From: Ard Biesheuvel <ardb@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <kees@kernel.org>, Uros Bizjak <ubizjak@gmail.com>,
Brian Gerst <brgerst@gmail.com>,
linux-hardening@vger.kernel.org
Subject: [RFC/RFT PATCH 19/19] x86/kernel: Switch to PIE linking for the relocatable kernel
Date: Thu, 8 Jan 2026 09:25:46 +0000 [thread overview]
Message-ID: <20260108092526.28586-40-ardb@kernel.org> (raw)
In-Reply-To: <20260108092526.28586-21-ardb@kernel.org>
If the toolchain supports RELR relocation packing, build the virtually
relocatable kernels as Position Independent (PIE) Executables. This
results in more efficient relocation processing for the virtual
displacement of the kernel applied at boot, using RELR relocations that
take up only a fraction of the space occupied by ordinary RELA
relocations.
More importantly, it instructs the linker to generate a binary that is
really meant to be relocated at boot, using data structures that are
intended for this purpose. Doing so is important for a couple of
reasons:
- Relying on --emit-relocs is problematic, because it produces the
static relocations that are consumed by the linker as input, and these
are not meant for describing a runtime relocatable image. For example,
the linker may apply relaxations that result in the code and the
static relocation going out of sync (and ld.bfd and ld.lld already
handle this in a different way).
- The 'relocs' tool relies on manually kept allow/deny lists of symbol
names. These are needed because ELF absolute/relative symbol
designations are often inaccurate.
- x86 deviates from other architectures in the kernel when it comes to
its implementation of boot-time relocation, making it difficult to
implement further enhancements (e.g., fgkaslr, EFI zboot) in a
portable manner.
Note that this means that all codegen on x86_64 should be position
independent, to be compatible with PIE linking, but only if KASLR is
enabled. On i386, no changes to the codegen are needed, as the ordinary
position dependent relocation model is supported by the linker when
operating in PIE mode.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/x86/Kconfig | 3 ++-
arch/x86/Makefile | 5 +++++
arch/x86/kernel/vmlinux.lds.S | 18 ++++++++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b3a64cfe04cf..2aa50aa8dc68 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -103,6 +103,7 @@ config X86
select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2
select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
select ARCH_HAS_COPY_MC if X86_64
+ select ARCH_HAS_RELR
select ARCH_HAS_SET_MEMORY
select ARCH_HAS_SET_DIRECT_MAP
select ARCH_HAS_STRICT_KERNEL_RWX
@@ -2129,7 +2130,7 @@ config RANDOMIZE_BASE
# Relocation on x86 needs some additional build support
config X86_NEED_RELOCS
def_bool y
- depends on RELOCATABLE
+ depends on RELOCATABLE && !TOOLS_SUPPORT_RELR
select ARCH_VMLINUX_NEEDS_RELOCS
config PHYSICAL_ALIGN
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index b211d6c950aa..7eac705c4ff4 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -258,6 +258,11 @@ endif
KBUILD_LDFLAGS += -m elf_$(UTS_MACHINE)
+ldflags-pie-$(CONFIG_LD_IS_LLD) := --apply-dynamic-relocs
+ldflags-pie-$(CONFIG_LD_IS_BFD) := -z call-nop=suffix-nop
+ldflags-$(CONFIG_RELOCATABLE_PIE) := --pie -z notext $(ldflags-pie-y)
+LDFLAGS_vmlinux += $(ldflags-y)
+
#
# The 64-bit kernel must be aligned to 2MB. Pass -z max-page-size=0x200000 to
# the linker to force 2MB page size regardless of the default page size used
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 6772fe9a9957..cfaf6ab80684 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -127,6 +127,9 @@ PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
data PT_LOAD FLAGS(6); /* RW_ */
note PT_NOTE FLAGS(0); /* ___ */
+#ifdef CONFIG_RELOCATABLE_PIE
+ dynamic PT_DYNAMIC;
+#endif
}
SECTIONS
@@ -201,6 +204,21 @@ SECTIONS
DATA_SEGMENT_START
INIT_DATA_SECTION(16) :data
+#ifdef CONFIG_RELOCATABLE_PIE
+ /DISCARD/ : {
+ *(.interp .dynbss .eh_frame .sframe .relr.auth.dyn)
+ }
