| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <c2fbed9f88ebe11f07948214046389b7f3e6021f.1769434279.git.houwenlong.hwl@antgroup.com>
Date: Mon, 26 Jan 2026 21:33:53 +0800
From: Hou Wenlong <houwenlong.hwl@...group.com>
To: linux-kernel@...r.kernel.org
Cc: Lai Jiangshan <jiangshan.ljs@...group.com>,
Hou Wenlong <houwenlong.hwl@...group.com>,
Thomas Gleixner <tglx@...nel.org>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Uros Bizjak <ubizjak@...il.com>,
Ard Biesheuvel <ardb@...nel.org>,
Brian Gerst <brgerst@...il.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Guenter Roeck <linux@...ck-us.net>
Subject: [RFC PATCH 3/5] x86: Allow to build relocatable uncompressed kernel binary
Add support for building a relocatable uncompressed kernel binary, which
contains the relocation table generated by the 'relocs' tool and can be
used to perform KASLR directly when booting from it instead of a
compressed kernel image. To simplify, follow the MIPS implementation to
reserve a section to store the relocation table.
Signed-off-by: Hou Wenlong <houwenlong.hwl@...group.com>
---
arch/x86/Kconfig | 20 ++++++++++++++++++++
arch/x86/Makefile.postlink | 33 +++++++++++++++++++++++++++++++++
arch/x86/kernel/vmlinux.lds.S | 20 ++++++++++++++++++++
3 files changed, 73 insertions(+)
create mode 100644 arch/x86/Makefile.postlink
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 49ca6e26dffa..f95112b94c6a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2124,6 +2124,26 @@ config RANDOMIZE_BASE
If unsure, say Y.
+config RELOCATABLE_UNCOMPRESSED_KERNEL
+ bool "Build a relocatable uncompressed kernel"
+ depends on RANDOMIZE_BASE && X86_64
+ help
+ A table of relocation data will be appended to the uncompressed
+ kernel binary and parsed at boot to do relocation.
+
+config RELOCATION_TABLE_SIZE
+ hex "Relocation table size"
+ depends on RELOCATABLE_UNCOMPRESSED_KERNEL
+ range 0x0 0x04000000
+ default "0x00200000"
+ help
+ This option allows the amount of space reserved for the table to be
+ adjusted, although the default of 1Mb should be ok in most cases.
+
+ The build will fail and a valid size suggested if this is too small.
+
+ If unsure, leave at the default value.
+
# Relocation on x86 needs some additional build support
config X86_NEED_RELOCS
def_bool y
diff --git a/arch/x86/Makefile.postlink b/arch/x86/Makefile.postlink
new file mode 100644
index 000000000000..46497c47b331
--- /dev/null
+++ b/arch/x86/Makefile.postlink
@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: GPL-2.0
+# ===========================================================================
+# Post-link x86 pass
+# ===========================================================================
+#
+# 1. Insert relocations into vmlinux
+
+PHONY := __archpost
+__archpost:
+
+-include include/config/auto.conf
+include $(srctree)/scripts/Kbuild.include
+
+CMD_RELOCS = arch/x86/tools/relocs
+quiet_cmd_relocs = RELOCS $@
+ cmd_relocs = $(CMD_RELOCS) --keep $@
+
+# `@...e` prevents complaint when there is nothing to be done
+
+vmlinux vmlinux.unstripped: FORCE
+ @true
+ifeq ($(CONFIG_RELOCATABLE_UNCOMPRESSED_KERNEL),y)
+ $(call if_changed,relocs)
+endif
+
+clean:
+ @true
+
+PHONY += FORCE clean
+
+FORCE:
+
+.PHONY: $(PHONY)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index d7af4a64c211..99cdcbdbeaab 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -289,6 +289,26 @@ SECTIONS
}
#endif
+#ifdef CONFIG_RELOCATABLE_UNCOMPRESSED_KERNEL
+ . = ALIGN(4);
+ .data.reloc : AT(ADDR(.data.reloc) - LOAD_OFFSET) {
+ __relocation_start = .;
+ /*
+ * Space for relocation table
+ * This needs to be filled so that the
+ * relocs tool can overwrite the content.
+ * An invalid value is left at the start of the
+ * section to abort relocation if the table
+ * has not been filled in.
+ */
+ LONG(0xFFFFFFFF);
+ FILL(0);
+ . += CONFIG_RELOCATION_TABLE_SIZE - 4;
+ __relocation_end = .;
+ __pi___relocation_end = .;
+ }
+#endif
+
/*
* struct alt_inst entries. From the header (alternative.h):
* "Alternative instructions for different CPU types or capabilities"
--
2.31.1
Powered by blists - more mailing lists