Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp42402ybm; Tue, 26 May 2020 10:16:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJywdpkiauVAYwo1sbVNRbGWgQYzoR3VayfWqZC04H+PQE+i+j7JRfnHpYEwaO8K6v+MD0Rk X-Received: by 2002:a50:dac4:: with SMTP id s4mr21477135edj.84.1590513369224; Tue, 26 May 2020 10:16:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590513369; cv=none; d=google.com; s=arc-20160816; b=ljoXyXwSSVnirRwP/P2xnvZzAsTJHTOz6Uprul+P2j/rqGQTH6yzGyogfrSMykU1ZX I/WI5cl5yY5d+xyhZUyFX/iPwWCdfWXTAv5MIGpTkALHUrjGBioaK8SRLVpfdQFwwOzN 56s2ZxmOQOdrJUUbRT+CsWomId5UZDpFdhUhbnFtnYDkJU+PVpQ1S2RFvnQFRRF0HVUr TlMk53wWftC4AZF8Zgj4erMmFuh82KuxFX3rKqAZ527LAqbAZ6HTd8ab52V8EYEPx5ea khKgm3XIFH/zsHixGwAdgmhL1fyURQShLV+9js3lTXvWh5obadrwOQHyeSPCt5bCoXl1 nwtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=Q2tb1AeXDG23hGcjPRVLc3Ey0WPkny9sKX+WHXY3/jE=; b=PSDuF6L4KnWGnEZgs+f0l5MrJALFHF4PiMv4+HwfRtrb82vgnK0j5Gvg2g1h1dRAF+ GEuQaTz/YKMldq3ykCe8/hU4yFT3N3B7L4idkZrGU3RDCcfcTQGC0973/m6d/bbp3WjQ ia9xWIxXCoeIEviCnBem+vMs2t+Z6h+SFUhrA1ISO/dZlAyB2lsGgdb2jAH/NvDbQhOV /ChX35f3Fc6Wg2YGWoahCCgAfBYnJRT+0+vQ6K3tkrTcCurI5L1ayPYFvut5+keVOykg mQruBwqZQynA9MIhW/nQU3FT4TGcG223QYuzWe5DDP9NPN6oY45l//3KVSLVg2iAulq3 7yrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Oo5M/TaH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn4si226063edb.398.2020.05.26.10.15.45; Tue, 26 May 2020 10:16:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Oo5M/TaH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729896AbgEZRNs (ORCPT + 99 others); Tue, 26 May 2020 13:13:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728138AbgEZRNr (ORCPT ); Tue, 26 May 2020 13:13:47 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34C29C03E96D for ; Tue, 26 May 2020 10:13:47 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id t16so8922072plo.7 for ; Tue, 26 May 2020 10:13:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Q2tb1AeXDG23hGcjPRVLc3Ey0WPkny9sKX+WHXY3/jE=; b=Oo5M/TaH3pNzpNedOe2MYvvOmsz2XJ84O5UlH4IlnyLsYMHsQ6bgeG7Q/WNWoSRWq1 2OJlzomHtoAWDBvswVFFuexScHm5Fa/cQ/YraURXCayL3QB6c8VuweasdqaDaFoOx1nX BBQJuKDRuiyho3y4Doe0y4gAVgl/7WznfZcZK4PRpNyU1MXmCaBF+o6Tsm+KOdFKeXhO D5JU+mimzwLXKI/Yb7ODL5Cr9psd/pL4PEY7johaMnR3hqIFE35G3ki5ScjutK2XLjR1 s1s+qOMAXpDBX/FzjSAKfYYajcPLruR5YvEpbLsMMKk+0ApEcK9nAD/kvrfzf2Sqzuth JQbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Q2tb1AeXDG23hGcjPRVLc3Ey0WPkny9sKX+WHXY3/jE=; b=nX1AkEYmqS8yYdqYkRxDOEA46kQdHds7jtRYleQ+WCVsLc4U3OQwJ0mRj/Ja2hTTNz bf3azB4up2RTKtJD/fND5ngnuOcA6/GG7+WPOz/j63iwVXH+aTQ/rUmA6t+EEKkZNhE+ NyB82ArG2kftOFSqW8o6e91/NDX+BH2mp524EGyX4WiIhk9UWiEDQaZ2X1CH0ETGSzY5 dwLcuwQqbU9XIQvVIwVgVHlfxDulprALlnYW9cNd1q27boYr2H6ONQbmJqw8U0K+zVMs W3v3i09gXhJGrkxMZruworNlUznEmCy9cpNqEVDIKbf2ee4+igHuMIbyEvEnHH0RNM2g GVag== X-Gm-Message-State: AOAM530+OcO0RPhHoLZrAsECjXRGKU1iIacVAoqMHGgfdgv9V4+r4Z7c 4Y6N7Ft9lhjGBbA2aCX0cmFBV9l84CvzfA== X-Received: by 2002:a17:90a:34cc:: with SMTP id m12mr238695pjf.123.1590513226563; Tue, 26 May 2020 10:13:46 -0700 (PDT) Received: from google.com ([2620:15c:2ce:0:9efe:9f1:9267:2b27]) by smtp.gmail.com with ESMTPSA id g7sm55515pjs.48.2020.05.26.10.13.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2020 10:13:45 -0700 (PDT) Date: Tue, 26 May 2020 10:13:40 -0700 From: Fangrui Song To: Arvind Sankar Cc: Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , Nick Desaulniers , Dmitry Golovin , clang-built-linux , Masahiro Yamada , Daniel Kiper , Linux Kernel Mailing List Subject: Re: [PATCH v2 4/4] x86/boot: Check that there are no runtime relocations Message-ID: <20200526171340.pdbautbix5ygdvgp@google.com> References: <20200524212816.243139-1-nivedita@alum.mit.edu> <20200525225918.1624470-5-nivedita@alum.mit.edu> <20200526151623.GB2190602@rani.riverdale.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20200526151623.GB2190602@rani.riverdale.lan> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-05-26, Arvind Sankar wrote: >On Tue, May 26, 2020 at 08:11:56AM +0200, Ard Biesheuvel wrote: >> On Tue, 26 May 2020 at 00:59, Arvind Sankar wrote: >> > # Compressed kernel should be built as PIE since it may be loaded at any >> > # address by the bootloader. >> > -KBUILD_LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) >> > +KBUILD_LDFLAGS += -pie $(call ld-option, --no-dynamic-linker) >> >> Do we still need -pie linking with these changes applied? >> > >I think it's currently not strictly necessary -- eg the 64bit kernel >doesn't get linked as pie right now with LLD or old binutils. However, >it is safer to do so to ensure that the result remains PIC with future >versions of the linker. There are linker optimizations that can convert >certain PIC instructions when PIE is disabled. While I think they >currently all focus on eliminating indirection through the GOT (and thus >wouldn't be applicable any more), There are 3 forms described by x86-64 psABI B.2 Optimize GOTPCRELX Relocations (1) movq foo@GOTPCREL(%rip), %reg -> leaq foo(%rip), %reg (2) call *foo@GOTPCREL(%rip) -> nop; call foo (3) jmp *foo@GOTPCREL(%rip) -> jmp foo; nop ld.bfd and gold perform (1) even for R_X86_64_GOTPCREL. LLD requires R_X86_64_[REX_]GOTPCRELX >it's easy to imagine that they could >get extended to, for eg, convert > leaq foo(%rip), %rax >to > movl $foo, %eax >with some nop padding, etc. Not with NOP padding, but probably with instruction prefixes. It is unclear the rewriting will be beneficial. Rewriting instructions definitely requires a dedicated relocation type like R_X86_64_[REX_]GOTPCRELX. >Also, the relocation check that's being added here would only work with >PIE linking.