Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Wed, 15 Feb 2017 11:27:06 -0800
Kees Cook  wrote:

> On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy  wrote:
> > On Thu, 12 Jan 2017 15:40:41 -0800
> > Kees Cook  wrote:
> >
> >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> >> reference from the function clk_gate() to the variable
> >> .init.rodata.str:__func__.29708
> >> The function clk_gate() references
> >> the variable __initconst __func__.29708.
> >> This is often because clk_gate lacks a __initconst
> >> annotation or the annotation of __func__.29708 is wrong.
> >
> > Thanks for the report, it will be fixed in the next grsec patch.
> 
> Very cool, thanks! What did the problem turn out to be?

You can find it here:
https://github.com/ephox-gcc-plugins/initify/commit/73e857aa47bde7cc78ed865a008d1519893c0f54

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Wed, 15 Feb 2017 11:27:06 -0800
Kees Cook  wrote:

> On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy  wrote:
> > On Thu, 12 Jan 2017 15:40:41 -0800
> > Kees Cook  wrote:
> >
> >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> >> reference from the function clk_gate() to the variable
> >> .init.rodata.str:__func__.29708
> >> The function clk_gate() references
> >> the variable __initconst __func__.29708.
> >> This is often because clk_gate lacks a __initconst
> >> annotation or the annotation of __func__.29708 is wrong.
> >
> > Thanks for the report, it will be fixed in the next grsec patch.
> 
> Very cool, thanks! What did the problem turn out to be?

You can find it here:
https://github.com/ephox-gcc-plugins/initify/commit/73e857aa47bde7cc78ed865a008d1519893c0f54

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy  wrote:
> On Thu, 12 Jan 2017 15:40:41 -0800
> Kees Cook  wrote:
>
>> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
>> reference from the function clk_gate() to the variable
>> .init.rodata.str:__func__.29708
>> The function clk_gate() references
>> the variable __initconst __func__.29708.
>> This is often because clk_gate lacks a __initconst
>> annotation or the annotation of __func__.29708 is wrong.
>
> Thanks for the report, it will be fixed in the next grsec patch.

Very cool, thanks! What did the problem turn out to be?

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy  wrote:
> On Thu, 12 Jan 2017 15:40:41 -0800
> Kees Cook  wrote:
>
>> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
>> reference from the function clk_gate() to the variable
>> .init.rodata.str:__func__.29708
>> The function clk_gate() references
>> the variable __initconst __func__.29708.
>> This is often because clk_gate lacks a __initconst
>> annotation or the annotation of __func__.29708 is wrong.
>
> Thanks for the report, it will be fixed in the next grsec patch.

Very cool, thanks! What did the problem turn out to be?

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Thu, 12 Jan 2017 15:40:41 -0800
Kees Cook  wrote:

> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> reference from the function clk_gate() to the variable
> .init.rodata.str:__func__.29708
> The function clk_gate() references
> the variable __initconst __func__.29708.
> This is often because clk_gate lacks a __initconst
> annotation or the annotation of __func__.29708 is wrong.

Thanks for the report, it will be fixed in the next grsec patch.

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Thu, 12 Jan 2017 15:40:41 -0800
Kees Cook  wrote:

> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> reference from the function clk_gate() to the variable
> .init.rodata.str:__func__.29708
> The function clk_gate() references
> the variable __initconst __func__.29708.
> This is often because clk_gate lacks a __initconst
> annotation or the annotation of __func__.29708 is wrong.

Thanks for the report, it will be fixed in the next grsec patch.

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Jan 17, 2017 at 12:31 PM, Emese Revfy  wrote:
> On Thu, 12 Jan 2017 15:40:41 -0800
> Kees Cook  wrote:
>
>> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
>> reference from the function clk_gate() to the variable
>> .init.rodata.str:__func__.29708
>> The function clk_gate() references
>> the variable __initconst __func__.29708.
>> This is often because clk_gate lacks a __initconst
>> annotation or the annotation of __func__.29708 is wrong.
>>
>> I used my initify v5 development tree, with the following patch, with
>> "make allyesconfig":
>>
>> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify
>
> Hi,
>
> I can't reproduce this mismatch with allyesconfig. Could you please send me 
> your .config?

Sure, attached. (Though note this requires the patch from my earlier
email to allow allyesconfig to work with the plugins.)

-Kees

-- 
Kees Cook
Nexus Security


.config.gz
Description: application/gzip

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Jan 17, 2017 at 12:31 PM, Emese Revfy  wrote:
> On Thu, 12 Jan 2017 15:40:41 -0800
> Kees Cook  wrote:
>
>> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
>> reference from the function clk_gate() to the variable
>> .init.rodata.str:__func__.29708
>> The function clk_gate() references
>> the variable __initconst __func__.29708.
>> This is often because clk_gate lacks a __initconst
>> annotation or the annotation of __func__.29708 is wrong.
>>
>> I used my initify v5 development tree, with the following patch, with
>> "make allyesconfig":
>>
>> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify
>
> Hi,
>
> I can't reproduce this mismatch with allyesconfig. Could you please send me 
> your .config?

Sure, attached. (Though note this requires the patch from my earlier
email to allow allyesconfig to work with the plugins.)

-Kees

-- 
Kees Cook
Nexus Security


.config.gz
Description: application/gzip

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Thu, 12 Jan 2017 15:40:41 -0800
Kees Cook  wrote:

> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> reference from the function clk_gate() to the variable
> .init.rodata.str:__func__.29708
> The function clk_gate() references
> the variable __initconst __func__.29708.
> This is often because clk_gate lacks a __initconst
> annotation or the annotation of __func__.29708 is wrong.
>
> I used my initify v5 development tree, with the following patch, with
> "make allyesconfig":
> 
> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify

Hi,

I can't reproduce this mismatch with allyesconfig. Could you please send me 
your .config?

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Thu, 12 Jan 2017 15:40:41 -0800
Kees Cook  wrote:

> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
> reference from the function clk_gate() to the variable
> .init.rodata.str:__func__.29708
> The function clk_gate() references
> the variable __initconst __func__.29708.
> This is often because clk_gate lacks a __initconst
> annotation or the annotation of __func__.29708 is wrong.
>
> I used my initify v5 development tree, with the following patch, with
> "make allyesconfig":
> 
> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify

Hi,

I can't reproduce this mismatch with allyesconfig. Could you please send me 
your .config?

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Thu, Jan 12, 2017 at 3:27 PM, Kees Cook  wrote:
> On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy  wrote:
>> On Tue, 10 Jan 2017 17:09:31 -0800
>> Kees Cook  wrote:
>>
>>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
>>> the function rebind_subsystems() to the variable
>>> .init.rodata.str:__func__.4400
>>> The function rebind_subsystems() references
>>> the variable __initconst __func__.4400.
>>> This is often because rebind_subsystems lacks a __initconst
>>> annotation or the annotation of __func__.4400 is wrong.
>>
>> Thanks for the report, you can find the fix here:
>> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56
>
> Awesome! I can confirm, it builds without warnings now. Thanks!

Hm, actually, with an "allyesconfig" build, I'm still seeing warnings
(and possibly some nocapture verification failures).

Most look like this:

WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
reference from the function clk_gate() to the variable
.init.rodata.str:__func__.29708
The function clk_gate() references
the variable __initconst __func__.29708.
This is often because clk_gate lacks a __initconst
annotation or the annotation of __func__.29708 is wrong.

And there's this (should KASAN be disabled for initify?)

mm/kasan/kasan.c: In function ‘memmove’:
mm/kasan/kasan.c:346:7: warning: ‘memmove’ captures its 2 (‘src’)
parameter, please remove it from the nocapture attribute.
 void *memmove(void *dest, const void *src, size_t len)
   ^
mm/kasan/kasan.c: In function ‘memcpy’:
mm/kasan/kasan.c:355:7: warning: ‘memcpy’ captures its 2 (‘src’)
parameter, please remove it from the nocapture attribute.
 void *memcpy(void *dest, const void *src, size_t len)
   ^

And ACPI:

drivers/acpi/acpica/utdebug.c: In function ‘acpi_debug_print’:
drivers/acpi/acpica/utdebug.c:158:1: warning: ‘acpi_debug_print’
captures its 3 (‘function_name’) parameter, please remove it from the
nocapture attribute.
 acpi_debug_print(u32 requested_debug_level,
 ^


I used my initify v5 development tree, with the following patch, with
"make allyesconfig":

http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify

diff --git a/arch/Kconfig b/arch/Kconfig
index b6009a21ebea..5693ef5f22c8 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -359,7 +359,6 @@ config HAVE_GCC_PLUGINS
 menuconfig GCC_PLUGINS
bool "GCC plugins"
depends on HAVE_GCC_PLUGINS
-   depends on !COMPILE_TEST
help
  GCC plugins are loadable modules that provide extra features to the
  compiler. They are useful for runtime instrumentation and
static analysis.
@@ -429,6 +428,7 @@ config GCC_PLUGIN_INITIFY
 config GCC_PLUGIN_INITIFY_VERBOSE
bool "Report initification"
depends on GCC_PLUGIN_INITIFY
+   depends on !COMPILE_TEST
help
  Print all initified strings and all functions which should be
  __init/__exit.


I'll see if acpi needs __noverified_nocapture ...

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Thu, Jan 12, 2017 at 3:27 PM, Kees Cook  wrote:
> On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy  wrote:
>> On Tue, 10 Jan 2017 17:09:31 -0800
>> Kees Cook  wrote:
>>
>>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
>>> the function rebind_subsystems() to the variable
>>> .init.rodata.str:__func__.4400
>>> The function rebind_subsystems() references
>>> the variable __initconst __func__.4400.
>>> This is often because rebind_subsystems lacks a __initconst
>>> annotation or the annotation of __func__.4400 is wrong.
>>
>> Thanks for the report, you can find the fix here:
>> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56
>
> Awesome! I can confirm, it builds without warnings now. Thanks!

Hm, actually, with an "allyesconfig" build, I'm still seeing warnings
(and possibly some nocapture verification failures).

Most look like this:

WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in
reference from the function clk_gate() to the variable
.init.rodata.str:__func__.29708
The function clk_gate() references
the variable __initconst __func__.29708.
This is often because clk_gate lacks a __initconst
annotation or the annotation of __func__.29708 is wrong.

And there's this (should KASAN be disabled for initify?)

mm/kasan/kasan.c: In function ‘memmove’:
mm/kasan/kasan.c:346:7: warning: ‘memmove’ captures its 2 (‘src’)
parameter, please remove it from the nocapture attribute.
 void *memmove(void *dest, const void *src, size_t len)
   ^
mm/kasan/kasan.c: In function ‘memcpy’:
mm/kasan/kasan.c:355:7: warning: ‘memcpy’ captures its 2 (‘src’)
parameter, please remove it from the nocapture attribute.
 void *memcpy(void *dest, const void *src, size_t len)
   ^

And ACPI:

drivers/acpi/acpica/utdebug.c: In function ‘acpi_debug_print’:
drivers/acpi/acpica/utdebug.c:158:1: warning: ‘acpi_debug_print’
captures its 3 (‘function_name’) parameter, please remove it from the
nocapture attribute.
 acpi_debug_print(u32 requested_debug_level,
 ^


I used my initify v5 development tree, with the following patch, with
"make allyesconfig":

http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify

diff --git a/arch/Kconfig b/arch/Kconfig
index b6009a21ebea..5693ef5f22c8 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -359,7 +359,6 @@ config HAVE_GCC_PLUGINS
 menuconfig GCC_PLUGINS
bool "GCC plugins"
depends on HAVE_GCC_PLUGINS
-   depends on !COMPILE_TEST
help
  GCC plugins are loadable modules that provide extra features to the
  compiler. They are useful for runtime instrumentation and
static analysis.
@@ -429,6 +428,7 @@ config GCC_PLUGIN_INITIFY
 config GCC_PLUGIN_INITIFY_VERBOSE
bool "Report initification"
depends on GCC_PLUGIN_INITIFY
+   depends on !COMPILE_TEST
help
  Print all initified strings and all functions which should be
  __init/__exit.


I'll see if acpi needs __noverified_nocapture ...

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy  wrote:
> On Tue, 10 Jan 2017 17:09:31 -0800
> Kees Cook  wrote:
>
>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
>> the function rebind_subsystems() to the variable
>> .init.rodata.str:__func__.4400
>> The function rebind_subsystems() references
>> the variable __initconst __func__.4400.
>> This is often because rebind_subsystems lacks a __initconst
>> annotation or the annotation of __func__.4400 is wrong.
>
> Thanks for the report, you can find the fix here:
> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56

Awesome! I can confirm, it builds without warnings now. Thanks!

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy  wrote:
> On Tue, 10 Jan 2017 17:09:31 -0800
> Kees Cook  wrote:
>
>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
>> the function rebind_subsystems() to the variable
>> .init.rodata.str:__func__.4400
>> The function rebind_subsystems() references
>> the variable __initconst __func__.4400.
>> This is often because rebind_subsystems lacks a __initconst
>> annotation or the annotation of __func__.4400 is wrong.
>
> Thanks for the report, you can find the fix here:
> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56

Awesome! I can confirm, it builds without warnings now. Thanks!

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Tue, 10 Jan 2017 17:09:31 -0800
Kees Cook  wrote:

> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
> the function rebind_subsystems() to the variable
> .init.rodata.str:__func__.4400
> The function rebind_subsystems() references
> the variable __initconst __func__.4400.
> This is often because rebind_subsystems lacks a __initconst
> annotation or the annotation of __func__.4400 is wrong.

Thanks for the report, you can find the fix here:
https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56
 
-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Tue, 10 Jan 2017 17:09:31 -0800
Kees Cook  wrote:

> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
> the function rebind_subsystems() to the variable
> .init.rodata.str:__func__.4400
> The function rebind_subsystems() references
> the variable __initconst __func__.4400.
> This is often because rebind_subsystems lacks a __initconst
> annotation or the annotation of __func__.4400 is wrong.

Thanks for the report, you can find the fix here:
https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56
 
-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Jan 10, 2017 at 4:24 PM, Emese Revfy  wrote:
> On Tue, 3 Jan 2017 16:23:03 -0800
> Kees Cook  wrote:
>
>> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
>> > On Fri, 16 Dec 2016 14:19:10 -0800
>> > Kees Cook  wrote:
>> >
>> >> FWIW, it still seems to me that these aren't false positives:
>> >>
>> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
>> >> reference from the function uncore_pci_exit.part.22() to the function
>> >> .init.text:uncore_free_pcibus_map()
>> >> The function uncore_pci_exit.part.22() references
>> >> the function __init uncore_free_pcibus_map().
>> >> This is often because uncore_pci_exit.part.22 lacks a __init
>> >> annotation or the annotation of uncore_free_pcibus_map is wrong.
>
> Thanks for the report, you can find the fix here:
> https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547

Awesome! Thanks, that eliminated almost all of the warnings. I'm still
seeing this:

WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
the function rebind_subsystems() to the variable
.init.rodata.str:__func__.4400
The function rebind_subsystems() references
the variable __initconst __func__.4400.
This is often because rebind_subsystems lacks a __initconst
annotation or the annotation of __func__.4400 is wrong.

WARNING: vmlinux.o(.text+0x13789d): Section mismatch in reference from
the function register_ftrace_export() to the variable
.init.rodata.str:__func__.4251
The function register_ftrace_export() references
the variable __initconst __func__.4251.
This is often because register_ftrace_export lacks a __initconst
annotation or the annotation of __func__.4251 is wrong.

WARNING: vmlinux.o(.text+0x139d24): Section mismatch in reference from
the function tracepoint_printk_sysctl() to the variable
.init.rodata.str:__func__.4251
The function tracepoint_printk_sysctl() references
the variable __initconst __func__.4251.
This is often because tracepoint_printk_sysctl lacks a __initconst
annotation or the annotation of __func__.4251 is wrong.

I haven't taken a close look yet, but I assume these are from the
const strings in these functions?

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Tue, Jan 10, 2017 at 4:24 PM, Emese Revfy  wrote:
> On Tue, 3 Jan 2017 16:23:03 -0800
> Kees Cook  wrote:
>
>> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
>> > On Fri, 16 Dec 2016 14:19:10 -0800
>> > Kees Cook  wrote:
>> >
>> >> FWIW, it still seems to me that these aren't false positives:
>> >>
>> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
>> >> reference from the function uncore_pci_exit.part.22() to the function
>> >> .init.text:uncore_free_pcibus_map()
>> >> The function uncore_pci_exit.part.22() references
>> >> the function __init uncore_free_pcibus_map().
>> >> This is often because uncore_pci_exit.part.22 lacks a __init
>> >> annotation or the annotation of uncore_free_pcibus_map is wrong.
>
> Thanks for the report, you can find the fix here:
> https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547

Awesome! Thanks, that eliminated almost all of the warnings. I'm still
seeing this:

WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from
the function rebind_subsystems() to the variable
.init.rodata.str:__func__.4400
The function rebind_subsystems() references
the variable __initconst __func__.4400.
This is often because rebind_subsystems lacks a __initconst
annotation or the annotation of __func__.4400 is wrong.

WARNING: vmlinux.o(.text+0x13789d): Section mismatch in reference from
the function register_ftrace_export() to the variable
.init.rodata.str:__func__.4251
The function register_ftrace_export() references
the variable __initconst __func__.4251.
This is often because register_ftrace_export lacks a __initconst
annotation or the annotation of __func__.4251 is wrong.

WARNING: vmlinux.o(.text+0x139d24): Section mismatch in reference from
the function tracepoint_printk_sysctl() to the variable
.init.rodata.str:__func__.4251
The function tracepoint_printk_sysctl() references
the variable __initconst __func__.4251.
This is often because tracepoint_printk_sysctl lacks a __initconst
annotation or the annotation of __func__.4251 is wrong.

I haven't taken a close look yet, but I assume these are from the
const strings in these functions?

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Tue, 3 Jan 2017 16:23:03 -0800
Kees Cook  wrote:

> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
> > On Fri, 16 Dec 2016 14:19:10 -0800
> > Kees Cook  wrote:
> >
> >> FWIW, it still seems to me that these aren't false positives:
> >>
> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
> >> reference from the function uncore_pci_exit.part.22() to the function
> >> .init.text:uncore_free_pcibus_map()
> >> The function uncore_pci_exit.part.22() references
> >> the function __init uncore_free_pcibus_map().
> >> This is often because uncore_pci_exit.part.22 lacks a __init
> >> annotation or the annotation of uncore_free_pcibus_map is wrong.

Thanks for the report, you can find the fix here:
https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Tue, 3 Jan 2017 16:23:03 -0800
Kees Cook  wrote:

> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
> > On Fri, 16 Dec 2016 14:19:10 -0800
> > Kees Cook  wrote:
> >
> >> FWIW, it still seems to me that these aren't false positives:
> >>
> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
> >> reference from the function uncore_pci_exit.part.22() to the function
> >> .init.text:uncore_free_pcibus_map()
> >> The function uncore_pci_exit.part.22() references
> >> the function __init uncore_free_pcibus_map().
> >> This is often because uncore_pci_exit.part.22 lacks a __init
> >> annotation or the annotation of uncore_free_pcibus_map is wrong.

Thanks for the report, you can find the fix here:
https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547

-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
> On Fri, 16 Dec 2016 14:19:10 -0800
> Kees Cook  wrote:
>
>> FWIW, it still seems to me that these aren't false positives:
>>
>> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
>> reference from the function uncore_pci_exit.part.22() to the function
>> .init.text:uncore_free_pcibus_map()
>> The function uncore_pci_exit.part.22() references
>> the function __init uncore_free_pcibus_map().
>> This is often because uncore_pci_exit.part.22 lacks a __init
>> annotation or the annotation of uncore_free_pcibus_map is wrong.
>
> Hi,
>
> I can't reproduce this section mismatch. Could you please send me your 
> .config?

Attached.

> Which gcc version did you use?

gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609

> I used this tree: 
> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4

Yup, that's what I was building from.

-Kees

-- 
Kees Cook
Nexus Security


.config.gz
Description: application/gzip

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy  wrote:
> On Fri, 16 Dec 2016 14:19:10 -0800
> Kees Cook  wrote:
>
>> FWIW, it still seems to me that these aren't false positives:
>>
>> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
>> reference from the function uncore_pci_exit.part.22() to the function
>> .init.text:uncore_free_pcibus_map()
>> The function uncore_pci_exit.part.22() references
>> the function __init uncore_free_pcibus_map().
>> This is often because uncore_pci_exit.part.22 lacks a __init
>> annotation or the annotation of uncore_free_pcibus_map is wrong.
>
> Hi,
>
> I can't reproduce this section mismatch. Could you please send me your 
> .config?

Attached.

> Which gcc version did you use?

gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609

> I used this tree: 
> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4

Yup, that's what I was building from.

-Kees

-- 
Kees Cook
Nexus Security


.config.gz
Description: application/gzip

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Mon, Dec 19, 2016 at 10:24 AM, Laura Abbott  wrote:
> I gave this a spin on arm64 and it seems to boot up and run okay
> with just the "select HAVE_GCC_PLUGIN_INITIFY_INIT_EXIT if GCC_PLUGINS"
> added for arm64. The patches could probably use more review but
> I think it would be good to just fold this in for arm64 for ease of
> testing.

Thanks! I've added this to arm64 for a v5 soon.

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Mon, Dec 19, 2016 at 10:24 AM, Laura Abbott  wrote:
> I gave this a spin on arm64 and it seems to boot up and run okay
> with just the "select HAVE_GCC_PLUGIN_INITIFY_INIT_EXIT if GCC_PLUGINS"
> added for arm64. The patches could probably use more review but
> I think it would be good to just fold this in for arm64 for ease of
> testing.

Thanks! I've added this to arm64 for a v5 soon.

-Kees

-- 
Kees Cook
Nexus Security

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Laura Abbott]

On 12/16/2016 02:06 PM, Kees Cook wrote:
> Hi,
> 
> This is a continuation of Emese Revfy's initify plugin upstreaming. This
> is based on her v3, but updated with various fixes from her github tree.
> Additionally, I split off the printf attribute fixes and sent those
> separately.
> 
> This is the initify gcc plugin. The kernel already has a mechanism to
> free up code and data memory that is only used during kernel or module
> initialization.  This plugin will teach the compiler to find more such
> code and data that can be freed after initialization. It reduces memory
> usage.  The initify gcc plugin can be useful for embedded systems.
> 
> Originally it was a CII project supported by the Linux Foundation.
> 
> This plugin is the part of grsecurity/PaX.
> 
> The plugin supports all gcc versions from 4.5 to 7.0.
> 
> Changes on top of the PaX version (since March 6.). These are the important
> ones:
>  * move all local strings to init.rodata.str and exit.rodata.str
>(not just __func__)
>  * report all initified strings and functions
>(GCC_PLUGIN_INITIFY_VERBOSE config option)
>  * automatically discover init/exit functions and apply the __init or
>__exit attributes on them
> 
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
> 
> This patch set is based on v4.9-rc2.
> 
> Some build statistics about the plugin:
> 
> On allyes config (amd64, gcc-6):
> * 8412 initified strings
> *  167 initified functions
> 
> On allmod config (i386, gcc-6):
> * 8597 initified strings
> *  159 initified functions
> 
> On allyes config (amd64, gcc-6):
> 
> section vanilla vanilla + initifychange
> ---
> .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
> .init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
> .text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
> .init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
> .exit.data   104  (0x68)   17760  (0x004560) +17656
> .exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290
> 
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
> 03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408
> 
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
> 
> 
> On defconfig (amd64, gcc-6):
> * 1957 initified strings
> *   29 initified functions
> 
> On defconfig (amd64, gcc-6):
> 
> section vanilla vanilla + initifychange
> ---
> .rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
> .init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
> .text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
> .init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
> .exit.data0 832 (0x000340)+832
> .exit.text 8857 (0x002299)  8857 (0x002299)  0
> 
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
> 03   2203648 (0x21a000)  2293760 (0x23) +90112
> 
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
> 
> One thing of note is that this plugin triggers false positive warnings
> from the modpost section mismatch detector. Further work is needed to
> deal with this.
> 
> 
> Changed from v3:
>  * Refresh from Emese's latest version.
> 
> Changed from v2:
>  * Check all uses when walking a use-def chain.
>  * Check all uses of initialized local variables and initify them if they
>have only nocapture uses. Previously only uses in call arguments
>determined whether the initializer value could be initified.
>  * Handle the format gcc attribute from the plugin too.
>  * Verify nocapture parameters of calls. Track uses of these parameters
>and verify that all uses are not captured. 

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Laura Abbott]

On 12/16/2016 02:06 PM, Kees Cook wrote:
> Hi,
> 
> This is a continuation of Emese Revfy's initify plugin upstreaming. This
> is based on her v3, but updated with various fixes from her github tree.
> Additionally, I split off the printf attribute fixes and sent those
> separately.
> 
> This is the initify gcc plugin. The kernel already has a mechanism to
> free up code and data memory that is only used during kernel or module
> initialization.  This plugin will teach the compiler to find more such
> code and data that can be freed after initialization. It reduces memory
> usage.  The initify gcc plugin can be useful for embedded systems.
> 
> Originally it was a CII project supported by the Linux Foundation.
> 
> This plugin is the part of grsecurity/PaX.
> 
> The plugin supports all gcc versions from 4.5 to 7.0.
> 
> Changes on top of the PaX version (since March 6.). These are the important
> ones:
>  * move all local strings to init.rodata.str and exit.rodata.str
>(not just __func__)
>  * report all initified strings and functions
>(GCC_PLUGIN_INITIFY_VERBOSE config option)
>  * automatically discover init/exit functions and apply the __init or
>__exit attributes on them
> 
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
> 
> This patch set is based on v4.9-rc2.
> 
> Some build statistics about the plugin:
> 
> On allyes config (amd64, gcc-6):
> * 8412 initified strings
> *  167 initified functions
> 
> On allmod config (i386, gcc-6):
> * 8597 initified strings
> *  159 initified functions
> 
> On allyes config (amd64, gcc-6):
> 
> section vanilla vanilla + initifychange
> ---
> .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
> .init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
> .text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
> .init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
> .exit.data   104  (0x68)   17760  (0x004560) +17656
> .exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290
> 
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
> 03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408
> 
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
> 
> 
> On defconfig (amd64, gcc-6):
> * 1957 initified strings
> *   29 initified functions
> 
> On defconfig (amd64, gcc-6):
> 
> section vanilla vanilla + initifychange
> ---
> .rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
> .init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
> .text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
> .init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
> .exit.data0 832 (0x000340)+832
> .exit.text 8857 (0x002299)  8857 (0x002299)  0
> 
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
> 03   2203648 (0x21a000)  2293760 (0x23) +90112
> 
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
> 
> One thing of note is that this plugin triggers false positive warnings
> from the modpost section mismatch detector. Further work is needed to
> deal with this.
> 
> 
> Changed from v3:
>  * Refresh from Emese's latest version.
> 
> Changed from v2:
>  * Check all uses when walking a use-def chain.
>  * Check all uses of initialized local variables and initify them if they
>have only nocapture uses. Previously only uses in call arguments
>determined whether the initializer value could be initified.
>  * Handle the format gcc attribute from the plugin too.
>  * Verify nocapture parameters of calls. Track uses of these parameters
>and verify that all uses are not captured. 

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Fri, 16 Dec 2016 14:19:10 -0800
Kees Cook  wrote:
 
> FWIW, it still seems to me that these aren't false positives:
> 
> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
> reference from the function uncore_pci_exit.part.22() to the function
> .init.text:uncore_free_pcibus_map()
> The function uncore_pci_exit.part.22() references
> the function __init uncore_free_pcibus_map().
> This is often because uncore_pci_exit.part.22 lacks a __init
> annotation or the annotation of uncore_free_pcibus_map is wrong.

Hi,

I can't reproduce this section mismatch. Could you please send me your .config?
Which gcc version did you use?
I used this tree: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git 
initify-v4

Thanks
-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Emese Revfy]

On Fri, 16 Dec 2016 14:19:10 -0800
Kees Cook  wrote:
 
> FWIW, it still seems to me that these aren't false positives:
> 
> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
> reference from the function uncore_pci_exit.part.22() to the function
> .init.text:uncore_free_pcibus_map()
> The function uncore_pci_exit.part.22() references
> the function __init uncore_free_pcibus_map().
> This is often because uncore_pci_exit.part.22 lacks a __init
> annotation or the annotation of uncore_free_pcibus_map is wrong.

Hi,

I can't reproduce this section mismatch. Could you please send me your .config?
Which gcc version did you use?
I used this tree: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git 
initify-v4

Thanks
-- 
Emese

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Fri, Dec 16, 2016 at 2:06 PM, Kees Cook  wrote:
> Hi,
>
> This is a continuation of Emese Revfy's initify plugin upstreaming. This
> is based on her v3, but updated with various fixes from her github tree.
> Additionally, I split off the printf attribute fixes and sent those
> separately.
>
> This is the initify gcc plugin. The kernel already has a mechanism to
> free up code and data memory that is only used during kernel or module
> initialization.  This plugin will teach the compiler to find more such
> code and data that can be freed after initialization. It reduces memory
> usage.  The initify gcc plugin can be useful for embedded systems.
>
> Originally it was a CII project supported by the Linux Foundation.
>
> This plugin is the part of grsecurity/PaX.
>
> The plugin supports all gcc versions from 4.5 to 7.0.
>
> Changes on top of the PaX version (since March 6.). These are the important
> ones:
>  * move all local strings to init.rodata.str and exit.rodata.str
>(not just __func__)
>  * report all initified strings and functions
>(GCC_PLUGIN_INITIFY_VERBOSE config option)
>  * automatically discover init/exit functions and apply the __init or
>__exit attributes on them
>
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
>
> This patch set is based on v4.9-rc2.
>
> Some build statistics about the plugin:
>
> On allyes config (amd64, gcc-6):
> * 8412 initified strings
> *  167 initified functions
>
> On allmod config (i386, gcc-6):
> * 8597 initified strings
> *  159 initified functions
>
> On allyes config (amd64, gcc-6):
>
> section vanilla vanilla + initifychange
> ---
> .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
> .init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
> .text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
> .init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
> .exit.data   104  (0x68)   17760  (0x004560) +17656
> .exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290
>
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
> 03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
>
> On defconfig (amd64, gcc-6):
> * 1957 initified strings
> *   29 initified functions
>
> On defconfig (amd64, gcc-6):
>
> section vanilla vanilla + initifychange
> ---
> .rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
> .init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
> .text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
> .init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
> .exit.data0 832 (0x000340)+832
> .exit.text 8857 (0x002299)  8857 (0x002299)  0
>
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
> 03   2203648 (0x21a000)  2293760 (0x23) +90112
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
> One thing of note is that this plugin triggers false positive warnings
> from the modpost section mismatch detector. Further work is needed to
> deal with this.

FWIW, it still seems to me that these aren't false positives:

WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
reference from the function uncore_pci_exit.part.22() to the function
.init.text:uncore_free_pcibus_map()
The function uncore_pci_exit.part.22() references
the function __init uncore_free_pcibus_map().
This is often because uncore_pci_exit.part.22 lacks a __init
annotation or the annotation of uncore_free_pcibus_map is wrong.

This is complaining about arch/x86/events/intel/uncore.c:

__init 

Re: [PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

On Fri, Dec 16, 2016 at 2:06 PM, Kees Cook  wrote:
> Hi,
>
> This is a continuation of Emese Revfy's initify plugin upstreaming. This
> is based on her v3, but updated with various fixes from her github tree.
> Additionally, I split off the printf attribute fixes and sent those
> separately.
>
> This is the initify gcc plugin. The kernel already has a mechanism to
> free up code and data memory that is only used during kernel or module
> initialization.  This plugin will teach the compiler to find more such
> code and data that can be freed after initialization. It reduces memory
> usage.  The initify gcc plugin can be useful for embedded systems.
>
> Originally it was a CII project supported by the Linux Foundation.
>
> This plugin is the part of grsecurity/PaX.
>
> The plugin supports all gcc versions from 4.5 to 7.0.
>
> Changes on top of the PaX version (since March 6.). These are the important
> ones:
>  * move all local strings to init.rodata.str and exit.rodata.str
>(not just __func__)
>  * report all initified strings and functions
>(GCC_PLUGIN_INITIFY_VERBOSE config option)
>  * automatically discover init/exit functions and apply the __init or
>__exit attributes on them
>
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
>
> This patch set is based on v4.9-rc2.
>
> Some build statistics about the plugin:
>
> On allyes config (amd64, gcc-6):
> * 8412 initified strings
> *  167 initified functions
>
> On allmod config (i386, gcc-6):
> * 8597 initified strings
> *  159 initified functions
>
> On allyes config (amd64, gcc-6):
>
> section vanilla vanilla + initifychange
> ---
> .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
> .init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
> .text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
> .init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
> .exit.data   104  (0x68)   17760  (0x004560) +17656
> .exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290
>
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
> 03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
>
> On defconfig (amd64, gcc-6):
> * 1957 initified strings
> *   29 initified functions
>
> On defconfig (amd64, gcc-6):
>
> section vanilla vanilla + initifychange
> ---
> .rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
> .init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
> .text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
> .init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
> .exit.data0 832 (0x000340)+832
> .exit.text 8857 (0x002299)  8857 (0x002299)  0
>
> FileSiz (vanilla)   FileSiz (vanilla + initify)  change
> 
> 00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
> 03   2203648 (0x21a000)  2293760 (0x23) +90112
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
>.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
>__param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
>.parainstructions .altinstructions .altinstr_replacement
>.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
> One thing of note is that this plugin triggers false positive warnings
> from the modpost section mismatch detector. Further work is needed to
> deal with this.

FWIW, it still seems to me that these aren't false positives:

WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in
reference from the function uncore_pci_exit.part.22() to the function
.init.text:uncore_free_pcibus_map()
The function uncore_pci_exit.part.22() references
the function __init uncore_free_pcibus_map().
This is often because uncore_pci_exit.part.22 lacks a __init
annotation or the annotation of uncore_free_pcibus_map is wrong.

This is complaining about arch/x86/events/intel/uncore.c:

__init intel_uncore_init() calls 

[PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

Hi,

This is a continuation of Emese Revfy's initify plugin upstreaming. This
is based on her v3, but updated with various fixes from her github tree.
Additionally, I split off the printf attribute fixes and sent those
separately.

This is the initify gcc plugin. The kernel already has a mechanism to
free up code and data memory that is only used during kernel or module
initialization.  This plugin will teach the compiler to find more such
code and data that can be freed after initialization. It reduces memory
usage.  The initify gcc plugin can be useful for embedded systems.

Originally it was a CII project supported by the Linux Foundation.

This plugin is the part of grsecurity/PaX.

The plugin supports all gcc versions from 4.5 to 7.0.

Changes on top of the PaX version (since March 6.). These are the important
ones:
 * move all local strings to init.rodata.str and exit.rodata.str
   (not just __func__)
 * report all initified strings and functions
   (GCC_PLUGIN_INITIFY_VERBOSE config option)
 * automatically discover init/exit functions and apply the __init or
   __exit attributes on them

You can find more about the changes here:
https://github.com/ephox-gcc-plugins/initify

This patch set is based on v4.9-rc2.

