| Message ID | 84186fd75772b89be1984d6da0764a65cdef0c29.1666705333.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1032568wru;
Tue, 25 Oct 2022 07:14:31 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM4m/VRXluB1VITIOfQXleT5H0KI4QUgKGdlDVH2GfVvm5jUyfayCHXoUBfQR3lJ+EVKOHPn
X-Received: by 2002:a63:4182:0:b0:46f:1263:1f6 with SMTP id
o124-20020a634182000000b0046f126301f6mr8405188pga.611.1666707270801;
Tue, 25 Oct 2022 07:14:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666707270; cv=none;
d=google.com; s=arc-20160816;
b=bu9mVkKIzQOcTZURPkyK44UbwbYnksd0Mr/i37E0WtfVUDX0d70xDhH7BHlAJvZlbo
nT5aZBYEtIhJB0/d7nzD4OsgEdMXOh0A5q0jLk6bQgtj4drEmBnI7uqesrNE9bENq8Ff
vIz40j2Aj146HBgjirykW9ngACRzlA5se8BqXjmmoBpGNG1ERhTv+Iowan5MbFx/rHnx
7DL3xiVNgb9nQmXZgymV17gHj1KiFncikT/C3wmsbckBRfkODqeR+cSkCZ8/MFvvO7jK
j063IA8LfDQlLh8KMPvudRN/66ezKqVQd/Urz/HieiD2DJZuYck0JXvFyqUjNsCiyR+M
OLqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=4eVW1eJcsrjHfvua5xgjsd3gl1WJesFtv8uJ2bacg94=;
b=t6yvchW5WBn2JOfU92BrVMe7uGdSr8wb78YCAB3rIgjahV6Da7awVcg54lOAE8MP4b
TPVy2YeEGsRX8VUXJ12SsofeZ8Go0z7L3vjdqQ3TaBgERQ+75zlDXXHtnTMP56yvPKA5
t0KD2aDiVM3y61Mwx2bYhbpUYS0s4QM7vz74hxYYgPRIJy5pX06jQQD/F5V0YpQz2JKd
5rsL/KVIWC36WjZB80pDRg8PDx/zUi96Sd3xngZBX87YWQVtaOLvTuoLkjB5ix2XC0JY
qZg3cAHm64XJ8SMe8+FY5X9d4epT18xktK/x3UCFI8DwmSIwV6ETvfIz2q4FDQXhGDfM
nIBA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=rBX76ErH;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
v8-20020a634648000000b0046f13b06061si878686pgk.545.2022.10.25.07.14.15;
Tue, 25 Oct 2022 07:14:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=rBX76ErH;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232988AbiJYONt (ORCPT <rfc822;pwkd43@gmail.com> + 99 others);
Tue, 25 Oct 2022 10:13:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46194 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233016AbiJYONo (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 25 Oct 2022 10:13:44 -0400
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2994A98CD;
Tue, 25 Oct 2022 07:13:33 -0700 (PDT)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id 36DDE419E9F8;
Tue, 25 Oct 2022 14:13:32 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 36DDE419E9F8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1666707212;
bh=4eVW1eJcsrjHfvua5xgjsd3gl1WJesFtv8uJ2bacg94=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=rBX76ErHdSBb9NvE24qugxdvfpl7OBObs2qpDC0JnIVm51/gGJdWGo8Q/JjnoRaMX
fE1trKCitrGKWOyf6shizWHYbhJ7wrPMXgayRDhfyckm3NgtA8pEZT3n79LeHSLeh4
Qi8FMOclBpW78F8oMS9KJEKrSvasr2T0HQrRDr7k=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v2 07/23] x86/build: Check W^X of vmlinux during build
Date: Tue, 25 Oct 2022 17:12:45 +0300
Message-Id:
<84186fd75772b89be1984d6da0764a65cdef0c29.1666705333.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <cover.1666705333.git.baskov@ispras.ru>
References: <cover.1666705333.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1747669243501864389?=
X-GMAIL-MSGID: =?utf-8?q?1747669243501864389?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
Oct. 25, 2022, 2:12 p.m. UTC
Check if there are simultaneously writable and executable
program segments in vmlinux ELF image and fail build if there are any.
This would prevent accidental introduction of RWX segments.
Signed-off-by: Evgeniy Baskov <baskov@ispras.ru>
---
arch/x86/boot/compressed/Makefile | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 3a261abb6d15..64de6c2b1740 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -112,11 +112,17 @@ vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a +quiet_cmd_wx_check = WXCHK $< +cmd_wx_check = if $(OBJDUMP) -p $< | grep "flags .wx" > /dev/null; \ + then (echo >&2 "$<: Simultaneously writable and executable sections are prohibited"; \ + /bin/false); fi + $(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S $(obj)/vmlinux.bin: vmlinux FORCE + $(call cmd,wx_check) $(call if_changed,objcopy) targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs