Re: [PATCH] efi: zboot: Ensure zboot PIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Mar 28, 2023 at 3:58 PM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> On Tue, 28 Mar 2023 at 09:32, Pingfan Liu <kernelfans@xxxxxxxxx> wrote:
> >
> > On Mon, Mar 27, 2023 at 6:57 PM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
> > >
> > > On Mon, 27 Mar 2023 at 11:51, Pingfan Liu <kernelfans@xxxxxxxxx> wrote:
> > > >
> > > > Using objcopy to reform vmlinuz.efi.elf to vmlinuz.efi will not convey
> > > > any relocation information. That means vmlinuz.efi is expected to be
> > > > PIC.
> > > >
> > > > At present, vmlinuz.efi is PIC. But it is better to adopt the same
> > >
> > > Why is it better?
> > >
> >
> > I think except carefully coded with asm language, there is no
> > guarantee which prevents the compiler from generating position
> > dependent code.  Or is there any presumption here?
> >
>
> All object files built under drivers/firmware/efi/libstub are scanned
> for absolute relocations, and if any exist, the build is aborted.
>

Oh, I got the code piece now.  Thank you very much for pointing this
out. And only if R_AARCH64_ABS64 is unavoidable, there is no need to
ask the code to fix the relocation by itself.

But one more question, there are many other "S+A" types of relocation,
let's say R_AARCH64_ABS32 or R_AARCH64_LDST64_ABS_LO12_NC. It is also
sensitive to the delta between loading and linking. Should all of them
be excluded by the Makefile?

> > > > solution used by the kernel to resolve the code relocation issue by
> > > > itself. That is to resolve R_AARCH64_RELATIVE at the runtime.
> > > >
> > >
> > > This breaks other architectures.
> > >
> >
> > Oops, could it be done by:
> > #if defined(_aarch64_)
> > #define R_ARCH_RELATIVE R_AARCH64_RELATIVE
> > #else
> > #define R_ARCH_RELATIVE 0
> > #endif
> >
> > Since any r_type equaling 0 can not be ejected into the relocation
> > section, this macro will make the code dummy in essential.
> >
>
> So the assembler instructions you are using are also implemented on
> RISC-V and LoongArch?

Oops. The whole file should be arch dependent. In those cases, they
should be a single jump instruction.

Appreciate for your help.

Thanks,

    Pingfan
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux