Received: by 2002:a05:7412:8d09:b0:fa:4c10:6cad with SMTP id bj9csp454456rdb; Tue, 16 Jan 2024 05:47:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IGg/gQBwY51InRAv0byDq6oy7/qYPHhDpH9TOPzrRVgZt+LwLkLbVQwQfzdKVI+9o5aF6Kd X-Received: by 2002:a05:620a:4016:b0:783:6e92:e344 with SMTP id h22-20020a05620a401600b007836e92e344mr398643qko.62.1705412871047; Tue, 16 Jan 2024 05:47:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705412871; cv=none; d=google.com; s=arc-20160816; b=G59Q5HFyZHdFh5DRQnsRnip4Ypz6FnkQEr2YZfkwnumUkQB8zMG2SIzvT7KJZe0zEI ScrOSbk1p3QwX2gRBjJVcZIRbxX5nf1w+5P+eGD/OGlLPsT0xmJr1imOL60WBYTrJaD4 6GIg9tOjDKxyEnh4vsdWCNq5GjSQTgi2LJwKaisXnXNUVt5A6lXnRrYBnu7n36aThJUZ btDMB4Q8nfYh19fqn2sv/xIJj/g4+ahrzI7tbb3hu1/pTBDFd4r7SzsivLYSleTtO3zX bChBhAbdm/02l3Pp0/7uxmLSuh178BbNK7QsvP97jtHlpNExrhtkRxPkEvvvMDGnNR1e R4iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=MZBT+FdH7dtZW0KVEDPW+P67kCHidKiC4CQIHrAUT44=; fh=n20MorCtWsYdrFFZRh9knjHu6oORm29Ywf9a4+SBvUE=; b=b8H/W6G1Ji0uw4YCr9rch5sZbbs5PUQY/3blJ7OQSFJpo0MsTnaElm0zsUf3yEm8EZ 1J22Tc6xNJ+IdT93VoEjyHSQmajWjD+n4YBJzO9uCLaiBlSzzzfNVby0PgmlR6+eSvOj Si5/bM2w5k0MyVEWul0MkAMZdu/JqhDyHe+oVMzeWrYnZAZ9bUA+AlC67VRCrZwhT5rz yXIVBsEEJ2C8pxiUf/Pf8UKcY5CtCI9uxl0iSb+CcrGq5B7B3dB+P8XigdGa58KRirah VHEbtLOpEqWOBG0upA29UOEDvt8RS4rRKOS0GiYBRw+sYr2RPb6jhMwZzlkDCwFbBsUo cE+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mEgYKe+c; spf=pass (google.com: domain of linux-kernel+bounces-27434-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-27434-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id pj18-20020a05620a1d9200b007831e5b8ecbsi9742843qkn.91.2024.01.16.05.47.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jan 2024 05:47:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-27434-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mEgYKe+c; spf=pass (google.com: domain of linux-kernel+bounces-27434-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-27434-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C891C1C23249 for ; Tue, 16 Jan 2024 13:47:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A2EEC1BDDA; Tue, 16 Jan 2024 13:47:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mEgYKe+c" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C11DC1BDC5; Tue, 16 Jan 2024 13:47:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 402CFC433F1; Tue, 16 Jan 2024 13:47:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1705412863; bh=04lWmWfIGbM9M33qOZ9QZN58A/a9pr1kfibw8ak8AQI=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=mEgYKe+clDNxM0AehDdV6RmEWf06HYH/CgB7nPTGpTNmwYF1GmRsJTcySIklJHOGc xFzU8IICQDvjHcrQb+H8N74un9pXXPmbXdn5n/QJClaayghpZ/O53WGiu/J2EGwkO5 XEa9sEzvmPEeQG2I0CZMLQqKZ3V0i1Hv3Ee1njLcT+eYNlnycShlU3SaKTr3Z8MAt+ ehbAByDPRxwNcFV1wI9PbSxxjsbNAKwcoScT+bTr+WcHYwogiD32H1ppHJgNZUFttI cQIvSW1C1fHcXHxTgIV1M5Q4SZIqIuq3MnbyuzFPtorWUxzZZzwU7GT/+loxirYFIj Rb1rN3xlLajMg== Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-50eaaf2c7deso11030476e87.2; Tue, 16 Jan 2024 05:47:43 -0800 (PST) X-Gm-Message-State: AOJu0YxWn0nF6Vd+OmhJcWKSClCcdvCx1lqOrcJDh0DJsJys3CXxQX3y jBYp/QzeCWzhaBfB1MPA9gxzq/CzKJhxGGrlOJk= X-Received: by 2002:a05:6512:31d0:b0:50e:5b95:948 with SMTP id j16-20020a05651231d000b0050e5b950948mr3888669lfe.103.1705412861423; Tue, 16 Jan 2024 05:47:41 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <56b52d4e-9dc0-400c-a141-7e70f5c72afa@siemens.com> <578aae7c-4069-4071-ba4b-cc86d3b516c1@siemens.com> <5c077064-bdab-4796-9ed6-8f884669b73f@siemens.com> In-Reply-To: <5c077064-bdab-4796-9ed6-8f884669b73f@siemens.com> From: Ard Biesheuvel Date: Tue, 16 Jan 2024 14:47:30 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] riscv/efistub: Ensure GP-relative addressing is not used To: Jan Kiszka Cc: Palmer Dabbelt , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Tue, 16 Jan 2024 at 14:44, Jan Kiszka