| Message ID | 79fbb728535596eea7b429fc3ed39adc3c775c8a.1678785672.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1671934wrd;
Tue, 14 Mar 2023 03:21:13 -0700 (PDT)
X-Google-Smtp-Source:
AK7set+a3VUcbuGKA9/5j/wXma4bHUxY4gQDRIDgNjS23irnOPopzAeNMPGWue+WBoyWxPY6l1zl
X-Received: by 2002:a17:902:d2c7:b0:19e:8bfe:7d70 with SMTP id
n7-20020a170902d2c700b0019e8bfe7d70mr47101412plc.52.1678789273353;
Tue, 14 Mar 2023 03:21:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1678789273; cv=none;
d=google.com; s=arc-20160816;
b=x/IcsqrDciWVAxL3BNF3O60vHVeqO6JPYG2ZJUyk7JnayfBMly9t1OKKX1/k1tVVwd
1sUSz5VY+ozi6pcxAbTAPo/QS6Ukop+T8R2TznjPUBoao0mLXS2LBCeq4sGT3FrQyq/N
TjOc1714HzefeLsmO9c1DutdBNmzUFTHeeDHJ/vqfbOttJtc9Nw6ihvwoxk6ugApbWOJ
t13q96aGJ/2K0jNfiz2zyML4cmagSzZcfO32UIh3lvfTMVzQyZBKZB0QVqvVd1iyUONr
JRiL9NltoxfbHnprDjXv3ik+eZpCyOdPEcLJ2qgAzVvD3vopsge5Wa7vlg0YlVAc/YTe
RNbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=2TBk4UGNyfMdd8W/1cZbwwWp3e8vekyx8UYv/A/vm5c=;
b=e170Hf7al7JR3EXL3qSb2CH5mjM3/qJ5MAGJ6v4ETeWcOwKRNZ1aOqTGqFXHCxjAYQ
PuTtrx+iwoloBg4IQ5VsmPDy0POAtt5xJQm5oU21hVQyDjERNjk8pue8TmoNn1J7Ij52
J2tthSzixSqtnr4dSPQ5h65RiDuenUOi39ZkU+DW5b+dvGwIFL8ui7g1vYLbEX96Iizq
C7Im545I4j3HEPg7t77lM94LHMDVUB/UebzJZXeExlNnfmf8DQpka0mJTPqnLWcpmpiM
3/x5GVmpSRp/clhMJLhd3Aq4r1crpQnlblzRImpGjmqc73XT6C/S1iDDCOkFMLr57iZf
SC6g==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=n7Aqkk4P;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
ku7-20020a170903288700b001a056674883si2055188plb.497.2023.03.14.03.20.52;
Tue, 14 Mar 2023 03:21:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=n7Aqkk4P;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230509AbjCNKQ5 (ORCPT <rfc822;realc9580@gmail.com> + 99 others);
Tue, 14 Mar 2023 06:16:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40096 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230422AbjCNKQa (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 14 Mar 2023 06:16:30 -0400
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C36A62B50;
Tue, 14 Mar 2023 03:16:03 -0700 (PDT)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id 030A94076B4A;
Tue, 14 Mar 2023 10:16:02 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 030A94076B4A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1678788962;
bh=2TBk4UGNyfMdd8W/1cZbwwWp3e8vekyx8UYv/A/vm5c=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=n7Aqkk4PHxxjuE63bO4ZIRC9Y0AVo/LT7B+S7ULrj9n9YXFKMslgpX/pqQKSCFWBA
P/v4Um3LkciXoZZoy02NoCHPn62b/8Zj/4Pv/QsB5vENyGQ0e5TuBIYu2Uy0JeR+ov
2giwLsVCTjAUow1JZXXnhYFJ1SZyjHVmz4HIsd0I=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
"Limonciello, Mario" <mario.limonciello@amd.com>,
joeyli <jlee@suse.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v5 07/27] x86/build: Check W^X of vmlinux during build
Date: Tue, 14 Mar 2023 13:13:34 +0300
Message-Id:
<79fbb728535596eea7b429fc3ed39adc3c775c8a.1678785672.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <cover.1678785672.git.baskov@ispras.ru>
References: <cover.1678785672.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1760338140989827054?=
X-GMAIL-MSGID: =?utf-8?q?1760338140989827054?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
March 14, 2023, 10:13 a.m. UTC
Check if there are simultaneously writable and executable program segments in vmlinux ELF image and fail build if there are any. This would prevent accidental introduction of RWX segments. Tested-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> --- arch/x86/boot/compressed/Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 6b6cfe607bdb..0c6e25279ec1 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -112,12 +112,17 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a +quiet_cmd_objcopy_and_wx_check = $(quiet_cmd_objcopy) +cmd_objcopy_and_wx_check = if $(OBJDUMP) -p $< | grep "flags .wx" > /dev/null; then \ + (echo >&2 "$<: Simultaneously writable and executable sections are prohibited"; \ + /bin/false); else $(cmd_objcopy); fi + $(obj)/vmlinux: $(vmlinux-objs-y) FORCE $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S $(obj)/vmlinux.bin: vmlinux FORCE - $(call if_changed,objcopy) + $(call if_changed,objcopy_and_wx_check) targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs