mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 057/112] pbl: introduce CONFIG_PBL_FULLY_PIC
Date: Wed,  3 Jan 2024 19:12:17 +0100	[thread overview]
Message-ID: <20240103181312.409668-58-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20240103181312.409668-1-a.fatoum@pengutronix.de>

In the quest for making barebox PBL code W^X mappable, we have now taken
care to make the ARM64 assembly routines not emit code relocations,
so let's do the same for the C code as well.

We do this by setting pragma GCC visibility push(hidden) globally. This
option is stronger than -fvisibility=hidden and ensures we are
completely position-independent. See kernel commit e544ea57ac07
("x86/boot/compressed: Force hidden visibility for all symbol references")
for more information.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 include/linux/export.h |  2 +-
 include/linux/hidden.h | 19 +++++++++++++++++++
 pbl/Kconfig            |  7 +++++++
 scripts/Makefile.lib   |  5 +++++
 scripts/Makefile.pic   | 22 ++++++++++++++++++++++
 5 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 include/linux/hidden.h
 create mode 100644 scripts/Makefile.pic

diff --git a/include/linux/export.h b/include/linux/export.h
index 8f47742bea99..a136d727d128 100644
--- a/include/linux/export.h
+++ b/include/linux/export.h
@@ -6,7 +6,7 @@
 
 #define THIS_MODULE	0
 
-#ifdef CONFIG_MODULES
+#if defined(CONFIG_MODULES) && !defined(__DISABLE_EXPORTS)
 
 struct kernel_symbol
 {
diff --git a/include/linux/hidden.h b/include/linux/hidden.h
new file mode 100644
index 000000000000..49a17b6b5962
--- /dev/null
+++ b/include/linux/hidden.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * When building position independent code with GCC using the -fPIC option,
+ * (or even the -fPIE one on older versions), it will assume that we are
+ * building a dynamic object (either a shared library or an executable) that
+ * may have symbol references that can only be resolved at load time. For a
+ * variety of reasons (ELF symbol preemption, the CoW footprint of the section
+ * that is modified by the loader), this results in all references to symbols
+ * with external linkage to go via entries in the Global Offset Table (GOT),
+ * which carries absolute addresses which need to be fixed up when the
+ * executable image is loaded at an offset which is different from its link
+ * time offset.
+ *
+ * Fortunately, there is a way to inform the compiler that such symbol
+ * references will be satisfied at link time rather than at load time, by
+ * giving them 'hidden' visibility.
+ */
+
+#pragma GCC visibility push(hidden)
diff --git a/pbl/Kconfig b/pbl/Kconfig
index 91970c19bc1e..23fcbd20dacd 100644
--- a/pbl/Kconfig
+++ b/pbl/Kconfig
@@ -46,6 +46,13 @@ config PBL_RELOCATABLE
 	  This option only influences the PBL image. See RELOCATABLE to also make
 	  the real image relocatable.
 
+config PBL_FULLY_PIC
+	bool "fully position-independent pbl image"
+	depends on PBL_RELOCATABLE && ARM
+	help
+	  Compared to CONFIG_PBL_RELOCATABLE, this image has no relocations in
+	  the code sections.
+
 config PBL_VERIFY_PIGGY
 	depends on ARM
 	bool
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 0b236babb275..ec9cb4bf4028 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -170,6 +170,11 @@ _stackp_flags_pbl-$(CONFIG_PBL_STACKPROTECTOR_ALL)     := -fstack-protector-all
 
 _c_flags += $(if $(part-of-pbl),$(_stackp_flags_pbl-y),$(_stackp_flags-y))
 
+ifeq ($(CONFIG_PBL_FULLY_PIC),y)
+include scripts/Makefile.pic
+PBL_CPPFLAGS	+= $(picflags-y)
+endif
+
 # If building barebox in a separate objtree expand all occurrences
 # of -Idir to -I$(srctree)/dir except for absolute paths (starting with '/').
 
diff --git a/scripts/Makefile.pic b/scripts/Makefile.pic
new file mode 100644
index 000000000000..c30894ba98d9
--- /dev/null
+++ b/scripts/Makefile.pic
@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# The stub may be linked into the kernel proper or into a separate boot binary,
+# but in either case, it executes before the kernel does (with MMU disabled) so
+# things like ftrace and stack-protector are likely to cause trouble if left
+# enabled, even if doing so doesn't break the build.
+#
+picflags-$(CONFIG_X86_64)	:= -mcmodel=small
+picflags-$(CONFIG_X86)		+= -fPIC -fno-asynchronous-unwind-tables
+
+ifeq ($(CONFIG_ARM),y)
+picflags-$(CONFIG_CPU_32)	:= -fpic -mno-single-pic-base
+picflags-$(CONFIG_CPU_64)	:= -fpie
+endif
+
+picflags-y			+= -include $(srctree)/include/linux/hidden.h \
+				   -D__fully_pic__ \
+				   -D__NO_FORTIFY \
+				   -ffreestanding \
+				   -fno-stack-protector \
+				   $(call cc-option,-fno-addrsig) \
+				   -D__DISABLE_EXPORTS
-- 
2.39.2




  parent reply	other threads:[~2024-01-03 18:33 UTC|newest]

Thread overview: 134+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-03 18:11 [PATCH 000/112] efi: prepare for ARM64 EFI loader support Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 001/112] string: implement strcmp_ptr and streq_ptr helpers Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 002/112] commands: efiexit: flush console and shutdown barebox Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 003/112] treewide: add errno_set helper for returning positive error code in errno Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 004/112] vsprintf: guard against NULL in UUID %pU Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 005/112] common: add option to poweroff system on failure Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 006/112] boot: print error code when booting fails Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 007/112] common: efi: move directory to top-level Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 008/112] efi: payload: rename CONFIG_EFI_BOOTUP to CONFIG_EFI_PAYLOAD Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 009/112] efi: payload: image: return actual read_file() error Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 010/112] of: don't report failure to of_read_file twice Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 011/112] efi: payload: make missing state reporting less verbose Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 012/112] libfile: factor out read_file_into_buf helper Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 013/112] efi: payload: image: allocate image via loader if it exceeds malloc area Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 014/112] efi: payload: image: use assigned barebox loader type on x86 Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 015/112] efi: payload: iomem: adjust types to avoid casting Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 016/112] commands: kallsyms: add command-line interface Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 017/112] block: define BLOCKSIZE globally in block.h Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 018/112] cdev: implement setter/getter for cdev device node Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 019/112] block: virtio: assign virtio-mmio device tree node to cdevs Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 020/112] commands: stat: print DT node for cdevs if available Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 021/112] partitions: have parsers record bootable bits Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 022/112] commands: stat: display bootable partition table bit info Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 023/112] block: record block device type Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 024/112] include: add definitions for UAPI discoverable partitions spec Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 025/112] efi: payload: restrict 8250 UART at I/O port 0x3f8 registration to x86 Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 026/112] fs: fix unreaddir, so readdir returns unread dirent first Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 027/112] fs: turn creat into static inline helper Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 028/112] fs: drop unused LOOKUP_ flags Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 029/112] fs: opendir: reference mount point until closedir is called Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 030/112] fs: factor out opendir iteration Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 031/112] fs: implement fdopendir and rewinddir Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 032/112] fs: remove unused member from struct nameidata Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 033/112] fs: always check path_init for errors Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 034/112] fs: set current working dir directly when mounting root Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 035/112] fs: implement openat and friends Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 036/112] fs: implement O_PATH Ahmad Fatoum
2024-01-05 11:22   ` Sascha Hauer
2024-01-05 11:26     ` Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 037/112] fs: support different root directories Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 038/112] fs: implement O_CHROOT Ahmad Fatoum
2024-01-03 18:11 ` [PATCH 039/112] commands: introduce new findmnt command Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 040/112] fs: initialize struct nameidata::last Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 041/112] fs: support opening / Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 042/112] test: self: add dirfd tests Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 043/112] commands: stat: add option for statat Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 044/112] efi: payload: lower command line options print from error to info Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 045/112] efi: payload: init: warn if /boot FS is unknown Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 046/112] commands: time: refactor into new strjoin Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 047/112] string: reduce strjoin runtime, drop trailing separator Ahmad Fatoum
2024-01-08  7:11   ` Sascha Hauer
2024-01-08  7:18     ` Ahmad Fatoum
2024-01-08  7:43       ` Sascha Hauer
2024-01-03 18:12 ` [PATCH 048/112] test: self: add strjoin tests Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 049/112] filetype: have cdev_detect_type take a cdev Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 050/112] ARM: mmu-early: gracefully handle already enabled MMU Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 051/112] efi: don't hide structs, enums or unions behind _t Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 052/112] efi: make headers self-contained Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 053/112] efi: unify whitespace for GUIDs Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 054/112] efi: efi-guid: add more GUIDs Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 055/112] ARM64: cpu: setupc: rewrite to be fully PIC Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 056/112] ARM64: runtime-offset: make get_runtime_offset " Ahmad Fatoum
2024-01-03 18:12 ` Ahmad Fatoum [this message]
2024-01-08  7:47   ` [PATCH 057/112] pbl: introduce CONFIG_PBL_FULLY_PIC Sascha Hauer
2024-01-22 19:15     ` Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 058/112] efi: payload: fix ARM build Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 059/112] efi: payload: init: restrict barebox mem to first 1G only on x86 Ahmad Fatoum
