[RFC PATCH PoC 09/11] x86/boot: Disallow absolute symbol references in startup code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, mingo@kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: [RFC PATCH PoC 09/11] x86/boot: Disallow absolute symbol references in startup code
Date: Wed, 23 Apr 2025 13:09:58 +0200	[thread overview]
Message-ID: <20250423110948.1103030-22-ardb+git@google.com> (raw)
In-Reply-To: <20250423110948.1103030-13-ardb+git@google.com>

From: Ard Biesheuvel <ardb@kernel.org>

Check that the objects built under arch/x86/boot/startup do not contain
any absolute symbol reference. Given that the code is built with -fPIC,
such references can only be emitted using R_X86_64_64 relocations, so
checking that those are absent is sufficient.

Note that debug sections and __patchable_funtion_entries section may
contain such relocations nonetheless, but these are unnecessary in the
startup code, so they can be dropped first.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/startup/Makefile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile
index 4062582144f6..43560ab9e21a 100644
--- a/arch/x86/boot/startup/Makefile
+++ b/arch/x86/boot/startup/Makefile
@@ -36,9 +36,17 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD := y
 # code, or code that has explicitly been made accessible to it via a symbol
 # alias.
 #
-$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_
+$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ --strip-debug \
+			       --remove-section=.rela__patchable_function_entries
 $(obj)/%.pi.o: $(obj)/%.o FORCE
-	$(call if_changed,objcopy)
+	$(call if_changed,piobjcopy)
+
+quiet_cmd_piobjcopy = $(quiet_cmd_objcopy)
+      cmd_piobjcopy = $(cmd_objcopy);				\
+        if $(READELF) -r $(@) | grep R_X86_64_64; then		\
+                echo "$@: R_X86_64_64 references not allowed in startup code" >&2; \
+                /bin/false;					\
+        fi
 
 extra-y		:= $(pi-obj-y)
 obj-y		+= $(patsubst %.o,%.pi.o,$(pi-obj-y))
-- 
2.49.0.805.g082f7c87e0-goog

next prev parent reply	other threads:[~2025-04-23 11:10 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-23 11:09 [RFC PATCH PoC 00/11] x86: strict separation of startup code Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 01/11] x86/linkage: Add SYM_PI_ALIAS() macro helper to emit symbol aliases Ard Biesheuvel
2025-04-24 18:05   ` Ingo Molnar
2025-04-24 18:17     ` Ard Biesheuvel
2025-04-24 18:23       ` Ingo Molnar
2025-04-23 11:09 ` [RFC PATCH PoC 02/11] x86/boot: Move early_setup_gdt() back into head64.c Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 03/11] x86/boot: Disregard __supported_pte_mask in __startup_64() Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 04/11] x86/boot: Add a bunch of PI aliases Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 05/11] HACK: provide __pti_set_user_pgtbl() to startup code Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 06/11] x86/boot: Created a confined code area for " Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 07/11] HACK: work around sev-startup.c being omitted for now Ard Biesheuvel
2025-04-23 11:09 ` [RFC PATCH PoC 08/11] x86/boot: Move startup code out of __head section Ard Biesheuvel
2025-04-24 15:12   ` kernel test robot
2025-04-23 11:09 ` Ard Biesheuvel [this message]
2025-04-23 11:09 ` [RFC PATCH PoC 10/11] x86/boot: Revert "Reject absolute references in .head.text" Ard Biesheuvel
2025-04-23 11:10 ` [RFC PATCH PoC 11/11] x86/boot: Get rid of the .head.text section Ard Biesheuvel
2025-04-24 18:09 ` [RFC PATCH PoC 00/11] x86: strict separation of startup code Ingo Molnar
2025-04-24 18:16   ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4062582144f dfblob:43560ab9e21 )
 OR (
bs:"[RFC PATCH PoC 09/11] x86/boot: Disallow absolute symbol references in startup code" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250423110948.1103030-22-ardb+git@google.com \
    --to=ardb+git@google.com \
    --cc=ardb@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.