[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] x86/EFI: sanitize DLL characteristics in binary

commit f2148773b8ac64a27933afe13027fee02558f8c5
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Apr 14 13:04:28 2025 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Apr 14 13:04:28 2025 +0200

    x86/EFI: sanitize DLL characteristics in binary
    
    In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
    also --disable-high-entropy-va, just fyi). Therefore to yield
    functionally identical binaries independent of whether mkreloc needs to
    come into play, add --dynamicbase as well.
    
    GNU ld further defaults to --high-entropy-va (along with --dynamicbase
    and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
    default should be dependent upon "MinGW-like" instead; for the purpose
    of building EFI binaries with a PE32+-capable ELF linker neither
    "Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
    to have this bit set in the DLL characteristics, so suppress its
    setting.
    
    Sadly while --high-entropy-va is supported by GNU ld 2.25,
    --disable-high-entropy-va was introduced only in 2.36. Luckily the
    defaulting to --high-entropy-va was also only introduced in 2.36. Plus
    --disable-reloc-section was introduced precisely there, too. Hence
    leverage the probing we do as to base relocation generation, to also
    determine whether to pass --disable-high-entropy-va.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
 xen/arch/x86/arch.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index 7882fb895e..09b6d8758e 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -103,6 +103,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJDUMP) -p 
$(efi-check).efi | grep '^[[:bla
 
 ifeq ($(efi-nr-fixups),2)
 MKRELOC := :
+EFI_LDFLAGS += --disable-high-entropy-va
 else
 MKRELOC := arch/x86/efi/mkreloc
 # If the linker produced fixups but not precisely two of them, we need to
@@ -113,6 +114,8 @@ EFI_LDFLAGS += --disable-reloc-section
 endif
 endif
 
+EFI_LDFLAGS += --dynamicbase
+
 endif # $(XEN_BUILD_PE)
 
 export XEN_BUILD_EFI XEN_BUILD_PE
--
generated by git-patchbot for /home/xen/git/xen.git#staging

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.