From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Uros Bizjak <ubizjak@gmail.com>, Dennis Zhou <dennis@kernel.org>,
Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Juergen Gross <jgross@suse.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Masahiro Yamada <masahiroy@kernel.org>,
Kees Cook <kees@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Keith Packard <keithp@keithp.com>,
Justin Stitt <justinstitt@google.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
Ian Rogers <irogers@google.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Kan Liang <kan.liang@linux.intel.com>,
linux-doc@vger.kernel.org, linux-pm@vger.kernel.org,
kvm@vger.kernel.org, xen-devel@lists.xenproject.org,
linux-efi@vger.kernel.org, linux-arch@vger.kernel.org,
linux-sparse@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-perf-users@vger.kernel.org,
rust-for-linux@vger.kernel.org, llvm@lists.linux.dev
Subject: [RFC PATCH 27/28] x86/kernel: Switch to PIE linking for the core kernel
Date: Wed, 25 Sep 2024 17:01:27 +0200 [thread overview]
Message-ID: <20240925150059.3955569-57-ardb+git@google.com> (raw)
In-Reply-To: <20240925150059.3955569-30-ardb+git@google.com>
From: Ard Biesheuvel <ardb@kernel.org>
Build the kernel as a Position Independent Executable (PIE). This
results in more efficient relocation processing for the virtual
displacement of the kernel (for KASLR). More importantly, it instructs
the linker to generate what is actually needed (a program that can be
moved around in memory before execution), which is better than having to
rely on the linker to create a position dependent binary that happens to
tolerate being moved around after poking it in exactly the right manner.
Note that this means that all codegen should be compatible with PIE,
including Rust objects, so this needs to switch to the small code model
with the PIE relocation model as well.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/x86/Kconfig | 2 +-
arch/x86/Makefile | 11 +++++++----
arch/x86/boot/compressed/misc.c | 2 ++
arch/x86/kernel/vmlinux.lds.S | 5 +++++
drivers/firmware/efi/libstub/x86-stub.c | 2 ++
5 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 54cb1f14218b..dbb4d284b0e1 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2187,7 +2187,7 @@ config RANDOMIZE_BASE
# Relocation on x86 needs some additional build support
config X86_NEED_RELOCS
def_bool y
- depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
+ depends on X86_32 && RELOCATABLE
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 83d20f402535..c1dcff444bc8 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -206,9 +206,8 @@ else
PIE_CFLAGS-$(CONFIG_SMP) += -mstack-protector-guard-reg=gs
endif
- # Don't emit relaxable GOTPCREL relocations
- KBUILD_AFLAGS_KERNEL += -Wa,-mrelax-relocations=no
- KBUILD_CFLAGS_KERNEL += -Wa,-mrelax-relocations=no $(PIE_CFLAGS-y)
+ KBUILD_CFLAGS_KERNEL += $(PIE_CFLAGS-y)
+ KBUILD_RUSTFLAGS_KERNEL += -Ccode-model=small -Crelocation-model=pie
endif
#
@@ -264,12 +263,16 @@ else
LDFLAGS_vmlinux :=
endif
+ifdef CONFIG_X86_64
+ldflags-pie-$(CONFIG_LD_IS_LLD) := --apply-dynamic-relocs
+ldflags-pie-$(CONFIG_LD_IS_BFD) := -z call-nop=suffix-nop
+LDFLAGS_vmlinux += --pie -z text $(ldflags-pie-y)
+
#
# The 64-bit kernel must be aligned to 2MB. Pass -z max-page-size=0x200000 to
# the linker to force 2MB page size regardless of the default page size used
# by the linker.
#
-ifdef CONFIG_X86_64
LDFLAGS_vmlinux += -z max-page-size=0x200000
endif
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 89f01375cdb7..79e3ffe16f61 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -495,6 +495,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output)
error("Destination virtual address changed when not relocatable");
#endif
+ boot_params_ptr->kaslr_va_shift = virt_addr - LOAD_PHYSICAL_ADDR;
+
debug_putstr("\nDecompressing Linux... ");
if (init_unaccepted_memory()) {
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index f7e832c2ac61..d172e6e8eaaf 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -459,6 +459,11 @@ xen_elfnote_phys32_entry_offset =
DISCARDS
+ /DISCARD/ : {
+ *(.dynsym .gnu.hash .hash .dynamic .dynstr)
+ *(.interp .dynbss .eh_frame .sframe)
+ }
+
/*
* Make sure that the .got.plt is either completely empty or it
* contains only the lazy dispatch entries.
