On Thu, Mar 26, 2020 at 09:11:42PM +0100, Borislav Petkov wrote: > On Thu, Mar 26, 2020 at 12:30:20PM -0700, H.J. Lu wrote: > > In x86 kernel, .exit.text and .exit.data sections are discarded at > > runtime, not by linker. Add RUNTIME_DISCARD_EXIT to generic DISCARDS > > and define it in x86 kernel linker script to keep them. > > > > Signed-off-by: H.J. Lu <hjl.tools@xxxxxxxxx> > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > --- > > arch/x86/kernel/vmlinux.lds.S | 1 + > > include/asm-generic/vmlinux.lds.h | 10 ++++++++-- > > 2 files changed, 9 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S > > index e3296aa028fe..7206e1ac23dd 100644 > > --- a/arch/x86/kernel/vmlinux.lds.S > > +++ b/arch/x86/kernel/vmlinux.lds.S > > @@ -21,6 +21,7 @@ > > #define LOAD_OFFSET __START_KERNEL_map > > #endif > > > > +#define RUNTIME_DISCARD_EXIT > > #define EMITS_PT_NOTE > > #define RO_EXCEPTION_TABLE_ALIGN 16 > > > > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h > > index e00f41aa8ec4..6b943fb8c5fd 100644 > > --- a/include/asm-generic/vmlinux.lds.h > > +++ b/include/asm-generic/vmlinux.lds.h > > @@ -894,10 +894,16 @@ > > * section definitions so that such archs put those in earlier section > > * definitions. > > */ > > +#ifdef RUNTIME_DISCARD_EXIT > > +#define EXIT_DISCARDS > > +#else > > +#define EXIT_DISCARDS \ > > + EXIT_TEXT \ > > + EXIT_DATA > > +#endif > > /me goes back and reads the old thread on this... > > Kees, do you expect other arches to actually need this > RUNTIME_DISCARD_EXIT thing or was that a hypothetical thing? > > /me searches more... > > oh, there's a patchset from you > > https://lkml.kernel.org/r/20200228002244.15240-1-keescook@xxxxxxxxxxxx > > which already contains this patch *and* an ARM64 patch which defines > RUNTIME_DISCARD_EXIT so I'm guessing ARM64 wants to discard at runtime > too. Correct. > Which leaves the question why is H.J. sending that patch separate and > you carry it in a patchset about orphan section warning? Seems like it > wants to be in your patchset? I had needed the same clean up for the orphan section handling, and since it hadn't been picked up yet, I included it in my series. I'm still stuck addressing several review comments, so there's no reason to wait for me: I can easily rebase once these patches land somewhere. I'd be happy to see them in -tip. Thanks! -Kees -- Kees Cook
