Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1861833rwr; Fri, 28 Apr 2023 02:56:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6JmkmRvgEHe6PnkrekOny42N1NldzceJUe7ZyFPzMRMFKKk7DaDf3G1z3MiFDe+pDkqbJ+ X-Received: by 2002:a05:6a00:240c:b0:623:5880:98cd with SMTP id z12-20020a056a00240c00b00623588098cdmr5792122pfh.5.1682675792198; Fri, 28 Apr 2023 02:56:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682675792; cv=none; d=google.com; s=arc-20160816; b=I5sdLqPJwP2APScIs8ePhB/oud2B4kaLCJx4aDMUUk4vSdBa3n0Ro8NQedxX5YMreL jpIB1gRyGC1cRhshcZ32BwzZfF5XKk3iNGAyS87HaL0/+W89lc9C4P7qkSJRYRBMdpmm VjS5Ne99zjwBpCLL+UPk3A1h25OVk88HhQAF+2/gqmxR7hCiIfIlcRJa2ssn9oPqC9Oh 7rlNMaWGBgqCzyZNswOOgj+ijODSlPoramX8OymNWADkh2vBB8dwm8Z0CK576/uzYVFa 49rRRvgnqK6pBhD0bkquR+k3ToEu2Kh9E9mzamlwth1ChHDyKeW87qxiaWtBHrYkD6zM QsaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=iEYJWcGaGWTeN6u7RU4maW3ANDTNISwbOBlEBZanArU=; b=Svah7L8PzD30ijFKK9T7qFZ/18mtCXOosn8E8/Pzx5kcTc7sCVBw1rq/AgipdBfj9t ojBMGsRuTZ0uxSjhyykSJY4oVG6Gcu/iXE/wlodbzhGJzTNrMlqsE8T2CTNa3/FDzPHS aAnGpDe36JzuIFXQ9cwVtO1ITMcUoZHs3HGkAfv083olTLVzgvl6Joo5eZCQ02+Kp6PG h0EB151Z+lvrIvPHQKj0hM+7pNT9Y8bm78wl22wpXlxulbVBrQxZ7z5kIKrrahjV/+HB LnURCeqiihOaGdg5eggYtto5iMTxePP4355KgW2X6pyy8omMI2YYWitmvSnTw4eMPG6x oT/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v30-20020aa799de000000b0063b52b9a8f5si20234786pfi.267.2023.04.28.02.56.20; Fri, 28 Apr 2023 02:56:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345980AbjD1Jzf (ORCPT + 99 others); Fri, 28 Apr 2023 05:55:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345775AbjD1JzJ (ORCPT ); Fri, 28 Apr 2023 05:55:09 -0400 Received: from out187-21.us.a.mail.aliyun.com (out187-21.us.a.mail.aliyun.com [47.90.187.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 287C82726 for ; Fri, 28 Apr 2023 02:54:47 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R571e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047187;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=12;SR=0;TI=SMTPD_---.STFoGTP_1682675583; Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com fp:SMTPD_---.STFoGTP_1682675583) by smtp.aliyun-inc.com; Fri, 28 Apr 2023 17:53:04 +0800 From: "Hou Wenlong" To: linux-kernel@vger.kernel.org Cc: "Thomas Garnier" , "Lai Jiangshan" , "Kees Cook" , "Hou Wenlong" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , , "H. Peter Anvin" , "Andy Lutomirski" Subject: [PATCH RFC 23/43] x86/pie: Force hidden visibility for all symbol references Date: Fri, 28 Apr 2023 17:51:03 +0800 Message-Id: <63feba4a3826335f1ad32e484ebed31efd608d51.1682673543.git.houwenlong.hwl@antgroup.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Eliminate all GOT entries in the kernel, by forcing hidden visibility for all symbol references, which informs the compiler that such references will be resolved at link time without the need for allocating GOT entries. However, there are still some GOT entries after this, one for __fentry__() indirect call, and others are due to global weak symbol references. Signed-off-by: Hou Wenlong Cc: Thomas Garnier Cc: Lai Jiangshan Cc: Kees Cook --- arch/x86/Makefile | 7 +++++++ arch/x86/entry/vdso/Makefile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 57e4dbbf501d..81500011396d 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -158,6 +158,11 @@ else KBUILD_RUSTFLAGS += $(rustflags-y) KBUILD_CFLAGS += -mno-red-zone + +ifdef CONFIG_X86_PIE + PIE_CFLAGS := -include $(srctree)/include/linux/hidden.h + KBUILD_CFLAGS += $(PIE_CFLAGS) +endif KBUILD_CFLAGS += -mcmodel=kernel KBUILD_RUSTFLAGS += -Cno-redzone=y KBUILD_RUSTFLAGS += -Ccode-model=kernel @@ -176,6 +181,8 @@ ifeq ($(CONFIG_STACKPROTECTOR),y) endif endif +export PIE_CFLAGS + # # If the function graph tracer is used with mcount instead of fentry, # '-maccumulate-outgoing-args' is needed to prevent a GCC bug diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 6a1821bd7d5e..9437653a9de2 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -92,7 +92,7 @@ ifneq ($(RETPOLINE_VDSO_CFLAGS),) endif endif -$(vobjs): KBUILD_CFLAGS := $(filter-out $(PADDING_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(PIE_CFLAGS) $(PADDING_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) $(vobjs): KBUILD_AFLAGS += -DBUILD_VDSO # -- 2.31.1