lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 23 May 2020 11:16:42 -0400
From:   Arvind Sankar <>
To:     Ard Biesheuvel <>
        Maarten Lankhorst <>,
        Linus Torvalds <>,
        Arvind Sankar <>
Subject: Re: [PATCH v2 0/3] x86/boot: get rid of GOT entries and associated
 fixup code

On Sat, May 23, 2020 at 02:00:18PM +0200, Ard Biesheuvel wrote:
> Building position independent code using GCC by default results in references
> to symbols with external linkage to be resolved via GOT entries, which
> carry the absolute addresses of the symbols, and thus need to be corrected
> if the load time address of the executable != the link time address.
> For fully linked binaries, such GOT indirected references are completely
> useless, and actually make the startup code more complicated than necessary,
> since these corrections may need to be applied more than once. In fact, we
> have been very careful to avoid such references in the EFI stub code, since
> it would require yet another [earlier] pass of GOT fixups which we currently
> don't implement.
> Older GCCs were quirky when it came to overriding this behavior using symbol
> visibility, but now that we have increased the minimum GCC version to 4.6,
> we can actually start setting the symbol visibility to 'hidden' globally for
> all symbol references in the decompressor, getting rid of the GOT entirely.
> This means we can get rid of the GOT fixup code right away, and we can start
> using ordinary external symbol references in the EFI stub without running the
> risk of boot regressions. (v2 note: we have already started doing this)
> CC'ing Linus and Maarten, who were involved in diagnosing an issue related
> to GOT entries emitted from the EFI stub ~5 years ago. [0] [1]
> Many thanks to Arvind for the suggestions and the help in testing these
> changes. Tested on GCC 4.6 + binutils 2.24 (Ubuntu 14.04), and GCC 8 +
> binutils 2.31 (Debian Buster)
> Changes since v1 [2]:
> Rebase only - recent EFI changes have moved all the C code into
> drivers/firmware/efi/libstub/, which is also built with hidden
> visibility, and contains an additional objdump pass to detect (and
> reject) absolute symbol references.
> Unless anyone objects, I'd like to incorporate these changes into my
> late EFI PR for v5.8, which will go out in a day or two.
> Cc: Maarten Lankhorst <>
> Cc: Linus Torvalds <>
> Cc: Arvind Sankar <>
> [0]
> [1]
> [2]

Haha, I was actually doing exactly the same thing as part of getting the
compressed kernel linkable with LLD.

Acked-by: Arvind Sankar <>

Powered by blists - more mailing lists