Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Wed, 15 Feb 2017 11:27:06 -0800 Kees Cookwrote: > On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy wrote: > > On Thu, 12 Jan 2017 15:40:41 -0800 > > Kees Cook wrote: > > > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > >> reference from the function clk_gate() to the variable > >> .init.rodata.str:__func__.29708 > >> The function clk_gate() references > >> the variable __initconst __func__.29708. > >> This is often because clk_gate lacks a __initconst > >> annotation or the annotation of __func__.29708 is wrong. > > > > Thanks for the report, it will be fixed in the next grsec patch. > > Very cool, thanks! What did the problem turn out to be? You can find it here: https://github.com/ephox-gcc-plugins/initify/commit/73e857aa47bde7cc78ed865a008d1519893c0f54 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Wed, 15 Feb 2017 11:27:06 -0800 Kees Cook wrote: > On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy wrote: > > On Thu, 12 Jan 2017 15:40:41 -0800 > > Kees Cook wrote: > > > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > >> reference from the function clk_gate() to the variable > >> .init.rodata.str:__func__.29708 > >> The function clk_gate() references > >> the variable __initconst __func__.29708. > >> This is often because clk_gate lacks a __initconst > >> annotation or the annotation of __func__.29708 is wrong. > > > > Thanks for the report, it will be fixed in the next grsec patch. > > Very cool, thanks! What did the problem turn out to be? You can find it here: https://github.com/ephox-gcc-plugins/initify/commit/73e857aa47bde7cc78ed865a008d1519893c0f54 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfywrote: > On Thu, 12 Jan 2017 15:40:41 -0800 > Kees Cook wrote: > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in >> reference from the function clk_gate() to the variable >> .init.rodata.str:__func__.29708 >> The function clk_gate() references >> the variable __initconst __func__.29708. >> This is often because clk_gate lacks a __initconst >> annotation or the annotation of __func__.29708 is wrong. > > Thanks for the report, it will be fixed in the next grsec patch. Very cool, thanks! What did the problem turn out to be? -Kees -- Kees Cook Pixel Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Feb 14, 2017 at 4:23 PM, Emese Revfy wrote: > On Thu, 12 Jan 2017 15:40:41 -0800 > Kees Cook wrote: > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in >> reference from the function clk_gate() to the variable >> .init.rodata.str:__func__.29708 >> The function clk_gate() references >> the variable __initconst __func__.29708. >> This is often because clk_gate lacks a __initconst >> annotation or the annotation of __func__.29708 is wrong. > > Thanks for the report, it will be fixed in the next grsec patch. Very cool, thanks! What did the problem turn out to be? -Kees -- Kees Cook Pixel Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, 12 Jan 2017 15:40:41 -0800 Kees Cookwrote: > WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > reference from the function clk_gate() to the variable > .init.rodata.str:__func__.29708 > The function clk_gate() references > the variable __initconst __func__.29708. > This is often because clk_gate lacks a __initconst > annotation or the annotation of __func__.29708 is wrong. Thanks for the report, it will be fixed in the next grsec patch. -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, 12 Jan 2017 15:40:41 -0800 Kees Cook wrote: > WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > reference from the function clk_gate() to the variable > .init.rodata.str:__func__.29708 > The function clk_gate() references > the variable __initconst __func__.29708. > This is often because clk_gate lacks a __initconst > annotation or the annotation of __func__.29708 is wrong. Thanks for the report, it will be fixed in the next grsec patch. -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Jan 17, 2017 at 12:31 PM, Emese Revfywrote: > On Thu, 12 Jan 2017 15:40:41 -0800 > Kees Cook wrote: > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in >> reference from the function clk_gate() to the variable >> .init.rodata.str:__func__.29708 >> The function clk_gate() references >> the variable __initconst __func__.29708. >> This is often because clk_gate lacks a __initconst >> annotation or the annotation of __func__.29708 is wrong. >> >> I used my initify v5 development tree, with the following patch, with >> "make allyesconfig": >> >> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify > > Hi, > > I can't reproduce this mismatch with allyesconfig. Could you please send me > your .config? Sure, attached. (Though note this requires the patch from my earlier email to allow allyesconfig to work with the plugins.) -Kees -- Kees Cook Nexus Security .config.gz Description: application/gzip
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Jan 17, 2017 at 12:31 PM, Emese Revfy wrote: > On Thu, 12 Jan 2017 15:40:41 -0800 > Kees Cook wrote: > >> WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in >> reference from the function clk_gate() to the variable >> .init.rodata.str:__func__.29708 >> The function clk_gate() references >> the variable __initconst __func__.29708. >> This is often because clk_gate lacks a __initconst >> annotation or the annotation of __func__.29708 is wrong. >> >> I used my initify v5 development tree, with the following patch, with >> "make allyesconfig": >> >> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify > > Hi, > > I can't reproduce this mismatch with allyesconfig. Could you please send me > your .config? Sure, attached. (Though note this requires the patch from my earlier email to allow allyesconfig to work with the plugins.) -Kees -- Kees Cook Nexus Security .config.gz Description: application/gzip
