From patchwork Fri Apr 28 09:51:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hou Wenlong <houwenlong.hwl@antgroup.com>
X-Patchwork-Id: 88559
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp817727vqo;
        Fri, 28 Apr 2023 03:04:42 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ4/jP2b5s+TKWCDN19O/28vHxRdLmi37jn1ubY4FIvwuTkBksirlBzJIailmhO1WUZFxpDP
X-Received: by 2002:a17:902:c745:b0:1a9:9d00:8c92 with SMTP id
 q5-20020a170902c74500b001a99d008c92mr4523919plq.42.1682676281962;
        Fri, 28 Apr 2023 03:04:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682676281; cv=none;
        d=google.com; s=arc-20160816;
        b=zPor8SpS4gif6V1h1BXvJSi/0ByNbcEsyuSh9XKv33P6GRGJoF/2qeD8rcxVklaik1
         V2euzuqd8K87c4FbVXxC1ZveSwPnDYR6Q0XFj5IOo/wuF88QvNhx8AiLENIVAA0HVZDz
         z4/XB3JGJFkLMeHP07BIeUhDv2pGffGH1wkXBmG6Z4UM71nqVZ1MvI4cjfVLBKM9Vlr/
         9sPUS4DxwWGvivfrNQrH55jk+efnNOGY2/wbm250LjkcdQARD1m5igZxBmW+/gUIKxkQ
         6NrI5KB4J5xANqP/qHZ2HdB4A9zWnSwR3FvbPFZpAl0OBqcWKekesZ8j70lLCyhKVjAC
         6paw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=iEYJWcGaGWTeN6u7RU4maW3ANDTNISwbOBlEBZanArU=;
        b=Svah7L8PzD30ijFKK9T7qFZ/18mtCXOosn8E8/Pzx5kcTc7sCVBw1rq/AgipdBfj9t
         ojBMGsRuTZ0uxSjhyykSJY4oVG6Gcu/iXE/wlodbzhGJzTNrMlqsE8T2CTNa3/FDzPHS
         aAnGpDe36JzuIFXQ9cwVtO1ITMcUoZHs3HGkAfv083olTLVzgvl6Joo5eZCQ02+Kp6PG
         h0EB151Z+lvrIvPHQKj0hM+7pNT9Y8bm78wl22wpXlxulbVBrQxZ7z5kIKrrahjV/+HB
         LnURCeqiihOaGdg5eggYtto5iMTxePP4355KgW2X6pyy8omMI2YYWitmvSnTw4eMPG6x
         oT/w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE)
 header.from=antgroup.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 t3-20020a1709027fc300b001a9770780b3si12491655plb.258.2023.04.28.03.04.27;
        Fri, 28 Apr 2023 03:04:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE)
 header.from=antgroup.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345542AbjD1Jzg (ORCPT <rfc822;chrisjones.unixmen@gmail.com>
        + 99 others); Fri, 28 Apr 2023 05:55:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35804 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1345775AbjD1JzJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Apr 2023 05:55:09 -0400
Received: from out187-21.us.a.mail.aliyun.com (out187-21.us.a.mail.aliyun.com
 [47.90.187.21])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 287C82726
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Apr 2023 02:54:47 -0700 (PDT)
X-Alimail-AntiSpam: 
 AC=PASS;BC=-1|-1;BR=01201311R571e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047187;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=12;SR=0;TI=SMTPD_---.STFoGTP_1682675583;
Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com
 fp:SMTPD_---.STFoGTP_1682675583)
          by smtp.aliyun-inc.com;
          Fri, 28 Apr 2023 17:53:04 +0800
From: "Hou Wenlong" <houwenlong.hwl@antgroup.com>
To: linux-kernel@vger.kernel.org
Cc: "Thomas Garnier" <thgarnie@chromium.org>,
        "Lai Jiangshan" <jiangshan.ljs@antgroup.com>,
        "Kees Cook" <keescook@chromium.org>,
        "Hou Wenlong" <houwenlong.hwl@antgroup.com>,
        "Thomas Gleixner" <tglx@linutronix.de>,
        "Ingo Molnar" <mingo@redhat.com>, "Borislav Petkov" <bp@alien8.de>,
        "Dave Hansen" <dave.hansen@linux.intel.com>, <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        "Andy Lutomirski" <luto@kernel.org>
Subject: [PATCH RFC 23/43] x86/pie: Force hidden visibility for all symbol
 references
Date: Fri, 28 Apr 2023 17:51:03 +0800
Message-Id: 
 <63feba4a3826335f1ad32e484ebed31efd608d51.1682673543.git.houwenlong.hwl@antgroup.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <cover.1682673542.git.houwenlong.hwl@antgroup.com>
References: <cover.1682673542.git.houwenlong.hwl@antgroup.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764413965359153585?=
X-GMAIL-MSGID: =?utf-8?q?1764413965359153585?=

Eliminate all GOT entries in the kernel, by forcing hidden visibility
for all symbol references, which informs the compiler that such
references will be resolved at link time without the need for allocating
GOT entries. However, there are still some GOT entries after this, one
for __fentry__() indirect call, and others are due to global weak symbol
references.

Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
Cc: Thomas Garnier <thgarnie@chromium.org>
Cc: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Cc: Kees Cook <keescook@chromium.org>
---
 arch/x86/Makefile            | 7 +++++++
 arch/x86/entry/vdso/Makefile | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 57e4dbbf501d..81500011396d 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -158,6 +158,11 @@ else
         KBUILD_RUSTFLAGS += $(rustflags-y)
 
         KBUILD_CFLAGS += -mno-red-zone
+
+ifdef CONFIG_X86_PIE
+        PIE_CFLAGS := -include $(srctree)/include/linux/hidden.h
+        KBUILD_CFLAGS += $(PIE_CFLAGS)
+endif
         KBUILD_CFLAGS += -mcmodel=kernel
         KBUILD_RUSTFLAGS += -Cno-redzone=y
         KBUILD_RUSTFLAGS += -Ccode-model=kernel
@@ -176,6 +181,8 @@ ifeq ($(CONFIG_STACKPROTECTOR),y)
 	endif
 endif
 
+export PIE_CFLAGS
+
 #
 # If the function graph tracer is used with mcount instead of fentry,
 # '-maccumulate-outgoing-args' is needed to prevent a GCC bug
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index 6a1821bd7d5e..9437653a9de2 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -92,7 +92,7 @@ ifneq ($(RETPOLINE_VDSO_CFLAGS),)
 endif
 endif
 
-$(vobjs): KBUILD_CFLAGS := $(filter-out $(PADDING_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
+$(vobjs): KBUILD_CFLAGS := $(filter-out $(PIE_CFLAGS) $(PADDING_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
 $(vobjs): KBUILD_AFLAGS += -DBUILD_VDSO
 
 #