| Message ID | 686f40eb9c83f9b5e4deba7bfb6cc9c0626d310c.1668958803.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2138736wrr;
Tue, 22 Nov 2022 03:17:46 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf5PNb2uPRLw5+hawnJQg6N4DMDIMs+fDaXO+DWDZJmJEhWfgr5729i8uDx4R4zUiMbD93Oy
X-Received: by 2002:a17:906:cb90:b0:772:e95f:cdce with SMTP id
mf16-20020a170906cb9000b00772e95fcdcemr19586568ejb.78.1669115866159;
Tue, 22 Nov 2022 03:17:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669115866; cv=none;
d=google.com; s=arc-20160816;
b=ldw576bYG1Et5QR7qaC6hWF5y+EEKXV5CkDOHddWYqmQ5AJGXv4cyrwig3zgs5i0gI
2Y8OLru3sz7Fx9/fERopjm78CW8jD8o2b4ak9GbCQXAhvq9d7na8TBMFqYJd0EHzntwZ
O2Fo2+sPAGi+9B/iEeh1LAtVLUaGkyKolpv5iDpvjgI8CYHTbUG9TVqVqQIsvP7UY3TW
EzWn/m2NayJQGK68RYFZXO4iREmdwak3xIcFuDRNKre/qjKhb6Q6GEV/yAWl9S6OujYZ
r79/vem8CEYMLy9+WualAEfA8wc4Vwq8VhaJIa1ebDiKArZi144TkckLiGaUzdzsBR7P
3A5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=zJyjXdeGncN0/sCqkQ6LWnTu+HAOR00PivwRmGI/62E=;
b=fAnIJFGPjsV5KkYD7FjkWkMTVsSeNB3C+Akc9Hh8ByZVZt1UZACwK+a7HCl8ZMAvUm
oE2jVix3miqorM46sSU+tRXDt4lsZKerffBQBu4uzT1IPF/afp5LUVV/W/8eeMADudOf
k9Upr40pmmAu9PEDdLzZfkZQKh+UMVSHbGAEMCqDQTFYn5ZwVf5X8X8N2p9CF/D5TvVb
UVK1yQKjxHymcDgLjS44UTnK72+Q/wPWBruAZ5Z5NQ6Zdhg3+JD4nBosS/QdOtWSaYsK
VLrZ+IfFfMihy9GwTaP4DFB56Z0qRxHHtEP4oPFMFTvf3kebPX7OQY54ozmq8fIueW33
XVtA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=XOkIZdYO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
z10-20020a05640235ca00b004618cd22f7bsi12448707edc.142.2022.11.22.03.17.21;
Tue, 22 Nov 2022 03:17:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=XOkIZdYO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233240AbiKVLNX (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
Tue, 22 Nov 2022 06:13:23 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58972 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233013AbiKVLMt (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 22 Nov 2022 06:12:49 -0500
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F354A4;
Tue, 22 Nov 2022 03:12:48 -0800 (PST)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id 0491940737C3;
Tue, 22 Nov 2022 11:12:42 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 0491940737C3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1669115562;
bh=zJyjXdeGncN0/sCqkQ6LWnTu+HAOR00PivwRmGI/62E=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=XOkIZdYOveVvoUdyG5wJ1ub0mdhP43FQ/wnUmCYA90XpAOfHLev5q4XWjd+mmHXnX
RvZZEsePoUe5/5lNRDYmdrM0J2lSA2lqxwSv0C5tolDpC9/FjmGGXfpF1KrlTUUqh/
XXcfH0sglQeGoz6jxe4vQk2uu/eZ6L8XQG+M+5PM=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
"Limonciello, Mario" <mario.limonciello@amd.com>,
joeyli <jlee@suse.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v3 07/24] x86/build: Check W^X of vmlinux during build
Date: Tue, 22 Nov 2022 14:12:16 +0300
Message-Id:
<686f40eb9c83f9b5e4deba7bfb6cc9c0626d310c.1668958803.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <cover.1668958803.git.baskov@ispras.ru>
References: <cover.1668958803.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750194838530457081?=
X-GMAIL-MSGID: =?utf-8?q?1750194838530457081?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
Nov. 22, 2022, 11:12 a.m. UTC
Check if there are simultaneously writable and executable program segments in vmlinux ELF image and fail build if there are any. This would prevent accidental introduction of RWX segments. Tested-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> --- arch/x86/boot/compressed/Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 3a261abb6d15..64de6c2b1740 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -112,11 +112,17 @@ vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a +quiet_cmd_wx_check = WXCHK $< +cmd_wx_check = if $(OBJDUMP) -p $< | grep "flags .wx" > /dev/null; \ + then (echo >&2 "$<: Simultaneously writable and executable sections are prohibited"; \ + /bin/false); fi + $(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S $(obj)/vmlinux.bin: vmlinux FORCE + $(call cmd,wx_check) $(call if_changed,objcopy) targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs