On Mon, 27 Mar 2023 at 15:10, Leif Lindholm <quic_llindhol@quicinc.com> wrote:
>
> On Mon, Mar 27, 2023 at 13:01:06 +0200, Ard Biesheuvel wrote:
> > The ELF based toolchains use objcopy to create HII object files, which
> > contain only a single .hii section. This means no GNU note is inserted
> > that describes the object as compatible with BTI, even though the lack
> > of executable code in such an object makes the distinction irrelevant.
> > However, the linker will not add the note globally to the resulting ELF
> > executable, and this breaks BTI compatibility.
> >
> > So let's insert a GNU BTI-compatible ELF note by hand when generating
> > such object files.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > ArmPkg/Library/GnuNoteBti.bin | Bin 0 -> 32 bytes
> > BaseTools/Conf/tools_def.template | 4 ++--
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/ArmPkg/Library/GnuNoteBti.bin b/ArmPkg/Library/GnuNoteBti.bin
> > new file mode 100644
> > index 0000000000000000000000000000000000000000..339567b4e89943c610b44767ddad5f631229ed3b
> > GIT binary patch
> > literal 32
> > dcmZQ!U|<jcVpbq__X`D*3<p?%1S5zA1OOf&0m%RW
> >
> > literal 0
> > HcmV?d00001
> >
> > diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
> > index 471eb67c0c839730..ed6050aa96157cb9 100755
> > --- a/BaseTools/Conf/tools_def.template
> > +++ b/BaseTools/Conf/tools_def.template
> > @@ -2400,7 +2400,7 @@ RELEASE_GCC5_ARM_DLINK_FLAGS = DEF(GCC5_ARM_DLINK_FLAGS) -flto -Os -L$(WORKS
> > *_GCC5_AARCH64_DTCPP_FLAGS = DEF(GCC_DTCPP_FLAGS)
> > *_GCC5_AARCH64_PLATFORM_FLAGS =
> > *_GCC5_AARCH64_PP_FLAGS = $(PLATFORM_FLAGS) DEF(GCC_PP_FLAGS)
> > -*_GCC5_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS)
> > +*_GCC5_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS) --add-section .note.gnu.property=$(WORKSPACE)/ArmPkg/Library/GnuNoteBti.bin --set-section-flags .note.gnu.property=alloc,readonly
> > *_GCC5_AARCH64_VFRPP_FLAGS = $(PLATFORM_FLAGS) DEF(GCC_VFRPP_FLAGS)
> > *_GCC5_AARCH64_CC_XIPFLAGS = DEF(GCC5_AARCH64_CC_XIPFLAGS)
> >
> > @@ -2735,7 +2735,7 @@ DEFINE CLANG38_AARCH64_DLINK_FLAGS = DEF(CLANG38_AARCH64_TARGET) DEF(GCC_AARCH6
> > *_CLANG38_AARCH64_DLINK2_FLAGS = DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0x228
> > *_CLANG38_AARCH64_PLATFORM_FLAGS =
> > *_CLANG38_AARCH64_PP_FLAGS = DEF(GCC_PP_FLAGS) DEF(CLANG38_AARCH64_TARGET) $(PLATFORM_FLAGS)
> > -*_CLANG38_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS)
> > +*_CLANG38_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS) --add-section .note.gnu.property=$(WORKSPACE)/ArmPkg/Library/GnuNoteBti.bin --set-section-flags .note.gnu.property=alloc,readonly
>
> Bikeshedding, but could we have an AARCH64_BTI_RC_FLAGS or something
> set, which is expanded for each toolchain profile? I think this is
> esoteric enough that it's helpful to group just the
> bti-note-incantations together in a single place.
>
Sure.
It's a bit disappointing that we even need this - the linker should be
able to infer that for objects without any executable sections,
whether the note exists or not is irrelevant.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101954): https://edk2.groups.io/g/devel/message/101954
Mute This Topic: https://groups.io/mt/97879294/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-