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, 12 Jan 2017 15:40:41 -0800 Kees Cookwrote: > WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > reference from the function clk_gate() to the variable > .init.rodata.str:__func__.29708 > The function clk_gate() references > the variable __initconst __func__.29708. > This is often because clk_gate lacks a __initconst > annotation or the annotation of __func__.29708 is wrong. > > I used my initify v5 development tree, with the following patch, with > "make allyesconfig": > > http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify Hi, I can't reproduce this mismatch with allyesconfig. Could you please send me your .config? -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, 12 Jan 2017 15:40:41 -0800 Kees Cook wrote: > WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in > reference from the function clk_gate() to the variable > .init.rodata.str:__func__.29708 > The function clk_gate() references > the variable __initconst __func__.29708. > This is often because clk_gate lacks a __initconst > annotation or the annotation of __func__.29708 is wrong. > > I used my initify v5 development tree, with the following patch, with > "make allyesconfig": > > http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify Hi, I can't reproduce this mismatch with allyesconfig. Could you please send me your .config? -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, Jan 12, 2017 at 3:27 PM, Kees Cookwrote: > On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy wrote: >> On Tue, 10 Jan 2017 17:09:31 -0800 >> Kees Cook wrote: >> >>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from >>> the function rebind_subsystems() to the variable >>> .init.rodata.str:__func__.4400 >>> The function rebind_subsystems() references >>> the variable __initconst __func__.4400. >>> This is often because rebind_subsystems lacks a __initconst >>> annotation or the annotation of __func__.4400 is wrong. >> >> Thanks for the report, you can find the fix here: >> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 > > Awesome! I can confirm, it builds without warnings now. Thanks! Hm, actually, with an "allyesconfig" build, I'm still seeing warnings (and possibly some nocapture verification failures). Most look like this: WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in reference from the function clk_gate() to the variable .init.rodata.str:__func__.29708 The function clk_gate() references the variable __initconst __func__.29708. This is often because clk_gate lacks a __initconst annotation or the annotation of __func__.29708 is wrong. And there's this (should KASAN be disabled for initify?) mm/kasan/kasan.c: In function ‘memmove’: mm/kasan/kasan.c:346:7: warning: ‘memmove’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memmove(void *dest, const void *src, size_t len) ^ mm/kasan/kasan.c: In function ‘memcpy’: mm/kasan/kasan.c:355:7: warning: ‘memcpy’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memcpy(void *dest, const void *src, size_t len) ^ And ACPI: drivers/acpi/acpica/utdebug.c: In function ‘acpi_debug_print’: drivers/acpi/acpica/utdebug.c:158:1: warning: ‘acpi_debug_print’ captures its 3 (‘function_name’) parameter, please remove it from the nocapture attribute. acpi_debug_print(u32 requested_debug_level, ^ I used my initify v5 development tree, with the following patch, with "make allyesconfig": http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify diff --git a/arch/Kconfig b/arch/Kconfig index b6009a21ebea..5693ef5f22c8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -359,7 +359,6 @@ config HAVE_GCC_PLUGINS menuconfig GCC_PLUGINS bool "GCC plugins" depends on HAVE_GCC_PLUGINS - depends on !COMPILE_TEST help GCC plugins are loadable modules that provide extra features to the compiler. They are useful for runtime instrumentation and static analysis. @@ -429,6 +428,7 @@ config GCC_PLUGIN_INITIFY config GCC_PLUGIN_INITIFY_VERBOSE bool "Report initification" depends on GCC_PLUGIN_INITIFY + depends on !COMPILE_TEST help Print all initified strings and all functions which should be __init/__exit. I'll see if acpi needs __noverified_nocapture ... -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, Jan 12, 2017 at 3:27 PM, Kees Cook wrote: > On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy wrote: >> On Tue, 10 Jan 2017 17:09:31 -0800 >> Kees Cook wrote: >> >>> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from >>> the function rebind_subsystems() to the variable >>> .init.rodata.str:__func__.4400 >>> The function rebind_subsystems() references >>> the variable __initconst __func__.4400. >>> This is often because rebind_subsystems lacks a __initconst >>> annotation or the annotation of __func__.4400 is wrong. >> >> Thanks for the report, you can find the fix here: >> https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 > > Awesome! I can confirm, it builds without warnings now. Thanks! Hm, actually, with an "allyesconfig" build, I'm still seeing warnings (and possibly some nocapture verification failures). Most look like this: WARNING: drivers/clk/bcm/built-in.o(.text+0xec2): Section mismatch in reference from the function clk_gate() to the variable .init.rodata.str:__func__.29708 The function clk_gate() references the variable __initconst __func__.29708. This is often because clk_gate lacks a __initconst annotation or the annotation of __func__.29708 is wrong. And there's this (should KASAN be disabled for initify?) mm/kasan/kasan.c: In function ‘memmove’: mm/kasan/kasan.c:346:7: warning: ‘memmove’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memmove(void *dest, const void *src, size_t len) ^ mm/kasan/kasan.c: In function ‘memcpy’: mm/kasan/kasan.c:355:7: warning: ‘memcpy’ captures its 2 (‘src’) parameter, please remove it from the nocapture attribute. void *memcpy(void *dest, const void *src, size_t len) ^ And ACPI: drivers/acpi/acpica/utdebug.c: In function ‘acpi_debug_print’: drivers/acpi/acpica/utdebug.c:158:1: warning: ‘acpi_debug_print’ captures its 3 (‘function_name’) parameter, please remove it from the nocapture attribute. acpi_debug_print(u32 requested_debug_level, ^ I used my initify v5 development tree, with the following patch, with "make allyesconfig": http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=for-next/gcc-plugin/initify diff --git a/arch/Kconfig b/arch/Kconfig index b6009a21ebea..5693ef5f22c8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -359,7 +359,6 @@ config HAVE_GCC_PLUGINS menuconfig GCC_PLUGINS bool "GCC plugins" depends on HAVE_GCC_PLUGINS - depends on !COMPILE_TEST help GCC plugins are loadable modules that provide extra features to the compiler. They are useful for runtime instrumentation and static analysis. @@ -429,6 +428,7 @@ config GCC_PLUGIN_INITIFY config GCC_PLUGIN_INITIFY_VERBOSE bool "Report initification" depends on GCC_PLUGIN_INITIFY + depends on !COMPILE_TEST help Print all initified strings and all functions which should be __init/__exit. I'll see if acpi needs __noverified_nocapture ... -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfywrote: > On Tue, 10 Jan 2017 17:09:31 -0800 > Kees Cook wrote: > >> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from >> the function rebind_subsystems() to the variable >> .init.rodata.str:__func__.4400 >> The function rebind_subsystems() references >> the variable __initconst __func__.4400. >> This is often because rebind_subsystems lacks a __initconst >> annotation or the annotation of __func__.4400 is wrong. > > Thanks for the report, you can find the fix here: > https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 Awesome! I can confirm, it builds without warnings now. Thanks! -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Thu, Jan 12, 2017 at 1:41 PM, Emese Revfy wrote: > On Tue, 10 Jan 2017 17:09:31 -0800 > Kees Cook wrote: > >> WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from >> the function rebind_subsystems() to the variable >> .init.rodata.str:__func__.4400 >> The function rebind_subsystems() references >> the variable __initconst __func__.4400. >> This is often because rebind_subsystems lacks a __initconst >> annotation or the annotation of __func__.4400 is wrong. > > Thanks for the report, you can find the fix here: > https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 Awesome! I can confirm, it builds without warnings now. Thanks! -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, 10 Jan 2017 17:09:31 -0800 Kees Cookwrote: > WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from > the function rebind_subsystems() to the variable > .init.rodata.str:__func__.4400 > The function rebind_subsystems() references > the variable __initconst __func__.4400. > This is often because rebind_subsystems lacks a __initconst > annotation or the annotation of __func__.4400 is wrong. Thanks for the report, you can find the fix here: https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, 10 Jan 2017 17:09:31 -0800 Kees Cook wrote: > WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from > the function rebind_subsystems() to the variable > .init.rodata.str:__func__.4400 > The function rebind_subsystems() references > the variable __initconst __func__.4400. > This is often because rebind_subsystems lacks a __initconst > annotation or the annotation of __func__.4400 is wrong. Thanks for the report, you can find the fix here: https://github.com/ephox-gcc-plugins/initify/commit/25f34834e3373e067133bc5d39d42c50a3592d56 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Jan 10, 2017 at 4:24 PM, Emese Revfywrote: > On Tue, 3 Jan 2017 16:23:03 -0800 > Kees Cook wrote: > >> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy wrote: >> > On Fri, 16 Dec 2016 14:19:10 -0800 >> > Kees Cook wrote: >> > >> >> FWIW, it still seems to me that these aren't false positives: >> >> >> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in >> >> reference from the function uncore_pci_exit.part.22() to the function >> >> .init.text:uncore_free_pcibus_map() >> >> The function uncore_pci_exit.part.22() references >> >> the function __init uncore_free_pcibus_map(). >> >> This is often because uncore_pci_exit.part.22 lacks a __init >> >> annotation or the annotation of uncore_free_pcibus_map is wrong. > > Thanks for the report, you can find the fix here: > https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547 Awesome! Thanks, that eliminated almost all of the warnings. I'm still seeing this: WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from the function rebind_subsystems() to the variable .init.rodata.str:__func__.4400 The function rebind_subsystems() references the variable __initconst __func__.4400. This is often because rebind_subsystems lacks a __initconst annotation or the annotation of __func__.4400 is wrong. WARNING: vmlinux.o(.text+0x13789d): Section mismatch in reference from the function register_ftrace_export() to the variable .init.rodata.str:__func__.4251 The function register_ftrace_export() references the variable __initconst __func__.4251. This is often because register_ftrace_export lacks a __initconst annotation or the annotation of __func__.4251 is wrong. WARNING: vmlinux.o(.text+0x139d24): Section mismatch in reference from the function tracepoint_printk_sysctl() to the variable .init.rodata.str:__func__.4251 The function tracepoint_printk_sysctl() references the variable __initconst __func__.4251. This is often because tracepoint_printk_sysctl lacks a __initconst annotation or the annotation of __func__.4251 is wrong. I haven't taken a close look yet, but I assume these are from the const strings in these functions? -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, Jan 10, 2017 at 4:24 PM, Emese Revfy wrote: > On Tue, 3 Jan 2017 16:23:03 -0800 > Kees Cook wrote: > >> On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy wrote: >> > On Fri, 16 Dec 2016 14:19:10 -0800 >> > Kees Cook wrote: >> > >> >> FWIW, it still seems to me that these aren't false positives: >> >> >> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in >> >> reference from the function uncore_pci_exit.part.22() to the function >> >> .init.text:uncore_free_pcibus_map() >> >> The function uncore_pci_exit.part.22() references >> >> the function __init uncore_free_pcibus_map(). >> >> This is often because uncore_pci_exit.part.22 lacks a __init >> >> annotation or the annotation of uncore_free_pcibus_map is wrong. > > Thanks for the report, you can find the fix here: > https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547 Awesome! Thanks, that eliminated almost all of the warnings. I'm still seeing this: WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from the function rebind_subsystems() to the variable .init.rodata.str:__func__.4400 The function rebind_subsystems() references the variable __initconst __func__.4400. This is often because rebind_subsystems lacks a __initconst annotation or the annotation of __func__.4400 is wrong. WARNING: vmlinux.o(.text+0x13789d): Section mismatch in reference from the function register_ftrace_export() to the variable .init.rodata.str:__func__.4251 The function register_ftrace_export() references the variable __initconst __func__.4251. This is often because register_ftrace_export lacks a __initconst annotation or the annotation of __func__.4251 is wrong. WARNING: vmlinux.o(.text+0x139d24): Section mismatch in reference from the function tracepoint_printk_sysctl() to the variable .init.rodata.str:__func__.4251 The function tracepoint_printk_sysctl() references the variable __initconst __func__.4251. This is often because tracepoint_printk_sysctl lacks a __initconst annotation or the annotation of __func__.4251 is wrong. I haven't taken a close look yet, but I assume these are from the const strings in these functions? -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, 3 Jan 2017 16:23:03 -0800 Kees Cookwrote: > On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy wrote: > > On Fri, 16 Dec 2016 14:19:10 -0800 > > Kees Cook wrote: > > > >> FWIW, it still seems to me that these aren't false positives: > >> > >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in > >> reference from the function uncore_pci_exit.part.22() to the function > >> .init.text:uncore_free_pcibus_map() > >> The function uncore_pci_exit.part.22() references > >> the function __init uncore_free_pcibus_map(). > >> This is often because uncore_pci_exit.part.22 lacks a __init > >> annotation or the annotation of uncore_free_pcibus_map is wrong. Thanks for the report, you can find the fix here: https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Tue, 3 Jan 2017 16:23:03 -0800 Kees Cook wrote: > On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy wrote: > > On Fri, 16 Dec 2016 14:19:10 -0800 > > Kees Cook wrote: > > > >> FWIW, it still seems to me that these aren't false positives: > >> > >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in > >> reference from the function uncore_pci_exit.part.22() to the function > >> .init.text:uncore_free_pcibus_map() > >> The function uncore_pci_exit.part.22() references > >> the function __init uncore_free_pcibus_map(). > >> This is often because uncore_pci_exit.part.22 lacks a __init > >> annotation or the annotation of uncore_free_pcibus_map is wrong. Thanks for the report, you can find the fix here: https://github.com/ephox-gcc-plugins/initify/commit/5d93a54badd9751b79ef67ce8a8b4081fea37547 -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfywrote: > On Fri, 16 Dec 2016 14:19:10 -0800 > Kees Cook wrote: > >> FWIW, it still seems to me that these aren't false positives: >> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in >> reference from the function uncore_pci_exit.part.22() to the function >> .init.text:uncore_free_pcibus_map() >> The function uncore_pci_exit.part.22() references >> the function __init uncore_free_pcibus_map(). >> This is often because uncore_pci_exit.part.22 lacks a __init >> annotation or the annotation of uncore_free_pcibus_map is wrong. > > Hi, > > I can't reproduce this section mismatch. Could you please send me your > .config? Attached. > Which gcc version did you use? gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609 > I used this tree: > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4 Yup, that's what I was building from. -Kees -- Kees Cook Nexus Security .config.gz Description: application/gzip
