On 08.01.24 08:47, Sascha Hauer wrote:
> On Wed, Jan 03, 2024 at 07:12:17PM +0100, Ahmad Fatoum wrote:
>> In the quest for making barebox PBL code W^X mappable, we have now taken
>> care to make the ARM64 assembly routines not emit code relocations,
>> so let's do the same for the C code as well.
>>
>> We do this by setting pragma GCC visibility push(hidden) globally. This
>> option is stronger than -fvisibility=hidden and ensures we are
>> completely position-independent. See kernel commit e544ea57ac07
>> ("x86/boot/compressed: Force hidden visibility for all symbol references")
>> for more information.
>>
>> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
>> ---
>> include/linux/export.h | 2 +-
>> include/linux/hidden.h | 19 +++++++++++++++++++
>> pbl/Kconfig | 7 +++++++
>> scripts/Makefile.lib | 5 +++++
>> scripts/Makefile.pic | 22 ++++++++++++++++++++++
>> 5 files changed, 54 insertions(+), 1 deletion(-)
>> create mode 100644 include/linux/hidden.h
>> create mode 100644 scripts/Makefile.pic
>>
>> diff --git a/include/linux/export.h b/include/linux/export.h
>> index 8f47742bea99..a136d727d128 100644
>> --- a/include/linux/export.h
>> +++ b/include/linux/export.h
>> @@ -6,7 +6,7 @@
>>
>> #define THIS_MODULE 0
>>
>> -#ifdef CONFIG_MODULES
>> +#if defined(CONFIG_MODULES) && !defined(__DISABLE_EXPORTS)
>>
>> struct kernel_symbol
>> {
>> diff --git a/include/linux/hidden.h b/include/linux/hidden.h
>> new file mode 100644
>> index 000000000000..49a17b6b5962
>> --- /dev/null
>> +++ b/include/linux/hidden.h
>> @@ -0,0 +1,19 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * When building position independent code with GCC using the -fPIC option,
>> + * (or even the -fPIE one on older versions), it will assume that we are
>> + * building a dynamic object (either a shared library or an executable) that
>> + * may have symbol references that can only be resolved at load time. For a
>> + * variety of reasons (ELF symbol preemption, the CoW footprint of the section
>> + * that is modified by the loader), this results in all references to symbols
>> + * with external linkage to go via entries in the Global Offset Table (GOT),
>> + * which carries absolute addresses which need to be fixed up when the
>> + * executable image is loaded at an offset which is different from its link
>> + * time offset.
>> + *
>> + * Fortunately, there is a way to inform the compiler that such symbol
>> + * references will be satisfied at link time rather than at load time, by
>> + * giving them 'hidden' visibility.
>> + */
>> +
>> +#pragma GCC visibility push(hidden)
>> diff --git a/pbl/Kconfig b/pbl/Kconfig
>> index 91970c19bc1e..23fcbd20dacd 100644
>> --- a/pbl/Kconfig
>> +++ b/pbl/Kconfig
>> @@ -46,6 +46,13 @@ config PBL_RELOCATABLE
>> This option only influences the PBL image. See RELOCATABLE to also make
>> the real image relocatable.
>>
>> +config PBL_FULLY_PIC
>> + bool "fully position-independent pbl image"
>> + depends on PBL_RELOCATABLE && ARM
>> + help
>> + Compared to CONFIG_PBL_RELOCATABLE, this image has no relocations in
>> + the code sections.
>
> Shouldn't we make PBL_FULLY_PIC the default when available?
Eventually, yes. But I want this to get some more testing before making it so.
>
> Sascha
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
