* [PATCH v2] BaseTools/GCC AARCH64: force disable PIC code generation
@ 2017-03-31 8:40 Ard Biesheuvel
2017-03-31 8:59 ` Laszlo Ersek
0 siblings, 1 reply; 3+ messages in thread
From: Ard Biesheuvel @ 2017-03-31 8:40 UTC (permalink / raw)
To: edk2-devel, leif.lindholm
Cc: lersek, marc.zyngier, yonghong.zhu, liming.gao, Ard Biesheuvel
As a security measure, some distro toolchains now default to PIC code
generation, allowing executables (as opposed to shared libraries) using
the objects to be built as PIE binaries, which can be loaded at a random
virtual offset.
However, our ELF to PE/COFF generation code does not deal with the
resulting relocation types (i.e., GOT based), and so the use of PIC code
leads to GenFw errors.
Given that
a) our non-PIC PE/COFF executables are already relocatable,
b) PIC code leads to all symbol references to be indirected via GOT
entries containing absolute addresses, each requiring an entry in the
relocation table,
c) the AArch64 ISA makes it perfectly feasible to built PIE executables
from non-PIC code,
there is absolutely no upside to using PIC code for building EDK2 modules,
and so we're better off simply disabling it unconditionally.
Note that when running under the OS, the GOT has an additional advantage,
i.e., that all .text/.rodata pages remain clean and so can be shared between
processes. This does not apply to the UEFI environment, however.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
BaseTools/Conf/tools_def.template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 0aabdeb2d973..2c5cd5808912 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -4341,7 +4341,7 @@ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-ad
DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -fno-builtin -Wno-address -mthumb -mfloat-abi=soft
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables
+DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables -fno-pic
DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align
DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
--
2.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] BaseTools/GCC AARCH64: force disable PIC code generation
2017-03-31 8:40 [PATCH v2] BaseTools/GCC AARCH64: force disable PIC code generation Ard Biesheuvel
@ 2017-03-31 8:59 ` Laszlo Ersek
2017-03-31 9:39 ` Ard Biesheuvel
0 siblings, 1 reply; 3+ messages in thread
From: Laszlo Ersek @ 2017-03-31 8:59 UTC (permalink / raw)
To: Ard Biesheuvel, edk2-devel, leif.lindholm
Cc: marc.zyngier, yonghong.zhu, liming.gao
On 03/31/17 10:40, Ard Biesheuvel wrote:
> As a security measure, some distro toolchains now default to PIC code
> generation, allowing executables (as opposed to shared libraries) using
> the objects to be built as PIE binaries, which can be loaded at a random
> virtual offset.
>
> However, our ELF to PE/COFF generation code does not deal with the
> resulting relocation types (i.e., GOT based), and so the use of PIC code
> leads to GenFw errors.
>
> Given that
> a) our non-PIC PE/COFF executables are already relocatable,
> b) PIC code leads to all symbol references to be indirected via GOT
> entries containing absolute addresses, each requiring an entry in the
> relocation table,
> c) the AArch64 ISA makes it perfectly feasible to built PIE executables
> from non-PIC code,
>
> there is absolutely no upside to using PIC code for building EDK2 modules,
> and so we're better off simply disabling it unconditionally.
>
> Note that when running under the OS, the GOT has an additional advantage,
> i.e., that all .text/.rodata pages remain clean and so can be shared between
> processes. This does not apply to the UEFI environment, however.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> BaseTools/Conf/tools_def.template | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
> index 0aabdeb2d973..2c5cd5808912 100755
> --- a/BaseTools/Conf/tools_def.template
> +++ b/BaseTools/Conf/tools_def.template
> @@ -4341,7 +4341,7 @@ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-ad
> DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
> DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -fno-builtin -Wno-address -mthumb -mfloat-abi=soft
> DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
> -DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables
> +DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables -fno-pic
> DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align
> DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
> DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
>
Sounds convincing enough to me. I find it quite annoying that such an
important property of code generation (-fpic or -fno-pic by default)
varies across distros. Well, security.
Acked-by: Laszlo Ersek <lersek@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] BaseTools/GCC AARCH64: force disable PIC code generation
2017-03-31 8:59 ` Laszlo Ersek
@ 2017-03-31 9:39 ` Ard Biesheuvel
0 siblings, 0 replies; 3+ messages in thread
From: Ard Biesheuvel @ 2017-03-31 9:39 UTC (permalink / raw)
To: Laszlo Ersek
Cc: edk2-devel@lists.01.org, Leif Lindholm, Marc Zyngier,
Zhu, Yonghong, Gao, Liming
On 31 March 2017 at 09:59, Laszlo Ersek <lersek@redhat.com> wrote:
> On 03/31/17 10:40, Ard Biesheuvel wrote:
>> As a security measure, some distro toolchains now default to PIC code
>> generation, allowing executables (as opposed to shared libraries) using
>> the objects to be built as PIE binaries, which can be loaded at a random
>> virtual offset.
>>
>> However, our ELF to PE/COFF generation code does not deal with the
>> resulting relocation types (i.e., GOT based), and so the use of PIC code
>> leads to GenFw errors.
>>
>> Given that
>> a) our non-PIC PE/COFF executables are already relocatable,
>> b) PIC code leads to all symbol references to be indirected via GOT
>> entries containing absolute addresses, each requiring an entry in the
>> relocation table,
>> c) the AArch64 ISA makes it perfectly feasible to built PIE executables
>> from non-PIC code,
>>
>> there is absolutely no upside to using PIC code for building EDK2 modules,
>> and so we're better off simply disabling it unconditionally.
>>
>> Note that when running under the OS, the GOT has an additional advantage,
>> i.e., that all .text/.rodata pages remain clean and so can be shared between
>> processes. This does not apply to the UEFI environment, however.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>> BaseTools/Conf/tools_def.template | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
>> index 0aabdeb2d973..2c5cd5808912 100755
>> --- a/BaseTools/Conf/tools_def.template
>> +++ b/BaseTools/Conf/tools_def.template
>> @@ -4341,7 +4341,7 @@ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-ad
>> DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
>> DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -fno-builtin -Wno-address -mthumb -mfloat-abi=soft
>> DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
>> -DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables
>> +DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables -fno-pic
>> DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align
>> DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
>> DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
>>
>
> Sounds convincing enough to me. I find it quite annoying that such an
> important property of code generation (-fpic or -fno-pic by default)
> varies across distros. Well, security.
>
> Acked-by: Laszlo Ersek <lersek@redhat.com>
>
Thanks, pushed as c2d56a894b32
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-31 9:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-31 8:40 [PATCH v2] BaseTools/GCC AARCH64: force disable PIC code generation Ard Biesheuvel
2017-03-31 8:59 ` Laszlo Ersek
2017-03-31 9:39 ` Ard Biesheuvel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox