On Wed, Jan 03, 2024 at 07:12:17PM +0100, Ahmad Fatoum wrote:
> In the quest for making barebox PBL code W^X mappable, we have now taken
> care to make the ARM64 assembly routines not emit code relocations,
> so let's do the same for the C code as well.
>
> We do this by setting pragma GCC visibility push(hidden) globally. This
> option is stronger than -fvisibility=hidden and ensures we are
> completely position-independent. See kernel commit e544ea57ac07
> ("x86/boot/compressed: Force hidden visibility for all symbol references")
> for more information.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> include/linux/export.h | 2 +-
> include/linux/hidden.h | 19 +++++++++++++++++++
> pbl/Kconfig | 7 +++++++
> scripts/Makefile.lib | 5 +++++
> scripts/Makefile.pic | 22 ++++++++++++++++++++++
> 5 files changed, 54 insertions(+), 1 deletion(-)
> create mode 100644 include/linux/hidden.h
> create mode 100644 scripts/Makefile.pic
>
> diff --git a/include/linux/export.h b/include/linux/export.h
> index 8f47742bea99..a136d727d128 100644
> --- a/include/linux/export.h
> +++ b/include/linux/export.h
> @@ -6,7 +6,7 @@
>
> #define THIS_MODULE 0
>
> -#ifdef CONFIG_MODULES
> +#if defined(CONFIG_MODULES) && !defined(__DISABLE_EXPORTS)
>
> struct kernel_symbol
> {
> diff --git a/include/linux/hidden.h b/include/linux/hidden.h
> new file mode 100644
> index 000000000000..49a17b6b5962
> --- /dev/null
> +++ b/include/linux/hidden.h
> @@ -0,0 +1,19 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * When building position independent code with GCC using the -fPIC option,
> + * (or even the -fPIE one on older versions), it will assume that we are
> + * building a dynamic object (either a shared library or an executable) that
> + * may have symbol references that can only be resolved at load time. For a
> + * variety of reasons (ELF symbol preemption, the CoW footprint of the section
> + * that is modified by the loader), this results in all references to symbols
> + * with external linkage to go via entries in the Global Offset Table (GOT),
> + * which carries absolute addresses which need to be fixed up when the
> + * executable image is loaded at an offset which is different from its link
> + * time offset.
> + *
> + * Fortunately, there is a way to inform the compiler that such symbol
> + * references will be satisfied at link time rather than at load time, by
> + * giving them 'hidden' visibility.
> + */
> +
> +#pragma GCC visibility push(hidden)
> diff --git a/pbl/Kconfig b/pbl/Kconfig
> index 91970c19bc1e..23fcbd20dacd 100644
> --- a/pbl/Kconfig
> +++ b/pbl/Kconfig
> @@ -46,6 +46,13 @@ config PBL_RELOCATABLE
> This option only influences the PBL image. See RELOCATABLE to also make
> the real image relocatable.
>
> +config PBL_FULLY_PIC
> + bool "fully position-independent pbl image"
> + depends on PBL_RELOCATABLE && ARM
> + help
> + Compared to CONFIG_PBL_RELOCATABLE, this image has no relocations in
> + the code sections.
Shouldn't we make PBL_FULLY_PIC the default when available?
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