+
+ .dynamic : { *(.dynamic) } :dynamic :data
+ .dynstr : { *(.dynstr) } :data
+ .dynsym : { *(.dynsym) }
+ .gnu.hash : { *(.gnu.hash) }
+ .hash : { *(.hash) }
+ .init.rela : { *(.rela.*) *(.rela_*) }
+ .init.rel : { *(.rel.*) *(.rel_*) }
+ .init.relr : { *(.relr.*) }
+#endif
+
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
*(.x86_cpu_dev.init)
--
2.47.3
next prev parent reply other threads:[~2026-01-08 9:28 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-08 9:25 [RFC/RFT PATCH 00/19] Link the relocatable x86 kernel as PIE Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 01/19] x86/idt: Move idt_table to __ro_after_init section Ard Biesheuvel
2026-01-22 13:08 ` Borislav Petkov
2026-01-22 13:48 ` Ard Biesheuvel
2026-01-22 13:58 ` Borislav Petkov
2026-01-22 14:09 ` Ard Biesheuvel
2026-01-22 14:16 ` Borislav Petkov
2026-01-22 14:20 ` Ard Biesheuvel
2026-01-22 14:25 ` Borislav Petkov
2026-01-08 9:25 ` [RFC/RFT PATCH 02/19] x86/sev: Don't emit BSS_DECRYPT section unless it is in use Ard Biesheuvel
2026-01-31 14:09 ` [tip: x86/sev] x86/sev: Don't emit BSS_DECRYPTED " tip-bot2 for Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 03/19] x86: Combine .data with .bss in kernel mapping Ard Biesheuvel
2026-03-06 19:07 ` Borislav Petkov
2026-03-09 14:11 ` Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 04/19] x86: Make the 64-bit bzImage always physically relocatable Ard Biesheuvel
2026-01-12 4:01 ` H. Peter Anvin
2026-01-12 10:47 ` David Laight
2026-01-12 12:06 ` H. Peter Anvin
2026-01-08 9:25 ` [RFC/RFT PATCH 05/19] x86/efistub: Simplify early remapping of kernel text Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 06/19] alloc_tag: Use __ prefixed ELF section names Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 07/19] tools/objtool: Treat indirect ftrace calls as direct calls Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 08/19] x86: Use PIE codegen for the relocatable 64-bit kernel Ard Biesheuvel
2026-01-09 21:34 ` Jan Engelhardt
2026-01-09 22:07 ` Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 09/19] x86/pm-trace: Use RIP-relative accesses for .tracedata Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 10/19] x86/kvm: Use RIP-relative addressing Ard Biesheuvel
2026-01-20 17:04 ` Sean Christopherson
2026-01-20 19:43 ` David Laight
2026-01-20 20:54 ` Ard Biesheuvel
2026-01-20 22:00 ` David Laight
2026-01-08 9:25 ` [RFC/RFT PATCH 11/19] x86/rethook: Use RIP-relative reference for fake return address Ard Biesheuvel
2026-01-08 12:08 ` David Laight
2026-01-08 12:10 ` Ard Biesheuvel
2026-01-08 12:19 ` Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 12/19] x86/sync_core: Use RIP-relative addressing Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 13/19] x86/entry_64: " Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 14/19] x86/hibernate: Prefer RIP-relative accesses Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 15/19] x64/acpi: Use PIC-compatible references in wakeup_64.S Ard Biesheuvel
2026-01-09 5:01 ` Brian Gerst
2026-01-09 7:59 ` Ard Biesheuvel
2026-01-09 11:46 ` Brian Gerst
2026-01-09 12:09 ` Ard Biesheuvel
2026-01-09 12:10 ` Ard Biesheuvel
2026-01-09 12:51 ` Brian Gerst
2026-01-08 9:25 ` [RFC/RFT PATCH 16/19] x86/kexec: Use 64-bit wide absolute reference from relocated code Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 17/19] x86/head64: Avoid absolute references in startup asm Ard Biesheuvel
2026-01-08 9:25 ` [RFC/RFT PATCH 18/19] x86/boot: Implement support for RELA/RELR/REL runtime relocations Ard Biesheuvel
2026-01-08 9:25 ` Ard Biesheuvel [this message]
2026-01-08 16:35 ` [RFC/RFT PATCH 00/19] Link the relocatable x86 kernel as PIE Alexander Lobakin
2026-01-09 0:36 ` H. Peter Anvin
2026-01-09 9:21 ` Ard Biesheuvel
2026-01-14 18:16 ` Kees Cook
2026-01-20 20:45 ` H. Peter Anvin
2026-01-21 8:56 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260108092526.28586-40-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=ubizjak@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox