1. Patchew
  2. Xen
  3. View series

[PATCH] x86/EFI: sanitize DLL characteristics in binary

Jan Beulich posted 1 patch 7 months ago
Failed in applying to current master (apply log)
[PATCH] x86/EFI: sanitize DLL characteristics in binary
Posted by Jan Beulich 7 months ago 
In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
also --disable-high-entropy-va, just fyi). Therefore to yield
functionally identical binaries independent of whether mkreloc needs to
come into play, add --dynamicbase as well.

GNU ld further defaults to --high-entropy-va (along with --dynamicbase
and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
default should be dependent upon "MinGW-like" instead; for the purpose
of building EFI binaries with a PE32+-capable ELF linker neither
"Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
to have this bit set in the DLL characteristics, so suppress its
setting.

Sadly while --high-entropy-va is supported by GNU ld 2.25,
--disable-high-entropy-va was introduced only in 2.36. Luckily the
defaulting to --high-entropy-va was also only introduced in 2.36. Plus
--disable-reloc-section was introduced precisely there, too. Hence
leverage the probing we do as to base relocation generation, to also
determine whether to pass --disable-high-entropy-va.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
I remain uncertain about the applicability of DLL characteristics to
non-DLLs, i.e. images without IMAGE_FILE_DLL set; current MS doc says
nothing either way. Yet producing consistent binaries still seems
desirable, even if the field wasn't to be used by loaders.

--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -113,6 +113,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJD
 
 ifeq ($(efi-nr-fixups),2)
 MKRELOC := :
+EFI_LDFLAGS += --disable-high-entropy-va
 else
 MKRELOC := arch/x86/efi/mkreloc
 # If the linker produced fixups but not precisely two of them, we need to
@@ -123,6 +124,8 @@ EFI_LDFLAGS += --disable-reloc-section
 endif
 endif
 
+EFI_LDFLAGS += --dynamicbase
+
 endif # $(XEN_BUILD_PE)
 
 export XEN_BUILD_EFI XEN_BUILD_PE
Re: [PATCH] x86/EFI: sanitize DLL characteristics in binary
Posted by Daniel P. Smith 6 months, 3 weeks ago 
On 4/2/25 04:51, Jan Beulich wrote:
> In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
> also --disable-high-entropy-va, just fyi). Therefore to yield
> functionally identical binaries independent of whether mkreloc needs to
> come into play, add --dynamicbase as well.
> 
> GNU ld further defaults to --high-entropy-va (along with --dynamicbase
> and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
> default should be dependent upon "MinGW-like" instead; for the purpose
> of building EFI binaries with a PE32+-capable ELF linker neither
> "Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
> to have this bit set in the DLL characteristics, so suppress its
> setting.
> 
> Sadly while --high-entropy-va is supported by GNU ld 2.25,
> --disable-high-entropy-va was introduced only in 2.36. Luckily the
> defaulting to --high-entropy-va was also only introduced in 2.36. Plus
> --disable-reloc-section was introduced precisely there, too. Hence
> leverage the probing we do as to base relocation generation, to also
> determine whether to pass --disable-high-entropy-va.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> I remain uncertain about the applicability of DLL characteristics to
> non-DLLs, i.e. images without IMAGE_FILE_DLL set; current MS doc says
> nothing either way. Yet producing consistent binaries still seems
> desirable, even if the field wasn't to be used by loaders.
> 
> --- a/xen/arch/x86/arch.mk
> +++ b/xen/arch/x86/arch.mk
> @@ -113,6 +113,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJD
>   
>   ifeq ($(efi-nr-fixups),2)
>   MKRELOC := :
> +EFI_LDFLAGS += --disable-high-entropy-va
>   else
>   MKRELOC := arch/x86/efi/mkreloc
>   # If the linker produced fixups but not precisely two of them, we need to
> @@ -123,6 +124,8 @@ EFI_LDFLAGS += --disable-reloc-section
>   endif
>   endif
>   
> +EFI_LDFLAGS += --dynamicbase
> +
>   endif # $(XEN_BUILD_PE)
>   
>   export XEN_BUILD_EFI XEN_BUILD_PE

Seems straightforward, will rely on your knowledge of binutils that 
there are no unattended effects from the flags.

Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Re: [PATCH] x86/EFI: sanitize DLL characteristics in binary
Posted by Jan Beulich 6 months, 3 weeks ago 
On 10.04.2025 16:39, Daniel P. Smith wrote:
> On 4/2/25 04:51, Jan Beulich wrote:
>> --- a/xen/arch/x86/arch.mk
>> +++ b/xen/arch/x86/arch.mk
>> @@ -113,6 +113,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJD
>>   
>>   ifeq ($(efi-nr-fixups),2)
>>   MKRELOC := :
>> +EFI_LDFLAGS += --disable-high-entropy-va
>>   else
>>   MKRELOC := arch/x86/efi/mkreloc
>>   # If the linker produced fixups but not precisely two of them, we need to
>> @@ -123,6 +124,8 @@ EFI_LDFLAGS += --disable-reloc-section
>>   endif
>>   endif
>>   
>> +EFI_LDFLAGS += --dynamicbase
>> +
>>   endif # $(XEN_BUILD_PE)
>>   
>>   export XEN_BUILD_EFI XEN_BUILD_PE
> 
> Seems straightforward, will rely on your knowledge of binutils that 
> there are no unattended effects from the flags.
> 
> Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>

Thanks, but to clarify: If there's an issue here, it would be with the PE
loaders in the various EFI implementations; the binutils side is of little
concern (as to the effects of the flags).

Jan
Ping: [PATCH] x86/EFI: sanitize DLL characteristics in binary
Posted by Jan Beulich 6 months, 3 weeks ago 
On 02.04.2025 10:51, Jan Beulich wrote:
> In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
> also --disable-high-entropy-va, just fyi). Therefore to yield
> functionally identical binaries independent of whether mkreloc needs to
> come into play, add --dynamicbase as well.
> 
> GNU ld further defaults to --high-entropy-va (along with --dynamicbase
> and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
> default should be dependent upon "MinGW-like" instead; for the purpose
> of building EFI binaries with a PE32+-capable ELF linker neither
> "Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
> to have this bit set in the DLL characteristics, so suppress its
> setting.
> 
> Sadly while --high-entropy-va is supported by GNU ld 2.25,
> --disable-high-entropy-va was introduced only in 2.36. Luckily the
> defaulting to --high-entropy-va was also only introduced in 2.36. Plus
> --disable-reloc-section was introduced precisely there, too. Hence
> leverage the probing we do as to base relocation generation, to also
> determine whether to pass --disable-high-entropy-va.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Despite the file being modified suggesting this needs an x86 maintainer
ack, I think it's rather one of the two of you who should ack (or
otherwise comment on) this.

Jan

> ---
> I remain uncertain about the applicability of DLL characteristics to
> non-DLLs, i.e. images without IMAGE_FILE_DLL set; current MS doc says
> nothing either way. Yet producing consistent binaries still seems
> desirable, even if the field wasn't to be used by loaders.
> 
> --- a/xen/arch/x86/arch.mk
> +++ b/xen/arch/x86/arch.mk
> @@ -113,6 +113,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJD
>  
>  ifeq ($(efi-nr-fixups),2)
>  MKRELOC := :
> +EFI_LDFLAGS += --disable-high-entropy-va
>  else
>  MKRELOC := arch/x86/efi/mkreloc
>  # If the linker produced fixups but not precisely two of them, we need to
> @@ -123,6 +124,8 @@ EFI_LDFLAGS += --disable-reloc-section
>  endif
>  endif
>  
> +EFI_LDFLAGS += --dynamicbase
> +
>  endif # $(XEN_BUILD_PE)
>  
>  export XEN_BUILD_EFI XEN_BUILD_PE

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.