alpha/kernel/vmlinux.lds.S +++ b/arch/alpha/kernel/vmlinux.lds.S @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 */ #define EMITS_PT_NOTE +#define RO_EXCEPTION_TABLE_ALIGN 16 #include #include @@ -35,7 +36,6 @@ SECTIONS _etext = .; /* End of text section */ RO_DATA(4096) - EXCEPTION_TABLE(16) /* Will be freed after init */ __init_begin = ALIGN(PAGE_SIZE); From 19f6bc32c6f4216e099963f416de91eba7ca1430 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:40 -0700 Subject: [PATCH 19/31] arm64: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Will Deacon Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Arnd Bergmann Cc: Catalin Marinas Cc: Dave Hansen Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Peter Collingbourne Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-19-keescook@chromium.org --- arch/arm64/kernel/vmlinux.lds.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index a4b3e6c0680cd..9128a26eb45b0 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -5,6 +5,8 @@ * Written by Martin Mares */ +#define RO_EXCEPTION_TABLE_ALIGN 8 + #include #include #include @@ -135,10 +137,9 @@ SECTIONS . = ALIGN(SEGMENT_ALIGN); _etext = .; /* End of text section */ - RO_DATA(PAGE_SIZE) /* everything from this point to */ - EXCEPTION_TABLE(8) /* __init_begin will be marked RO NX */ + /* everything from this point to __init_begin will be marked RO NX */ + RO_DATA(PAGE_SIZE) - . = ALIGN(PAGE_SIZE); idmap_pg_dir = .; . += IDMAP_DIR_SIZE; From 1e51cd538809112a6ac702a48e9719a75152c902 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:41 -0700 Subject: [PATCH 20/31] c6x: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Aurelien Jacquiot Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Mark Salter Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-20-keescook@chromium.org --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415ba..ac99ba0864bfa 100644 --- a/arch/c6x/kernel/vmlinux.lds.S +++ b/arch/c6x/kernel/vmlinux.lds.S @@ -5,6 +5,9 @@ * Copyright (C) 2010, 2011 Texas Instruments Incorporated * Mark Salter */ + +#define RO_EXCEPTION_TABLE_ALIGN 16 + #include #include #include @@ -80,8 +83,6 @@ SECTIONS *(.gnu.warning) } - EXCEPTION_TABLE(16) - RO_DATA(PAGE_SIZE) .const : { From 380e57e2d41e9631132beccac30058228dfd376f Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:42 -0700 Subject: [PATCH 21/31] h8300: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: uclinux-h8-devel@lists.sourceforge.jp Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-21-keescook@chromium.org --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe01..6b1afc2f9b686 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -1,4 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 */ + +#define RO_EXCEPTION_TABLE_ALIGN 16 + #include #include #include @@ -37,7 +40,6 @@ SECTIONS #endif _etext = . ; } - EXCEPTION_TABLE(16) RO_DATA(4) ROMEND = .; #if defined(CONFIG_ROMKERNEL) From 9b30e704dd0d9ef9d99c7f88712318840cc8a338 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:43 -0700 Subject: [PATCH 22/31] ia64: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Fenghua Yu Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Tony Luck Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-22-keescook@chromium.org --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 11d5115bc44d2..1ec6b703c5b4f 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S @@ -6,6 +6,7 @@ #include #define EMITS_PT_NOTE +#define RO_EXCEPTION_TABLE_ALIGN 16 #include @@ -70,7 +71,6 @@ SECTIONS { /* * Read-only data */ - EXCEPTION_TABLE(16) /* MCA table */ . = ALIGN(16); From 3bda6f37a7949c803b84cf27e11a3995d900a179 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:44 -0700 Subject: [PATCH 23/31] microblaze: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-23-keescook@chromium.org --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index b8efb08204a17..760cac41cbfe3 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -11,6 +11,8 @@ OUTPUT_ARCH(microblaze) ENTRY(microblaze_start) +#define RO_EXCEPTION_TABLE_ALIGN 16 + #include #include #include @@ -52,7 +54,6 @@ SECTIONS { . = ALIGN(16); RO_DATA(4096) - EXCEPTION_TABLE(16) /* * sdata2 section can go anywhere, but must be word aligned From 6e85e23ef2d004def8e1acd36eb155411499b7cc Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:45 -0700 Subject: [PATCH 24/31] parisc: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Helge Deller Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-parisc@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Sven Schnelle Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-24-keescook@chromium.org --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e45..53e29d88f99c9 100644 --- a/arch/parisc/kernel/vmlinux.lds.S +++ b/arch/parisc/kernel/vmlinux.lds.S @@ -19,6 +19,7 @@ *(.data..vm0.pte) #define CC_USING_PATCHABLE_FUNCTION_ENTRY +#define RO_EXCEPTION_TABLE_ALIGN 8 #include @@ -129,9 +130,6 @@ SECTIONS RO_DATA(8) - /* RO because of BUILDTIME_EXTABLE_SORT */ - EXCEPTION_TABLE(8) - /* unwind info */ .PARISC.unwind : { __start___unwind = .; From 4e9e559a0385930649c1c9cad703d475ee030206 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:46 -0700 Subject: [PATCH 25/31] powerpc: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-25-keescook@chromium.org --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8bf..8834220036a51 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -7,6 +7,7 @@ #define BSS_FIRST_SECTIONS *(.bss.prominit) #define EMITS_PT_NOTE +#define RO_EXCEPTION_TABLE_ALIGN 0 #include #include @@ -162,7 +163,6 @@ SECTIONS __stop__btb_flush_fixup = .; } #endif - EXCEPTION_TABLE(0) /* * Init sections discarded at runtime From 94174c9b71c62a0e1a4364c2594e1422ba8fffcd Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:47 -0700 Subject: [PATCH 26/31] xtensa: Move EXCEPTION_TABLE to RO_DATA segment Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Max Filippov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Chris Zankel Cc: Dave Hansen Cc: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: linux-xtensa@linux-xtensa.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-26-keescook@chromium.org --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c18..0043d5858f14f 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -14,6 +14,8 @@ * Joe Taylor */ +#define RO_EXCEPTION_TABLE_ALIGN 16 + #include #include #include @@ -130,7 +132,6 @@ SECTIONS .fixup : { *(.fixup) } - EXCEPTION_TABLE(16) /* Data section */ _sdata = .; From 2d0004d19829c84aaf2c7d48b5e2892d548970b6 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:48 -0700 Subject: [PATCH 27/31] x86/mm: Remove redundant address-of operators on addresses The &s on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Peter Zijlstra Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-27-keescook@chromium.org --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da7..e67ddca8b7a84 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1300,9 +1300,9 @@ void mark_rodata_ro(void) { unsigned long start = PFN_ALIGN(_text); unsigned long rodata_start = PFN_ALIGN(__start_rodata); - unsigned long end = (unsigned long) &__end_rodata_hpage_align; - unsigned long text_end = PFN_ALIGN(&_etext); - unsigned long rodata_end = PFN_ALIGN(&__end_rodata); + unsigned long end = (unsigned long)__end_rodata_hpage_align; + unsigned long text_end = PFN_ALIGN(_etext); + unsigned long rodata_end = PFN_ALIGN(__end_rodata); unsigned long all_end; printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", From 5494c3a6a0b965906ffdcb620d94079ea4cb69ea Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:49 -0700 Subject: [PATCH 28/31] x86/mm: Report which part of kernel image is freed The memory freeing report wasn't very useful for figuring out which parts of the kernel image were being freed. Add the details for clearer reporting in dmesg. Before: Freeing unused kernel image memory: 1348K Write protecting the kernel read-only data: 20480k Freeing unused kernel image memory: 2040K Freeing unused kernel image memory: 172K After: Freeing unused kernel image (initmem) memory: 1348K Write protecting the kernel read-only data: 20480k Freeing unused kernel image (text/rodata gap) memory: 2040K Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Peter Zijlstra Cc: Rick