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index f8e465da344d..5c03954924fe 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -912,6 +912,8 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry)
if (status != EFI_SUCCESS)
return status;
+ boot_params_ptr->kaslr_va_shift = virt_addr - LOAD_PHYSICAL_ADDR;
+
entry = decompress_kernel((void *)addr, virt_addr, error);
if (entry == ULONG_MAX) {
efi_free(alloc_size, addr);
--
2.46.0.792.g87dc391469-goog
next prev parent reply other threads:[~2024-09-25 15:02 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-25 15:01 [RFC PATCH 00/28] x86: Rely on toolchain for relocatable code Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 01/28] x86/pvh: Call C code via the kernel virtual mapping Ard Biesheuvel
2024-09-25 21:12 ` Jason Andryuk
2024-09-25 15:01 ` [RFC PATCH 02/28] Documentation: Bump minimum GCC version to 8.1 Ard Biesheuvel
2024-09-25 15:58 ` Arnd Bergmann
2024-12-19 11:53 ` Mark Rutland
2024-12-19 12:02 ` Arnd Bergmann
2024-09-26 21:35 ` Miguel Ojeda
2024-09-27 16:22 ` Mark Rutland
2024-09-25 15:01 ` [RFC PATCH 03/28] x86/tools: Use mmap() to simplify relocs host tool Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 04/28] x86/boot: Permit GOTPCREL relocations for x86_64 builds Ard Biesheuvel
2024-10-01 5:33 ` Josh Poimboeuf
2024-10-01 6:56 ` Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 05/28] x86: Define the stack protector guard symbol explicitly Ard Biesheuvel
2024-09-25 15:53 ` Ian Rogers
2024-09-25 17:43 ` Ard Biesheuvel
2024-09-25 17:48 ` Ian Rogers
2024-09-25 18:32 ` Uros Bizjak
2024-09-28 13:41 ` Brian Gerst
2024-10-04 13:15 ` Ard Biesheuvel
2024-10-08 14:36 ` Brian Gerst
2024-10-04 10:01 ` Uros Bizjak
2024-09-25 15:01 ` [RFC PATCH 06/28] x86/percpu: Get rid of absolute per-CPU variable placement Ard Biesheuvel
2024-09-25 17:56 ` Christoph Lameter (Ampere)
2024-09-25 15:01 ` [RFC PATCH 07/28] scripts/kallsyms: Avoid 0x0 as the relative base Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 08/28] scripts/kallsyms: Remove support for absolute per-CPU variables Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 09/28] x86/tools: Remove special relocation handling for " Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 10/28] x86/xen: Avoid relocatable quantities in Xen ELF notes Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 11/28] x86/pvh: Avoid absolute symbol references in .head.text Ard Biesheuvel
2024-09-25 21:10 ` Jason Andryuk
2024-09-25 21:50 ` Ard Biesheuvel
2024-09-25 22:40 ` Jason Andryuk
2024-09-25 15:01 ` [RFC PATCH 12/28] x86/pm-trace: Use RIP-relative accesses for .tracedata Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 13/28] x86/kvm: Use RIP-relative addressing Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 14/28] x86/rethook: Use RIP-relative reference for return address Ard Biesheuvel
2024-09-25 16:39 ` Linus Torvalds
2024-09-25 16:45 ` Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 15/28] x86/sync_core: Use RIP-relative addressing Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 16/28] x86/entry_64: " Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 17/28] x86/hibernate: Prefer RIP-relative accesses Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 18/28] x86/boot/64: Determine VA/PA offset before entering C code Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 19/28] x86/boot/64: Avoid intentional absolute symbol references in .head.text Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 20/28] x64/acpi: Use PIC-compatible references in wakeup_64.S Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 21/28] x86/head: Use PIC-compatible symbol references in startup code Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 22/28] asm-generic: Treat PIC .data.rel.ro sections as .rodata Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 23/28] tools/objtool: Mark generated sections as writable Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 24/28] tools/objtool: Treat indirect ftrace calls as direct calls Ard Biesheuvel
2024-10-01 7:18 ` Josh Poimboeuf
2024-10-01 7:39 ` Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 25/28] x86: Use PIE codegen for the core kernel Ard Biesheuvel
2024-10-01 21:13 ` H. Peter Anvin
2024-10-02 15:25 ` Ard Biesheuvel
2024-10-02 20:01 ` Linus Torvalds
2024-10-03 11:13 ` Ard Biesheuvel
2024-10-04 21:06 ` H. Peter Anvin
2024-10-05 8:31 ` Uros Bizjak
2024-10-05 23:36 ` H. Peter Anvin
2024-10-06 0:00 ` Linus Torvalds
2024-10-06 8:06 ` Uros Bizjak
2024-10-06 7:59 ` Uros Bizjak
2024-10-06 18:00 ` David Laight
2024-10-06 19:17 ` Uros Bizjak
2024-10-06 19:38 ` H. Peter Anvin
2024-09-25 15:01 ` [RFC PATCH 26/28] x86/boot: Implement support for ELF RELA/RELR relocations Ard Biesheuvel
2024-09-25 15:01 ` Ard Biesheuvel [this message]
2024-09-25 18:54 ` [RFC PATCH 27/28] x86/kernel: Switch to PIE linking for the core kernel Uros Bizjak
2024-09-25 19:14 ` Ard Biesheuvel
2024-09-25 19:39 ` Uros Bizjak
2024-09-25 20:01 ` Ard Biesheuvel
2024-09-25 20:22 ` Uros Bizjak
2024-09-25 20:24 ` Vegard Nossum
2024-09-26 13:38 ` Ard Biesheuvel
2024-09-25 15:01 ` [RFC PATCH 28/28] x86/tools: Drop x86_64 support from 'relocs' tool Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240925150059.3955569-57-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=boris.ostrovsky@oracle.com \
--cc=cl@linux.com \
--cc=dennis@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=irogers@google.com \
--cc=jgross@suse.com \
--cc=jolsa@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=justinstitt@google.com \
--cc=kan.liang@linux.intel.com \
--cc=kees@kernel.org \
--cc=keithp@keithp.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=masahiroy@kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=namhyung@kernel.org \
--cc=nathan@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tj@kernel.org \
--cc=ubizjak@gmail.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).