On Wed, Dec 21, 2022 at 05:31:51PM +0100, Greg Kroah-Hartman wrote:
On Thu, Dec 15, 2022 at 04:18:18PM -0700, Tom Saeger wrote:
Backport of: commit 0d362be5b142 ("Makefile: link with -z noexecstack --no-warn-rwx-segments") breaks arm64 Build ID when CONFIG_MODVERSIONS=y for all kernels from: commit e4484a495586 ("Merge tag 'kbuild-fixes-v5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild") until: commit df202b452fe6 ("Merge tag 'kbuild-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild")
Linus's tree doesn't have this issue since 0d362be5b142 was merged after df202b452fe6 which included: commit 7b4537199a4a ("kbuild: link symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS")
Why can't we add this one instead of a custom change?
I quickly abandoned that route - there are too many dependencies.
This kernel's KBUILD CONFIG_MODVERSIONS tooling compiles and links .S targets with relocatable (-r) and now (-z noexecstack) which results in ld adding a .note.GNU-stack section to .o files. Final linking of vmlinux should add a .NOTES segment containing the Build ID, but does NOT (on some architectures like arm64) if a .note.GNU-stack section is found in .o's supplied during link of vmlinux.
DISCARD .note.GNU-stack sections of .S targets. Final link of vmlinux then properly adds .NOTES segment containing Build ID that can be read using tools like 'readelf -n'.
Fixes: 0d362be5b142 ("Makefile: link with -z noexecstack --no-warn-rwx-segments") Cc: stable@vger.kernel.org # 5.15, 5.10, 5.4 Cc: linux-kbuild@vger.kernel.org Cc: Nick Desaulniers ndesaulniers@google.com Cc: Masahiro Yamada masahiroy@kernel.org Cc: Nicholas Piggin npiggin@gmail.com Cc: Michal Marek michal.lkml@markovi.net Cc: Nathan Chancellor nathan@kernel.org Signed-off-by: Tom Saeger tom.saeger@oracle.com
v2:
- Changed approach to append DISCARD section to generated linker script.
- ld no longer emits warning (which was intent of 0d362b35b142) this addresses Nick's v1 feedback.
- this is applied to all arches, not just arm64
- added commit refs and notes why this doesn't occur in Linus's tree to address Greg's v1 feedback.
- added Fixes: 0d362b35b142 requested by Nick
- added note to changelog for 7b4537199a4a requested by Nick
- build tested on arm64 and x86
version works(vmlinux contains Build ID) v4.14.302 x86, arm64 v4.14.302.patched x86, arm64 v4.19.269 x86, arm64 v4.19.269.patched x86, arm64 v5.4.227 x86 v5.4.227.patched x86, arm64 v5.10.159 x86 v5.10.159.patched x86, arm64 v5.15.83 x86 v5.15.83.patched x86, arm64
v1: https://lore.kernel.org/all/cover.1670358255.git.tom.saeger@oracle.com/
scripts/Makefile.build | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 17aa8ef2d52a..e3939676eeb5 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -379,6 +379,8 @@ cmd_modversions_S = \ if $(OBJDUMP) -h $@ | grep -q __ksymtab; then \ $(call cmd_gensymtypes_S,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) \ > $(@D)/.tmp_$(@F:.o=.ver); \
echo "SECTIONS { /DISCARD/ : { *(.note.GNU-stack) } }" \>> $(@D)/.tmp_$(@F:.o=.ver); \ \base-commit: fd6d66840b4269da4e90e1ea807ae3197433bc66
2.38.1
I need some acks from some developers/maintainers before I can take this... {hint}
thanks,
greg k-h