| Message ID | 42c63cb9-87d0-49db-9af8-95771b186684@siemens.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:693c:2614:b0:101:6a76:bbe3 with SMTP id
mm20csp368492dyc;
Fri, 12 Jan 2024 10:38:09 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IE3nNftUSwt2PsSqPEtpZq2DJKlKuVjydJsHhGBcIy38LXbvdhEfTUl3j+tqI8iF10mtcsN
X-Received: by 2002:a05:6a00:2d9e:b0:6db:1534:fdac with SMTP id
fb30-20020a056a002d9e00b006db1534fdacmr2381824pfb.20.1705084688819;
Fri, 12 Jan 2024 10:38:08 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705084688; cv=pass;
d=google.com; s=arc-20160816;
b=ygV7QL3gwgx5BAv69r4IrY7R/5YB4wOYg97oDIQ2x8PQAXgjl2xr+nQTvbXUPCSgTr
viS/uuVCplN5HjqmrB5k+O+Jk5bZbzCDBHiM5nMrLc9zR2WeDG+RCAryVMY0w24I0j4T
13FnNez2h1oOp96Uc0lkuW3WF6gIW/iOQ2syQltX8eCu2lmYXfPIN1z37tLT4o1VvMQD
goqbfefOVAm1cTN0efmFuZrwQFPxoIJhuCVV/w3922x5O7US7yU4oJuJm78qx4NFHPwp
f0whvC6HYUsbC70DBE8N5NizNe5aIpgxLgS81uYC78ChYo6kpN8ix5PlXI2cDgUKNe6f
HtGg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
:content-transfer-encoding:cc:to:content-language:subject:from
:user-agent:date:message-id:dkim-signature;
bh=O/LENPqC9BmBNWPKYaIBYOfpLLIo80zXFYbB2OELyFQ=;
fh=1FiVQ9eVZZOQZKx/h04/Nl33R+un24l6pAvOdvXuTsY=;
b=MxAOMqoHgbBFHCixMFRqglc8olJXdMIqE9MtBHhH0nk2z31Rdhk7vEE03N9+8ARNEo
jTCZmIefOKqiisHaWu6wCHgHkfUMQFbrAs5docl+LRaHAXPyqK5se5dCr/vHqcZeMBIL
YWyP1r1YSSCZQks+gbUrbFQuKMhOhg5FSZECtzzPVBLNR6KFAM1yhfr/0uebkQKFxmxh
mYwQGJZmrfaNauxhxFj2QNPejAszS4gVxu4hKvbNQgCzwLUXq9AFpLrAgSukbaMlQrB1
NXHri5BiXz7PJDKMvUpPajQVKDyhiim51Al9RQds4mY+e85s0sdS1UDc3Kr43LI9vdkD
JY+w==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=P1LMye9I;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of
linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org.
[2604:1380:40f1:3f00::1])
by mx.google.com with ESMTPS id
o12-20020a62cd0c000000b006da1b6363basi3548376pfg.89.2024.01.12.10.38.08
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 12 Jan 2024 10:38:08 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=P1LMye9I;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of
linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-24977-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id B1B71B214E7
for <ouuuleilei@gmail.com>; Fri, 12 Jan 2024 18:38:07 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 239B914F8C;
Fri, 12 Jan 2024 18:37:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=siemens.com header.i=@siemens.com
header.b="P1LMye9I"
Received: from EUR05-AM6-obe.outbound.protection.outlook.com
(mail-am6eur05on2073.outbound.protection.outlook.com [40.107.22.73])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 076C014F6C;
Fri, 12 Jan 2024 18:37:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=siemens.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=siemens.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=VMhBC6C6RRlpknmfJW6kWKljxY1vgBjAh6jQCiDkx7fM/z98XiIHvnFOuehRoCZxx9vmlyUqfEwEl3NlgwTuT5I9QnJP1PUxHaGBa8HbSUmt9thlXW1kMUp09FPWwWT8G6ifty7CcgehuTHJ6iH9TPKh/6JjRED3YQmf+DxhLQa7Dr04n5iTwWiEsUW7K+f93Dv4/UQmGFidVDdziuxosi7IfGcz8SEY/YBEC+Y51pSkTIPf/BSmx8kyz6zzoDyaD/pJxrE4A2oOgaHjq5S1Wzjs5tvSeGI8+s7UYgU1DS/Mq6IBYs0YT8P6ZDNqdKFUDErowpD39EL0xJnuac5YAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=O/LENPqC9BmBNWPKYaIBYOfpLLIo80zXFYbB2OELyFQ=;
b=PP4BOqp/NRnXKQJ8zFgzUXxEovnWdUDexzgCfhpsaFyA3qRDnb2MDRvnsVfkY0k+MHFjTpFWzqX8LJ+Ozd9nEYe4NAUtgioGHeokkLy0o7GeDkOdaPrU416Y3D4rTmyyIr3SpktGtARiGHRZk5Y0R+T1m0qH4ucwspLhG0fNq80+2AtZJu3Qpaox8j5M2n/MKtzUFBb6gnzDrZsG1lqHdgvOLrdJAkFKY2xghFFTkSe7nsFhXrCIMyUUDpCbW3fRN9U94g85n/BtTMHrgumO1nb6nP15KyXmtgfjG3tZyfNub6gBQPFkfdmEzNp5Tpl45UCFJyBnBGnhTIEWYHfADg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;
dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=O/LENPqC9BmBNWPKYaIBYOfpLLIo80zXFYbB2OELyFQ=;
b=P1LMye9IMs24t1QtbdnMVHIAVrsXbG4n8dNifPGO3kc//tRHXrIiPuWeDdeg9Oo/r4ujO3fHOUymemhe05cvCe9gAtNjLfMCZyEdgcMU0BbXnsb5OpxxqXnjlijhlWgshGmUHvdT0peoPp9+oa8LUZir9M8pLJeJ7cchLCIvYrOAKS/ympy8UEEq+hsu7HHu9dxxk9v4lWWhe49BB7KaEQ4LWdZu2aeDoTIKqGy3SQVs0i8Z0Nku3FiPIHG2wNAN9R4EAsWM50Q7ezVjTf9WRnoaWwDK+eqJxE+Lu7XhjVZ7Bgs18tf5aiAM1GiIdNIZw3ohRZQvJFvs2e+IBYcq/Q==
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=siemens.com;
Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19)
by AS8PR10MB6890.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5b4::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.21; Fri, 12 Jan
2024 18:37:35 +0000
Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
([fe80::8d16:7fbb:4964:94fe]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
([fe80::8d16:7fbb:4964:94fe%3]) with mapi id 15.20.7181.018; Fri, 12 Jan 2024
18:37:33 +0000
Message-ID: <42c63cb9-87d0-49db-9af8-95771b186684@siemens.com>
Date: Fri, 12 Jan 2024 19:37:29 +0100
User-Agent: Mozilla Thunderbird
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: [PATCH] riscv/efistub: Ensure GP-relative addressing is not used
Content-Language: en-US
To: Ard Biesheuvel <ardb@kernel.org>, Palmer Dabbelt <palmer@rivosinc.com>
Cc: linux-efi <linux-efi@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: FR4P281CA0259.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:e8::9) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
(2603:10a6:20b:588::19)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AS8PR10MB6890:EE_
X-MS-Office365-Filtering-Correlation-Id: 4e87843f-fdae-4d8c-2374-08dc139d8a8f
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
YpsqL4gZ7SI6EkVdFflwHPooIXl6Eabe1bV6iLApzqB6gBuQuJEVzUtvJC7coPc7Ak/ycJN6gR+HOHksTh6gDr0OtyBCuoYBb8QwfGoKs5DC1ycmiUj4FaFJ7sCt8QBvnJqY058gbA1svBS/QWqSbHyqMC7wwdPF5unt28osHnW+m8HG5p1cemeaBdetJDTHaKypN+gDTX9rclZq0uVBrZBWq9BOo9zzb4BaCeOEbyD7YV3FdpjhHvbC9dcEQ36Oe5vj6qyFHdQDSsAKEsnclHG0No7LOwFaYlKSYJg/JrdKEVtLm1T9ndmSoVM+wtXPcEp8XqElcIH4EV+V5p7hcx/YwFMq1rWsowrZocyxokySOHM6JGoFoDjt6jBUr/ULWiqL+hUWlSMRBdVkoGWLBgXPuEH8yxD08VI9iTOc3o1pM/ljdbwFJS0Q7tqYj3/faFms3ksfXBJ4htnLeDjBipGtkEn2uAuwXogySciYzxAECvPVd6Jc5t9IaGL+1WkvhSzT3QREXrpwp1ShH9X+rd3RfClhsU7HbFXvL4CZqKUDtGbTL52eDkY3bIbrRwo7coOts/9gbudgIrjaNSk/KrCkw5aetKNsg/fYOWgS68Gx+D3ZTztudPU+wI4ZolQDb/Phr5kg+h9SF1SHbb4nDg==
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(396003)(346002)(376002)(39860400002)(366004)(230922051799003)(451199024)(186009)(64100799003)(1800799012)(44832011)(4326008)(8936002)(8676002)(2906002)(5660300002)(86362001)(82960400001)(31696002)(36756003)(2616005)(478600001)(83380400001)(26005)(6506007)(41300700001)(6512007)(38100700002)(54906003)(316002)(66476007)(66946007)(6666004)(66556008)(6486002)(110136005)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?AOse4lpDnGNAq90S/D7QcDcKTT52?=
=?utf-8?q?EM5JznMojWFfGgPD9w3ITZMojc/wSW6cz6P9zxW0/hYz2BBmMPzVDKjaoS+FOvu/a?=
=?utf-8?q?btglmS2UjMYQEH4lsBrzjAVxEqbqbSTRXlAigt2J6+3oxPt1uZ0f45jsyGhAgLvNy?=
=?utf-8?q?KxYlJTynzhgtilhawupb52Bhy6PTQKIdQArD+XeVZmKGsQIZCwC0GXOgRgkLhZ/fn?=
=?utf-8?q?9zG+84uMYSbRgElt2N24icrVGpcuEA2ddZUNJx9NbB/j3obf7u3sIEE8M6X2/ZCrn?=
=?utf-8?q?4+b7VwTE3JK15MCixNOT9TOrzrDubU9z8GaNcKJ7wp9yaOvDdevL3buKugMuGpTpU?=
=?utf-8?q?cTFwoN23yBmTdlgK18ZOzK5fteaCxAvYJBpEgcbxi9XMwuihn0EPSieXTxoBJX52N?=
=?utf-8?q?ztI6SjHJyzv3Z805p0izahJPgHytbC/M0ayOFcNq483w7eDOo2PBEGqEXkiYjPmXi?=
=?utf-8?q?GABLcbEAXsea7N4DcyglLoLXSFE2lZoStiq+As2Yg1Zg9AsZuHMowB20psC47x70j?=
=?utf-8?q?Kbk3drUqdN3eB20yUqHJwMsKs3+uCnpQmbW4eOyu/OQ90TbqWCqDeYk5qz8WSyduP?=
=?utf-8?q?D5QUcqiGod72Nrw7R9RjmWYpWxt8DAdzw3lX6yzFLbdI0y5z23xxz/73T8JeUf/U7?=
=?utf-8?q?j14Hc0LfQGDyoPXiqSnV4rz5ktnGDniFT3rYouSC/V6J7iNCDduklls0Z6WhVXJ8f?=
=?utf-8?q?HcRj+fjz+8zxFH00ijUAibfQjLt43Slg66AJKqduN2mcdjIasNbXiMIAiU4dBk2wC?=
=?utf-8?q?ZfUMpwAACoiMbq8qGjxjcGaJzQR7AgFkUBPv5YTj1N/1yoVuorJvDjOuoHL0X9CjL?=
=?utf-8?q?BZ1r7mjlZbfsveV0q2Is4BQ1kjPT9EViw3GaDs9GxBxOuipWeMkBHDdc61qF3H8Yv?=
=?utf-8?q?JxzfWHMZkIxprQtYHJsGylnn4HI5loIKxooMA79fw4sXHwBA5YKknU8v+H+ByFBdO?=
=?utf-8?q?IZS7RTpGdS22JPD+9AkuHej1hcoHqmxVsDWqCGR+Mcu06AUo01R+9j+vnw9bj8HnB?=
=?utf-8?q?itZByWu+0Vj1/ON+LOq9RdmCXkZI6OuPewbjxj/oJzH8ayJ8MkikF7fdCDu56Ec27?=
=?utf-8?q?W99Gx099jBsJ9L4YuH82VgxCVBsZ6sKyuQQeg6dEj0uN6rd/xuD3+WGu216UA21cB?=
=?utf-8?q?ahVNrWdE9hvY6VFyTPUCUw7xjFeQbuvE/+FbD9jkQMnBJ14T/0yIGG6AUJpgaSCwi?=
=?utf-8?q?DNqYTmSFpazpzhmvXC3dLYh334LYTd9C4BaDyDEGyYWBV9V9jV+J1H6nUNVyOL17z?=
=?utf-8?q?ZbdXVRoPQJtsde482TbARbmnh0DeKkJEplpJiefluDCXrvOvm9sf5tFKg1XAgPm0L?=
=?utf-8?q?9wHMvYdo/oB/DTy2vdNwOTn7uT2d5HJWbWhfslMPw39JmrrdtcMoI75kxhGKfSFVJ?=
=?utf-8?q?H6sh4uTm0LPHXrvPzSEQd8JpK4nBFtB59313NYG861xsNiu5ttkY5QFdlDJgSXZz3?=
=?utf-8?q?60kATq2rr//ar0biDC3FG3mGomuupxpGqsx1tXg5fCEjSY3oQZ0blOsAEuqF8gOOo?=
=?utf-8?q?k4hxYw4dp6A5?=
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
4e87843f-fdae-4d8c-2374-08dc139d8a8f
X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jan 2024 18:37:33.6084
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
lq62neP7DPeyr8A/pFG4K0mpD0EqPSd2gpk6aj6MHLOxooJ/gUhmv5XVWZ64b9aRU7iGZ82xDkvLBeS5o58wNg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB6890
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1787910882344885262
X-GMAIL-MSGID: 1787910882344885262
|
| Series |
riscv/efistub: Ensure GP-relative addressing is not used
|
|
Commit Message
Jan Kiszka
Jan. 12, 2024, 6:37 p.m. UTC
From: Jan Kiszka <jan.kiszka@siemens.com> The cflags for the RISC-V efistub were missing -mno-relax, thus were under the risk that the compiler could use GP-relative addressing. That happened for _edata with binutils-2.41 and kernel 6.1, causing the relocation to fail due to an invalid kernel_size in handle_kernel_image. It was not yet observed with newer versions, but that may just be luck. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> --- Something like this should go to stable as well, but we will need rebased patches. drivers/firmware/efi/libstub/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hi Jan, On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: > > From: Jan Kiszka <jan.kiszka@siemens.com> > > The cflags for the RISC-V efistub were missing -mno-relax, thus were > under the risk that the compiler could use GP-relative addressing. That > happened for _edata with binutils-2.41 and kernel 6.1, causing the > relocation to fail due to an invalid kernel_size in handle_kernel_image. > It was not yet observed with newer versions, but that may just be luck. > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > --- > > Something like this should go to stable as well, but we will need > rebased patches. > > drivers/firmware/efi/libstub/Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > index 06964a3c130f..d561d7de46a9 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \ > -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \ > -DEFI_HAVE_STRCMP -fno-builtin -fpic \ > $(call cc-option,-mno-single-pic-base) > -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax Can we detect the presence of these references (via the relocation type)? We already do something similar for ordinary absolute references too. > cflags-$(CONFIG_LOONGARCH) += -fpie > > cflags-$(CONFIG_EFI_PARAMS_FROM_FDT) += -I$(srctree)/scripts/dtc/libfdt > -- > 2.35.3
On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > Hi Jan, > > On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: >> >> From: Jan Kiszka <jan.kiszka@siemens.com> >> >> The cflags for the RISC-V efistub were missing -mno-relax, thus were >> under the risk that the compiler could use GP-relative addressing. That >> happened for _edata with binutils-2.41 and kernel 6.1, causing the >> relocation to fail due to an invalid kernel_size in handle_kernel_image. >> It was not yet observed with newer versions, but that may just be luck. >> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >> --- >> >> Something like this should go to stable as well, but we will need >> rebased patches. >> >> drivers/firmware/efi/libstub/Makefile | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile >> index 06964a3c130f..d561d7de46a9 100644 >> --- a/drivers/firmware/efi/libstub/Makefile >> +++ b/drivers/firmware/efi/libstub/Makefile >> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \ >> -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \ >> -DEFI_HAVE_STRCMP -fno-builtin -fpic \ >> $(call cc-option,-mno-single-pic-base) >> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE >> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > > Can we detect the presence of these references (via the relocation > type)? We already do something similar for ordinary absolute > references too. If there's no `__global_pointer$` symbol then the linker won't make GP-relative relaxations (because it doesn't know where GP is). We usually define that symbol in the linker script, but I'm not entierly sure how libstub gets its linker script... > >> cflags-$(CONFIG_LOONGARCH) += -fpie >> >> cflags-$(CONFIG_EFI_PARAMS_FROM_FDT) += -I$(srctree)/scripts/dtc/libfdt >> -- >> 2.35.3
On 12.01.24 19:56, Palmer Dabbelt wrote: > On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: >> Hi Jan, >> >> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>> >>> From: Jan Kiszka <jan.kiszka@siemens.com> >>> >>> The cflags for the RISC-V efistub were missing -mno-relax, thus were >>> under the risk that the compiler could use GP-relative addressing. That >>> happened for _edata with binutils-2.41 and kernel 6.1, causing the >>> relocation to fail due to an invalid kernel_size in handle_kernel_image. >>> It was not yet observed with newer versions, but that may just be luck. >>> >>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>> --- >>> >>> Something like this should go to stable as well, but we will need >>> rebased patches. >>> >>> drivers/firmware/efi/libstub/Makefile | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/drivers/firmware/efi/libstub/Makefile >>> b/drivers/firmware/efi/libstub/Makefile >>> index 06964a3c130f..d561d7de46a9 100644 >>> --- a/drivers/firmware/efi/libstub/Makefile >>> +++ b/drivers/firmware/efi/libstub/Makefile >>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN >>> -DEFI_HAVE_STRNLEN \ >>> -DEFI_HAVE_MEMCHR >>> -DEFI_HAVE_STRRCHR \ >>> -DEFI_HAVE_STRCMP -fno-builtin >>> -fpic \ >>> $(call >>> cc-option,-mno-single-pic-base) >>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE >>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax >> >> Can we detect the presence of these references (via the relocation >> type)? We already do something similar for ordinary absolute >> references too. > > If there's no `__global_pointer$` symbol then the linker won't make > GP-relative relaxations (because it doesn't know where GP is). We > usually define that symbol in the linker script, but I'm not entierly > sure how libstub gets its linker script... > The stub seems to be linked together with the rest of the kernel, thus the regular arch/riscv/kernel/vmlinux.lds.S is used. Jan
On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: > > On 12.01.24 19:56, Palmer Dabbelt wrote: > > On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >> Hi Jan, > >> > >> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>> > >>> From: Jan Kiszka <jan.kiszka@siemens.com> > >>> > >>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>> under the risk that the compiler could use GP-relative addressing. That > >>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>> It was not yet observed with newer versions, but that may just be luck. > >>> > >>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >>> --- > >>> > >>> Something like this should go to stable as well, but we will need > >>> rebased patches. > >>> > >>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> > >>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>> b/drivers/firmware/efi/libstub/Makefile > >>> index 06964a3c130f..d561d7de46a9 100644 > >>> --- a/drivers/firmware/efi/libstub/Makefile > >>> +++ b/drivers/firmware/efi/libstub/Makefile > >>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>> -DEFI_HAVE_STRNLEN \ > >>> -DEFI_HAVE_MEMCHR > >>> -DEFI_HAVE_STRRCHR \ > >>> -DEFI_HAVE_STRCMP -fno-builtin > >>> -fpic \ > >>> $(call > >>> cc-option,-mno-single-pic-base) > >>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >> > >> Can we detect the presence of these references (via the relocation > >> type)? We already do something similar for ordinary absolute > >> references too. > > > > If there's no `__global_pointer$` symbol then the linker won't make > > GP-relative relaxations (because it doesn't know where GP is). We > > usually define that symbol in the linker script, but I'm not entierly > > sure how libstub gets its linker script... > > > > The stub seems to be linked together with the rest of the kernel, thus > the regular arch/riscv/kernel/vmlinux.lds.S is used. > Indeed - the EFI stub is part of the same executable as vmlinux, we just mangle the symbol names to ensure that only code that can be safely called from the EFI stub can be linked to it. If the effect of -mno-relax is to stop emitting R_RISCV_RELAX relocations, we should perhaps add those to the STUBCOPY_RELOC-y Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem like the right value there to begin with: the idea of that is to disallow ELF relocations that evaluate to expressions that can only be known at runtime (like absolute addresses for global pointer variables)
On 15.01.24 18:34, Ard Biesheuvel wrote: > On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: >> >> On 12.01.24 19:56, Palmer Dabbelt wrote: >>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: >>>> Hi Jan, >>>> >>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>>> >>>>> From: Jan Kiszka <jan.kiszka@siemens.com> >>>>> >>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were >>>>> under the risk that the compiler could use GP-relative addressing. That >>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the >>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. >>>>> It was not yet observed with newer versions, but that may just be luck. >>>>> >>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>>>> --- >>>>> >>>>> Something like this should go to stable as well, but we will need >>>>> rebased patches. >>>>> >>>>> drivers/firmware/efi/libstub/Makefile | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/drivers/firmware/efi/libstub/Makefile >>>>> b/drivers/firmware/efi/libstub/Makefile >>>>> index 06964a3c130f..d561d7de46a9 100644 >>>>> --- a/drivers/firmware/efi/libstub/Makefile >>>>> +++ b/drivers/firmware/efi/libstub/Makefile >>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN >>>>> -DEFI_HAVE_STRNLEN \ >>>>> -DEFI_HAVE_MEMCHR >>>>> -DEFI_HAVE_STRRCHR \ >>>>> -DEFI_HAVE_STRCMP -fno-builtin >>>>> -fpic \ >>>>> $(call >>>>> cc-option,-mno-single-pic-base) >>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE >>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax >>>> >>>> Can we detect the presence of these references (via the relocation >>>> type)? We already do something similar for ordinary absolute >>>> references too. >>> >>> If there's no `__global_pointer$` symbol then the linker won't make >>> GP-relative relaxations (because it doesn't know where GP is). We >>> usually define that symbol in the linker script, but I'm not entierly >>> sure how libstub gets its linker script... >>> >> >> The stub seems to be linked together with the rest of the kernel, thus >> the regular arch/riscv/kernel/vmlinux.lds.S is used. >> > > Indeed - the EFI stub is part of the same executable as vmlinux, we > just mangle the symbol names to ensure that only code that can be > safely called from the EFI stub can be linked to it. > > If the effect of -mno-relax is to stop emitting R_RISCV_RELAX > relocations, we should perhaps add those to the STUBCOPY_RELOC-y > Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem > like the right value there to begin with: the idea of that is to > disallow ELF relocations that evaluate to expressions that can only be > known at runtime (like absolute addresses for global pointer > variables) How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? Jan
On Tue, 16 Jan 2024 at 06:21, Jan Kiszka <jan.kiszka@siemens.com> wrote: > > On 15.01.24 18:34, Ard Biesheuvel wrote: > > On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >> > >> On 12.01.24 19:56, Palmer Dabbelt wrote: > >>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >>>> Hi Jan, > >>>> > >>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>>> > >>>>> From: Jan Kiszka <jan.kiszka@siemens.com> > >>>>> > >>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>>>> under the risk that the compiler could use GP-relative addressing. That > >>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>>>> It was not yet observed with newer versions, but that may just be luck. > >>>>> > >>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >>>>> --- > >>>>> > >>>>> Something like this should go to stable as well, but we will need > >>>>> rebased patches. > >>>>> > >>>>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>>>> > >>>>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>>>> b/drivers/firmware/efi/libstub/Makefile > >>>>> index 06964a3c130f..d561d7de46a9 100644 > >>>>> --- a/drivers/firmware/efi/libstub/Makefile > >>>>> +++ b/drivers/firmware/efi/libstub/Makefile > >>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>>>> -DEFI_HAVE_STRNLEN \ > >>>>> -DEFI_HAVE_MEMCHR > >>>>> -DEFI_HAVE_STRRCHR \ > >>>>> -DEFI_HAVE_STRCMP -fno-builtin > >>>>> -fpic \ > >>>>> $(call > >>>>> cc-option,-mno-single-pic-base) > >>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >>>> > >>>> Can we detect the presence of these references (via the relocation > >>>> type)? We already do something similar for ordinary absolute > >>>> references too. > >>> > >>> If there's no `__global_pointer$` symbol then the linker won't make > >>> GP-relative relaxations (because it doesn't know where GP is). We > >>> usually define that symbol in the linker script, but I'm not entierly > >>> sure how libstub gets its linker script... > >>> > >> > >> The stub seems to be linked together with the rest of the kernel, thus > >> the regular arch/riscv/kernel/vmlinux.lds.S is used. > >> > > > > Indeed - the EFI stub is part of the same executable as vmlinux, we > > just mangle the symbol names to ensure that only code that can be > > safely called from the EFI stub can be linked to it. > > > > If the effect of -mno-relax is to stop emitting R_RISCV_RELAX > > relocations, we should perhaps add those to the STUBCOPY_RELOC-y > > Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem > > like the right value there to begin with: the idea of that is to > > disallow ELF relocations that evaluate to expressions that can only be > > known at runtime (like absolute addresses for global pointer > > variables) > > How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? > We'll need to keep the HI20, in fact - I got confused between HI20 and PCREL_HI20, and the former is actually used for 32-bit absolute addresses in 32-bit code. This seems to do the trick: it disallows relaxation relocations and native word sizes absolute references. AFAICT, those are the only ones we should care about. STUBCOPY_RELOC-$(CONFIG_RISCV) := -E R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX
On 16.01.24 09:36, Ard Biesheuvel wrote: > On Tue, 16 Jan 2024 at 06:21, Jan Kiszka <jan.kiszka@siemens.com> wrote: >> >> On 15.01.24 18:34, Ard Biesheuvel wrote: >>> On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>> >>>> On 12.01.24 19:56, Palmer Dabbelt wrote: >>>>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: >>>>>> Hi Jan, >>>>>> >>>>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>>>>> >>>>>>> From: Jan Kiszka <jan.kiszka@siemens.com> >>>>>>> >>>>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were >>>>>>> under the risk that the compiler could use GP-relative addressing. That >>>>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the >>>>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. >>>>>>> It was not yet observed with newer versions, but that may just be luck. >>>>>>> >>>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>>>>>> --- >>>>>>> >>>>>>> Something like this should go to stable as well, but we will need >>>>>>> rebased patches. >>>>>>> >>>>>>> drivers/firmware/efi/libstub/Makefile | 2 +- >>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>>>> >>>>>>> diff --git a/drivers/firmware/efi/libstub/Makefile >>>>>>> b/drivers/firmware/efi/libstub/Makefile >>>>>>> index 06964a3c130f..d561d7de46a9 100644 >>>>>>> --- a/drivers/firmware/efi/libstub/Makefile >>>>>>> +++ b/drivers/firmware/efi/libstub/Makefile >>>>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN >>>>>>> -DEFI_HAVE_STRNLEN \ >>>>>>> -DEFI_HAVE_MEMCHR >>>>>>> -DEFI_HAVE_STRRCHR \ >>>>>>> -DEFI_HAVE_STRCMP -fno-builtin >>>>>>> -fpic \ >>>>>>> $(call >>>>>>> cc-option,-mno-single-pic-base) >>>>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE >>>>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax >>>>>> >>>>>> Can we detect the presence of these references (via the relocation >>>>>> type)? We already do something similar for ordinary absolute >>>>>> references too. >>>>> >>>>> If there's no `__global_pointer$` symbol then the linker won't make >>>>> GP-relative relaxations (because it doesn't know where GP is). We >>>>> usually define that symbol in the linker script, but I'm not entierly >>>>> sure how libstub gets its linker script... >>>>> >>>> >>>> The stub seems to be linked together with the rest of the kernel, thus >>>> the regular arch/riscv/kernel/vmlinux.lds.S is used. >>>> >>> >>> Indeed - the EFI stub is part of the same executable as vmlinux, we >>> just mangle the symbol names to ensure that only code that can be >>> safely called from the EFI stub can be linked to