From patchwork Tue Aug 23 01:08:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 1669172 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=XUg7LEbt; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20210112 header.b=iIN0B0+A; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MBWN049t8z1yYg for ; Tue, 23 Aug 2022 11:09:20 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version: Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=paHyp+PbMFhw9Xek/uno0yU5WjtmdVD6sBsy3XxCk38=; b=XUg 7LEbtyjfzBVWFdYxmtmyvStghNIrzV3+tsP9lTKyz522WZPK4gjmteSEQexF7iej2K6UmGn0a6t36 1/u0DSbrP/H5CG1GQTTNZ8UxDcOM0ui2VJL/w1KaQvwuEtXhz+GNhZIg6S1DAWFuum2KqGKwr6y0T EgcG8AgeOX1vTxJflhoxgvYevwxOm/Cx0MpPkij+8homUw8PnaJoTX6hlW7xxmVglZcfuNPRiBVsu cJJ2+p/zMSSfA8vltyDid9YkzWqhAfxKHHqtU91tgm6LgPbJYGWseWPJTECLQtmePNuoCEh4eLi43 Pm7jjeRUp7HSEbk05GxwatubDNMB1Jw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oQIPj-00H279-DP; Tue, 23 Aug 2022 01:09:07 +0000 Received: from mail-pj1-x104a.google.com ([2607:f8b0:4864:20::104a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oQIPg-00H21l-3n for linux-um@lists.infradead.org; Tue, 23 Aug 2022 01:09:05 +0000 Received: by mail-pj1-x104a.google.com with SMTP id l3-20020a17090aec0300b001fb0bedf2faso2307592pjy.8 for ; Mon, 22 Aug 2022 18:09:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:mime-version:message-id:date:from:to:cc; bh=M/JM19ZHtL1XTdax2o6PuALS08ie5QAbDLPLMfS+iXo=; b=iIN0B0+ASu+zORuo0inJfY9E/y+0i0ZJO6ydKUDztQDbYESqexW4Vn+bMswdRnogez tMpcCEvVmdAs5Eb0k+50Xmg466CjqAYl2+CzuBoaZ2w9HHWwteaJ7MicoxbMPiEl6MWP 0rXsg8fwxEU1awWFblUHsxs3UR2G6q3Mda0lQnrD6OS76APXSY7eHbv25JVkvOFsaFVe o8og1lBFwySLFvYdS149wu7S6VTeiZjuMRP3iIB0OHSP57j1qs3Y9f9VKrEl1LWCzFRm PoixhzArl6HgsS2iI16/rTdgqBMOL4b0nu0RTjv3/GPywnrMmw7UvzmlHqJn2dXcC7jF 2gIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:mime-version:message-id:date:x-gm-message-state :from:to:cc; bh=M/JM19ZHtL1XTdax2o6PuALS08ie5QAbDLPLMfS+iXo=; b=C9o6WyZQkL9B5aLQL6HPlJ/DT9awzYAXO3BTr7zng4J+4MVUooU3q4iPjAaZDwE4Ae QksLky6gpfLEIl/9ckjwfKuOmP2aZClzMEi94ntCzQNxET3bhrYihNheknuFAdZS4wJA Kw76Qgts90CrVoLe8bmIHJ72pAzWyUp84mErJ+i6CZmOK/Ii+d3gOT0XpuqnHDdo3W// iVWLTRn5uX+ibFKr/bGrbf/gnac1+e9hPA0CX0FdhNq/HqZoDdrQy/lQ+nWZv6pycpni LwUc83BSTPJktUWPgkVngeFldk12EFQ3NV2xpkYjBhFaFXcMK8Wv+PwuGFpQZfSINoj5 mDSA== X-Gm-Message-State: ACgBeo23xyJbaWRqckHVSu3wsoHYUpFqWP6RBOvzUQOXzDy503P8t7MB unN+USe364ozK48SSCYtiS9dekinow/pRg== X-Google-Smtp-Source: AA6agR6wH5XNsVgXV17MAXE+RE2KZb02sNclcB9HbmFS+v6H+hCamZxOwxGKSIdgmRw7okfWKlNl5bCElJvx3g== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:903:230e:b0:172:ccb3:f4de with SMTP id d14-20020a170903230e00b00172ccb3f4demr14574237plh.18.1661216940306; Mon, 22 Aug 2022 18:09:00 -0700 (PDT) Date: Tue, 23 Aug 2022 09:08:30 +0800 Message-Id: <20220823010830.2675419-1-davidgow@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH] arch: um: Mark the stack non-executable to fix a binutils warning From: David Gow To: Richard Weinberger , Anton Ivanov , Johannes Berg , Nick Desaulniers Cc: David Gow , Thomas Gleixner , Ingo Molnar , Dave Hansen , Linus Torvalds , Brendan Higgins , Daniel Latypov , linux-um@lists.infradead.org, linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com, x86@kernel.