BFD linker can't output .note.GNU-stack section which leads to executable stack #259
Comments
rodionov
pushed a commit
to rodionov/lkl
that referenced
this issue
Jan 2, 2025
Add a new test case which performs double query of the bpf_mprog through libbpf API, but also via raw bpf(2) syscall. This is testing to gather first the count and then in a subsequent probe the full information with the program array without clearing passed structs in between. # ./vmtest.sh -- ./test_progs -t tc_opts [...] ./test_progs -t tc_opts [ 1.398818] tsc: Refined TSC clocksource calibration: 3407.999 MHz [ 1.400263] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fd336761, max_idle_ns: 440795243819 ns [ 1.402734] clocksource: Switched to clocksource tsc [ 1.426639] bpf_testmod: loading out-of-tree module taints kernel. [ 1.428112] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel lkl#252 tc_opts_after:OK lkl#253 tc_opts_append:OK lkl#254 tc_opts_basic:OK lkl#255 tc_opts_before:OK lkl#256 tc_opts_chain_classic:OK lkl#257 tc_opts_chain_mixed:OK lkl#258 tc_opts_delete_empty:OK lkl#259 tc_opts_demixed:OK lkl#260 tc_opts_detach:OK lkl#261 tc_opts_detach_after:OK lkl#262 tc_opts_detach_before:OK lkl#263 tc_opts_dev_cleanup:OK lkl#264 tc_opts_invalid:OK lkl#265 tc_opts_max:OK lkl#266 tc_opts_mixed:OK lkl#267 tc_opts_prepend:OK lkl#268 tc_opts_query:OK <--- (new test) lkl#269 tc_opts_replace:OK lkl#270 tc_opts_revision:OK Summary: 19/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20231006220655.1653-4-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
rodionov
pushed a commit
to rodionov/lkl
that referenced
this issue
Jan 2, 2025
Add a new test case to query on an empty bpf_mprog and pass the revision directly into expected_revision for attachment to assert that this does succeed. ./test_progs -t tc_opts [ 1.406778] tsc: Refined TSC clocksource calibration: 3407.990 MHz [ 1.408863] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fcaf6eb0, max_idle_ns: 440795321766 ns [ 1.412419] clocksource: Switched to clocksource tsc [ 1.428671] bpf_testmod: loading out-of-tree module taints kernel. [ 1.430260] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel lkl#252 tc_opts_after:OK lkl#253 tc_opts_append:OK lkl#254 tc_opts_basic:OK lkl#255 tc_opts_before:OK lkl#256 tc_opts_chain_classic:OK lkl#257 tc_opts_chain_mixed:OK lkl#258 tc_opts_delete_empty:OK lkl#259 tc_opts_demixed:OK lkl#260 tc_opts_detach:OK lkl#261 tc_opts_detach_after:OK lkl#262 tc_opts_detach_before:OK lkl#263 tc_opts_dev_cleanup:OK lkl#264 tc_opts_invalid:OK lkl#265 tc_opts_max:OK lkl#266 tc_opts_mixed:OK lkl#267 tc_opts_prepend:OK lkl#268 tc_opts_query:OK lkl#269 tc_opts_query_attach:OK <--- (new test) lkl#270 tc_opts_replace:OK lkl#271 tc_opts_revision:OK Summary: 20/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20231006220655.1653-6-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To reproduce:
apply patch:
$ cd tools/lkl
$ ls -al `which ld`
/usr/bin/ld -> ld.bfd
$ make clean && make -j
$ readelf -S ../../vmlinux | grep GNU-stack
// nothing
Interestingly, the ld.gold works:
$ make -j LD=ld.gold
$ readelf -S ../../vmlinux | grep GNU-stack
[40] .note.GNU-stack PROGBITS 0000000000000000 024a73b0
Even before patching, ld.gold can output .note.GNU-stack with X (executable) flag as expected.
As a library, it's a common requirement that the stack is not executable. In my case, I can't use ld.gold due to some other bugs in gold. I'm reluctant to think it's a bug in BFD linker. Posting here to see if there is any switch I'm missing.
The text was updated successfully, but these errors were encountered: