subject:"Re\: \[kernel\-hardening\] Re\: Linker segfault on powerpc when CONFIG_LKDTM=y \(was Re\: \[kernel\-hardening\] \[PATCH 3\/5\] lkdtm\: add function for testing .rodata section\)"

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

2016-08-02 Thread Michael Ellerman

Kees Cook  writes:
> On Mon, Aug 1, 2016 at 8:12 PM, Michael Ellerman  wrote:
>> Kees Cook  writes:
>>> On Mon, Aug 1, 2016 at 5:37 AM, Michael Ellerman  
>>> wrote:

   scripts/link-vmlinux.sh: line 52: 36260 Segmentation fault  (core 
 dumped) ${LD} ${LDFLAGS} ${LDFLAGS_vmlinux} -o ${2} -T ${lds} 
 ${KBUILD_VMLINUX_INIT} --start-group ${KBUILD_VMLINUX_MAIN} --end-group 
 ${1}

 Haven't had a chance to debug it further.
...
>> Interestingly I *can't* reproduce with the Ubuntu x86->ppc cross
>> (5.4.0-6ubuntu1~16.04.1).
>
> Oh, weird. Well, that does explains my lack of hitting the problem,
> though: that's the cross compiler I was using. :P

Actually that was a false negative.

The trick is you have to have LKDTM=y *and* FUNCTION_TRACER=y.

It is a linker bug:

  https://sourceware.org/bugzilla/show_bug.cgi?id=20428

Which Alan has already fixed.

But we need to workaround existing linkers that are out there.

We can do that by marking lkdtm_rodata_do_nothing() notrace, which I
think makes sense for all arches actually.

So I'll send you a patch to do that.

cheers
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

2016-08-02 Thread Kees Cook

On Mon, Aug 1, 2016 at 8:12 PM, Michael Ellerman  wrote:
> Kees Cook  writes:
>
>> On Mon, Aug 1, 2016 at 5:37 AM, Michael Ellerman  wrote:
>>> Kees Cook  writes:
>>>
 This adds a function that lives in the .rodata section. The section
 flags are corrected using objcopy since there is no way with gcc to
 declare section flags in an architecture-agnostic way.

 Signed-off-by: Kees Cook 
 ---
  drivers/misc/Makefile   |  7 +++
  drivers/misc/lkdtm.h|  6 ++
  drivers/misc/lkdtm_core.c   | 24 +---
  drivers/misc/lkdtm_rodata.c | 10 ++
  4 files changed, 40 insertions(+), 7 deletions(-)
  create mode 100644 drivers/misc/lkdtm.h
  create mode 100644 drivers/misc/lkdtm_rodata.c
>>>
>>> This is blowing up my linker :(
>>>
>>>   scripts/link-vmlinux.sh: line 52: 36260 Segmentation fault  (core 
>>> dumped) ${LD} ${LDFLAGS} ${LDFLAGS_vmlinux} -o ${2} -T ${lds} 
>>> ${KBUILD_VMLINUX_INIT} --start-group ${KBUILD_VMLINUX_MAIN} --end-group ${1}
>>>
>>> Haven't had a chance to debug it further.
>>
>> Argh. Do you want a quick fix for this now? I can add a PPC CONFIG
>> blacklist for the rodata check, maybe?
>
> Nah that's OK, none of our defconfigs have it enabled so it's not a real
> blocker. It also builds OK as a module - though I haven't tested the
> result yet.

Okay, I'll leave it as is.

>> Also, what version of gcc? I'll see if I can reproduce this with a
>> cross compiler...
>
> The original hit was with gcc-5.3 (which is actually a x86->ppc cross):
>
>   http://kisskb.ellerman.id.au/kisskb/buildresult/12762730/
>
> But I can also reproduce with 5.4, and 6.1.0.
>
> Interestingly I *can't* reproduce with the Ubuntu x86->ppc cross
> (5.4.0-6ubuntu1~16.04.1).

Oh, weird. Well, that does explains my lack of hitting the problem,
though: that's the cross compiler I was using. :P

> Those toolchains are all using binutils 2.26 AFAIK.

I wonder if this is some gold vs bfd issue, or a specific bug that got
fixed in the Ubuntu tree but hasn't landed in 6.1 or 5.4 (??)

> Going back to a really old toolchain (gcc 4.6.3/binutils 2.22) it does
> build but I get these warnings:
>
>  powerpc64-linux-ld: drivers/misc/built-in.o: .opd is not a regular array of 
> opd entries
>  powerpc64-linux-ld: drivers/built-in.o: .opd is not a regular array of opd 
> entries

How strange. I wonder if there's some corner case of the objcopy that
is wrong...

> So probably don't worry about it and we'll try and work it out on our end.

Okay, sounds good.

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

2016-08-01 Thread Michael Ellerman

Kees Cook  writes:

> On Mon, Aug 1, 2016 at 5:37 AM, Michael Ellerman  wrote:
>> Kees Cook  writes:
>>
>>> This adds a function that lives in the .rodata section. The section
>>> flags are corrected using objcopy since there is no way with gcc to
>>> declare section flags in an architecture-agnostic way.
>>>
>>> Signed-off-by: Kees Cook 
>>> ---
>>>  drivers/misc/Makefile   |  7 +++
>>>  drivers/misc/lkdtm.h|  6 ++
>>>  drivers/misc/lkdtm_core.c   | 24 +---
>>>  drivers/misc/lkdtm_rodata.c | 10 ++
>>>  4 files changed, 40 insertions(+), 7 deletions(-)
>>>  create mode 100644 drivers/misc/lkdtm.h
>>>  create mode 100644 drivers/misc/lkdtm_rodata.c
>>
>> This is blowing up my linker :(
>>
>>   scripts/link-vmlinux.sh: line 52: 36260 Segmentation fault  (core 
>> dumped) ${LD} ${LDFLAGS} ${LDFLAGS_vmlinux} -o ${2} -T ${lds} 
>> ${KBUILD_VMLINUX_INIT} --start-group ${KBUILD_VMLINUX_MAIN} --end-group ${1}
>>
>> Haven't had a chance to debug it further.
>
> Argh. Do you want a quick fix for this now? I can add a PPC CONFIG
> blacklist for the rodata check, maybe?

Nah that's OK, none of our defconfigs have it enabled so it's not a real
blocker. It also builds OK as a module - though I haven't tested the
result yet.

> Also, what version of gcc? I'll see if I can reproduce this with a
> cross compiler...

The original hit was with gcc-5.3 (which is actually a x86->ppc cross):

  http://kisskb.ellerman.id.au/kisskb/buildresult/12762730/

But I can also reproduce with 5.4, and 6.1.0.

Interestingly I *can't* reproduce with the Ubuntu x86->ppc cross
(5.4.0-6ubuntu1~16.04.1).

Those toolchains are all using binutils 2.26 AFAIK.

Going back to a really old toolchain (gcc 4.6.3/binutils 2.22) it does
build but I get these warnings:

 powerpc64-linux-ld: drivers/misc/built-in.o: .opd is not a regular array of 
opd entries
 powerpc64-linux-ld: drivers/built-in.o: .opd is not a regular array of opd 
entries
 powerpc64-linux-ld: drivers/built-in.o: .opd is not a regular array of opd 
entries
 powerpc64-linux-ld: drivers/built-in.o: .opd is not a regular array of opd 
entries
 powerpc64-linux-ld: drivers/built-in.o: .opd is not a regular array of opd 
entries


So probably don't worry about it and we'll try and work it out on our end.

cheers
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

Re: [kernel-hardening] Re: Linker segfault on powerpc when CONFIG_LKDTM=y (was Re: [kernel-hardening] [PATCH 3/5] lkdtm: add function for testing .rodata section)

3 matches

Site Navigation

Mail list logo

Footer information