kvm: Fix stack access mode in KVM test ELF headers

Message ID	20220601141634.1795-1-mdoucha@suse.cz
State	Accepted
Headers	show Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it> From: Martin Doucha <mdoucha@suse.cz> To: ltp@lists.linux.it Date: Wed, 1 Jun 2022 16:16:34 +0200 Message-Id: <20220601141634.1795-1-mdoucha@suse.cz> MIME-Version: 1.0 Subject: [LTP] [PATCH] kvm: Fix stack access mode in KVM test ELF headers Precedence: list Cc: Fabian Vogt <fvogt@suse.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
Series	kvm: Fix stack access mode in KVM test ELF headers \| expand kvm: Fix stack access mode in KVM test ELF headers

Message ID

20220601141634.1795-1-mdoucha@suse.cz

State

Accepted

Headers

From: Martin Doucha <mdoucha@suse.cz>
To: ltp@lists.linux.it
Date: Wed,  1 Jun 2022 16:16:34 +0200
Message-Id: <20220601141634.1795-1-mdoucha@suse.cz>
MIME-Version: 1.0
Subject: [LTP] [PATCH] kvm: Fix stack access mode in KVM test ELF headers
Precedence: list
Cc: Fabian Vogt <fvogt@suse.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Series

kvm: Fix stack access mode in KVM test ELF headers | expand

Commit Message

Martin Doucha June 1, 2022, 2:16 p.m. UTC

When the linker converts guest payload binary into a linkable resource
object file, it somehow defaults to requesting executable stack section
for the final test binary. This trips some build-time security checks
on newer systems. Add explicit linker option to make the stack
non-executable.

Suggested-by: Fabian Vogt <fvogt@suse.com>
Signed-off-by: Martin Doucha <mdoucha@suse.cz>
---

Build tests in GitHub Actions:
https://github.com/mdoucha/ltp/actions/runs/2422115463

 testcases/kernel/kvm/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Petr Vorel June 1, 2022, 2:27 p.m. UTC | #1

Hi Martin, Fabian,

> When the linker converts guest payload binary into a linkable resource
> object file, it somehow defaults to requesting executable stack section
> for the final test binary. This trips some build-time security checks
> on newer systems. Add explicit linker option to make the stack
> non-executable.

LGTM, thanks!

Reviewed-by: Petr Vorel <pvorel@suse.cz>

Kind regards,
Petr

Cyril Hrubis June 2, 2022, 8:35 a.m. UTC | #2

Hi!
Pushed, thanks.

diff --git a/testcases/kernel/kvm/Makefile b/testcases/kernel/kvm/Makefile
index 69a9946fe..adab56952 100644
--- a/testcases/kernel/kvm/Makefile
+++ b/testcases/kernel/kvm/Makefile
@@ -50,11 +50,11 @@  include $(top_srcdir)/include/mk/generic_leaf_target.mk
 ifdef VERBOSE
 	$(CC) $(GUEST_CPPFLAGS) $(GUEST_CFLAGS) $(GUEST_LDFLAGS) -o $*-payload.elf $^ $(GUEST_LDLIBS)
 	objcopy -O binary -j .init.boot -j .text -j .data -j .init -j .preinit_array -j .init_array --gap-fill=0 $*-payload.elf $*-payload.bin
-	ld -r -T $(abs_srcdir)/linker/payload.lds --oformat=$(BIN_FORMAT) -o $@ $*-payload.bin
+	ld -z noexecstack -r -T $(abs_srcdir)/linker/payload.lds --oformat=$(BIN_FORMAT) -o $@ $*-payload.bin
 else
 	@$(CC) $(GUEST_CPPFLAGS) $(GUEST_CFLAGS) $(GUEST_LDFLAGS) -o $*-payload.elf $^ $(GUEST_LDLIBS)
 	@objcopy -O binary -j .init.boot -j .text -j .data -j .init -j .preinit_array -j .init_array --gap-fill=0 $*-payload.elf $*-payload.bin
-	@ld -r -T $(abs_srcdir)/linker/payload.lds --oformat=$(BIN_FORMAT) -o $@ $*-payload.bin
+	@ld -z noexecstack -r -T $(abs_srcdir)/linker/payload.lds --oformat=$(BIN_FORMAT) -o $@ $*-payload.bin
 	@echo KVM_CC $(target_rel_dir)$@
 endif
 	@rm $*-payload.elf $*-payload.bin

kvm: Fix stack access mode in KVM test ELF headers

Commit Message

Comments

Patch