[RFC PATCH 25/28] x86: Use PIE codegen for the core kernel

From: Ard Biesheuvel
Date: Wed Sep 25 2024 - 11:21:17 EST

Next message: Ard Biesheuvel: "[RFC PATCH 26/28] x86/boot: Implement support for ELF RELA/RELR relocations"
Previous message: Ard Biesheuvel: "[RFC PATCH 24/28] tools/objtool: Treat indirect ftrace calls as direct calls"
In reply to: Ard Biesheuvel: "[RFC PATCH 24/28] tools/objtool: Treat indirect ftrace calls as direct calls"
Next in thread: Andi Kleen: "Re: [RFC PATCH 25/28] x86: Use PIE codegen for the core kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ard Biesheuvel <ardb@xxxxxxxxxx>

As an intermediate step towards enabling PIE linking for the 64-bit x86
kernel, enable PIE codegen for all objects that are linked into the
kernel proper.

This substantially reduces the number of relocations that need to be
processed when booting a relocatable KASLR kernel.

Before (size in bytes of the reloc table):

797372 arch/x86/boot/compressed/vmlinux.relocs

After:

400252 arch/x86/boot/compressed/vmlinux.relocs

Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
---
arch/x86/Makefile | 11 ++++++++++-
arch/x86/boot/Makefile | 1 +
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/entry/vdso/Makefile | 1 +
arch/x86/realmode/rm/Makefile | 1 +
include/asm-generic/vmlinux.lds.h | 1 +
6 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index b78b7623a4a9..83d20f402535 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -193,13 +193,22 @@ else
KBUILD_RUSTFLAGS += -Cno-redzone=y
KBUILD_RUSTFLAGS += -Ccode-model=kernel

+ PIE_CFLAGS-y := -fpie -mcmodel=small \
+ -include $(srctree)/include/linux/hidden.h
+
+ PIE_CFLAGS-$(CONFIG_CC_IS_GCC) += $(call cc-option.-mdirect-extern-access)
+ PIE_CFLAGS-$(CONFIG_CC_IS_CLANG) += -fdirect-access-external-data
+
ifeq ($(CONFIG_STACKPROTECTOR),y)
KBUILD_CFLAGS += -mstack-protector-guard-symbol=fixed_percpu_data
+
+ # the 'small' C model defaults to %fs
+ PIE_CFLAGS-$(CONFIG_SMP) += -mstack-protector-guard-reg=gs
endif

# Don't emit relaxable GOTPCREL relocations
KBUILD_AFLAGS_KERNEL += -Wa,-mrelax-relocations=no
- KBUILD_CFLAGS_KERNEL += -Wa,-mrelax-relocations=no
+ KBUILD_CFLAGS_KERNEL += -Wa,-mrelax-relocations=no $(PIE_CFLAGS-y)
endif

#
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index 9cc0ff6e9067..4d3ba35cb619 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -57,6 +57,7 @@ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
KBUILD_CFLAGS += $(CONFIG_CC_IMPLICIT_FALLTHROUGH)
+KBUILD_CFLAGS_KERNEL :=

$(obj)/bzImage: asflags-y := $(SVGA_MODE)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index f2051644de94..c362d36b5b69 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -73,7 +73,7 @@ LDFLAGS_vmlinux += -T
hostprogs := mkpiggy
HOST_EXTRACFLAGS += -I$(srctree)/tools/include

-sed-voffset := -e 's/^$[0-9a-fA-F]*$ [ABCDGRSTVW] $_text\|__start_rodata\|__bss_start\|_end$$$/\#define VO_\2 _AC(0x\1,UL)/p'
+sed-voffset := -e 's/^$[0-9a-fA-F]*$ [ABbCDdGRSTtVW] $_text\|__start_rodata\|__bss_start\|_end$$$/\#define VO_\2 _AC(0x\1,UL)/p'

quiet_cmd_voffset = VOFFSET $@
cmd_voffset = $(NM) $< | sed -n $(sed-voffset) > $@
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index c9216ac4fb1e..7af9fecf9abb 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -141,6 +141,7 @@ endif
endif

$(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)
+$(obj)/vdso32.so.dbg: KBUILD_CFLAGS_KERNEL :=

$(obj)/vdso32.so.dbg: $(obj)/vdso32/vdso32.lds $(vobjs32) FORCE
$(call if_changed,vdso_and_check)
diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile
index a0fb39abc5c8..70bf0a26da91 100644
--- a/arch/x86/realmode/rm/Makefile
+++ b/arch/x86/realmode/rm/Makefile
@@ -67,3 +67,4 @@ KBUILD_CFLAGS := $(REALMODE_CFLAGS) -D_SETUP -D_WAKEUP \
-I$(srctree)/arch/x86/boot
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
+KBUILD_CFLAGS_KERNEL :=
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 2b079f73820f..3a084ac77109 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -349,6 +349,7 @@
*(DATA_MAIN) \
*(.data..decrypted) \
*(.ref.data) \
+ *(.data.rel*) \
*(.data..shared_aligned) /* percpu related */ \
*(.data.unlikely) \
__start_once = .; \
--
2.46.0.792.g87dc391469-goog

Next message: Ard Biesheuvel: "[RFC PATCH 26/28] x86/boot: Implement support for ELF RELA/RELR relocations"
Previous message: Ard Biesheuvel: "[RFC PATCH 24/28] tools/objtool: Treat indirect ftrace calls as direct calls"
In reply to: Ard Biesheuvel: "[RFC PATCH 24/28] tools/objtool: Treat indirect ftrace calls as direct calls"
Next in thread: Andi Kleen: "Re: [RFC PATCH 25/28] x86: Use PIE codegen for the core kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]