Some build statistics about the plugin:

On allyes config (amd64, gcc-6):
* 8412 initified strings
*  167 initified functions

On allmod config (i386, gcc-6):
* 8597 initified strings
*  159 initified functions

On allyes config (amd64, gcc-6):

section vanilla vanilla + initifychange
---
.rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
.init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
.text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
.init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
.exit.data   104  (0x68)   17760  (0x004560) +17656
.exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290

FileSiz (vanilla)   FileSiz (vanilla + initify)  change

00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408

00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
   .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
   __param __modver
03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
   .parainstructions .altinstructions .altinstr_replacement
   .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk


On defconfig (amd64, gcc-6):
* 1957 initified strings
*   29 initified functions

On defconfig (amd64, gcc-6):

section vanilla vanilla + initifychange
---
.rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
.init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
.text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
.init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
.exit.data0 832 (0x000340)+832
.exit.text 8857 (0x002299)  8857 (0x002299)  0

FileSiz (vanilla)   FileSiz (vanilla + initify)  change

00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
03   2203648 (0x21a000)  2293760 (0x23) +90112

00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
   .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
   __param __modver
03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
   .parainstructions .altinstructions .altinstr_replacement
   .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk

One thing of note is that this plugin triggers false positive warnings
from the modpost section mismatch detector. Further work is needed to
deal with this.


Changed from v3:
 * Refresh from Emese's latest version.

Changed from v2:
 * Check all uses when walking a use-def chain.
 * Check all uses of initialized local variables and initify them if they
   have only nocapture uses. Previously only uses in call arguments
   determined whether the initializer value could be initified.
 * Handle the format gcc attribute from the plugin too.
 * Verify nocapture parameters of calls. Track uses of these parameters
   and verify that all uses are not captured. Verify only the nocapture
   attribute (The format attribute should be verified too.).
 * Fixed wrong indexing of function arguments.
 * Fixed decl comparison. When comparing two decls the tree codes must be
   the same.
 * Search capture uses of the return value. 

[PATCH v4 0/4] Introduce the initify gcc plugin

[Kees Cook]

Hi,

This is a continuation of Emese Revfy's initify plugin upstreaming. This
is based on her v3, but updated with various fixes from her github tree.
Additionally, I split off the printf attribute fixes and sent those
separately.

This is the initify gcc plugin. The kernel already has a mechanism to
free up code and data memory that is only used during kernel or module
initialization.  This plugin will teach the compiler to find more such
code and data that can be freed after initialization. It reduces memory
usage.  The initify gcc plugin can be useful for embedded systems.

Originally it was a CII project supported by the Linux Foundation.

This plugin is the part of grsecurity/PaX.

The plugin supports all gcc versions from 4.5 to 7.0.

Changes on top of the PaX version (since March 6.). These are the important
ones:
 * move all local strings to init.rodata.str and exit.rodata.str
   (not just __func__)
 * report all initified strings and functions
   (GCC_PLUGIN_INITIFY_VERBOSE config option)
 * automatically discover init/exit functions and apply the __init or
   __exit attributes on them

You can find more about the changes here:
https://github.com/ephox-gcc-plugins/initify

This patch set is based on v4.9-rc2.

Some build statistics about the plugin:

On allyes config (amd64, gcc-6):
* 8412 initified strings
*  167 initified functions

On allmod config (i386, gcc-6):
* 8597 initified strings
*  159 initified functions

On allyes config (amd64, gcc-6):

section vanilla vanilla + initifychange
---
.rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048
.init.data   1338376  (0x146c08) 1683016  (0x19ae48)+344640
.text   78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624
.init.text   1184725  (0x1213d5) 1223257  (0x12aa59) +38532
.exit.data   104  (0x68)   17760  (0x004560) +17656
.exit.text174473  (0x02a989)  175763  (0x02ae93)  +1290

FileSiz (vanilla)   FileSiz (vanilla + initify)  change

00  102936576 (0x622b000)   102678528 (0x61ec000)   -258048
03   28680192 (0x1b5a000)29081600 (0x1bbc000)   +401408

00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
   .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
   __param __modver
03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
   .parainstructions .altinstructions .altinstr_replacement
   .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk


On defconfig (amd64, gcc-6):
* 1957 initified strings
*   29 initified functions

On defconfig (amd64, gcc-6):

section vanilla vanilla + initifychange
---
.rodata 2524240 (0x268450)  2462800 (0x259450)  -61440
.init.data   560256 (0x088c80)   644000 (0x09d3a0)  +83744
.text   9377367 (0x8f1657)  9373079 (0x8f0597)   -4288
.init.text   438586 (0x06b13a)   441828 (0x06bde4)   +3242
.exit.data0 832 (0x000340)+832
.exit.text 8857 (0x002299)  8857 (0x002299)  0

FileSiz (vanilla)   FileSiz (vanilla + initify)  change

00  13398016 (0xcc7000) 13336576 (0xcb8000) -61440
03   2203648 (0x21a000)  2293760 (0x23) +90112

00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
   .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
   __param __modver
03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
   .parainstructions .altinstructions .altinstr_replacement
   .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk

One thing of note is that this plugin triggers false positive warnings
from the modpost section mismatch detector. Further work is needed to
deal with this.


Changed from v3:
 * Refresh from Emese's latest version.

Changed from v2:
 * Check all uses when walking a use-def chain.
 * Check all uses of initialized local variables and initify them if they
   have only nocapture uses. Previously only uses in call arguments
   determined whether the initializer value could be initified.
 * Handle the format gcc attribute from the plugin too.
 * Verify nocapture parameters of calls. Track uses of these parameters
   and verify that all uses are not captured. Verify only the nocapture
   attribute (The format attribute should be verified too.).
 * Fixed wrong indexing of function arguments.
 * Fixed decl comparison. When comparing two decls the tree codes must be
   the same.
 * Search capture uses of the return value.