Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Oct 2017 16:15:10 -0700
From: Thomas Garnier <thgarnie@...gle.com>
To: "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc: Guenter Roeck <linux@...ck-us.net>, Nicholas Piggin <npiggin@...il.com>, 
	Herbert Xu <herbert@...dor.apana.org.au>, "David S . Miller" <davem@...emloft.net>, 
	Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>, 
	Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...hat.com>, 
	Arnd Bergmann <arnd@...db.de>, Kees Cook <keescook@...omium.org>, 
	Andrey Ryabinin <aryabinin@...tuozzo.com>, Matthias Kaehlcke <mka@...omium.org>, 
	Tom Lendacky <thomas.lendacky@....com>, Andy Lutomirski <luto@...nel.org>, 
	"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, Borislav Petkov <bp@...e.de>, 
	"Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, 
	Juergen Gross <jgross@...e.com>, Chris Wright <chrisw@...s-sol.org>, 
	Alok Kataria <akataria@...are.com>, Rusty Russell <rusty@...tcorp.com.au>, Tejun Heo <tj@...nel.org>, 
	Christoph Lameter <cl@...ux.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, 
	Paul Gortmaker <paul.gortmaker@...driver.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	Alexey Dobriyan <adobriyan@...il.com>, "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>, 
	Nicolas Pitre <nicolas.pitre@...aro.org>, Borislav Petkov <bp@...en8.de>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Christopher Li <sparse@...isli.org>, 
	Steven Rostedt <rostedt@...dmis.org>, Jason Baron <jbaron@...mai.com>, 
	Mika Westerberg <mika.westerberg@...ux.intel.com>, Dou Liyang <douly.fnst@...fujitsu.com>, 
	"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>, Lukas Wunner <lukas@...ner.de>, 
	Masahiro Yamada <yamada.masahiro@...ionext.com>, Alexei Starovoitov <ast@...nel.org>, 
	Daniel Borkmann <daniel@...earbox.net>, Markus Trippelsdorf <markus@...ppelsdorf.de>, 
	Paolo Bonzini <pbonzini@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, 
	Joerg Roedel <joro@...tes.org>, Rik van Riel <riel@...hat.com>, David Howells <dhowells@...hat.com>, 
	Ard Biesheuvel <ard.biesheuvel@...aro.org>, Waiman Long <longman@...hat.com>, 
	Kyle Huey <me@...ehuey.com>, Jonathan Corbet <corbet@....net>, Michal Hocko <mhocko@...e.com>, 
	Peter Foley <pefoley2@...oley.com>, Paul Bolle <pebolle@...cali.nl>, Jiri Kosina <jkosina@...e.cz>, 
	"H . J . Lu" <hjl.tools@...il.com>, Rob Landley <rob@...dley.net>, Baoquan He <bhe@...hat.com>, 
	Jan H . Schönherr <jschoenh@...zon.de>, 
	Daniel Micay <danielmicay@...il.com>, "the arch/x86 maintainers" <x86@...nel.org>, 
	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, 
	Linux PM list <linux-pm@...r.kernel.org>, virtualization@...ts.linux-foundation.org, 
	xen-devel <xen-devel@...ts.xenproject.org>, linux-arch <linux-arch@...r.kernel.org>, 
	Sparse Mailing-list <linux-sparse@...r.kernel.org>, kvm list <kvm@...r.kernel.org>, 
	linux-doc@...r.kernel.org, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v1 15/27] compiler: Option to default to hidden symbols