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Mon, Dec 19, 2016 at 3:10 AM, Emese Revfy wrote: > On Fri, 16 Dec 2016 14:19:10 -0800 > Kees Cook wrote: > >> FWIW, it still seems to me that these aren't false positives: >> >> WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in >> reference from the function uncore_pci_exit.part.22() to the function >> .init.text:uncore_free_pcibus_map() >> The function uncore_pci_exit.part.22() references >> the function __init uncore_free_pcibus_map(). >> This is often because uncore_pci_exit.part.22 lacks a __init >> annotation or the annotation of uncore_free_pcibus_map is wrong. > > Hi, > > I can't reproduce this section mismatch. Could you please send me your > .config? Attached. > Which gcc version did you use? gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609 > I used this tree: > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4 Yup, that's what I was building from. -Kees -- Kees Cook Nexus Security .config.gz Description: application/gzip
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Mon, Dec 19, 2016 at 10:24 AM, Laura Abbottwrote: > I gave this a spin on arm64 and it seems to boot up and run okay > with just the "select HAVE_GCC_PLUGIN_INITIFY_INIT_EXIT if GCC_PLUGINS" > added for arm64. The patches could probably use more review but > I think it would be good to just fold this in for arm64 for ease of > testing. Thanks! I've added this to arm64 for a v5 soon. -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Mon, Dec 19, 2016 at 10:24 AM, Laura Abbott wrote: > I gave this a spin on arm64 and it seems to boot up and run okay > with just the "select HAVE_GCC_PLUGIN_INITIFY_INIT_EXIT if GCC_PLUGINS" > added for arm64. The patches could probably use more review but > I think it would be good to just fold this in for arm64 for ease of > testing. Thanks! I've added this to arm64 for a v5 soon. -Kees -- Kees Cook Nexus Security
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On 12/16/2016 02:06 PM, Kees Cook wrote: > Hi, > > This is a continuation of Emese Revfy's initify plugin upstreaming. This > is based on her v3, but updated with various fixes from her github tree. > Additionally, I split off the printf attribute fixes and sent those > separately. > > This is the initify gcc plugin. The kernel already has a mechanism to > free up code and data memory that is only used during kernel or module > initialization. This plugin will teach the compiler to find more such > code and data that can be freed after initialization. It reduces memory > usage. The initify gcc plugin can be useful for embedded systems. > > Originally it was a CII project supported by the Linux Foundation. > > This plugin is the part of grsecurity/PaX. > > The plugin supports all gcc versions from 4.5 to 7.0. > > Changes on top of the PaX version (since March 6.). These are the important > ones: > * move all local strings to init.rodata.str and exit.rodata.str >(not just __func__) > * report all initified strings and functions >(GCC_PLUGIN_INITIFY_VERBOSE config option) > * automatically discover init/exit functions and apply the __init or >__exit attributes on them > > You can find more about the changes here: > https://github.com/ephox-gcc-plugins/initify > > This patch set is based on v4.9-rc2. > > Some build statistics about the plugin: > > On allyes config (amd64, gcc-6): > * 8412 initified strings > * 167 initified functions > > On allmod config (i386, gcc-6): > * 8597 initified strings > * 159 initified functions > > On allyes config (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 > .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 > .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 > .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 > .exit.data 104 (0x68) 17760 (0x004560) +17656 > .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 > 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > > On defconfig (amd64, gcc-6): > * 1957 initified strings > * 29 initified functions > > On defconfig (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 > .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 > .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 > .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 > .exit.data0 832 (0x000340)+832 > .exit.text 8857 (0x002299) 8857 (0x002299) 0 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 > 03 2203648 (0x21a000) 2293760 (0x23) +90112 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > One thing of note is that this plugin triggers false positive warnings > from the modpost section mismatch detector. Further work is needed to > deal with this. > > > Changed from v3: > * Refresh from Emese's latest version. > > Changed from v2: > * Check all uses when walking a use-def chain. > * Check all uses of initialized local variables and initify them if they >have only nocapture uses. Previously only uses in call arguments >determined whether the initializer value could be initified. > * Handle the format gcc attribute from the plugin too. > * Verify nocapture parameters of calls. Track uses of these parameters >and verify that all uses are not captured.
