From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3FF8392C3B; Thu, 8 Jan 2026 09:28:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864481; cv=none; b=XmBBFJY6jqDu97xiGJ1n+P0U+c+abrPpQ83tbcp0l+VkRP69QutCRBmyrYwWkWqdCWIo4XElJ2sX+QLqApkyKBM0iX5v3btcV2NdrwJS/feJnd+UtZ3Ggh1sL9AWBuS2NYnA+Bcr/mm8gdL3b+Zgr5I51a7FDZl1CB+zWEIyeIk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864481; c=relaxed/simple; bh=LIWaGlDwxDrRIOQ2ENfbyEPGJfDdv0Ixn8QIg1dqQ+A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NWANXZo9V85aDhMGxuVw5o+0yqfxi8m6QKkXkxAQq7ujDEJXBDrAXySPOZ+LwPsyukOSiPrSTE/iVyv7gEGJ4L1xqEzlq6Alh5yEHMjmJ0zNSAFze24gQ5TUWPufUQ+/8AsQujwKBoE4eCGZeQ0miXRfFFjCiuK1u1tMJ7svbNc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WWKXMyZy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WWKXMyZy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E827C2BC9E; Thu, 8 Jan 2026 09:27:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864478; bh=LIWaGlDwxDrRIOQ2ENfbyEPGJfDdv0Ixn8QIg1dqQ+A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WWKXMyZy9pqFBFMOa2ahL+nToST/u3c7vhv/BG1IPtskU1Uuv8vvJQgPNP2F4jfCk PVYruYKGw4DofjT4u4Xu5DtSui+dyShu4khDx5e3N3kcp01erpWJ0ltAoUK4WAPfea opK9aCQTdUhOe5ke3mI+Lv2pABWZM17SGuHKnRRyeb9KSktENRsrIJ4+IgZe3IKGMm EPsdHqtd9+yUyEntlDNU5o29IixyT0CwBn1+TCqWX1+2piIxXm4oXtL1fTNl9wGdKe 3S8B5jEGplQYD+rQv3GJ4Fp/K7dLmJqKmwcr1z+EA7FpTTESSSvjmpgNjwJy7X780p 8NIAzO9CudCTw== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 01/19] x86/idt: Move idt_table to __ro_after_init section Date: Thu, 8 Jan 2026 09:25:28 +0000 Message-ID: <20260108092526.28586-22-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1585; i=ardb@kernel.org; h=from:subject; bh=LIWaGlDwxDrRIOQ2ENfbyEPGJfDdv0Ixn8QIg1dqQ+A=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gkPTzyzVon2vQ8KJrtWzv27Z+XznVKZ7EZJcctKSX JO1mg91lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInEdzAyfBC9+ebj1o+XrmlG sst9+SSc6hdb55UQWOhoI8r7y4nbieF/xcG2vJWx2yasTE6zT72k++bp6d63Tr5rDUSPXr1Z8eU QLwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, idt_table is allocated as page-aligned .bss, and remapped read-only after init. This breaks a 2 MiB large page into 4k page mappings, which defeats some of the effort done at boot to map the kernel image using large pages, for improved TLB efficiency. Mark this allocation as __ro_after_init instead, so it will be made read-only automatically after boot, without breaking up large page mappings. This also fixes a latent bug on i386, where the size of idt_table is less than a page, and so remapping it read-only could potentially affect other read-write variables too, if those are not page-aligned as well. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/idt.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index f445bec516a0..d6da25d7964f 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -170,7 +170,7 @@ static const __initconst struct idt_data apic_idts[] = =3D { }; =20 /* Must be page-aligned because the real IDT is used in the cpu entry area= */ -static gate_desc idt_table[IDT_ENTRIES] __page_aligned_bss; +static gate_desc idt_table[IDT_ENTRIES] __aligned(PAGE_SIZE) __ro_after_in= it; =20 static struct desc_ptr idt_descr __ro_after_init =3D { .size =3D IDT_TABLE_SIZE - 1, @@ -308,9 +308,6 @@ void __init idt_setup_apic_and_irq_gates(void) idt_map_in_cea(); load_idt(&idt_descr); =20 - /* Make the IDT table read only */ - set_memory_ro((unsigned long)&idt_table, 1); - idt_setup_done =3D true; } =20 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E91023C00A8; Thu, 8 Jan 2026 09:28:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864486; cv=none; b=FiPzz45+9XPkh22Gcyqp5rMSfHCSEfeVkiDU2Dd+0PhKxd7+OeZTQKdFlq5ciGFcf8kR9v9HlYaEOiA2CsAe2NnUHVN7bkNAp5JZh8Fb6CR+oFtymGC2MAIMlCwuW//o8R5/tYCl/PzzkFe4LfULShK/oEKfY+QLoWF/qljFtQk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864486; c=relaxed/simple; bh=s1Q/RZ3WGfrQNkmrGvRKRmUOXkb9B504DHaeNuHZ02g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ajlhw4N0H24rgS5KnqGq9xkDpY6H0AELQWPdDku+qOvt3Oc9jHNcPR0K2XRWG2hTl8Osk2R6Nr5wzzudmXnfdOazyaC9QYrq7r/XWUpDPQeHWcuuNM5DsF+lD0P7AY6ohS0SnCSQl+kW6/7cY5RW9lhi5BisHKdutETPcY15ulc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=N5BFwaAU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="N5BFwaAU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42B38C116C6; Thu, 8 Jan 2026 09:27:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864481; bh=s1Q/RZ3WGfrQNkmrGvRKRmUOXkb9B504DHaeNuHZ02g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=N5BFwaAU3EK8knYcn+8QRpi0McB4l6KJSJSuzaEYudb3VaohSOcV6vOQWbWA6+vTX nremnB8J0dgLHRA3DLEcwoKpmiBbujE0+RkWbwfQhR1iVdma8l1U02QGgV2+ORTLeO QjNEWEo3u06Jz/4C49ZUOR+iM9TM2sVLQKheOAdtCeGTQKL8K95YyPKtoLT79BWKHW a3VKsjPJbYSMZzuQRxCQnhcfHPN61UyZmEJCUQOBPVY9zYa5UyaZbzv3O0+KAAqIr2 RVIjH9UufDjOBuAPiONBNu6rt/uDA1+gA7OD4xGQtzWUfVfIdA1Ajom4X7Hk+saTFq /mFUfJKHmmmIA== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 02/19] x86/sev: Don't emit BSS_DECRYPT section unless it is in use Date: Thu, 8 Jan 2026 09:25:29 +0000 Message-ID: <20260108092526.28586-23-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1993; i=ardb@kernel.org; h=from:subject; bh=s1Q/RZ3WGfrQNkmrGvRKRmUOXkb9B504DHaeNuHZ02g=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gvNxyPTu10E34uMPcLx9qxqys+fYIuWT9Xu6y2O07 tZU/jzRUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACby6w7Df7dZNw45X7+Yp1b8 6/jv1Q6s6zOqU7mDWM06nITE/HafKGT4K5/DcsBog1iZNFOgWcHWmRe17lyQU3/wvGFCzpf0zfk 6/AA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The BSS_DECRYPT section that gets emitted into .bss will be empty if CONFIG_AMD_MEM_ENCRYPT is not defined. However, due to the fact that it is injected into .bss rather than emitted as a separate section, the 2 MiB alignment that it specifies is still taken into account unconditionally, pushing .bss out to the next 2 MiB boundary, leaving a gap that is never freed. So only emit a non-empty BSS_DECRYPT section if it is going to be used. In that case, it would still be nice to free the padding, but that is left for later. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 21 +++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index d7af4a64c211..3a24a3fc55f5 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -67,7 +67,18 @@ const_cpu_current_top_of_stack =3D cpu_current_top_of_st= ack; =20 #define ALIGN_ENTRY_TEXT_BEGIN . =3D ALIGN(PMD_SIZE); #define ALIGN_ENTRY_TEXT_END . =3D ALIGN(PMD_SIZE); +#else + +#define X86_ALIGN_RODATA_BEGIN +#define X86_ALIGN_RODATA_END \ + . =3D ALIGN(PAGE_SIZE); \ + __end_rodata_aligned =3D .; =20 +#define ALIGN_ENTRY_TEXT_BEGIN +#define ALIGN_ENTRY_TEXT_END +#endif + +#ifdef CONFIG_AMD_MEM_ENCRYPT /* * This section contains data which will be mapped as decrypted. Memory * encryption operates on a page basis. Make this section PMD-aligned @@ -88,17 +99,9 @@ const_cpu_current_top_of_stack =3D cpu_current_top_of_st= ack; __pi___end_bss_decrypted =3D .; \ =20 #else - -#define X86_ALIGN_RODATA_BEGIN -#define X86_ALIGN_RODATA_END \ - . =3D ALIGN(PAGE_SIZE); \ - __end_rodata_aligned =3D .; - -#define ALIGN_ENTRY_TEXT_BEGIN -#define ALIGN_ENTRY_TEXT_END #define BSS_DECRYPTED - #endif + #if defined(CONFIG_X86_64) && defined(CONFIG_KEXEC_CORE) #define KEXEC_RELOCATE_KERNEL \ . =3D ALIGN(0x100); \ --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E890D3C009C; Thu, 8 Jan 2026 09:28:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864486; cv=none; b=tgjmr09b6QItq49wSyeWN5JW6k3g3svwMBJr0v9svN28C7cJ61wVmsm5V9BTJ1UNyM+i0RGeaVPHHFBdIpUEk1ROOuuhfGkwqMfigxBZX0sJ5mqOoSHKOqSqvBlmkMiLTa67AmrwZDDVEm9b2OUGqRYch0tw9MkJEXZiuzVq0fY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864486; c=relaxed/simple; bh=++9jVLNSlkjAvs72B62sajS/8LrDcF+jVHHJT4hHbLU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IG7xzKxotYqcO2AV2+8dRbA6bPIxVF3ZIHoG1KHo79n9vaBoeQK3nuvg54rDL5+of3XeCcohz2LU0S2bEgc2PbfrZNlMPqfqQtYw3dbrGGNHHJMW42Kpy+wAj+1NPcq7aMvtkPbYNe/RSSdYOebEWr5K9qmmhdHK5rg5rn9V/C8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Mcn9Qoob; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Mcn9Qoob" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08C43C16AAE; Thu, 8 Jan 2026 09:28:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864484; bh=++9jVLNSlkjAvs72B62sajS/8LrDcF+jVHHJT4hHbLU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Mcn9QoobFMoA+8L297yR6DmX0UxtmgACy9eSYyMFjObuzrzRc63JLn3IrrR1HBxee F8tm+Am2ByX9P1K4zRvmly+LMLY/bHMg2d9O+kpEWGMpCf1ayLSALUiQNxQ3MA62Je rChg/6OV1d8Gl6dhnfPZcapS/dEG5gE4YCEizNtQM1DOIOw7t7yGSwLe4++I7v0TeL ool420qM+xSHb149NBHE8bLHoJ1O5UYFSM/a9vsPIpTkGgJKhOttj7RwPYtjzKs03l StQCq4zpoPnpr75TweomAps0PFdQm6aI4dq/zs/johcW0b9t+nUJqwS9rOi6XZYF6d GyqDxpP0BK7mQ== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 03/19] x86: Combine .data with .bss in kernel mapping Date: Thu, 8 Jan 2026 09:25:30 +0000 Message-ID: <20260108092526.28586-24-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9081; i=ardb@kernel.org; h=from:subject; bh=++9jVLNSlkjAvs72B62sajS/8LrDcF+jVHHJT4hHbLU=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gptZ77OM0aVFRyIzzB2+ZK3a7B8Y5rEu4sqFy7Lne /abXmLuKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABO59YaRYVbnqWUiFqEs2XdZ bod/eTJh71H9TQt/3zz1/kDaon2uE1Yx/NP4I/NL/4iyi3+zvYB++cvbrOcVzk5afN015v0VTT5 eZhYA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The primary mapping of the kernel image is made using huge pages where possible, mostly to minimize TLB pressure (Only the entry text section requires alignment to 2 MiB). This involves some rounding and padding of the .text and .rodata sections, resulting in gaps. These gaps are smaller than a huge page, and are remapped using different permissions, resulting in fragmentation of the huge page mappings at the edges of those regions. Similarly, there is a gap between .data and .bss, where the init text and data regions reside. This means that the end of the .data region and the start of the .bss region are not covered by huge page mappings either, even though both regions use the same permissions (RW+NX). Improve the situation, by placing .data and .bss adjacently in the linker map, and putting the init text and data regions after .rodata, taking the place of the rodata/data gap. This results in one fewer gap, and a more efficient mapping of the .data and .bss regions. To preserve the x86_64 ELF layout with PT_LOAD regions aligned to 2 MiB, start the second ELF segment at .init.data and align it to 2 MiB. The resulting padding will be covered by the init region and will be freed along with it after boot. defconfig + Clang 19: Before: 0xffffffff81000000-0xffffffff82200000 18M ro PSE GLB x pmd 0xffffffff82200000-0xffffffff8231c000 1136K ro GLB x pte 0xffffffff8231c000-0xffffffff82400000 912K RW GLB NX pte 0xffffffff82400000-0xffffffff82a00000 6M ro PSE GLB NX pmd 0xffffffff82a00000-0xffffffff82b40000 1280K ro GLB NX pte 0xffffffff82b40000-0xffffffff82c00000 768K RW GLB NX pte 0xffffffff82c00000-0xffffffff83400000 8M RW PSE GLB NX pmd 0xffffffff83400000-0xffffffff83800000 4M RW GLB NX pte After: 0xffffffff81000000-0xffffffff82200000 18M ro PSE GLB x pmd 0xffffffff82200000-0xffffffff8231c000 1136K ro GLB x pte 0xffffffff8231c000-0xffffffff82400000 912K RW GLB NX pte 0xffffffff82400000-0xffffffff82a00000 6M ro PSE GLB NX pmd 0xffffffff82a00000-0xffffffff82b40000 1280K ro GLB NX pte 0xffffffff82b40000-0xffffffff82c00000 768K RW GLB NX pte 0xffffffff82c00000-0xffffffff82e00000 2M RW PSE GLB NX pmd 0xffffffff82e00000-0xffffffff83000000 2M RW GLB NX pte 0xffffffff83000000-0xffffffff83800000 8M RW PSE GLB NX pmd With the gaps removed/unmapped (pti=3Don) Before: 0xffffffff81000000-0xffffffff81200000 2M ro PSE GLB x pmd 0xffffffff81200000-0xffffffff82200000 16M ro PSE x pmd 0xffffffff82200000-0xffffffff8231c000 1136K ro x pte 0xffffffff8231c000-0xffffffff82400000 912K pte 0xffffffff82400000-0xffffffff82a00000 6M ro PSE NX pmd 0xffffffff82a00000-0xffffffff82b40000 1280K ro NX pte 0xffffffff82b40000-0xffffffff82c00000 768K pte 0xffffffff82c00000-0xffffffff83400000 8M RW PSE NX pmd 0xffffffff83400000-0xffffffff8342a000 168K RW NX pte 0xffffffff8342a000-0xffffffff836f3000 2852K pte 0xffffffff836f3000-0xffffffff83800000 1076K RW NX pte After: 0xffffffff81000000-0xffffffff81200000 2M ro PSE GLB x pmd 0xffffffff81200000-0xffffffff82200000 16M ro PSE x pmd 0xffffffff82200000-0xffffffff8231c000 1136K ro x pte 0xffffffff8231c000-0xffffffff82400000 912K pte 0xffffffff82400000-0xffffffff82a00000 6M ro PSE NX pmd 0xffffffff82a00000-0xffffffff82b40000 1280K ro NX pte 0xffffffff82b40000-0xffffffff82e3d000 3060K pte 0xffffffff82e3d000-0xffffffff83000000 1804K RW NX pte 0xffffffff83000000-0xffffffff83800000 8M RW PSE NX pmd Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/vmlinux.lds.S | 91 +++++++++++--------- arch/x86/mm/init_64.c | 5 +- arch/x86/mm/pat/set_memory.c | 2 +- 3 files changed, 52 insertions(+), 46 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 3a24a3fc55f5..1dee2987c42b 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -61,12 +61,15 @@ const_cpu_current_top_of_stack =3D cpu_current_top_of_s= tack; #define X86_ALIGN_RODATA_BEGIN . =3D ALIGN(HPAGE_SIZE); =20 #define X86_ALIGN_RODATA_END \ - . =3D ALIGN(HPAGE_SIZE); \ - __end_rodata_hpage_align =3D .; \ - __end_rodata_aligned =3D .; + . =3D ALIGN(PAGE_SIZE); \ + __end_rodata_aligned =3D ALIGN(HPAGE_SIZE); =20 #define ALIGN_ENTRY_TEXT_BEGIN . =3D ALIGN(PMD_SIZE); #define ALIGN_ENTRY_TEXT_END . =3D ALIGN(PMD_SIZE); + +#define DATA_SEGMENT_START \ + . =3D ALIGN(HPAGE_SIZE); \ + __data_segment_start =3D .; #else =20 #define X86_ALIGN_RODATA_BEGIN @@ -76,9 +79,14 @@ const_cpu_current_top_of_stack =3D cpu_current_top_of_st= ack; =20 #define ALIGN_ENTRY_TEXT_BEGIN #define ALIGN_ENTRY_TEXT_END + +#define DATA_SEGMENT_START \ + . =3D ALIGN(PAGE_SIZE); \ + __data_segment_start =3D .; #endif =20 #ifdef CONFIG_AMD_MEM_ENCRYPT + /* * This section contains data which will be mapped as decrypted. Memory * encryption operates on a page basis. Make this section PMD-aligned @@ -171,43 +179,6 @@ SECTIONS RO_DATA(PAGE_SIZE) X86_ALIGN_RODATA_END =20 - /* Data */ - .data : AT(ADDR(.data) - LOAD_OFFSET) { - /* Start of data section */ - _sdata =3D .; - - /* init_task */ - INIT_TASK_DATA(THREAD_SIZE) - - /* equivalent to task_pt_regs(&init_task) */ - __top_init_kernel_stack =3D __end_init_stack - TOP_OF_KERNEL_STACK_PADDI= NG - PTREGS_SIZE; - -#ifdef CONFIG_X86_32 - /* 32 bit has nosave before _edata */ - NOSAVE_DATA -#endif - - PAGE_ALIGNED_DATA(PAGE_SIZE) - - CACHE_HOT_DATA(L1_CACHE_BYTES) - - CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES) - - DATA_DATA - CONSTRUCTORS - KEXEC_RELOCATE_KERNEL - - /* rarely changed data like cpu maps */ - READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) - - /* End of data section */ - _edata =3D .; - } :data - - BUG_TABLE - - ORC_UNWIND_TABLE - /* Init code and data - will be freed after init */ . =3D ALIGN(PAGE_SIZE); .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) { @@ -229,7 +200,8 @@ SECTIONS __inittext_end =3D .; } =20 - INIT_DATA_SECTION(16) + DATA_SEGMENT_START + INIT_DATA_SECTION(16) :data =20 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { __x86_cpu_dev_start =3D .; @@ -358,6 +330,43 @@ SECTIONS __smp_locks_end =3D .; } =20 + /* Data */ + .data : AT(ADDR(.data) - LOAD_OFFSET) { + /* Start of data section */ + _sdata =3D .; + + /* init_task */ + INIT_TASK_DATA(THREAD_SIZE) + + /* equivalent to task_pt_regs(&init_task) */ + __top_init_kernel_stack =3D __end_init_stack - TOP_OF_KERNEL_STACK_PADDI= NG - PTREGS_SIZE; + +#ifdef CONFIG_X86_32 + /* 32 bit has nosave before _edata */ + NOSAVE_DATA +#endif + + PAGE_ALIGNED_DATA(PAGE_SIZE) + + CACHE_HOT_DATA(L1_CACHE_BYTES) + + CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES) + + DATA_DATA + CONSTRUCTORS + KEXEC_RELOCATE_KERNEL + + /* rarely changed data like cpu maps */ + READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + + /* End of data section */ + _edata =3D .; + } + + BUG_TABLE + + ORC_UNWIND_TABLE + #ifdef CONFIG_X86_64 .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) { NOSAVE_DATA diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 9983017ecbe0..6c2120dd5607 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1397,9 +1397,8 @@ void mark_rodata_ro(void) { unsigned long start =3D PFN_ALIGN(_text); unsigned long rodata_start =3D PFN_ALIGN(__start_rodata); - unsigned long end =3D (unsigned long)__end_rodata_hpage_align; + unsigned long end =3D (unsigned long)__end_rodata; unsigned long text_end =3D PFN_ALIGN(_etext); - unsigned long rodata_end =3D PFN_ALIGN(__end_rodata); unsigned long all_end; =20 printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", @@ -1435,8 +1434,6 @@ void mark_rodata_ro(void) =20 free_kernel_image_pages("unused kernel image (text/rodata gap)", (void *)text_end, (void *)rodata_start); - free_kernel_image_pages("unused kernel image (rodata/data gap)", - (void *)rodata_end, (void *)_sdata); } =20 /* diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 6c6eb486f7a6..ad4d55f2413b 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -554,7 +554,7 @@ static pgprotval_t protect_kernel_text(unsigned long st= art, unsigned long end) static pgprotval_t protect_kernel_text_ro(unsigned long start, unsigned long end) { - unsigned long t_end =3D (unsigned long)__end_rodata_hpage_align - 1; + unsigned long t_end =3D (unsigned long)__end_rodata - 1; unsigned long t_start =3D (unsigned long)_text; unsigned int level; =20 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1EAFD42E4BD; Thu, 8 Jan 2026 09:28:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864491; cv=none; b=m1rIdKxppSptmr5H4laa50KZ/r7IqCV3oFPmBunyynvZpMe3gx83CvoCbOhs0rtZat0egJ7o6z0oel5SGFnj4CMP7G3rSZjBVyEQZMaWvt81vbvIdfvkKymCggEHN4GFxEk5UZJtFWvvQd9fHqYqFAJM/oaukdo01Ejsl7BrpBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864491; c=relaxed/simple; bh=a+iRDcQFjVTEhia5ujevgzffPacAq1ZV18BVECjd1m8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e4/bUkwKCE7KQVUlF4IyEqGBjriJwpYoIbIjL9eDtMr0ILgPOTwhU6BLiObQe4NLcwLuXKa1dMHBGVmDnbFB4GjWaNH6q1lE3XhPx4xvP0+j13W0FJ4bnoPQoJrlzwbN42FcWdkRvMb1rubUXhbTndn5uJph5ZryzEojntBDbuU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ilhdXDzT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ilhdXDzT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C159FC19424; Thu, 8 Jan 2026 09:28:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864487; bh=a+iRDcQFjVTEhia5ujevgzffPacAq1ZV18BVECjd1m8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ilhdXDzTZC4TYjd5qMZgDnGow11a9Dz4cMm/Ik7MyzvYLLo60RCrcBWdGBf2mF9zz 4gLvnVVi/rlyppRcVEtsOvmkHXFa6JhHAdS9clbJ/BCd0qsc3M/4qthZAh63thZAyA pRE+CcHOxtJ6SVagsLyMjxPiFgQ3A+vSzqWsd/9+Q0voYek7nRYK3ROF1I1Pa3xN5G tyG3w31yNP9OFJGdXzHxh65dBJbXORz9oSsBU9FF3OOxl5i6UOnl7FFwypsXE2j138 JQe8XRoR1/j9alyAPXr94Xgs0tXD0u/1i4bqujdSAMPUzQWfrMrxEWfTEacfNU3s9n wn6QcuCBALo1Q== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 04/19] x86: Make the 64-bit bzImage always physically relocatable Date: Thu, 8 Jan 2026 09:25:31 +0000 Message-ID: <20260108092526.28586-25-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=8005; i=ardb@kernel.org; h=from:subject; bh=a+iRDcQFjVTEhia5ujevgzffPacAq1ZV18BVECjd1m8=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gmeGmv/pgBX375f/rsycqqm//d7LeBnLp6bNToLaN ufP/CjpKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABPp3cXwv/CMX0lJeZzbfOuy +mOT/j6OFVjy/p70iph7si85JnceP83I0N9TFnBo2ouzk9xDTndzRT8J05rvoZy0gnfL+b9O/17 e4wQA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On x86_64, the physical placement of the kernel is independent from its mapping in the 'High Kernel Mapping' range. This means that even a position dependent kernel built without boot-time relocation support can run from any suitably aligned physical address, and there is no need to make this behavior dependent on whether or not the kernel is virtually relocatable. On i386, the situation is different, given that the physical and virtual load offsets must be equal, and so only a relocatable kernel can be loaded at a physical address that deviates from its build-time default. Clarify this in Kconfig and in the code, and advertise the 64-bit bzImage as loadable at any physical offset regardless of whether CONFIG_RELOCATABLE is set. In practice, this makes little difference, given that it defaults to 'y' and is a prerequisite for EFI_STUB and RANDOMIZE_BASE, but it will help with some future refactoring of the relocation code. Signed-off-by: Ard Biesheuvel --- arch/x86/Kconfig | 40 ++++++++++++-------- arch/x86/boot/compressed/head_64.S | 4 -- arch/x86/boot/compressed/misc.c | 8 ++-- arch/x86/boot/header.S | 8 +--- 4 files changed, 29 insertions(+), 31 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 80527299f859..bf51e17d5813 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1931,7 +1931,7 @@ config EFI config EFI_STUB bool "EFI stub support" depends on EFI - select RELOCATABLE + select RELOCATABLE if X86_32 help This kernel feature allows a bzImage to be loaded directly by EFI firmware without the use of a bootloader. @@ -2028,8 +2028,9 @@ config PHYSICAL_START help This gives the physical address where the kernel is loaded. =20 - If the kernel is not relocatable (CONFIG_RELOCATABLE=3Dn) then bzImage - will decompress itself to above physical address and run from there. + If the kernel is not relocatable (CONFIG_RELOCATABLE=3Dn) and built for + i386, then the bzImage will decompress itself to the above physical + address and run from there. Otherwise, bzImage will run from the address where it has been loaded by the boot loader. The only exception is if it is loaded below the above physical address, in which case it will relocate itself there. @@ -2064,16 +2065,22 @@ config PHYSICAL_START Don't change this unless you know what you are doing. =20 config RELOCATABLE - bool "Build a relocatable kernel" - default y + bool "Build a relocatable kernel" if X86_32 + default X86_32 help - This builds a kernel image that retains relocation information - so it can be loaded someplace besides the default 1MB. + This builds a kernel image that retains relocation information so it + can be placed someplace besides the default PAGE_OFFSET + 1MB. This + is a prerequisite for KASLR. The relocations tend to make the kernel binary about 10% larger, but are discarded at runtime. =20 - One use is for the kexec on panic case where the recovery kernel - must live at a different physical address than the primary + On i386, where the virtual and physical load offset of the kernel + must be equal, this also allows the kernel image to be placed at a + physical load address that differs from the compile time default. On + x86_64, this is always permitted. + + One use is for the kexec on panic case on i386, where the recovery + kernel must live at a different physical address than the primary kernel. =20 Note: If CONFIG_RELOCATABLE=3Dy, then the kernel runs from the address @@ -2082,7 +2089,7 @@ config RELOCATABLE =20 config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" - depends on RELOCATABLE + select RELOCATABLE default y help In support of Kernel Address Space Layout Randomization (KASLR), @@ -2118,7 +2125,7 @@ config RANDOMIZE_BASE # Relocation on x86 needs some additional build support config X86_NEED_RELOCS def_bool y - depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) + depends on RELOCATABLE select ARCH_VMLINUX_NEEDS_RELOCS =20 config PHYSICAL_ALIGN @@ -2131,12 +2138,13 @@ config PHYSICAL_ALIGN where kernel is loaded and run from. Kernel is compiled for an address which meets above alignment restriction. =20 - If bootloader loads the kernel at a non-aligned address and - CONFIG_RELOCATABLE is set, kernel will move itself to nearest - address aligned to above value and run from there. + If the bootloader loads the kernel at a non-aligned address and it + is built for x86_64 or CONFIG_RELOCATABLE is set, the kernel will + move itself to the nearest address aligned to above value and run + from there. =20 - If bootloader loads the kernel at a non-aligned address and - CONFIG_RELOCATABLE is not set, kernel will ignore the run time + If the bootloader loads the i386 kernel at a non-aligned address and + CONFIG_RELOCATABLE is not set, the kernel will ignore the run time load address and decompress itself to the address it has been compiled for and run from there. The address for which kernel is compiled already meets above alignment restrictions. Hence the diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/= head_64.S index d9dab940ff62..8a964a4d45c2 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -143,7 +143,6 @@ SYM_FUNC_START(startup_32) * for safe in-place decompression. */ =20 -#ifdef CONFIG_RELOCATABLE movl %ebp, %ebx movl BP_kernel_alignment(%esi), %eax decl %eax @@ -152,7 +151,6 @@ SYM_FUNC_START(startup_32) andl %eax, %ebx cmpl $LOAD_PHYSICAL_ADDR, %ebx jae 1f -#endif movl $LOAD_PHYSICAL_ADDR, %ebx 1: =20 @@ -312,7 +310,6 @@ SYM_CODE_START(startup_64) */ =20 /* Start with the delta to where the kernel will run at. */ -#ifdef CONFIG_RELOCATABLE leaq startup_32(%rip) /* - $startup_32 */, %rbp movl BP_kernel_alignment(%rsi), %eax decl %eax @@ -321,7 +318,6 @@ SYM_CODE_START(startup_64) andq %rax, %rbp cmpq $LOAD_PHYSICAL_ADDR, %rbp jae 1f -#endif movq $LOAD_PHYSICAL_ADDR, %rbp 1: =20 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 0f41ca0e52c0..d37569e7ee10 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -314,12 +314,10 @@ static size_t parse_elf(void *output) if ((phdr->p_align % 0x200000) !