On Tue, Sep 01, 2020 at 10:16:47AM +0200, Ingo Molnar wrote: > > * Ingo Molnar <mingo@xxxxxxxxxx> wrote: > > > > > * Ingo Molnar <mingo@xxxxxxxxxx> wrote: > > > > > > > > * Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > > > > On Fri, Aug 21, 2020 at 12:42:41PM -0700, Kees Cook wrote: > > > > > Hi Ingo, > > > > > > > > > > Based on my testing, this is ready to go. I've reviewed the feedback on > > > > > v5 and made a few small changes, noted below. > > > > > > > > If no one objects, I'll pop this into my tree for -next. I'd prefer it > > > > go via -tip though! :) > > > > > > > > Thanks! > > > > > > I'll pick it up today, it all looks very good now! > > > > One thing I found in testing is that it doesn't handler older LD > > versions well enough: > > > > ld: unrecognized option '--orphan-handling=warn' Oh! Uhm, yikes. Thanks for noticing this. > > Could we just detect the availability of this flag, and emit a warning > > if it doesn't exist but otherwise not abort the build? Yeah, I'll respin those patches. > > This is with: > > > > GNU ld version 2.25-17.fc23 (At best, this is from 2015 ... but yes, min binutils in 2.23.) > > I've resolved this for now by not applying the 5 patches that add the > actual orphan section warnings: > > arm64/build: Warn on orphan section placement > arm/build: Warn on orphan section placement > arm/boot: Warn on orphan section placement > x86/build: Warn on orphan section placement > x86/boot/compressed: Warn on orphan section placement > > The new asserts plus the actual fixes/enhancements are enough changes > to test for now in any case. :-) Yup! I'll respin the enabling patches. Thanks again! -- Kees Cook