2024-01-03 18:58   ` Michael Olbrich
2024-01-04 11:17     ` Ahmad Fatoum
2024-01-04 18:10       ` Michael Olbrich
2024-01-05  9:14         ` Ahmad Fatoum
2024-01-05  9:31           ` Michael Olbrich
2024-01-05 10:41             ` Ahmad Fatoum
2024-01-05 14:58               ` Michael Olbrich
2024-01-08  7:22                 ` Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 060/112] ARM: pbl: add 64K segment alignment for PE/COFF Ahmad Fatoum
2024-01-08  8:05   ` Sascha Hauer
2024-01-22 19:18     ` Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 061/112] efi: add efi_is_loader/efi_is_payload helpers Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 062/112] efi: payload: suppress EFI payload initcalls when not EFI-loaded Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 063/112] ARM: make board data definitions accessible to other architectures Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 064/112] boarddata: add barebox_boarddata_is_machine helper Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 065/112] common: add PE/COFF loader Ahmad Fatoum
2024-01-08  8:37   ` Sascha Hauer
2024-03-04 17:09     ` Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 066/112] efi: use efi_handle_t where appropriate Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 067/112] efi: block: move definitions into header file Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 068/112] efi: define efi_handle_t as opaque pointer Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 069/112] efi: constify guid_t in API Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 070/112] efi: rename efi_simple_input_interface to efi_simple_text_input_protocol Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 071/112] efi: add EFI_WARN constants Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 072/112] efi-stdio: fix wait_for_event argument Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 073/112] efi-stdio: wait for extended input key event when using extended input Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 074/112] efi: flesh out EFI definitions in header Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 075/112] efi: add efi_driver_binding_protocol Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 076/112] efi: improve usability of EFI_PAGE_* macros Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 077/112] fs: efi: move definitions into header Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 078/112] efi: fs: flesh out file system definitions Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 079/112] efi: stdio: fix efi_register_keystroke_notify prototype Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 080/112] video: mark EFI_GOP driver x86-only for now Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 081/112] filetype: add new file types for EFI-enabled Linux images Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 082/112] efi: payload: register handler for EFI-stubbed ARM64 kernel Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 083/112] efi: payload: factor C efi_main into dedicated file Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 084/112] efi: payload: early-mem: simplify error message reporting Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 085/112] efi: payload: early-mem: use EFI_PAGE_SIZE instead of PAGE_SIZE Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 086/112] ARM64: add optional EFI stub Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 087/112] efi: devicepath: improve const safety Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 088/112] efi: refactor device_path_to_partuuid for code reuse Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 089/112] efi: devicepath: implement device_path_to_str_buf variant Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 090/112] vsprintf: add %pD for printing EFI device path Ahmad Fatoum
2024-01-08  9:01   ` Sascha Hauer
2024-03-04 17:26     ` Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 091/112] lib: string: import Linux strreplace helper Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 092/112] efi: payload: dynamically determine bootloader file name Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 093/112] efi: payload: iomem: register later Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 094/112] efi: payload: protect against buggy EFI implementations Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 095/112] efi: payload: don't require efi_loaded_image->parent_handle for bootsource detection Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 096/112] commands: add cpuinfo -s option for stacktrace Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 097/112] efi: devicepath: align MemoryMapped name with spec Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 098/112] efi: devicepath: pretty print BBS BEV DeviceType Ahmad Fatoum
2024-01-03 18:12 ` [PATCH 099/112] efi: devicepath: format GUIDs as little endian Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 100/112] efi: devicepath: move END device node definitions into header Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 101/112] efi: devicepath: drop underscores in hex constants Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 102/112] efi: devicepath: namespace definitions Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 103/112] efi: devicepath: use flexible array members for trailing strings Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 104/112] efi: devicepath: drop unused macro Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 105/112] efi: devicepath: let compiler worry about unaligned unpacking Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 106/112] efi: devicepath: correct formatting of BBS Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 107/112] commands: provide efi_handle_dump in both payload and loader Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 108/112] lib: uuid: implement uuid/guid_parse Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 109/112] commands: efi_handle_dump: prepare for supporting EFI loader Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 110/112] commands: efi_handle_dump: print loaded image devpath Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 111/112] commands: efi_handle_dump: use guid_parse instead of open-coding Ahmad Fatoum
2024-01-03 18:13 ` [PATCH 112/112] commands: efi_handle_dump: don't ignore failure to parse GUID Ahmad Fatoum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240103181312.409668-58-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox