On Fri, Sep 03, 2021 at 09:09:03PM -0700, Josh Poimboeuf wrote:
> On Fri, Sep 03, 2021 at 09:38:42AM -0700, Kees Cook wrote:
> > On Thu, Sep 02, 2021 at 11:49:51PM -0700, Josh Poimboeuf wrote:
> > > On Wed, Sep 01, 2021 at 04:37:56PM -0700, Kees Cook wrote:
> > > > Instead of open-coding the section names, use a list for the sections that
> > > > need to be marked read-only after init. Unfortunately, it seems we can't
> > > > do normal section merging with scripts/module.lds.S as ld.bfd doesn't
> > > > correctly update symbol tables. For more details, see commit 6a3193cdd5e5
> > > > ("kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG
> > > > is enabled").
> > >
> > > I'm missing what this has to do with section merging. Can you connect
> > > the dots here, i.e. what sections would we want to merge and how would
> > > that help here?
> >
> > Right, sorry, if ld.bfd didn't have this issue, we could use section
> > merging in the module.lds.S file the way we do in vmlinux.lds:
> >
> > #ifndef RO_AFTER_INIT_DATA
> > #define RO_AFTER_INIT_DATA \
> > . = ALIGN(8); \
> > __start_ro_after_init = .; \
> > *(.data..ro_after_init) \
> > JUMP_TABLE_DATA \
> > STATIC_CALL_DATA \
> > __end_ro_after_init = .;
> > #endif
> > ...
> > . = ALIGN((align)); \
> > .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
> > __start_rodata = .; \
> > *(.rodata) *(.rodata.*) \
> > SCHED_DATA \
> > RO_AFTER_INIT_DATA /* Read only after init */ \
> > . = ALIGN(8); \
> > __start___tracepoints_ptrs = .; \
> > KEEP(*(__tracepoints_ptrs)) /* Tracepoints: pointer array */ \
> > __stop___tracepoints_ptrs = .; \
> > *(__tracepoints_strings)/* Tracepoints: strings */ \
> > } \
> >
> > Then jump_table and static_call sections could be collected into a
> > new section, as the module loader would only need to look for that
> > single name.
>
> Hm, that could be a really nice way to converge things for vmlinux and
> module linking.
Agreed! I had really wanted to do more of this, but was stumped by the
weird symbol behavior.
> After some digging, 6a3193cdd5e5 isn't necessarily a linker bug. It may
> be some kind of undefined behavior when the section address isn't
> specified. If you just explicitly set the section address to zero then
> the "bug" goes away.
Well that's a nice find! I'll play more with this to see if I can make a
cleaner solution.
Thanks!
-Kees
>
> diff --git a/scripts/module.lds.S b/scripts/module.lds.S
> index 04c5685c25cf..80b09b7d405c 100644
> --- a/scripts/module.lds.S
> +++ b/scripts/module.lds.S
> @@ -30,23 +30,22 @@ SECTIONS {
>
> __patchable_function_entries : { *(__patchable_function_entries) }
>
> -#ifdef CONFIG_LTO_CLANG
> /*
> * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
> * -ffunction-sections, which increases the size of the final module.
> * Merge the split sections in the final binary.
> */
> - .bss : {
> + .bss 0 : {
> *(.bss .bss.[0-9a-zA-Z_]*)
> *(.bss..L*)
> }
>
> - .data : {
> + .data 0 : {
> *(.data .data.[0-9a-zA-Z_]*)
> *(.data..L*)
> }
>
> - .rodata : {
> + .rodata 0 : {
> *(.rodata .rodata.[0-9a-zA-Z_]*)
> *(.rodata..L*)
> }
> @@ -55,11 +54,10 @@ SECTIONS {
> * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning
> * of the .text section, and is aligned to PAGE_SIZE.
> */
> - .text : ALIGN_CFI {
> + .text 0 : ALIGN_CFI {
> *(.text.__cfi_check)
> *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*)
> }
> -#endif
> }
>
> /* bring in arch-specific sections */
>
--
Kees Cook