Edgecombe Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-28-keescook@chromium.org --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 ++++---- arch/x86/mm/init_64.c | 6 ++++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 6e0a3b43d027a..790f250d39a89 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -958,7 +958,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves) extern unsigned long arch_align_stack(unsigned long sp); void free_init_pages(const char *what, unsigned long begin, unsigned long end); -extern void free_kernel_image_pages(void *begin, void *end); +extern void free_kernel_image_pages(const char *what, void *begin, void *end); void default_idle(void); #ifdef CONFIG_XEN diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index fd10d91a61152..e7bb483557c9f 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -829,14 +829,13 @@ void free_init_pages(const char *what, unsigned long begin, unsigned long end) * used for the kernel image only. free_init_pages() will do the * right thing for either kind of address. */ -void free_kernel_image_pages(void *begin, void *end) +void free_kernel_image_pages(const char *what, void *begin, void *end) { unsigned long begin_ul = (unsigned long)begin; unsigned long end_ul = (unsigned long)end; unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT; - - free_init_pages("unused kernel image", begin_ul, end_ul); + free_init_pages(what, begin_ul, end_ul); /* * PTI maps some of the kernel into userspace. For performance, @@ -865,7 +864,8 @@ void __ref free_initmem(void) mem_encrypt_free_decrypted_mem(); - free_kernel_image_pages(&__init_begin, &__init_end); + free_kernel_image_pages("unused kernel image (initmem)", + &__init_begin, &__init_end); } #ifdef CONFIG_BLK_DEV_INITRD diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index e67ddca8b7a84..dcb9bc961b39c 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1334,8 +1334,10 @@ void mark_rodata_ro(void) set_memory_ro(start, (end-start) >> PAGE_SHIFT); #endif - free_kernel_image_pages((void *)text_end, (void *)rodata_start); - free_kernel_image_pages((void *)rodata_end, (void *)_sdata); + free_kernel_image_pages("unused kernel image (text/rodata gap)", + (void *)text_end, (void *)rodata_start); + free_kernel_image_pages("unused kernel image (rodata/data gap)", + (void *)rodata_end, (void *)_sdata); debug_checkwx(); } From a329975491aafcb1fb6e2fad0de22cae5c16154f Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:50 -0700 Subject: [PATCH 29/31] x86/mm: Report actual image regions in /proc/iomem The resource reservations in /proc/iomem made for the kernel image did not reflect the gaps between text, rodata, and data. Add the "rodata" resource and update the start/end calculations to match the respective calls to free_kernel_image_pages(). Before (booted with "nokaslr" for easier comparison): 00100000-bffd9fff : System RAM 01000000-01e011d0 : Kernel code 01e011d1-025619bf : Kernel data 02a95000-035fffff : Kernel bss After: 00100000-bffd9fff : System RAM 01000000-01e011d0 : Kernel code 02000000-023d4fff : Kernel rodata 02400000-025619ff : Kernel data 02a95000-035fffff : Kernel bss Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Dave Young Cc: David Howells Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Juergen Gross Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Robert Richter Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Thomas Lendacky Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-29-keescook@chromium.org --- arch/x86/kernel/setup.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 77ea96b794bd1..591e885a852e5 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -143,6 +143,13 @@ struct boot_params boot_params; /* * Machine setup.. */ +static struct resource rodata_resource = { + .name = "Kernel rodata", + .start = 0, + .end = 0, + .flags = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM +}; + static struct resource data_resource = { .name = "Kernel data", .start = 0, @@ -951,7 +958,9 @@ void __init setup_arch(char **cmdline_p) code_resource.start = __pa_symbol(_text); code_resource.end = __pa_symbol(_etext)-1; - data_resource.start = __pa_symbol(_etext); + rodata_resource.start = __pa_symbol(__start_rodata); + rodata_resource.end = __pa_symbol(__end_rodata)-1; + data_resource.start = __pa_symbol(_sdata); data_resource.end = __pa_symbol(_edata)-1; bss_resource.start = __pa_symbol(__bss_start); bss_resource.end = __pa_symbol(__bss_stop)-1; @@ -1040,6 +1049,7 @@ void __init setup_arch(char **cmdline_p) /* after parse_early_param, so could debug it */ insert_resource(&iomem_resource, &code_resource); + insert_resource(&iomem_resource, &rodata_resource); insert_resource(&iomem_resource, &data_resource); insert_resource(&iomem_resource, &bss_resource); From 7705dc8557973d8ad8f10840f61d8ec805695e9e Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 29 Oct 2019 14:13:51 -0700 Subject: [PATCH 30/31] x86/vmlinux: Use INT3 instead of NOP for linker fill bytes Instead of using 0x90 (NOP) to fill bytes between functions, which makes it easier to sloppily target functions in function pointer overwrite attacks, fill with 0xCC (INT3) to force a trap. Also drop the space between "=" and the value to better match the binutils documentation https://sourceware.org/binutils/docs/ld/Output-Section-Fill.html#Output-Section-Fill Example "objdump -d" before: ... ffffffff810001e0 : ffffffff810001e0: 48 8b 25 e1 b1 51 01 mov 0x151b1e1(%rip),%rsp # ffffffff8251b3c8 ffffffff810001e7: e9 d5 fe ff ff jmpq ffffffff810000c1 ffffffff810001ec: 90 nop ffffffff810001ed: 90 nop ffffffff810001ee: 90 nop ffffffff810001ef: 90 nop ffffffff810001f0 <__startup_64>: ... After: ... ffffffff810001e0 : ffffffff810001e0: 48 8b 25 41 79 53 01 mov 0x1537941(%rip),%rsp # ffffffff82537b28 ffffffff810001e7: e9 d5 fe ff ff jmpq ffffffff810000c1 ffffffff810001ec: cc int3 ffffffff810001ed: cc int3 ffffffff810001ee: cc int3 ffffffff810001ef: cc int3 ffffffff810001f0 <__startup_64>: ... Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Dave Hansen Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: linux-alpha@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: linux-c6x-dev@linux-c6x.org Cc: linux-ia64@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Michael Ellerman Cc: Michal Simek Cc: Rick Edgecombe Cc: Ross Zwisler Cc: Segher Boessenkool Cc: Thomas Gleixner Cc: Thomas Lendacky Cc: Will Deacon Cc: x86-ml Cc: Yoshinori Sato Link: https://lkml.kernel.org/r/20191029211351.13243-30-keescook@chromium.org --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index b06d6e1188deb..3a1a819da1376 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -144,7 +144,7 @@ SECTIONS *(.text.__x86.indirect_thunk) __indirect_thunk_end = .; #endif - } :text = 0x9090 + } :text =0xcccc /* End of text section, which should occupy whole number of pages */ _etext = .; From de7156689d69e9861d9ddc54a9dea623c25020c5 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Mon, 11 Nov 2019 09:22:00 -0800 Subject: [PATCH 31/31] m68k: Convert missed RODATA to RO_DATA I missed two instances of the old RODATA macro (seems I was searching for vmlinux.lds* not vmlinux*lds*). Fix both instances and double-check the entire tree for other "RODATA" instances in linker scripts. Fixes: c82318254d15 ("vmlinux.lds.h: Replace RODATA with RO_DATA") Reported-by: Geert Uytterhoeven Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Acked-by: Geert Uytterhoeven Cc: Heiko Carstens Cc: linux-m68k@lists.linux-m68k.org Cc: Sam Creasey Link: https://lkml.kernel.org/r/201911110920.5840E9AF1@keescook --- arch/m68k/kernel/vmlinux-std.lds | 2 +- arch/m68k/kernel/vmlinux-sun3.lds | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/m68k/kernel/vmlinux-std.lds b/arch/m68k/kernel/vmlinux-std.lds index 6e7eb49ed985e..4d33da4e71060 100644 --- a/arch/m68k/kernel/vmlinux-std.lds +++ b/arch/m68k/kernel/vmlinux-std.lds @@ -31,7 +31,7 @@ SECTIONS _sdata = .; /* Start of data section */ - RODATA + RO_DATA(4096) RW_DATA(16, PAGE_SIZE, THREAD_SIZE) diff --git a/arch/m68k/kernel/vmlinux-sun3.lds b/arch/m68k/kernel/vmlinux-sun3.lds index 1a0ad6b6dd8c3..87d9f4d08f655 100644 --- a/arch/m68k/kernel/vmlinux-sun3.lds +++ b/arch/m68k/kernel/vmlinux-sun3.lds @@ -24,7 +24,7 @@ SECTIONS *(.fixup) *(.gnu.warning) } :text = 0x4e75 - RODATA + RO_DATA(4096) _etext = .; /* End of text section */