On Thu, Oct 12, 2017 at 1:02 PM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
> On Wed, Oct 11, 2017 at 01:30:15PM -0700, Thomas Garnier wrote:
>> Provide an option to default visibility to hidden except for key
>> symbols. This option is disabled by default and will be used by x86_64
>> PIE support to remove errors between compilation units.
>>
>> The default visibility is also enabled for external symbols that are
>> compared as they maybe equals (start/end of sections). In this case,
>> older versions of GCC will remove the comparison if the symbols are
>> hidden. This issue exists at least on gcc 4.9 and before.
>>
>> Signed-off-by: Thomas Garnier <thgarnie@...gle.com>
>
> <-- snip -->
>
>> diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
>> index 86e8f0b2537b..8f021783a929 100644
>> --- a/arch/x86/kernel/cpu/microcode/core.c
>> +++ b/arch/x86/kernel/cpu/microcode/core.c
>> @@ -144,8 +144,8 @@ static bool __init check_loader_disabled_bsp(void)
>>       return *res;
>>  }
>>
>> -extern struct builtin_fw __start_builtin_fw[];
>> -extern struct builtin_fw __end_builtin_fw[];
>> +extern struct builtin_fw __start_builtin_fw[] __default_visibility;
>> +extern struct builtin_fw __end_builtin_fw[] __default_visibility;
>>
>>  bool get_builtin_firmware(struct cpio_data *cd, const char *name)
>>  {
>
> <-- snip -->
>
>> diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
>> index e5da44eddd2f..1aa5d6dac9e1 100644
>> --- a/include/asm-generic/sections.h
>> +++ b/include/asm-generic/sections.h
>> @@ -30,6 +30,9 @@
>>   *   __irqentry_text_start, __irqentry_text_end
>>   *   __softirqentry_text_start, __softirqentry_text_end
>>   */
>> +#ifdef CONFIG_DEFAULT_HIDDEN
>> +#pragma GCC visibility push(default)
>> +#endif
>>  extern char _text[], _stext[], _etext[];
>>  extern char _data[], _sdata[], _edata[];
>>  extern char __bss_start[], __bss_stop[];
>> @@ -46,6 +49,9 @@ extern char __softirqentry_text_start[], __softirqentry_text_end[];
>>
>>  /* Start and end of .ctors section - used for constructor calls. */
>>  extern char __ctors_start[], __ctors_end[];
>> +#ifdef CONFIG_DEFAULT_HIDDEN
>> +#pragma GCC visibility pop
>> +#endif
>>
>>  extern __visible const void __nosave_begin, __nosave_end;
>>
>> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
>> index e95a2631e545..6997716f73bf 100644
>> --- a/include/linux/compiler.h
>> +++ b/include/linux/compiler.h
>> @@ -78,6 +78,14 @@ extern void __chk_io_ptr(const volatile void __iomem *);
>>  #include <linux/compiler-clang.h>
>>  #endif
>>
>> +/* Useful for Position Independent Code to reduce global references */
>> +#ifdef CONFIG_DEFAULT_HIDDEN
>> +#pragma GCC visibility push(hidden)
>> +#define __default_visibility  __attribute__((visibility ("default")))
>
> Does this still work with CONFIG_LD_DEAD_CODE_DATA_ELIMINATION ?

I cannot make it work with or without this change. How is it supposed
to be used?

For me with, it crashes with a bad consdev at:
http://elixir.free-electrons.com/linux/latest/source/drivers/tty/tty_io.c#L3194

>
>> +#else
>> +#define __default_visibility
>> +#endif
>> +
>>  /*
>>   * Generic compiler-dependent macros required for kernel
>>   * build go below this comment. Actual compiler/compiler version
>> diff --git a/init/Kconfig b/init/Kconfig
>> index ccb1d8daf241..b640201fcff7 100644
>> --- a/init/Kconfig
>> +++ b/init/Kconfig
>> @@ -1649,6 +1649,13 @@ config PROFILING
>>  config TRACEPOINTS
>>       bool
>>
>> +#
>> +# Default to hidden visibility for all symbols.
>> +# Useful for Position Independent Code to reduce global references.
>> +#
>> +config DEFAULT_HIDDEN
>> +     bool
>
> Note it is default.
>
> Has 0-day ran through this git tree? It should be easy to get it added for
> testing. Also, even though most changes are x86 based there are some generic
> changes and I'd love a warm fuzzy this won't break odd / random builds.
> Although 0-day does cover a lot of test cases, it only has limited run time
> tests. There are some other test beds which also cover some more obscure
> architectures. Having a test pass on Guenter's test bed would be nice to
> see. For that please coordinate with Guenter if he's willing to run this
> a test for you.

Not yet, plan to give a v1.5 to Kees Cook to keep in one of his tree
for couple weeks. I expect it will identify interesting issues.

>
>   Luis



-- 
Thomas

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.