it. >>> >>> If the effect of -mno-relax is to stop emitting R_RISCV_RELAX >>> relocations, we should perhaps add those to the STUBCOPY_RELOC-y >>> Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem >>> like the right value there to begin with: the idea of that is to >>> disallow ELF relocations that evaluate to expressions that can only be >>> known at runtime (like absolute addresses for global pointer >>> variables) >> >> How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? >> > > We'll need to keep the HI20, in fact - I got confused between HI20 and > PCREL_HI20, and the former is actually used for 32-bit absolute > addresses in 32-bit code. > > This seems to do the trick: it disallows relaxation relocations and > native word sizes absolute references. AFAICT, those are the only ones > we should care about. > > STUBCOPY_RELOC-$(CONFIG_RISCV) := -E > R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX I would suggest to do that on top of this patch. Want me to write such a patch, or will you? You can probably more fluently explain why R_RISCV_32/64 is important, I would first have to understand what that is exactly. :) Jan
On Tue, 16 Jan 2024 at 14:44, Jan Kiszka <jan.kiszka@siemens.com> wrote: > > On 16.01.24 09:36, Ard Biesheuvel wrote: > > On Tue, 16 Jan 2024 at 06:21, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >> > >> On 15.01.24 18:34, Ard Biesheuvel wrote: > >>> On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>> > >>>> On 12.01.24 19:56, Palmer Dabbelt wrote: > >>>>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >>>>>> Hi Jan, > >>>>>> > >>>>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>>>>> > >>>>>>> From: Jan Kiszka <jan.kiszka@siemens.com> > >>>>>>> > >>>>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>>>>>> under the risk that the compiler could use GP-relative addressing. That > >>>>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>>>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>>>>>> It was not yet observed with newer versions, but that may just be luck. > >>>>>>> > >>>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >>>>>>> --- > >>>>>>> > >>>>>>> Something like this should go to stable as well, but we will need > >>>>>>> rebased patches. > >>>>>>> > >>>>>>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>>>>>> > >>>>>>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>>>>>> b/drivers/firmware/efi/libstub/Makefile > >>>>>>> index 06964a3c130f..d561d7de46a9 100644 > >>>>>>> --- a/drivers/firmware/efi/libstub/Makefile > >>>>>>> +++ b/drivers/firmware/efi/libstub/Makefile > >>>>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>>>>>> -DEFI_HAVE_STRNLEN \ > >>>>>>> -DEFI_HAVE_MEMCHR > >>>>>>> -DEFI_HAVE_STRRCHR \ > >>>>>>> -DEFI_HAVE_STRCMP -fno-builtin > >>>>>>> -fpic \ > >>>>>>> $(call > >>>>>>> cc-option,-mno-single-pic-base) > >>>>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>>>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >>>>>> > >>>>>> Can we detect the presence of these references (via the relocation > >>>>>> type)? We already do something similar for ordinary absolute > >>>>>> references too. > >>>>> > >>>>> If there's no `__global_pointer$` symbol then the linker won't make > >>>>> GP-relative relaxations (because it doesn't know where GP is). We > >>>>> usually define that symbol in the linker script, but I'm not entierly > >>>>> sure how libstub gets its linker script... > >>>>> > >>>> > >>>> The stub seems to be linked together with the rest of the kernel, thus > >>>> the regular arch/riscv/kernel/vmlinux.lds.S is used. > >>>> > >>> > >>> Indeed - the EFI stub is part of the same executable as vmlinux, we > >>> just mangle the symbol names to ensure that only code that can be > >>> safely called from the EFI stub can be linked to it. > >>> > >>> If the effect of -mno-relax is to stop emitting R_RISCV_RELAX > >>> relocations, we should perhaps add those to the STUBCOPY_RELOC-y > >>> Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem > >>> like the right value there to begin with: the idea of that is to > >>> disallow ELF relocations that evaluate to expressions that can only be > >>> known at runtime (like absolute addresses for global pointer > >>> variables) > >> > >> How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? > >> > > > > We'll need to keep the HI20, in fact - I got confused between HI20 and > > PCREL_HI20, and the former is actually used for 32-bit absolute > > addresses in 32-bit code. > > > > This seems to do the trick: it disallows relaxation relocations and > > native word sizes absolute references. AFAICT, those are the only ones > > we should care about. > > > > STUBCOPY_RELOC-$(CONFIG_RISCV) := -E > > R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX > > I would suggest to do that on top of this patch. Want me to write such a > patch, or will you? You can probably more fluently explain why > R_RISCV_32/64 is important, I would first have to understand what that > is exactly. :) > Sure, I can take care of that. For your patch, Reviewed-by: Ard Biesheuvel <ardb@kernel.org> I'll queue this up as a EFI fix.
On 16.01.24 14:47, Ard Biesheuvel wrote: > On Tue, 16 Jan 2024 at 14:44, Jan Kiszka <jan.kiszka@siemens.com> wrote: >> >> On 16.01.24 09:36, Ard Biesheuvel wrote: >>> On Tue, 16 Jan 2024 at 06:21, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>> >>>> On 15.01.24 18:34, Ard Biesheuvel wrote: >>>>> On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>>>> >>>>>> On 12.01.24 19:56, Palmer Dabbelt wrote: >>>>>>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: >>>>>>>> Hi Jan, >>>>>>>> >>>>>>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: >>>>>>>>> >>>>>>>>> From: Jan Kiszka <jan.kiszka@siemens.com> >>>>>>>>> >>>>>>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were >>>>>>>>> under the risk that the compiler could use GP-relative addressing. That >>>>>>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the >>>>>>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. >>>>>>>>> It was not yet observed with newer versions, but that may just be luck. >>>>>>>>> >>>>>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>>>>>>>> --- >>>>>>>>> >>>>>>>>> Something like this should go to stable as well, but we will need >>>>>>>>> rebased patches. >>>>>>>>> >>>>>>>>> drivers/firmware/efi/libstub/Makefile | 2 +- >>>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>>>>>> >>>>>>>>> diff --git a/drivers/firmware/efi/libstub/Makefile >>>>>>>>> b/drivers/firmware/efi/libstub/Makefile >>>>>>>>> index 06964a3c130f..d561d7de46a9 100644 >>>>>>>>> --- a/drivers/firmware/efi/libstub/Makefile >>>>>>>>> +++ b/drivers/firmware/efi/libstub/Makefile >>>>>>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN >>>>>>>>> -DEFI_HAVE_STRNLEN \ >>>>>>>>> -DEFI_HAVE_MEMCHR >>>>>>>>> -DEFI_HAVE_STRRCHR \ >>>>>>>>> -DEFI_HAVE_STRCMP -fno-builtin >>>>>>>>> -fpic \ >>>>>>>>> $(call >>>>>>>>> cc-option,-mno-single-pic-base) >>>>>>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE >>>>>>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax >>>>>>>> >>>>>>>> Can we detect the presence of these references (via the relocation >>>>>>>> type)? We already do something similar for ordinary absolute >>>>>>>> references too. >>>>>>> >>>>>>> If there's no `__global_pointer$` symbol then the linker won't make >>>>>>> GP-relative relaxations (because it doesn't know where GP is). We >>>>>>> usually define that symbol in the linker script, but I'm not entierly >>>>>>> sure how libstub gets its linker script... >>>>>>> >>>>>> >>>>>> The stub seems to be linked together with the rest of the kernel, thus >>>>>> the regular arch/riscv/kernel/vmlinux.lds.S is used. >>>>>> >>>>> >>>>> Indeed - the EFI stub is part of the same executable as vmlinux, we >>>>> just mangle the symbol names to ensure that only code that can be >>>>> safely called from the EFI stub can be linked to it. >>>>> >>>>> If the effect of -mno-relax is to stop emitting R_RISCV_RELAX >>>>> relocations, we should perhaps add those to the STUBCOPY_RELOC-y >>>>> Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem >>>>> like the right value there to begin with: the idea of that is to >>>>> disallow ELF relocations that evaluate to expressions that can only be >>>>> known at runtime (like absolute addresses for global pointer >>>>> variables) >>>> >>>> How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? >>>> >>> >>> We'll need to keep the HI20, in fact - I got confused between HI20 and >>> PCREL_HI20, and the former is actually used for 32-bit absolute >>> addresses in 32-bit code. >>> >>> This seems to do the trick: it disallows relaxation relocations and >>> native word sizes absolute references. AFAICT, those are the only ones >>> we should care about. >>> >>> STUBCOPY_RELOC-$(CONFIG_RISCV) := -E >>> R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX >> >> I would suggest to do that on top of this patch. Want me to write such a >> patch, or will you? You can probably more fluently explain why >> R_RISCV_32/64 is important, I would first have to understand what that >> is exactly. :) >> > > Sure, I can take care of that. > Perfect. > For your patch, > > Reviewed-by: Ard Biesheuvel <ardb@kernel.org> > > I'll queue this up as a EFI fix. Thanks. Will you take care of stable, or should I once the commit was merged? Jan
On Tue, 16 Jan 2024 at 14:56, Jan Kiszka <jan.kiszka@siemens.com> wrote: > > On 16.01.24 14:47, Ard Biesheuvel wrote: > > On Tue, 16 Jan 2024 at 14:44, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >> > >> On 16.01.24 09:36, Ard Biesheuvel wrote: > >>> On Tue, 16 Jan 2024 at 06:21, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>> > >>>> On 15.01.24 18:34, Ard Biesheuvel wrote: > >>>>> On Sat, 13 Jan 2024 at 11:35, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>>>> > >>>>>> On 12.01.24 19:56, Palmer Dabbelt wrote: > >>>>>>> On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >>>>>>>> Hi Jan, > >>>>>>>> > >>>>>>>> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka <jan.kiszka@siemens.com> wrote: > >>>>>>>>> > >>>>>>>>> From: Jan Kiszka <jan.kiszka@siemens.com> > >>>>>>>>> > >>>>>>>>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>>>>>>>> under the risk that the compiler could use GP-relative addressing. That > >>>>>>>>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>>>>>>>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>>>>>>>> It was not yet observed with newer versions, but that may just be luck. > >>>>>>>>> > >>>>>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >>>>>>>>> --- > >>>>>>>>> > >>>>>>>>> Something like this should go to stable as well, but we will need > >>>>>>>>> rebased patches. > >>>>>>>>> > >>>>>>>>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>>>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>>>>>>>> > >>>>>>>>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>>>>>>>> b/drivers/firmware/efi/libstub/Makefile > >>>>>>>>> index 06964a3c130f..d561d7de46a9 100644 > >>>>>>>>> --- a/drivers/firmware/efi/libstub/Makefile > >>>>>>>>> +++ b/drivers/firmware/efi/libstub/Makefile > >>>>>>>>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>>>>>>>> -DEFI_HAVE_STRNLEN \ > >>>>>>>>> -DEFI_HAVE_MEMCHR > >>>>>>>>> -DEFI_HAVE_STRRCHR \ > >>>>>>>>> -DEFI_HAVE_STRCMP -fno-builtin > >>>>>>>>> -fpic \ > >>>>>>>>> $(call > >>>>>>>>> cc-option,-mno-single-pic-base) > >>>>>>>>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>>>>>>>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >>>>>>>> > >>>>>>>> Can we detect the presence of these references (via the relocation > >>>>>>>> type)? We already do something similar for ordinary absolute > >>>>>>>> references too. > >>>>>>> > >>>>>>> If there's no `__global_pointer$` symbol then the linker won't make > >>>>>>> GP-relative relaxations (because it doesn't know where GP is). We > >>>>>>> usually define that symbol in the linker script, but I'm not entierly > >>>>>>> sure how libstub gets its linker script... > >>>>>>> > >>>>>> > >>>>>> The stub seems to be linked together with the rest of the kernel, thus > >>>>>> the regular arch/riscv/kernel/vmlinux.lds.S is used. > >>>>>> > >>>>> > >>>>> Indeed - the EFI stub is part of the same executable as vmlinux, we > >>>>> just mangle the symbol names to ensure that only code that can be > >>>>> safely called from the EFI stub can be linked to it. > >>>>> > >>>>> If the effect of -mno-relax is to stop emitting R_RISCV_RELAX > >>>>> relocations, we should perhaps add those to the STUBCOPY_RELOC-y > >>>>> Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem > >>>>> like the right value there to begin with: the idea of that is to > >>>>> disallow ELF relocations that evaluate to expressions that can only be > >>>>> known at runtime (like absolute addresses for global pointer > >>>>> variables) > >>>> > >>>> How to do that best? Simply replace R_RISCV_HI20 with R_RISCV_RELAX? > >>>> > >>> > >>> We'll need to keep the HI20, in fact - I got confused between HI20 and > >>> PCREL_HI20, and the former is actually used for 32-bit absolute > >>> addresses in 32-bit code. > >>> > >>> This seems to do the trick: it disallows relaxation relocations and > >>> native word sizes absolute references. AFAICT, those are the only ones > >>> we should care about. > >>> > >>> STUBCOPY_RELOC-$(CONFIG_RISCV) := -E > >>> R_RISCV_HI20\|R_RISCV_$(BITS)\|R_RISCV_RELAX > >> > >> I would suggest to do that on top of this patch. Want me to write such a > >> patch, or will you? You can probably more fluently explain why > >> R_RISCV_32/64 is important, I would first have to understand what that > >> is exactly. :) > >> > > > > Sure, I can take care of that. > > > > Perfect. > > > For your patch, > > > > Reviewed-by: Ard Biesheuvel <ardb@kernel.org> > > > > I'll queue this up as a EFI fix. > > Thanks. Will you take care of stable, or should I once the commit was > merged? > I'll add the cc:stable so we'll both get informed once the -stable maintainers [attempt to] queue this up.
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 06964a3c130f..d561d7de46a9 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \ -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \ -DEFI_HAVE_STRCMP -fno-builtin -fpic \ $(call cc-option,-mno-single-pic-base) -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax cflags-$(CONFIG_LOONGARCH) += -fpie cflags-$(CONFIG_EFI_PARAMS_FROM_FDT) += -I$(srctree)/scripts/dtc/libfdt