On Mon, Jun 29, 2020 at 10:09:28AM -0400, Arvind Sankar wrote: > Add a linker script check that there are no runtime relocations, and > remove the old one that tries to check via looking for specially-named > sections in the object files. > > Drop the tests for -fPIE compiler option and -pie linker option, as they > are available in all supported gcc and binutils versions (as well as > clang and lld). > > Signed-off-by: Arvind Sankar <[email protected]> > Reviewed-by: Ard Biesheuvel <[email protected]> > Reviewed-by: Fangrui Song <[email protected]> > --- > arch/x86/boot/compressed/Makefile | 28 +++----------------------- > arch/x86/boot/compressed/vmlinux.lds.S | 8 ++++++++ > 2 files changed, 11 insertions(+), 25 deletions(-)
Reviewed-by: Kees Cook <[email protected]> question below ... > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S > b/arch/x86/boot/compressed/vmlinux.lds.S > index a4a4a59a2628..a78510046eec 100644 > --- a/arch/x86/boot/compressed/vmlinux.lds.S > +++ b/arch/x86/boot/compressed/vmlinux.lds.S > @@ -42,6 +42,12 @@ SECTIONS > *(.rodata.*) > _erodata = . ; > } > + .rel.dyn : { > + *(.rel.*) > + } > + .rela.dyn : { > + *(.rela.*) > + } > .got : { > *(.got) > } Should these be marked (INFO) as well? > @@ -85,3 +91,5 @@ ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, > "Unexpected GOT/PLT en > #else > ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0xc, "Unexpected GOT/PLT > entries detected!") > #endif > + > +ASSERT(SIZEOF(.rel.dyn) == 0 && SIZEOF(.rela.dyn) == 0, "Unexpected runtime > relocations detected!") I think I should be doing this same ASSERT style for other explicit DISCARDS in my orphan series so we'll notice if they change, instead of being silently dropped if they grow. -- Kees Cook
