From nobody Fri Dec 19 07:19:55 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10D6B2236E5; Tue, 16 Dec 2025 21:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; cv=none; b=j6RbQBJPIrlK5FRD/Cmcsb52FUnT4GmbGxpH4FSMWPM8Yb1AnqbtCsEmh+a4+IQHwygJTk3BG1y9ivzKQi3v+IMhKcM1Zqk5USzm1rwsI43PnTFF/V/gXq/SVPUrfdTtQh/MxtsEN6LkRfYKzaqKCPTVpb3bYkoLam/KPMMAcGY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; c=relaxed/simple; bh=AkKQ2tZklkT/DL1C8Cmil8i1aOc7CgePsBkRk80OoYs=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EgMQvMWzg/pjT/1QBzSuwicUE05/eHexgeb6bOh3AGqtR5dXCxnFv6UT2LnDdoXssd6/myTjnPz/k/NFs3uYgHjn0/vQQpNsqeBplA1lbNdm4cSYwhR1Fn5ZLFzQJVFvXk4OXV+IF4FFGPFpxx+sMfTrN1Vm+OYQFwUks0ts/rM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=GpfvH0IM; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="GpfvH0IM" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC262563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:26 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC262563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920388; bh=h6JrzHOOAMme4MQvq7kaYnijp0CWQPH74cgg8oIQDMc=; h=From:To:Subject:Date:In-Reply-To:References:From; b=GpfvH0IMUuf7A/nYM5NS7m4EL2/7SY5jNrD8tA5DahEY5Hz4XpXAhQ+yqY2hISAAr E/ONMQNi4KZLmVv3vCkTrnF/cUgwYs3jZW9oAJnhc1uJvusB8sxg0LQSQTdNMnwOMC 0D4RtESUpg9Nk9sKY7NEBMSXt55AldwD8XpqON4hOxyIBPZX1DM3vaFKivszgobsbr V9CaZZ9CKAaHtYC3FxpKG33U33gxYveC04TqFiRk8Wy4ncdaC59Gx8fYrEUBob6fyP N5wj2G/JXAfF9aWElwsPtHx9MFSrZ1pPfyyhCfvRGQ9KBjRfayjbx0aLcPkDzBiO7b JWM7IEqSuotbg== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 07/10] x86/entry/vdso: include GNU_PROPERTY and GNU_STACK PHDRs Date: Tue, 16 Dec 2025 13:26:01 -0800 Message-ID: <20251216212606.1325678-8-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently the vdso doesn't include .note.gnu.property or a GNU noexec stack annotation (the -z noexecstack in the linker script is ineffective because we specify PHDRs explicitly.) The motivation is that the dynamic linker currently do not check these. However, this is a weak excuse: the vdso*.so are also supposed to be usable at link libraries, and there is no reason why the dynamic linker might not want or need to check these in the future, so add them back in -- it is trivial enough. Use symbolic constants for the PHDR permission flags. [ v4: drop unrelated formatting changes ] Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/common/vdso-layout.lds.S | 38 ++++++++++++-------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/arch/x86/entry/vdso/common/vdso-layout.lds.S b/arch/x86/entry/= vdso/common/vdso-layout.lds.S index ec1ac191a057..a1e30be3e83d 100644 --- a/arch/x86/entry/vdso/common/vdso-layout.lds.S +++ b/arch/x86/entry/vdso/common/vdso-layout.lds.S @@ -47,18 +47,18 @@ SECTIONS *(.gnu.linkonce.b.*) } :text =20 - /* - * Discard .note.gnu.property sections which are unused and have - * different alignment requirement from vDSO note sections. - */ - /DISCARD/ : { + .note.gnu.property : { *(.note.gnu.property) - } - .note : { *(.note.*) } :text :note - - .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr - .eh_frame : { KEEP (*(.eh_frame)) } :text + } :text :note :gnu_property + .note : { + *(.note*) + } :text :note =20 + .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr + .eh_frame : { + KEEP (*(.eh_frame)) + *(.eh_frame.*) + } :text =20 /* * Text is well-separated from actual data: there's plenty of @@ -87,15 +87,23 @@ SECTIONS * Very old versions of ld do not recognize this name token; use the const= ant. */ #define PT_GNU_EH_FRAME 0x6474e550 +#define PT_GNU_STACK 0x6474e551 +#define PT_GNU_PROPERTY 0x6474e553 =20 /* * We must supply the ELF program headers explicitly to get just one * PT_LOAD segment, and set the flags explicitly to make segments read-onl= y. - */ +*/ +#define PF_R FLAGS(4) +#define PF_RW FLAGS(6) +#define PF_RX FLAGS(5) + PHDRS { - text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */ - dynamic PT_DYNAMIC FLAGS(4); /* PF_R */ - note PT_NOTE FLAGS(4); /* PF_R */ - eh_frame_hdr PT_GNU_EH_FRAME; + text PT_LOAD PF_RX FILEHDR PHDRS; + dynamic PT_DYNAMIC PF_R; + note PT_NOTE PF_R; + eh_frame_hdr PT_GNU_EH_FRAME PF_R; + gnu_stack PT_GNU_STACK PF_RW; + gnu_property PT_GNU_PROPERTY PF_R; } --=20 2.52.0