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220822_180904_189430_A00B27DF X-CRM114-Status: GOOD ( 12.17 ) X-Spam-Score: -7.7 (-------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Since binutils 2.39, ld will print a warning if any stack section is executable, which is the default for stack sections on files without a .note.GNU-stack section. This was fixed for x86 in commit ffcf9c5700e4 ("x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments"), but remained broken for UML, resulting in several warnings: Content analysis details: (-7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:104a listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-BeenThere: linux-um@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-um" Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Since binutils 2.39, ld will print a warning if any stack section is executable, which is the default for stack sections on files without a .note.GNU-stack section. This was fixed for x86 in commit ffcf9c5700e4 ("x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments"), but remained broken for UML, resulting in several warnings: /usr/bin/ld: warning: arch/x86/um/vdso/vdso.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: warning: .tmp_vmlinux.kallsyms1 has a LOAD segment with RWX permissions /usr/bin/ld: warning: .tmp_vmlinux.kallsyms1.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: warning: .tmp_vmlinux.kallsyms2 has a LOAD segment with RWX permissions /usr/bin/ld: warning: .tmp_vmlinux.kallsyms2.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: warning: vmlinux has a LOAD segment with RWX permissions Link both the VDSO and vmlinux with -z noexecstack, fixing the warnings about .note.GNU-stack sections. In addition, pass --no-warn-rwx-segments to dodge the remaining warnings about LOAD segments with RWX permissions in the kallsyms objects. (Note that this flag is apparently not available on lld, so hide it behind a test for BFD, which is what the x86 patch does.) Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ffcf9c5700e49c0aee42dcba9a12ba21338e8136 Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 Signed-off-by: David Gow Reviewed-by: Lukas Straub Tested-by: Lukas Straub Acked-by: Randy Dunlap # build-tested --- arch/um/Makefile | 9 ++++++++- arch/x86/um/vdso/Makefile | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/um/Makefile b/arch/um/Makefile index f2fe63bfd819..75d5c704b3a8 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -132,10 +132,17 @@ export LDS_ELF_FORMAT := $(ELF_FORMAT) # The wrappers will select whether using "malloc" or the kernel allocator. LINK_WRAPS = -Wl,--wrap,malloc -Wl,--wrap,free -Wl,--wrap,calloc +# Avoid binutils 2.39+ warnings by marking the stack non-executable and +# ignorning warnings for the kallsyms sections. +LINK_RWXSECTION = -Wl,-z,noexecstack +ifeq ($(CONFIG_LD_IS_BFD),y) +LINK_RWXSECTION += -Wl,--no-warn-rwx-segments +endif + LD_FLAGS_CMDLINE = $(foreach opt,$(KBUILD_LDFLAGS),-Wl,$(opt)) # Used by link-vmlinux.sh which has special support for um link -export CFLAGS_vmlinux := $(LINK-y) $(LINK_WRAPS) $(LD_FLAGS_CMDLINE) +export CFLAGS_vmlinux := $(LINK-y) $(LINK_WRAPS) $(LINK_RWXSECTION) $(LD_FLAGS_CMDLINE) # When cleaning we don't include .config, so we don't include # TT or skas makefiles and don't clean skas_ptregs.h. diff --git a/arch/x86/um/vdso/Makefile b/arch/x86/um/vdso/Makefile index 8c0396fd0e6f..6fbe97c52c99 100644 --- a/arch/x86/um/vdso/Makefile +++ b/arch/x86/um/vdso/Makefile @@ -65,7 +65,7 @@ quiet_cmd_vdso = VDSO $@ -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' -VDSO_LDFLAGS = -fPIC -shared -Wl,--hash-style=sysv +VDSO_LDFLAGS = -fPIC -shared -Wl,--hash-style=sysv -z noexecstack GCOV_PROFILE := n #