lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 23 May 2020 11:16:42 -0400
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     linux-efi@...r.kernel.org, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Arvind Sankar <nivedita@...m.mit.edu>
Subject: Re: [PATCH v2 0/3] x86/boot: get rid of GOT entries and associated
 fixup code

On Sat, May 23, 2020 at 02:00:18PM +0200, Ard Biesheuvel wrote:
> Building position independent code using GCC by default results in references
> to symbols with external linkage to be resolved via GOT entries, which
> carry the absolute addresses of the symbols, and thus need to be corrected
> if the load time address of the executable != the link time address.
> 
> For fully linked binaries, such GOT indirected references are completely
> useless, and actually make the startup code more complicated than necessary,
> since these corrections may need to be applied more than once. In fact, we
> have been very careful to avoid such references in the EFI stub code, since
> it would require yet another [earlier] pass of GOT fixups which we currently
> don't implement.
> 
> Older GCCs were quirky when it came to overriding this behavior using symbol
> visibility, but now that we have increased the minimum GCC version to 4.6,
> we can actually start setting the symbol visibility to 'hidden' globally for
> all symbol references in the decompressor, getting rid of the GOT entirely.
> This means we can get rid of the GOT fixup code right away, and we can start
> using ordinary external symbol references in the EFI stub without running the
> risk of boot regressions. (v2 note: we have already started doing this)
> 
> CC'ing Linus and Maarten, who were involved in diagnosing an issue related
> to GOT entries emitted from the EFI stub ~5 years ago. [0] [1]
> 
> Many thanks to Arvind for the suggestions and the help in testing these
> changes. Tested on GCC 4.6 + binutils 2.24 (Ubuntu 14.04), and GCC 8 +
> binutils 2.31 (Debian Buster)
> 
> Changes since v1 [2]:
> Rebase only - recent EFI changes have moved all the C code into
> drivers/firmware/efi/libstub/, which is also built with hidden
> visibility, and contains an additional objdump pass to detect (and
> reject) absolute symbol references.
> 
> Unless anyone objects, I'd like to incorporate these changes into my
> late EFI PR for v5.8, which will go out in a day or two.
> 
> Cc: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>
> Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> Cc: Arvind Sankar <nivedita@...m.mit.edu>
> 
> [0] https://lore.kernel.org/lkml/5405E186.2080406@canonical.com/
> [1] https://lore.kernel.org/lkml/CA+55aFxW9PmtjOf9nUQwpU8swsFqJOz8whZXcONo+XFmkSwezg@mail.gmail.com/
> [2] https://lore.kernel.org/linux-efi/20200108102304.25800-1-ardb@kernel.org/
> 

Haha, I was actually doing exactly the same thing as part of getting the
compressed kernel linkable with LLD.

Acked-by: Arvind Sankar <nivedita@...m.mit.edu>

Powered by blists - more mailing lists