wrote: > > On 16.01.24 09:36, Ard Biesheuvel wrote: > > On Tue, 16 Jan 2024 at 06:21, Jan Kiszka wrote: > >> > >> On 15.01.24 18:34, Ard Biesheuvel wrote: > >>> On Sat, 13 Jan 2024 at 11:35, Jan Kiszka wrote: > >>>> > >>>> On 12.01.24 19:56, Palmer Dabbelt wrote: > >>>>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >>>>>> Hi Jan, > >>>>>> > >>>>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka wrote: > >>>>>>> > >>>>>>> From: Jan Kiszka > >>>>>>> > >>>>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>>>>>> under the risk that the compiler could use GP-relative addressing. That > >>>>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>>>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>>>>>> It was not yet observed with newer versions, but that may just be luck. > >>>>>>> > >>>>>>> Signed-off-by: Jan Kiszka > >>>>>>> --- > >>>>>>> > >>>>>>> Something like this should go to stable as well, but we will need > >>>>>>> rebased patches. > >>>>>>> > >>>>>>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>>>>>> > >>>>>>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>>>>>> b/drivers/firmware/efi/libstub/Makefile > >>>>>>> index 06964a3c130f..d561d7de46a9 100644 > >>>>>>> --- a/drivers/firmware/efi/libstub/Makefile > >>>>>>> +++ b/drivers/firmware/efi/libstub/Makefile > >>>>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>>>>>> -DEFI_HAVE_STRNLEN \ > >>>>>>> -DEFI_HAVE_MEMCHR > >>>>>>> -DEFI_HAVE_STRRCHR \ > >>>>>>> -DEFI_HAVE_STRCMP -fno-builtin > >>>>>>> -fpic \ > >>>>>>> $(call > >>>>>>> cc-option,-mno-single-pic-base) > >>>>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>>>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >>>>>> > >>>>>> Can we detect the presence of these references (via the relocation > >>>>>> type)? We already do something similar for ordinary absolute > >>>>>> references too. > >>>>> > >>>>> If there's no `__global_pointer$` symbol then the linker won't make > >>>>> GP-relative relaxations (because it doesn't know where GP is). We > >>>>> usually define that symbol in the linker script, but I'm not entierly > >>>>> sure how libstub gets its linker script... > >>>>> > >>>> > >>>> The stub seems to be linked together with the rest of the kernel, thus > >>>> the regular arch/riscv/kernel/vmlinux.lds.S is used. > >>>> > >>> > >>> Indeed - the EFI stub is part of the same executable as vmlinux, we > >>> just mangle the symbol names to ensure that only code that can be > >>> safely called from the EFI stub can be linked to it. > >>> > >>> If the effect of -mno-relax is to stop emitting R_RISCV_RELAX > >>> relocations, we should perhaps add those to the STUBCOPY_RELOC-y > >>> Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem > >>> like the right value there to begin with: the idea of that is to > >>> disallow ELF relocations that evaluate to expressions that can only be > >>> known at runtime (like absolute addresses for global pointer > >>> variables) > >> > >> How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? > >> > > > > We'll need to keep the HI20, in fact - I got confused between HI20 and > > PCREL_HI20, and the former is actually used for 32-bit absolute > > addresses in 32-bit code. > > > > This seems to do the trick: it disallows relaxation relocations and > > native word sizes absolute references. AFAICT, those are the only ones > > we should care about. > > > > STUBCOPY_RELOC-$(CONFIG_RISCV) := -E > > R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX > > I would suggest to do that on top of this patch. Want me to write such a > patch, or will you? You can probably more fluently explain why > R_RISCV_32/64 is important, I would first have to understand what that > is exactly. :) > Sure, I can take care of that. For your patch, Reviewed-by: Ard Biesheuvel I'll queue this up as a EFI fix.