On Tue, Mar 17, 2020 at 4:01 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Tue, Mar 17, 2020 at 09:56:14PM +0000, Will Deacon wrote: > > On Thu, Feb 27, 2020 at 04:22:42PM -0800, Kees Cook wrote: > > > We don't want to depend on the linker's orphan section placement > > > heuristics as these can vary between linkers, and may change between > > > versions. All sections need to be explicitly named in the linker > > > script. > > > > > > Explicitly include debug sections when they're present. Add .eh_frame* > > > to discard as it seems that these are still generated even though > > > -fno-asynchronous-unwind-tables is being specified. Add .plt and > > > .data.rel.ro to discards as they are not actually used. Add .got.plt > > > to the image as it does appear to be mapped near .data. Finally enable > > > orphan section warnings. > > > > Hmm, I don't understand what .got.plt is doing here. Please can you > > elaborate? > > I didn't track it down, but it seems to have been present (and merged > into the kernel .data) for a while now. I can try to track this down if > you want? Yes, the presence of a procedure linkage table makes sense for symbol interposition and lazy binding in userspace executables with runtime shared object loading support, but not so much the kernel, I would think. (Though someone did just recently ask me if loadable kernel modules could interpose weakly defined symbols in the kernel, and if so what happens on unload. I have no idea and suspect kernel modules cannot do that, but I have looked into the kernel's runtime relocation support.) -- Thanks, ~Nick Desaulniers
