On 28 December 2017 at 12:05, Ingo Molnar <mingo@xxxxxxxxxx> wrote: > > * Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > >> Annoyingly, we need this because there is a single instance of a >> special section that ends up in the EFI stub code: we build lib/sort.c >> again as a EFI libstub object, and given that sort() is exported, we >> end up with a ksymtab section in the EFI stub. The sort() thing has >> caused issues before [0], so perhaps I should just clone sort.c into >> drivers/firmware/efi/libstub and get rid of that hack. >> >> [0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=29f9007b3182ab3f328a31da13e6b1c9072f7a95 > > If the root problem is early bootstrap code randomly using generic facility that > isn't __init, then we should definitely improve tooling to at least detect these > problems. > > As bootstrap code gets improved (KASLR, more complex decompression, etc. etc.) we > keep using new bits of generic facilities... > > So this should definitely not be hidden by open coding that function (which has > various other disadvantages as well), but should be turned from silent breakage > either into non-breakage (and do so not only for sort() but for other generic > functions as well), or should be turned into a build failure. > We already have safeguards in place to ensure that the arm64 EFI stub (which is essentially the same executable as the kernel proper) only pulls in code that has been made available to it explicitly. That is why sort.c is recompiled for the EFI stub, as well as all other C code that is shared between the stub and the kernel. We also have a build time check to ensure that the resulting code does not rely on absolute symbol references, which will be invalid in the UEFI execution context. So the only problem is that unneeded ksymtab/kcrctab sections, which affected ARM for obscure reasons; typically, they just take up some space. On x86, the kaslr code deals with a similar issue by #define'ing _LINUX_EXPORT_H before including linux/export.h, which also gets rid of these sections, but I was a bit reluctant to copy that pattern. Perhaps we should enhance linux/export.h for reasons such as these by adding a macro that nops out EXPORT_SYMBOL() declarations?