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On 12/16/2016 02:06 PM, Kees Cook wrote: > Hi, > > This is a continuation of Emese Revfy's initify plugin upstreaming. This > is based on her v3, but updated with various fixes from her github tree. > Additionally, I split off the printf attribute fixes and sent those > separately. > > This is the initify gcc plugin. The kernel already has a mechanism to > free up code and data memory that is only used during kernel or module > initialization. This plugin will teach the compiler to find more such > code and data that can be freed after initialization. It reduces memory > usage. The initify gcc plugin can be useful for embedded systems. > > Originally it was a CII project supported by the Linux Foundation. > > This plugin is the part of grsecurity/PaX. > > The plugin supports all gcc versions from 4.5 to 7.0. > > Changes on top of the PaX version (since March 6.). These are the important > ones: > * move all local strings to init.rodata.str and exit.rodata.str >(not just __func__) > * report all initified strings and functions >(GCC_PLUGIN_INITIFY_VERBOSE config option) > * automatically discover init/exit functions and apply the __init or >__exit attributes on them > > You can find more about the changes here: > https://github.com/ephox-gcc-plugins/initify > > This patch set is based on v4.9-rc2. > > Some build statistics about the plugin: > > On allyes config (amd64, gcc-6): > * 8412 initified strings > * 167 initified functions > > On allmod config (i386, gcc-6): > * 8597 initified strings > * 159 initified functions > > On allyes config (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 > .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 > .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 > .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 > .exit.data 104 (0x68) 17760 (0x004560) +17656 > .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 > 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > > On defconfig (amd64, gcc-6): > * 1957 initified strings > * 29 initified functions > > On defconfig (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 > .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 > .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 > .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 > .exit.data0 832 (0x000340)+832 > .exit.text 8857 (0x002299) 8857 (0x002299) 0 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 > 03 2203648 (0x21a000) 2293760 (0x23) +90112 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > One thing of note is that this plugin triggers false positive warnings > from the modpost section mismatch detector. Further work is needed to > deal with this. > > > Changed from v3: > * Refresh from Emese's latest version. > > Changed from v2: > * Check all uses when walking a use-def chain. > * Check all uses of initialized local variables and initify them if they >have only nocapture uses. Previously only uses in call arguments >determined whether the initializer value could be initified. > * Handle the format gcc attribute from the plugin too. > * Verify nocapture parameters of calls. Track uses of these parameters >and verify that all uses are not captured.
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Fri, 16 Dec 2016 14:19:10 -0800 Kees Cookwrote: > FWIW, it still seems to me that these aren't false positives: > > WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in > reference from the function uncore_pci_exit.part.22() to the function > .init.text:uncore_free_pcibus_map() > The function uncore_pci_exit.part.22() references > the function __init uncore_free_pcibus_map(). > This is often because uncore_pci_exit.part.22 lacks a __init > annotation or the annotation of uncore_free_pcibus_map is wrong. Hi, I can't reproduce this section mismatch. Could you please send me your .config? Which gcc version did you use? I used this tree: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4 Thanks -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Fri, 16 Dec 2016 14:19:10 -0800 Kees Cook wrote: > FWIW, it still seems to me that these aren't false positives: > > WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in > reference from the function uncore_pci_exit.part.22() to the function > .init.text:uncore_free_pcibus_map() > The function uncore_pci_exit.part.22() references > the function __init uncore_free_pcibus_map(). > This is often because uncore_pci_exit.part.22 lacks a __init > annotation or the annotation of uncore_free_pcibus_map is wrong. Hi, I can't reproduce this section mismatch. Could you please send me your .config? Which gcc version did you use? I used this tree: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git initify-v4 Thanks -- Emese
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Fri, Dec 16, 2016 at 2:06 PM, Kees Cookwrote: > Hi, > > This is a continuation of Emese Revfy's initify plugin upstreaming. This > is based on her v3, but updated with various fixes from her github tree. > Additionally, I split off the printf attribute fixes and sent those > separately. > > This is the initify gcc plugin. The kernel already has a mechanism to > free up code and data memory that is only used during kernel or module > initialization. This plugin will teach the compiler to find more such > code and data that can be freed after initialization. It reduces memory > usage. The initify gcc plugin can be useful for embedded systems. > > Originally it was a CII project supported by the Linux Foundation. > > This plugin is the part of grsecurity/PaX. > > The plugin supports all gcc versions from 4.5 to 7.0. > > Changes on top of the PaX version (since March 6.). These are the important > ones: > * move all local strings to init.rodata.str and exit.rodata.str >(not just __func__) > * report all initified strings and functions >(GCC_PLUGIN_INITIFY_VERBOSE config option) > * automatically discover init/exit functions and apply the __init or >__exit attributes on them > > You can find more about the changes here: > https://github.com/ephox-gcc-plugins/initify > > This patch set is based on v4.9-rc2. > > Some build statistics about the plugin: > > On allyes config (amd64, gcc-6): > * 8412 initified strings > * 167 initified functions > > On allmod config (i386, gcc-6): > * 8597 initified strings > * 159 initified functions > > On allyes config (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 > .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 > .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 > .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 > .exit.data 104 (0x68) 17760 (0x004560) +17656 > .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 > 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > > On defconfig (amd64, gcc-6): > * 1957 initified strings > * 29 initified functions > > On defconfig (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 > .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 > .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 > .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 > .exit.data0 832 (0x000340)+832 > .exit.text 8857 (0x002299) 8857 (0x002299) 0 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 > 03 2203648 (0x21a000) 2293760 (0x23) +90112 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > One thing of note is that this plugin triggers false positive warnings > from the modpost section mismatch detector. Further work is needed to > deal with this. FWIW, it still seems to me that these aren't false positives: WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in reference from the function uncore_pci_exit.part.22() to the function .init.text:uncore_free_pcibus_map() The function uncore_pci_exit.part.22() references the function __init uncore_free_pcibus_map(). This is often because uncore_pci_exit.part.22 lacks a __init annotation or the annotation of uncore_free_pcibus_map is wrong. This is complaining about arch/x86/events/intel/uncore.c: __init
Re: [PATCH v4 0/4] Introduce the initify gcc plugin
On Fri, Dec 16, 2016 at 2:06 PM, Kees Cook wrote: > Hi, > > This is a continuation of Emese Revfy's initify plugin upstreaming. This > is based on her v3, but updated with various fixes from her github tree. > Additionally, I split off the printf attribute fixes and sent those > separately. > > This is the initify gcc plugin. The kernel already has a mechanism to > free up code and data memory that is only used during kernel or module > initialization. This plugin will teach the compiler to find more such > code and data that can be freed after initialization. It reduces memory > usage. The initify gcc plugin can be useful for embedded systems. > > Originally it was a CII project supported by the Linux Foundation. > > This plugin is the part of grsecurity/PaX. > > The plugin supports all gcc versions from 4.5 to 7.0. > > Changes on top of the PaX version (since March 6.). These are the important > ones: > * move all local strings to init.rodata.str and exit.rodata.str >(not just __func__) > * report all initified strings and functions >(GCC_PLUGIN_INITIFY_VERBOSE config option) > * automatically discover init/exit functions and apply the __init or >__exit attributes on them > > You can find more about the changes here: > https://github.com/ephox-gcc-plugins/initify > > This patch set is based on v4.9-rc2. > > Some build statistics about the plugin: > > On allyes config (amd64, gcc-6): > * 8412 initified strings > * 167 initified functions > > On allmod config (i386, gcc-6): > * 8597 initified strings > * 159 initified functions > > On allyes config (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 > .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 > .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 > .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 > .exit.data 104 (0x68) 17760 (0x004560) +17656 > .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 > 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > > On defconfig (amd64, gcc-6): > * 1957 initified strings > * 29 initified functions > > On defconfig (amd64, gcc-6): > > section vanilla vanilla + initifychange > --- > .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 > .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 > .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 > .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 > .exit.data0 832 (0x000340)+832 > .exit.text 8857 (0x002299) 8857 (0x002299) 0 > > FileSiz (vanilla) FileSiz (vanilla + initify) change > > 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 > 03 2203648 (0x21a000) 2293760 (0x23) +90112 > > 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw >.tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata >__param __modver > 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init >.parainstructions .altinstructions .altinstr_replacement >.iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk > > One thing of note is that this plugin triggers false positive warnings > from the modpost section mismatch detector. Further work is needed to > deal with this. FWIW, it still seems to me that these aren't false positives: WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in reference from the function uncore_pci_exit.part.22() to the function .init.text:uncore_free_pcibus_map() The function uncore_pci_exit.part.22() references the function __init uncore_free_pcibus_map(). This is often because uncore_pci_exit.part.22 lacks a __init annotation or the annotation of uncore_free_pcibus_map is wrong. This is complaining about arch/x86/events/intel/uncore.c: __init intel_uncore_init() calls
[PATCH v4 0/4] Introduce the initify gcc plugin
Hi, This is a continuation of Emese Revfy's initify plugin upstreaming. This is based on her v3, but updated with various fixes from her github tree. Additionally, I split off the printf attribute fixes and sent those separately. This is the initify gcc plugin. The kernel already has a mechanism to free up code and data memory that is only used during kernel or module initialization. This plugin will teach the compiler to find more such code and data that can be freed after initialization. It reduces memory usage. The initify gcc plugin can be useful for embedded systems. Originally it was a CII project supported by the Linux Foundation. This plugin is the part of grsecurity/PaX. The plugin supports all gcc versions from 4.5 to 7.0. Changes on top of the PaX version (since March 6.). These are the important ones: * move all local strings to init.rodata.str and exit.rodata.str (not just __func__) * report all initified strings and functions (GCC_PLUGIN_INITIFY_VERBOSE config option) * automatically discover init/exit functions and apply the __init or __exit attributes on them You can find more about the changes here: https://github.com/ephox-gcc-plugins/initify This patch set is based on v4.9-rc2. Some build statistics about the plugin: On allyes config (amd64, gcc-6): * 8412 initified strings * 167 initified functions On allmod config (i386, gcc-6): * 8597 initified strings * 159 initified functions On allyes config (amd64, gcc-6): section vanilla vanilla + initifychange --- .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 .exit.data 104 (0x68) 17760 (0x004560) +17656 .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 FileSiz (vanilla) FileSiz (vanilla + initify) change 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata __param __modver 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init .parainstructions .altinstructions .altinstr_replacement .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk On defconfig (amd64, gcc-6): * 1957 initified strings * 29 initified functions On defconfig (amd64, gcc-6): section vanilla vanilla + initifychange --- .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 .exit.data0 832 (0x000340)+832 .exit.text 8857 (0x002299) 8857 (0x002299) 0 FileSiz (vanilla) FileSiz (vanilla + initify) change 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 03 2203648 (0x21a000) 2293760 (0x23) +90112 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata __param __modver 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init .parainstructions .altinstructions .altinstr_replacement .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk One thing of note is that this plugin triggers false positive warnings from the modpost section mismatch detector. Further work is needed to deal with this. Changed from v3: * Refresh from Emese's latest version. Changed from v2: * Check all uses when walking a use-def chain. * Check all uses of initialized local variables and initify them if they have only nocapture uses. Previously only uses in call arguments determined whether the initializer value could be initified. * Handle the format gcc attribute from the plugin too. * Verify nocapture parameters of calls. Track uses of these parameters and verify that all uses are not captured. Verify only the nocapture attribute (The format attribute should be verified too.). * Fixed wrong indexing of function arguments. * Fixed decl comparison. When comparing two decls the tree codes must be the same. * Search capture uses of the return value.
[PATCH v4 0/4] Introduce the initify gcc plugin
Hi, This is a continuation of Emese Revfy's initify plugin upstreaming. This is based on her v3, but updated with various fixes from her github tree. Additionally, I split off the printf attribute fixes and sent those separately. This is the initify gcc plugin. The kernel already has a mechanism to free up code and data memory that is only used during kernel or module initialization. This plugin will teach the compiler to find more such code and data that can be freed after initialization. It reduces memory usage. The initify gcc plugin can be useful for embedded systems. Originally it was a CII project supported by the Linux Foundation. This plugin is the part of grsecurity/PaX. The plugin supports all gcc versions from 4.5 to 7.0. Changes on top of the PaX version (since March 6.). These are the important ones: * move all local strings to init.rodata.str and exit.rodata.str (not just __func__) * report all initified strings and functions (GCC_PLUGIN_INITIFY_VERBOSE config option) * automatically discover init/exit functions and apply the __init or __exit attributes on them You can find more about the changes here: https://github.com/ephox-gcc-plugins/initify This patch set is based on v4.9-rc2. Some build statistics about the plugin: On allyes config (amd64, gcc-6): * 8412 initified strings * 167 initified functions On allmod config (i386, gcc-6): * 8597 initified strings * 159 initified functions On allyes config (amd64, gcc-6): section vanilla vanilla + initifychange --- .rodata 21746728 (0x14bd428)21488680 (0x147e428)-258048 .init.data 1338376 (0x146c08) 1683016 (0x19ae48)+344640 .text 78270904 (0x4aa51b8)78228280 (0x4a9ab38) -42624 .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532 .exit.data 104 (0x68) 17760 (0x004560) +17656 .exit.text174473 (0x02a989) 175763 (0x02ae93) +1290 FileSiz (vanilla) FileSiz (vanilla + initify) change 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048 03 28680192 (0x1b5a000)29081600 (0x1bbc000) +401408 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata __param __modver 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init .parainstructions .altinstructions .altinstr_replacement .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk On defconfig (amd64, gcc-6): * 1957 initified strings * 29 initified functions On defconfig (amd64, gcc-6): section vanilla vanilla + initifychange --- .rodata 2524240 (0x268450) 2462800 (0x259450) -61440 .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744 .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288 .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242 .exit.data0 832 (0x000340)+832 .exit.text 8857 (0x002299) 8857 (0x002299) 0 FileSiz (vanilla) FileSiz (vanilla + initify) change 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440 03 2203648 (0x21a000) 2293760 (0x23) +90112 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata __param __modver 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init .parainstructions .altinstructions .altinstr_replacement .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk One thing of note is that this plugin triggers false positive warnings from the modpost section mismatch detector. Further work is needed to deal with this. Changed from v3: * Refresh from Emese's latest version. Changed from v2: * Check all uses when walking a use-def chain. * Check all uses of initialized local variables and initify them if they have only nocapture uses. Previously only uses in call arguments determined whether the initializer value could be initified. * Handle the format gcc attribute from the plugin too. * Verify nocapture parameters of calls. Track uses of these parameters and verify that all uses are not captured. Verify only the nocapture attribute (The format attribute should be verified too.). * Fixed wrong indexing of function arguments. * Fixed decl comparison. When comparing two decls the tree codes must be the same. * Search capture uses of the return value.