=3D 0) error("Alignment of LOAD segment isn't multiple of 2MB"); #endif -#ifdef CONFIG_RELOCATABLE - dest =3D output; - dest +=3D (phdr->p_paddr - LOAD_PHYSICAL_ADDR); -#else dest =3D (void *)(phdr->p_paddr); -#endif + if (IS_ENABLED(CONFIG_X86_64) || + IS_ENABLED(CONFIG_RELOCATABLE)) + dest +=3D (unsigned long)output - LOAD_PHYSICAL_ADDR; memmove(dest, output + phdr->p_offset, phdr->p_filesz); break; default: /* Ignore other PT_* */ break; diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 9bea5a1e2c52..b72e6055e103 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -332,7 +332,7 @@ initrd_addr_max: .long 0x7fffffff kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment #required for protected mode #kernel -#ifdef CONFIG_RELOCATABLE +#if defined(CONFIG_RELOCATABLE) || defined(CONFIG_X86_64) relocatable_kernel: .byte 1 #else relocatable_kernel: .byte 0 @@ -342,14 +342,10 @@ min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum = alignment xloadflags: #ifdef CONFIG_X86_64 # define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ -#else -# define XLF0 0 -#endif - -#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) /* kernel/boot_param/ramdisk could be loaded above 4g */ # define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G #else +# define XLF0 0 # define XLF1 0 #endif =20 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68D693C00BD; Thu, 8 Jan 2026 09:28:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864492; cv=none; b=NEPEksHlfT2n1gKFUOrKnABqYofYy5byZN5ehi14eIne7E+OmeFXW66yTsg1SmBvIcyVTRAqMzJ55w3Io8OQXB9jRbrThk5GdQ/lrzlHKKle9V3L1CQdBBksh0Rv6vfIzahV8r0X/Fa8dG1GRkGCYce6QLRmUvH4UIiMjU3i7qw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864492; c=relaxed/simple; bh=y7+ntK2Mt9pILeLN4kBUmNH8SM9X4UPDlejQNxGasJ4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=C6w/ukgLkqUTiFV+MYZ5uXlkV0xDQLhd2NWCtIF06q6MqfoM7V0JdcuT0i/xWFs1wM8+4s3tT66RKIv4PqYYOj9whNvhlH8TqC5MdmylH0+HrODYuAw/VRVhr+EmynwIJoYbw8/s2Jnr1duIOMRdCAZcGNFaK4ASHBpFCDbQq/U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OsC3ggSJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OsC3ggSJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86249C116C6; Thu, 8 Jan 2026 09:28:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864489; bh=y7+ntK2Mt9pILeLN4kBUmNH8SM9X4UPDlejQNxGasJ4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OsC3ggSJUJoRtalHOVJReVeodhSqFx019MuAGLoupQYSBgGSW6nES1QJvHzLr9UNG 7ae3prPAfNetXGub/D1Ak/AY3lbQZ7diNheQEWgZNjxHgt0XUPMiY4DVX3+ypWGeSj KfFPD+0wkU3/EhL4R8rksiQtymz0AU7R5mP8H4ZslvtvOLEHT0oGBIPFOGxpUGrE2n 3GmdDCcBwr8uU18MTMzYl7ZaqfjGDc9DcQJdqA0wW5fbkjOjSNU3QW2MA0KyncaauB kNMx5t9jDdX+T8JIIH2lg5zJKipNnPUwZKX4iNYSL4LC3QU91uk3cpB2agkDRxFh6G fuXFFFCURtp6A== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 05/19] x86/efistub: Simplify early remapping of kernel text Date: Thu, 8 Jan 2026 09:25:32 +0000 Message-ID: <20260108092526.28586-26-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4107; i=ardb@kernel.org; h=from:subject; bh=y7+ntK2Mt9pILeLN4kBUmNH8SM9X4UPDlejQNxGasJ4=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gvfZrNboPT8O+zuI83B0R2Z+WBL0aYdFw5Fk9cv7e IJMp13oKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNRzWJkaE+NzTzx4LFJ72y9 KyUfjLiPSvKvemDzovpr6OR3lR335BkZJrmuWvF1z503r0zXc6mFMGzeu2997tegCYqft7wKOeJ nxQQA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that the kernel's .text, .rodata and .inittext are all covered by a single ELF segment, there is no need to remap .inittext separately. Instead, remap the entire region in a single call. This remapping is needed because the EFI stub hands over to the core kernel while running in long mode, using the page tables provided by the firmware. Recent so-called 'MS secured core' (tm) PCs are more strict when it comes to separating writable from executable mappings, and so for compatibility with such systems, any code that may be callable during early boot (i.e., before the kernel switches to its own page tables) must be remapped executable explicitly. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 4 +--- arch/x86/include/asm/boot.h | 2 -- arch/x86/kernel/vmlinux.lds.S | 2 -- drivers/firmware/efi/libstub/x86-stub.c | 4 +--- 5 files changed, 3 insertions(+), 11 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index 68f9d7a1683b..bc071bdcd11e 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -76,7 +76,7 @@ LDFLAGS_vmlinux +=3D -T hostprogs :=3D mkpiggy HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include =20 -sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__start_r= odata\|_sinittext\|__inittext_end\|__bss_start\|_end\)$$/\#define VO_\2 _AC= (0x\1,UL)/p' +sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__data_se= gment_start\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' =20 quiet_cmd_voffset =3D VOFFSET $@ cmd_voffset =3D $(NM) $< | sed -n $(sed-voffset) > $@ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index d37569e7ee10..1ea419cf88fe 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -329,9 +329,7 @@ static size_t parse_elf(void *output) return ehdr.e_entry - LOAD_PHYSICAL_ADDR; } =20 -const unsigned long kernel_text_size =3D VO___start_rodata - VO__text; -const unsigned long kernel_inittext_offset =3D VO__sinittext - VO__text; -const unsigned long kernel_inittext_size =3D VO___inittext_end - VO__sinit= text; +const unsigned long kernel_text_size =3D VO___data_segment_start - VO__tex= t; const unsigned long kernel_total_size =3D VO__end - VO__text; =20 static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index f7b67cb73915..02b23aa78955 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -82,8 +82,6 @@ #ifndef __ASSEMBLER__ extern unsigned int output_len; extern const unsigned long kernel_text_size; -extern const unsigned long kernel_inittext_offset; -extern const unsigned long kernel_inittext_size; extern const unsigned long kernel_total_size; =20 unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_= addr, diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 1dee2987c42b..6772fe9a9957 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -196,8 +196,6 @@ SECTIONS */ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) - . =3D ALIGN(PAGE_SIZE); - __inittext_end =3D .; } =20 DATA_SEGMENT_START diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi= /libstub/x86-stub.c index cef32e2c82d8..ffe30ef73fda 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -890,9 +890,7 @@ static efi_status_t efi_decompress_kernel(unsigned long= *kernel_entry, =20 *kernel_entry =3D addr + entry; =20 - return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: - efi_adjust_memory_range_protection(addr + kernel_inittext_offset, - kernel_inittext_size); + return efi_adjust_memory_range_protection(addr, kernel_text_size); } =20 static void __noreturn enter_kernel(unsigned long kernel_addr, --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACA0A4418D3; Thu, 8 Jan 2026 09:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864495; cv=none; b=IVTCCCKv7YWMOWyNH4GK0cs9GgOGWtwGVmHKHgKMr/QvIgiZGfOuR9G1JcdTfKhdZqFXU3qEeAhaVb6UTQ0J5JlPqeBlN8rE4E85zIrRPXpPJBu28NaNmemRjvUmfNW89NBTXPmatEeL6x430jd/a0mSAxDHb70YT5elji5Wv2s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864495; c=relaxed/simple; bh=kuiwqDzl2f73n2rx6IkFHqKYsd+dEBHyHn/U0wchG6U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cpBHAfjunS1BogVKzlzPlWITcy9wqkll+RPMZOUlr7dDsgvu3liSAkWEUAOa3zhB0sYrrsS1RaKQN1t+9BehY3DziX2MRaoLtPDiQp/Z/Y71r9bb/KXlTKMQEarvmKv4wYS2bP8qe+xqmV+U9XLIte4ZDHMZkgUzEcA36GeSemI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YE4g3NZI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YE4g3NZI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A643C16AAE; Thu, 8 Jan 2026 09:28:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864492; bh=kuiwqDzl2f73n2rx6IkFHqKYsd+dEBHyHn/U0wchG6U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YE4g3NZIjUSbMFNAkVY+33hZ8GREkvXwF5nm2RP85oba55ABb5lq/mx14Pm3eltvZ 8yjjVnFbKJoEi5IeB2E9KHSlm8+eZA6DCNFLUr+IMnc7u7H25uoYz1U4c6aGXDjms/ SCWotGS11nbtnb7kzWIQc/WZUV7G449kV7HWeLt+eRjNAZAf5XvXiuUiiDOzPOfGL1 U+vjBX3G4iXETKeOCFApwS0nZd9GqcGO6DmJSCKw2WT8Xab28lEn8bWSFPSMhd0MTV rECob5syJECEtpotW6FXM6EMreXGssMvZGLARcLs7ZGKdisMNZP7HBOdpMyAQxYkko 5svd1/4WZlM2Q== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 06/19] alloc_tag: Use __ prefixed ELF section names Date: Thu, 8 Jan 2026 09:25:33 +0000 Message-ID: <20260108092526.28586-27-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5229; i=ardb@kernel.org; h=from:subject; bh=kuiwqDzl2f73n2rx6IkFHqKYsd+dEBHyHn/U0wchG6U=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+gr+/J608YJGRXc/NN5tidyxgut2atMbF+d2CIHN1n ewrG/07SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwERs6hgZ1i4IWMCjp7YoLjqD KdjzEo9s7QT9vjn3uEIE9St5M3yqGP6XO1YIvZPPuqQxac+2y+skmOWmTWR9biBz8kzvqdDkK3e ZAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The compiler will emit static relocations related to a section .foo into a separate section called .rela.foo, i.e., it just appends the section name to the string ".rela" When section names start with . or __, this results in section names that are correctly matched by the various pattern rules in the various linker scripts across the tree. Without any such leading delimiter, it may lead to spurious warnings such as >> ld: warning: orphan section `.relaalloc_tags' from `init/main.o' being= placed in section `.rela.dyn' ld: warning: dot moved backwards before `.rela.dyn' ld: .tmp_vmlinux1: section `.rela.dyn' can't be allocated in segment 1 Fix this by renaming the section to __alloc_tags. While at it, tweak the headers so that the definition appears only a single time. Signed-off-by: Ard Biesheuvel --- include/asm-generic/codetag.lds.h | 14 +++++++++----- include/linux/alloc_tag.h | 11 ++++++----- lib/alloc_tag.c | 6 +++--- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/include/asm-generic/codetag.lds.h b/include/asm-generic/codeta= g.lds.h index a14f4bdafdda..d7ff181862da 100644 --- a/include/asm-generic/codetag.lds.h +++ b/include/asm-generic/codetag.lds.h @@ -2,6 +2,10 @@ #ifndef __ASM_GENERIC_CODETAG_LDS_H #define __ASM_GENERIC_CODETAG_LDS_H =20 +#include + +#define ALLOC_TAG_SECTION_NAME __alloc_tags + #ifdef CONFIG_MEM_ALLOC_PROFILING #define IF_MEM_ALLOC_PROFILING(...) __VA_ARGS__ #else @@ -10,15 +14,15 @@ =20 #define SECTION_WITH_BOUNDARIES(_name) \ . =3D ALIGN(8); \ - __start_##_name =3D .; \ + __PASTE(__start_, _name) =3D .; \ KEEP(*(_name)) \ - __stop_##_name =3D .; + __PASTE(__stop_, _name) =3D .; =20 #define CODETAG_SECTIONS() \ - IF_MEM_ALLOC_PROFILING(SECTION_WITH_BOUNDARIES(alloc_tags)) + IF_MEM_ALLOC_PROFILING(SECTION_WITH_BOUNDARIES(ALLOC_TAG_SECTION_NAME)) =20 #define MOD_SEPARATE_CODETAG_SECTION(_name) \ - .codetag.##_name : { \ + .codetag._name : { \ SECTION_WITH_BOUNDARIES(_name) \ } =20 @@ -28,6 +32,6 @@ * unload them individually once unused. */ #define MOD_SEPARATE_CODETAG_SECTIONS() \ - IF_MEM_ALLOC_PROFILING(MOD_SEPARATE_CODETAG_SECTION(alloc_tags)) + IF_MEM_ALLOC_PROFILING(MOD_SEPARATE_CODETAG_SECTION(ALLOC_TAG_SECTION_NAM= E)) =20 #endif /* __ASM_GENERIC_CODETAG_LDS_H */ diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h index d40ac39bfbe8..f39d85b05b8a 100644 --- a/include/linux/alloc_tag.h +++ b/include/linux/alloc_tag.h @@ -15,6 +15,9 @@ #include #include =20 +/* for ALLOC_TAG_SECTION_NAME */ +#include + struct alloc_tag_counters { u64 bytes; u64 calls; @@ -74,8 +77,6 @@ static inline void set_codetag_empty(union codetag_ref *r= ef) =20 #ifdef CONFIG_MEM_ALLOC_PROFILING =20 -#define ALLOC_TAG_SECTION_NAME "alloc_tags" - struct codetag_bytes { struct codetag *ct; s64 bytes; @@ -98,7 +99,7 @@ DECLARE_PER_CPU(struct alloc_tag_counters, _shared_alloc_= tag); =20 #define DEFINE_ALLOC_TAG(_alloc_tag) \ static struct alloc_tag _alloc_tag __used __aligned(8) \ - __section(ALLOC_TAG_SECTION_NAME) =3D { \ + __section(__stringify(ALLOC_TAG_SECTION_NAME)) =3D { \ .ct =3D CODE_TAG_INIT, \ .counters =3D &_shared_alloc_tag }; =20 @@ -108,7 +109,7 @@ DECLARE_PER_CPU(struct alloc_tag_counters, _shared_allo= c_tag); =20 #define DEFINE_ALLOC_TAG(_alloc_tag) \ static struct alloc_tag _alloc_tag __used __aligned(8) \ - __section(ALLOC_TAG_SECTION_NAME) =3D { \ + __section(__stringify(ALLOC_TAG_SECTION_NAME)) =3D { \ .ct =3D CODE_TAG_INIT, \ .counters =3D NULL }; =20 @@ -117,7 +118,7 @@ DECLARE_PER_CPU(struct alloc_tag_counters, _shared_allo= c_tag); #define DEFINE_ALLOC_TAG(_alloc_tag) \ static DEFINE_PER_CPU(struct alloc_tag_counters, _alloc_tag_cntr); \ static struct alloc_tag _alloc_tag __used __aligned(8) \ - __section(ALLOC_TAG_SECTION_NAME) =3D { \ + __section(__stringify(ALLOC_TAG_SECTION_NAME)) =3D { \ .ct =3D CODE_TAG_INIT, \ .counters =3D &_alloc_tag_cntr }; =20 diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index 27fee57a5c91..3eff7e912521 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -15,8 +15,8 @@ =20 #define ALLOCINFO_FILE_NAME "allocinfo" #define MODULE_ALLOC_TAG_VMAP_SIZE (100000UL * sizeof(struct alloc_tag)) -#define SECTION_START(NAME) (CODETAG_SECTION_START_PREFIX NAME) -#define SECTION_STOP(NAME) (CODETAG_SECTION_STOP_PREFIX NAME) +#define SECTION_START(NAME) (CODETAG_SECTION_START_PREFIX #NAME) +#define SECTION_STOP(NAME) (CODETAG_SECTION_STOP_PREFIX #NAME) =20 #ifdef CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT static bool mem_profiling_support =3D true; @@ -810,7 +810,7 @@ static inline void sysctl_init(void) {} static int __init alloc_tag_init(void) { const struct codetag_type_desc desc =3D { - .section =3D ALLOC_TAG_SECTION_NAME, + .section =3D __stringify(ALLOC_TAG_SECTION_NAME), .tag_size =3D sizeof(struct alloc_tag), #ifdef CONFIG_MODULES .needs_section_mem =3D needs_section_mem, --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E747A4418E6; Thu, 8 Jan 2026 09:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864496; cv=none; b=eLejgUqJCLbwl2I3Im5UzQs+93pFBTBYQZFaRp3VWeIZlPppYC/cpF13tdorULqDYLra+dm0omTY5rFwV8VvPvVcBoi6a6AOrTc53rOP5wjnjoPMEHGXXzLe3xb7bWiUgx2neA5vDy3UIUZRell7D6fsuwYdDZ2nesg/hhWwY94= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864496; c=relaxed/simple; bh=VoPcV/Fiyn3WL8X1wfBJAyjHiOZ8nzZ47iKxROdXI3E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=soRf8stiUwluLtOiukg5ODhzv9j799mGr1z3oYI8Q2RvfI0QBH3ij4+Yuc4S8t28/nynJ02EY942Iw/qAKkceGajICU9cqhv3f1bTFckawjmqEQbC+P6OCFsJLG1olhL59GdR/VDyjtRL25Vt72oX0uV6xNo4eQafWw+YWzfoUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Vz++tBtO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Vz++tBtO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F195C19422; Thu, 8 Jan 2026 09:28:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864495; bh=VoPcV/Fiyn3WL8X1wfBJAyjHiOZ8nzZ47iKxROdXI3E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vz++tBtOmeBj3aaYiCpkIn8ir73ueCKDoFs3QC5xmVCVs1Pu4VXEcRhDerV+lp41L +0+8j0NwwZXFxofmW36R5S4XV6W7B7KhsiajxAPL3f42YhNCRtzz+w3g0brFEY4a6V pajQ10FBpXKj0LQMiRzghGRSjMV7opjFe7NkaVIGUoDs6UTtxLIWXgnQx+DlI9p1Vt g2H8s9E2V7BiGypeLzwjETmMI+ZRzxEqXb5THbZoUwCIapUDkBK2wxd2sXFGPV2sm8 HlO7aK+v395O3u4LOTDc0mKzQQy9cGKM5d/tURru9zAYHmfLbYtjzwcSK+OhLb5aBp GNf8QvU372UMA== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 07/19] tools/objtool: Treat indirect ftrace calls as direct calls Date: Thu, 8 Jan 2026 09:25:34 +0000 Message-ID: <20260108092526.28586-28-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2376; i=ardb@kernel.org; h=from:subject; bh=VoPcV/Fiyn3WL8X1wfBJAyjHiOZ8nzZ47iKxROdXI3E=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QiBbQDiyv0b9LvfZ6fHTagPiSnVOV938HXus+CnPI h7jo8kdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKrBRkZ3k3VPRt63UD8oE1S 5eYL53MNWssYzWrUBDS37l87tXrjWoZ/RusC3N/xpe9vndk6gzUrI3pecKnPca5Y1qsn/SXU7T8 yAAA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In some cases, the compiler may rely on indirect calls using GOT slots as memory operands to emit function calls. This leaves it up to the linker to relax the call to a direct call if possible, i.e., if the destination address is known at link time and in range, which may not be the case when building shared libraries for user space. On x86, this may happen when building in PIC mode with ftrace enabled, and given that vmlinux is a fully linked binary, this relaxation is always possible, and therefore mandatory per the x86_64 psABI. This means that the indirect calls to __fentry__ that are observeable in vmlinux.o will have been converted to direct calls in vmlinux, and can be treated as such by objtool. Signed-off-by: Ard Biesheuvel --- tools/objtool/check.c | 32 ++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 3f7999317f4d..765f818af839 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1660,11 +1660,39 @@ static int add_call_destinations(struct objtool_fil= e *file) =20 for_each_insn(file, insn) { struct symbol *func =3D insn_func(insn); - if (insn->type !=3D INSN_CALL) + if (insn->type !=3D INSN_CALL && + insn->type !=3D INSN_CALL_DYNAMIC) continue; =20 reloc =3D insn_reloc(file, insn); - if (!reloc) { + if (insn->type =3D=3D INSN_CALL_DYNAMIC) { + if (!reloc) + continue; + + /* + * GCC 13 and older on x86 will always emit the call to + * __fentry__ using a relaxable GOT-based symbol + * reference when operating in PIC mode, i.e., + * + * call *0x0(%rip) + * R_X86_64_GOTPCRELX __fentry__-0x4 + * + * where it is left up to the linker to relax this into + * + * call __fentry__ + * nop + * + * if __fentry__ turns out to be DSO local, which is + * always the case for vmlinux. Given that this + * relaxation is mandatory per the x86_64 psABI, these + * calls can simply be treated as direct calls. + */ + if (arch_ftrace_match(reloc->sym->name)) { + insn->type =3D INSN_CALL; + add_call_dest(file, insn, reloc->sym, false); + } + + } else if (!reloc) { dest_off =3D arch_jump_destination(insn); dest =3D find_call_destination(insn->sec, dest_off); =20 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB28542E4A6; Thu, 8 Jan 2026 09:28:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864499; cv=none; b=MUw+VTqh4rigXUiRc5ht3sqhEZu6t+tyNg11zZrCSdQ7R9jolNlT7893RRUSnTD5EcIGLDX6AJ1w/nv6yJCB2ZRFHUrqGHLcu90C6jLaLk9Ulb7Bt14MKT2Jl1nBoTC2oMgj+c75wil1Xm/xldliEb5MbM+JAOJnIcAlCtueo2A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864499; c=relaxed/simple; bh=f6s1uGXgrLK4vHXBiwNDDu102di+RfxKjHrwVzEXwQk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QmXNjExi4rE/DuIi13rBBtT5W7ztIEBHwx3KZWvct3tKU5IiRvvK+9HCbvTH9uXEwHn1klu4Bdsd6cqwuS+dElamd9HuO6sGZrVP3eDkKLdLIrYG6sCwqKNA53cLoyVKsZOlAqCe1sFUYwS+xMtJEJKb7AU6V3W+RbR5dH7DDqE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=k7KLSjEp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="k7KLSjEp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C71ADC19425; Thu, 8 Jan 2026 09:28:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864498; bh=f6s1uGXgrLK4vHXBiwNDDu102di+RfxKjHrwVzEXwQk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k7KLSjEpUPCl/lKRdXv4EotSILrcnFh121Vq7ws+NSkm4qWwC7lOFhfDMcPKl/uM+ 1qQaG+RDzGRhP5Qpdarxzy/Vw944TSZ/2PX8BTVN2wF33H7HAfQ0uWWkLNzzgKq8oa +Rj4nQbRjWbBS2OydQOgFaoSZbnh5wvDNfbAd/Iuy6/oYFEXXDNl935djYttSZ7+LY dIbnX6ff2/CE6wn/R3IY8W5ybctXQ8PhYFXQBpr/KonpSehd+6x2DQoWM7c/MJPWza XH6Kf1UhScSmnBEIbQs1k6aS7Z/4gLoMn85C9VPm254NATDkCCzy5MAYenA4HqCvdy Aqk7q2jslNW9Q== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 08/19] x86: Use PIE codegen for the relocatable 64-bit kernel Date: Thu, 8 Jan 2026 09:25:35 +0000 Message-ID: <20260108092526.28586-29-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6428; i=ardb@kernel.org; h=from:subject; bh=f6s1uGXgrLK4vHXBiwNDDu102di+RfxKjHrwVzEXwQk=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QjAvz8bnqdE/XfuSFV9v3Wz8uPSuqO7qOo2IHUs/P qjfbMfYUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYyYTbDX1mzpujgI+nLV32f fVP5e6zGKSelMxJr2DtkjJNWlkjdEGRkWF+illm6mnuP6zG2F2sNdM+07+Ju/Kcb0fH4yYM1L29 e4AYA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As an intermediate step towards enabling PIE linking for the x86_64 KASLR kernel, enable PIE codegen for all C and Rust objects that are linked into the kernel proper. Add a Kconfig option RELOCATABLE_PIE for this, depending on RELR support in the linker, as the relocation tables will blow up the kernel image otherwise. This results in a code size increase of between 0.2% (clang) and 0.5% (gcc). Performance (hackbench) appears to be unaffected across several different uarchs. Signed-off-by: Ard Biesheuvel --- arch/x86/Kconfig | 4 ++++ arch/x86/Makefile | 19 ++++++++++++++++++- arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vdso/Makefile | 1 + arch/x86/realmode/rm/Makefile | 1 + include/asm-generic/vmlinux.lds.h | 1 + include/linux/hidden.h | 2 ++ 8 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index bf51e17d5813..b3a64cfe04cf 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2067,6 +2067,7 @@ config PHYSICAL_START config RELOCATABLE bool "Build a relocatable kernel" if X86_32 default X86_32 + select RELOCATABLE_PIE if TOOLS_SUPPORT_RELR help This builds a kernel image that retains relocation information so it can be placed someplace besides the default PAGE_OFFSET + 1MB. This @@ -2087,6 +2088,9 @@ config RELOCATABLE it has been loaded at and the compile time physical address (CONFIG_PHYSICAL_START) is used as the minimum location. =20 +config RELOCATABLE_PIE + bool + config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" select RELOCATABLE diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 1d403a3612ea..b211d6c950aa 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -89,6 +89,8 @@ ifdef CONFIG_CC_IS_GCC CC_FLAGS_FPU +=3D -mhard-float endif =20 +rustflags-nojumptables :=3D $(if $(call rustc-min-version,109300),-Cjump-t= ables=3Dn,-Zno-jump-tables) + ifeq ($(CONFIG_X86_KERNEL_IBT),y) # # Kernel IBT has S_CET.NOTRACK_EN=3D0, as such the compilers must not gene= rate @@ -100,7 +102,7 @@ ifeq ($(CONFIG_X86_KERNEL_IBT),y) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104816 # KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dbranch -fno-jump-tab= les) -KBUILD_RUSTFLAGS +=3D -Zcf-protection=3Dbranch $(if $(call rustc-min-versi= on,109300),-Cjump-tables=3Dn,-Zno-jump-tables) +KBUILD_RUSTFLAGS +=3D -Zcf-protection=3Dbranch $(rustflags-nojumptables) else KBUILD_CFLAGS +=3D $(call cc-option,-fcf-protection=3Dnone) endif @@ -178,6 +180,21 @@ endif KBUILD_RUSTFLAGS +=3D -Ccode-model=3Dkernel =20 percpu_seg :=3D gs + + pie-ccflags-$(CONFIG_CC_IS_GCC) +=3D $(call cc-option.-mdirect-ext= ern-access) + pie-ccflags-$(CONFIG_CC_IS_CLANG) +=3D -fdirect-access-external-da= ta + + # objtool gets confused by unannotated PIC flavor jump tables + pie-ccflags-y +=3D $(call cc-option,-fannotate-jump-tables,-fno-ju= mp-tables) + + pie-cflags-$(CONFIG_RELOCATABLE_PIE) :=3D $(pie-ccflags-y) -fpie -= mcmodel=3Dsmall \ + -include $(srctree)/include/linux/hidden.h + pie-rustflags-$(CONFIG_RELOCATABLE_PIE) :=3D -Crelocation-model=3D= pie \ + -Ccode-model=3Dsmall -Zdirect-access-exter= nal-data=3Dyes \ + $(rustflags-nojumptables) + + KBUILD_CFLAGS_KERNEL +=3D $(pie-cflags-y) + KBUILD_RUSTFLAGS_KERNEL +=3D $(pie-rustflags-y) endif =20 ifeq ($(CONFIG_STACKPROTECTOR),y) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index 3f9fb3698d66..491b3b2a9a02 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -55,6 +55,7 @@ KBUILD_CFLAGS :=3D $(REALMODE_CFLAGS) -D_SETUP KBUILD_AFLAGS :=3D $(KBUILD_CFLAGS) -D__ASSEMBLY__ KBUILD_CFLAGS +=3D -fno-asynchronous-unwind-tables KBUILD_CFLAGS +=3D $(CONFIG_CC_IMPLICIT_FALLTHROUGH) +KBUILD_CFLAGS_KERNEL :=3D =20 $(obj)/bzImage: asflags-y :=3D $(SVGA_MODE) =20 diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/M= akefile index bc071bdcd11e..96099b5d1064 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -76,7 +76,7 @@ LDFLAGS_vmlinux +=3D -T hostprogs :=3D mkpiggy HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include =20 -sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDGRSTtVW] \(_text\|__data_se= gment_start\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' +sed-voffset :=3D -e 's/^\([0-9a-fA-F]*\) [ABbCDdGRSTtVW] \(_text\|__data_s= egment_start\|__bss_start\|_end\)$$/\#define VO_\2 _AC(0x\1,UL)/p' =20 quiet_cmd_voffset =3D VOFFSET $@ cmd_voffset =3D $(NM) $< | sed -n $(sed-voffset) > $@ diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index f247f5f5cb44..bf4221a0fc08 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -143,6 +143,7 @@ endif endif =20 $(obj)/vdso32.so.dbg: KBUILD_CFLAGS =3D $(KBUILD_CFLAGS_32) +$(obj)/vdso32.so.dbg: KBUILD_CFLAGS_KERNEL :=3D =20 $(obj)/vdso32.so.dbg: $(obj)/vdso32/vdso32.lds $(vobjs32) FORCE $(call if_changed,vdso_and_check) diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index a0fb39abc5c8..70bf0a26da91 100644 --- a/arch/x86/realmode/rm/Makefile +++ b/arch/x86/realmode/rm/Makefile @@ -67,3 +67,4 @@ KBUILD_CFLAGS :=3D $(REALMODE_CFLAGS) -D_SETUP -D_WAKEUP \ -I$(srctree)/arch/x86/boot KBUILD_AFLAGS :=3D $(KBUILD_CFLAGS) -D__ASSEMBLY__ KBUILD_CFLAGS +=3D -fno-asynchronous-unwind-tables +KBUILD_CFLAGS_KERNEL :=3D diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinu= x.lds.h index 8ca130af301f..1782b6b87b2d 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -373,6 +373,7 @@ *(DATA_MAIN) \ *(.data..decrypted) \ *(.ref.data) \ + *(.data.rel*) \ *(.data..shared_aligned) /* percpu related */ \ *(.data..unlikely) \ __start_once =3D .; \ diff --git a/include/linux/hidden.h b/include/linux/hidden.h index 49a17b6b5962..2ad764c0ca18 100644 --- a/include/linux/hidden.h +++ b/include/linux/hidden.h @@ -16,4 +16,6 @@ * giving them 'hidden' visibility. */ =20 +#ifndef __BINDGEN__ #pragma GCC visibility push(hidden) +#endif --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 182904421F2; Thu, 8 Jan 2026 09:28:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864502; cv=none; b=W5Gi9pzhTLTl+I6tZVe3WUagS8Z/e2GVxPzMEBQaLtSN7GJzbUJMlnMuIhLBSeBvIj944iOf6Juc3yKam1PV4Kjex6E3Qw5KlFL03UgKm34yael2GlgfiCfu0B56xq+ONX250cYzGCIQa+YjxBZHdx/kYtdsom1G3VvOgyM2aFY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864502; c=relaxed/simple; bh=/BtjUWOyZ/3/vfhUotVltmewpoPbkrRlDaS6WEUcZbA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BNF1YswGKGzkl0rTEdmY725wdOQRALZ8PPh+szHuUqgBhd0EwPpvM/103xDPTIp1CG4XZNe9or5/klWyykp2MEQd1AuLAOD7NwcBpqWcR/ktLhhh7qySgjImwgvzA664iy5CfhJHY3ma/ofGAPgbiRdPPtDW89JZb+lhfwQd63E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kj0eoQgC; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kj0eoQgC" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8F140C116C6; Thu, 8 Jan 2026 09:28:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864501; bh=/BtjUWOyZ/3/vfhUotVltmewpoPbkrRlDaS6WEUcZbA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kj0eoQgCaFA+B3BDB9y2qLhYFwWKesn4a2cAHf+fYS+Zun4sT0i0vR4TFreWKupOZ dflioyrissrScaocYIX1Z2r4ovYuXzATPsaZTawg+/SAPFTqVS8MZYdwd4Cr7T1fqa G/5rus4xMLc3kEIsFK22eefjKSJucP2FGgITzIaslXZ+tt7h+I+sCqfB7n3Zr6dSAe 9EAAJEGnBJJfzrq6C1VARWYHDaswl76UjsX/+dKbOR9EgOWBdpFffqW6+JBZ7FEWtu zx7oV4mpe2mMK1PQ4ogFU7DeSpKzlH0f7PcWGfI/89ML1sHT3LYqJnnNcR2fkAH+Z6 YZFy9SdCv7Jjw== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 09/19] x86/pm-trace: Use RIP-relative accesses for .tracedata Date: Thu, 8 Jan 2026 09:25:36 +0000 Message-ID: <20260108092526.28586-30-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2144; i=ardb@kernel.org; h=from:subject; bh=/BtjUWOyZ/3/vfhUotVltmewpoPbkrRlDaS6WEUcZbA=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QvhjvMdcoeSbokebHJW2X9rGHJmjnS+lcILbII47V C7I6HNHKQuDGBeDrJgii8Dsv+92np4oVes8SxZmDisTyBAGLk4BmMjxm4wMN1MjK1ccPfDFP+h6 lvu+Yt1Lr887+rX5LWTN9vYMK0hIZPgrKm68/33XO9VDoi7d73tbGn71bOYpNo4P/+O1wbFh5Td uAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use RIP-relative accesses and 32-bit offsets for .tracedata, to avoid the need for relocation fixups at boot time. This is a prerequisite for PIE linking, which only permits 64-bit wide loader-visible absolute references. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/pm-trace.h | 4 ++-- drivers/base/power/trace.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pm-trace.h b/arch/x86/include/asm/pm-trac= e.h index bfa32aa428e5..123faf978473 100644 --- a/arch/x86/include/asm/pm-trace.h +++ b/arch/x86/include/asm/pm-trace.h @@ -8,10 +8,10 @@ do { \ if (pm_trace_enabled) { \ const void *tracedata; \ - asm volatile(_ASM_MOV " $1f,%0\n" \ + asm volatile("lea " _ASM_RIP(1f) ", %0\n" \ ".section .tracedata,\"a\"\n" \ "1:\t.word %c1\n\t" \ - _ASM_PTR " %c2\n" \ + ".long %c2 - .\n" \ ".previous" \ :"=3Dr" (tracedata) \ : "i" (__LINE__), "i" (__FILE__)); \ diff --git a/drivers/base/power/trace.c b/drivers/base/power/trace.c index d8da7195bb00..111be5825529 100644 --- a/drivers/base/power/trace.c +++ b/drivers/base/power/trace.c @@ -167,7 +167,7 @@ EXPORT_SYMBOL(set_trace_device); void generate_pm_trace(const void *tracedata, unsigned int user) { unsigned short lineno =3D *(unsigned short *)tracedata; - const char *file =3D *(const char **)(tracedata + 2); + const char *file =3D offset_to_ptr((int *)(tracedata + 2)); unsigned int user_hash_value, file_hash_value; =20 if (!x86_platform.legacy.rtc) @@ -187,9 +187,9 @@ static int show_file_hash(unsigned int value) =20 match =3D 0; for (tracedata =3D __tracedata_start ; tracedata < __tracedata_end ; - tracedata +=3D 2 + sizeof(unsigned long)) { + tracedata +=3D 2 + sizeof(int)) { unsigned short lineno =3D *(unsigned short *)tracedata; - const char *file =3D *(const char **)(tracedata + 2); + const char *file =3D offset_to_ptr((int *)(tracedata + 2)); unsigned int hash =3D hash_string(lineno, file, FILEHASH); if (hash !=3D value) continue; --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08C1F42E480; Thu, 8 Jan 2026 09:28:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864505; cv=none; b=j9A26RkZ1QUUWMS8eSG9RD/N95Iai5rnxRon9pjdl2vLPF3tVRnQa3xf4cZcB7Om2OF8fG73nDEQ6ZhKGSYowxd67QhjlM192JyI6oh8DcCTtifDi5Zd4ZOxCKkyTCm28ksd4dQHYEiZAiENqiio9I/xG1LUWsfH8G1p5tUJMjU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864505; c=relaxed/simple; bh=UKYzBsVEAFiPjZdHt7axt6UwaeRnASbJ8MN6S8KXN78=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XNhJVkv7s0p+aPTYXTO2yZZvlCmPWZGUb37QibSCPzG4QM5GsEY/lcIQZlf7tcO2FBmeFco45gaFsWvZQxVI5Mco4RHHLK85VmdqH4LJ8N7VImX5m8KidqlsCH+/0i3zt4KZiea3+vxdlALIMZwMRl0u1OEXj5m1JdFqwb/4MYk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AZ+CVu0y; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AZ+CVu0y" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5905AC19422; Thu, 8 Jan 2026 09:28:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864503; bh=UKYzBsVEAFiPjZdHt7axt6UwaeRnASbJ8MN6S8KXN78=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AZ+CVu0ygqa1AHc2ET8QtSCzK8gs9r0Aphn7ggnsq5mJV9eoXKh8ekupo0Mc8LmzS bagiVEoa1mxpkDw/jhh8oXOIPjNebnUff4Dv/2s4mkTwOvPrSQCjQAqI5scj3dwX9z wlvMX1Qv25BXey1kYO1p/G+vFtKid5HHwdXOjS4S6J2vGBgDM+amJSL+jL3e/kAG7Y +9AMMOPyA9WJ36gQKd7ul0f5zDyEutAbUn+nN007mA0syBvVdPlKl4uOqsntuaUPS/ DiXVmjrwxfJ0y9cWO8DnUVJdCaKky8yFFpVEKqfwHAkcINaWNkDBqxL37C1+VOIE21 mO+mS8sOssPlw== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 10/19] x86/kvm: Use RIP-relative addressing Date: Thu, 8 Jan 2026 09:25:37 +0000 Message-ID: <20260108092526.28586-31-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1127; i=ardb@kernel.org; h=from:subject; bh=UKYzBsVEAFiPjZdHt7axt6UwaeRnASbJ8MN6S8KXN78=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QqQ6plyr7mmy9qeqitP/WC0m8k3kMGJmaN64/fcf3 sBw98MdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCIfLzEyzOlqf/2o0zF80ZRb Zn/nJiywfCd76oD5pY3quZ4lh/tS8xn+Sl2ovvTY123bU5lzYdukLt2t453mH7jaYtoasX8rXqT 9YgAA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace absolute references in inline asm with RIP-relative ones, to avoid the need for relocation fixups at boot time. This is a prerequisite for PIE linking, which only permits 64-bit wide loader-visible absolute references. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/kvm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index df78ddee0abb..1a0335f328e1 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -807,8 +807,9 @@ extern bool __raw_callee_save___kvm_vcpu_is_preempted(l= ong); * restoring to/from the stack. */ #define PV_VCPU_PREEMPTED_ASM \ - "movq __per_cpu_offset(,%rdi,8), %rax\n\t" \ - "cmpb $0, " __stringify(KVM_STEAL_TIME_preempted) "+steal_time(%rax)\n\= t" \ + "0:leaq 0b(%rip), %rax\n\t" \ + "addq __per_cpu_offset - 0b(%rax,%rdi,8), %rax\n\t" \ + "cmpb $0, " __stringify(KVM_STEAL_TIME_preempted) "+steal_time-0b(%rax)= \n\t" \ "setne %al\n\t" =20 DEFINE_ASM_FUNC(__raw_callee_save___kvm_vcpu_is_preempted, --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F006A442B04; Thu, 8 Jan 2026 09:28:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864508; cv=none; b=digIPii4YjePa3K/7FQunFxAEcpsAIUY+FTEYrJzmRb6HlJs2wirhWgnkIqRiQCtz2ON+ZPCj2YfCLW5qIjLbllh2Et7q8Iy8IaUC84BEdFf08PQEJYzGE4CjFI3alRRoxPogQ20JpEMoRK4uRYRUDaxYSyGyzavKzzCUK/LxLw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864508; c=relaxed/simple; bh=XQEzizKeIH1kxwO1qDXCpqKupc0ETqfSJihMTXf8Zk4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mOwRRRwGs5CsFpDtK31JOhwnu7oOs4KsOlUp5ukzuiNdCsOjzvPgbTJ11Vs+6u4HYwtHY78qKqndKXpZacmWXoUYv4FcXOseDNt2ddO5pso7DKc14lFRM6a/jg5xcwOwTJ2dxkB8oVnaEMwAgzm2PM2cjE7w6mh9MwGB2HhfGl4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e/RCdxeJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e/RCdxeJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 231D8C116C6; Thu, 8 Jan 2026 09:28:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864506; bh=XQEzizKeIH1kxwO1qDXCpqKupc0ETqfSJihMTXf8Zk4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e/RCdxeJXtZwVRb6KHJtH1h/tJjUTp9Ue3MsipaIF3fANLIMaH57U22CVKy2s2RVg Eqtvglv4sRC0ke4AVg9wokJqrPvmpr/JbSAGHr9B60bLvybnicJE597CRYmo4YJUZT b1NIYDgdmkxRsHIBtgs1BJvk+0fS5+gpqVsMr2G4hcytZiUmUocDnWMvsYz4HZr5nx shnXvaF3a9c7YY7rvM88eO0Un+qe370LYWoTb3YgqGEQeq8rsPes2ktvQGFliOWOUF 6gIKbQyZ3OSZfXkeJ5N22IEM0LH0RDjps6HdanQJ7z7wTYb8tm1dM2okDuaJycjjZR weJLZOB1egcaw== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 11/19] x86/rethook: Use RIP-relative reference for fake return address Date: Thu, 8 Jan 2026 09:25:38 +0000 Message-ID: <20260108092526.28586-32-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1384; i=ardb@kernel.org; h=from:subject; bh=XQEzizKeIH1kxwO1qDXCpqKupc0ETqfSJihMTXf8Zk4=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QpR186vea+z+xqJ5S2r2n6ntPWl/1f21zeQTrayFS Td0ph/uKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABOZqcXI8POK2MYfK2Q5Yv7G cCTyBfW6tdgtv7vIdteaKL4D1bOf72RkWPdI/5ePwKmr5dl159vviR3oX+SpHJBnctY4do9iid4 1TgA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Pushing an immediate absolute address to the stack is not permitted when linking x86_64 code in PIE mode. Usually, the address can be taken using a RIP-relative LEA instruction, but this is not possible here as there are no available registers. So instead, take the address into a static global, and push it onto the stack using a RIP-relative memory operand. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/rethook.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/rethook.c b/arch/x86/kernel/rethook.c index 85e2f2d16a90..50812ac718b0 100644 --- a/arch/x86/kernel/rethook.c +++ b/arch/x86/kernel/rethook.c @@ -11,6 +11,10 @@ =20 __visible void arch_rethook_trampoline_callback(struct pt_regs *regs); =20 +#ifdef CONFIG_X86_64 +static __used void * const __arch_rethook_trampoline =3D &arch_rethook_tra= mpoline; +#endif + #ifndef ANNOTATE_NOENDBR #define ANNOTATE_NOENDBR #endif @@ -27,7 +31,7 @@ asm( #ifdef CONFIG_X86_64 ANNOTATE_NOENDBR "\n" /* This is only jumped from ret instruction */ /* Push a fake return address to tell the unwinder it's a rethook. */ - " pushq $arch_rethook_trampoline\n" + " pushq __arch_rethook_trampoline(%rip)\n" UNWIND_HINT_FUNC " pushq $" __stringify(__KERNEL_DS) "\n" /* Save the 'sp - 16', this will be fixed later. */ --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 232B7442AFF; Thu, 8 Jan 2026 09:28:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864511; cv=none; b=oP6CeSqumPR4iCJLJjH8h0J8fv/FHWpxaTHYc3ENP77BLqA9Qa04zBQhCB/KwjUxFjR3oKsJG5ONn4NjnQl2Zm3ykV36U3wViZNK2M/ibIKLqritA9v5hXVTSXwYVJL3D2TecRnwMcYqEQFVgJaeFtZv7kCiAisF1nGz/2iUG6o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864511; c=relaxed/simple; bh=N1TUW6ASyVJu7d2IzQFvCBSY/IugmyoO6hh1JgUNO14=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ly4bFGAEZHU6EchF0T5GemNTJwQgnzCfSJmZRKIWdLjPrWXklWNWn/MW6DqYiXqJ84jR9pX/fI0WvZuVpjy5LzW9IWxBDUbwTbA/4TLUTs85wyK4BulIb2i2TyTYNqkjSyLina3p+dxvam97m9OmHYIjFjf5M9PyIAmtc9MXRN0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pxz25/2m; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pxz25/2m" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1C7EC19425; Thu, 8 Jan 2026 09:28:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864509; bh=N1TUW6ASyVJu7d2IzQFvCBSY/IugmyoO6hh1JgUNO14=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pxz25/2mUbOkfj729LDlEyYGss74sG3uOPuWAT54Z7yxtkrWhmpXg6/Z3s8olGccZ VHT1wtviIFEgI0sYgiwIxjY8r7XHZncsBouNIC+gduH3GhrOdEPM2KwKxUONQg5qKd UNW3nZPy/KNNunNYhopV9uLpDTX0CANfidH8zvvNLOIe6lQYwb1bSrmRnsHITKDkYA oRDeWogAfBwa1AFbjT0yy/tSu2gweyhXANC6aWxhMK1ady38LS06nh6d4ZpK8gDWNC Cw6BCLGjAIvaN3dY5NV4SsfDnItVGpy0Wpbqk3Cj/OPrVgr1H7Dck79OBw55Gqadgs YcznqFGN6wKaQ== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 12/19] x86/sync_core: Use RIP-relative addressing Date: Thu, 8 Jan 2026 09:25:39 +0000 Message-ID: <20260108092526.28586-33-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=900; i=ardb@kernel.org; h=from:subject; bh=N1TUW6ASyVJu7d2IzQFvCBSY/IugmyoO6hh1JgUNO14=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+Qpxl9seT85/F8HQ3cfh9n+91kFFz6p1TBYkStdPr9 ptFpxd3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIn8PcTIsNp12ssgqUuLKiZH Sf9Y5nzus8h5u2yuO73zC1LjrnfNWcrIML935iTXDxJ3Ln0qVbec/SDXRVaBa1l3ftjsr3u+LWu 4yQ8A X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use RIP-relative accesses for sync_core(). This removes a 32-bit absolute reference that requires fixing up at runtime when KASLR is enabled. This is a prerequisite for PIE linking, which only permits 64-bit wide loader-visible absolute references. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/sync_core.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/sync_core.h b/arch/x86/include/asm/sync_c= ore.h index 96bda43538ee..547fdc690ecc 100644 --- a/arch/x86/include/asm/sync_core.h +++ b/arch/x86/include/asm/sync_core.h @@ -31,7 +31,8 @@ static __always_inline void iret_to_self(void) "pushfq\n\t" "mov %%cs, %0\n\t" "pushq %q0\n\t" - "pushq $1f\n\t" + "leaq 1f(%%rip), %q0\n\t" + "pushq %q0\n\t" "iretq\n\t" "1:" : "=3D&r" (tmp), ASM_CALL_CONSTRAINT : : "cc", "memory"); --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC1E2443557; Thu, 8 Jan 2026 09:28:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864513; cv=none; b=f98mmpDjrs9QfEUxx6bK3TpSPQQewONyRbyBV+U05q7nB/+p1xUZhfA57yv/iIFt9HEHO8Piq3f0gn+mhGbaKRq7g+vYTWciSywqMEFFeuzXHqFkUVEcmI7imAbx7ys0mnWVRptU2jHX3Eul80CPZrIAM2GhBzpWTGl1sRaYeNQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864513; c=relaxed/simple; bh=6scAsjRD5Wriwk6GrdhKjIHbQzXMRVcf7w3xNozkua4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iLDJ72ekFE/EzP8f/cBrpALHWxRiy0qr4P5CVkH37dAgpAeXYCWzhzNmffv+10O2oxRxL66y7vH99GEAtRJFe8KDIYoL0rtr/+e7fdtkMHOSSjBM771uZmHosShWiiJwaROoG8jTFdDsHXVheuR537RNZ8dAIddvVw6sPhIfUYg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ONfuBzDH; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ONfuBzDH" Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB8F1C116C6; Thu, 8 Jan 2026 09:28:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864512; bh=6scAsjRD5Wriwk6GrdhKjIHbQzXMRVcf7w3xNozkua4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ONfuBzDHpkTFUFzfXWfYXgVyIt0TgAesi2qYP801WGdFM4MkafgGRErX3fwN7x1kF pJD7kIklLTIjYnmJOzJybmbuk36oGoLsRcKRztjZ4kxjQsYZo89gSVkrQNyLa2cwzl jTJ8rGG3JVQI7GvFZLbAhoMgFS0MLoPjzSQJ8ebFgaba4q+8MXdfH2hIIT5JA3UR0m JXzP143igchj1CKPD7DC9alu8WLvPo7CMVB9FEPEMGMSh7M49XBO3IZB9Cvg+WDaLg ZPCgvyhVCsHHguCUJINPlPC0AE1+NCJ85Pscfz6KziV2jbpflR8FjZbYrxN1ycF1PJ PymWHwAEcK2WQ== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 13/19] x86/entry_64: Use RIP-relative addressing Date: Thu, 8 Jan 2026 09:25:40 +0000 Message-ID: <20260108092526.28586-34-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2754; i=ardb@kernel.org; h=from:subject; bh=6scAsjRD5Wriwk6GrdhKjIHbQzXMRVcf7w3xNozkua4=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QqL5eVfkj91yf241nIixqFX6MHOngV5aU/CPZPZnM RFVb3d1lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIm8OMjIcPOFu5yr5PYTbZvn S3P8fxq/7tDbdKY5PwK/ukgHbZTK5WH479a+rPn32b+XTP9prjJ8mXXirpt+isf0s+/n97sn/X+ awwgA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace a couple of instances in the x86_64 entry code where the absolute address of a symbol is taken in a manner that is not supported when linking in PIE mode, and use RIP-relative references instead, which don't require boot-time fixups at all. Signed-off-by: Ard Biesheuvel --- arch/x86/entry/calling.h | 9 +++++---- arch/x86/entry/entry_64.S | 14 +++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h index 77e2d920a640..a37b402432a3 100644 --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -376,8 +376,8 @@ For 32-bit we have the following conventions - kernel i= s built with .endm =20 .macro SAVE_AND_SET_GSBASE scratch_reg:req save_reg:req + GET_PERCPU_BASE \scratch_reg \save_reg rdgsbase \save_reg - GET_PERCPU_BASE \scratch_reg wrgsbase \scratch_reg .endm =20 @@ -413,15 +413,16 @@ For 32-bit we have the following conventions - kernel= is built with * Thus the kernel would consume a guest's TSC_AUX if an NMI arrives * while running KVM's run loop. */ -.macro GET_PERCPU_BASE reg:req +.macro GET_PERCPU_BASE reg:req scratch:req LOAD_CPU_AND_NODE_SEG_LIMIT \reg andq $VDSO_CPUNODE_MASK, \reg - movq __per_cpu_offset(, \reg, 8), \reg + leaq __per_cpu_offset(%rip), \scratch + movq (\scratch, \reg, 8), \reg .endm =20 #else =20 -.macro GET_PERCPU_BASE reg:req +.macro GET_PERCPU_BASE reg:req scratch:req movq pcpu_unit_offsets(%rip), \reg .endm =20 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index f9983a1907bf..77584f5ebb4b 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1040,7 +1040,8 @@ SYM_CODE_START(error_entry) movl %ecx, %eax /* zero extend */ cmpq %rax, RIP+8(%rsp) je .Lbstep_iret - cmpq $.Lgs_change, RIP+8(%rsp) + leaq .Lgs_change(%rip), %rcx + cmpq %rcx, RIP+8(%rsp) jne .Lerror_entry_done_lfence =20 /* @@ -1252,10 +1253,10 @@ SYM_CODE_START(asm_exc_nmi) * the outer NMI. */ =20 - movq $repeat_nmi, %rdx + leaq repeat_nmi(%rip), %rdx cmpq 8(%rsp), %rdx ja 1f - movq $end_repeat_nmi, %rdx + leaq end_repeat_nmi(%rip), %rdx cmpq 8(%rsp), %rdx ja nested_nmi_out 1: @@ -1309,7 +1310,8 @@ nested_nmi: pushq %rdx pushfq pushq $__KERNEL_CS - pushq $repeat_nmi + leaq repeat_nmi(%rip), %rdx + pushq %rdx =20 /* Put stack back */ addq $(6*8), %rsp @@ -1348,10 +1350,8 @@ first_nmi: addq $8, (%rsp) /* Fix up RSP */ pushfq /* RFLAGS */ pushq $__KERNEL_CS /* CS */ - pushq $1f /* RIP */ - iretq /* continues at repeat_nmi below */ + call native_irq_return_iret UNWIND_HINT_IRET_REGS -1: #endif =20 repeat_nmi: --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D991443CA5; Thu, 8 Jan 2026 09:28:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864516; cv=none; b=qJWKoiqqLCo6eoT/HFg9J4px7+6sJ0GlrefeKWbUa/Hzl2Su4EVRD4bqBajTvDczDqCXirqmNvGUaJfjxsGUoyQt1ePSwmm0kk5AnsWdiS1Fw2nZDUM2uZGY9soLMhbCBavN3o6uRFOQUSJ1KOO7xMwciepEeeSLBZ9iyepl4UA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864516; c=relaxed/simple; bh=zfrVg75Z35z2oocHCko1HgTUe+XNiB/uDzsXNZhpNQ8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S9fVF5P3Bed41NPIK8tT4zinLRxyQujQgNt2t9O+TZgwWbk6D0xZBsOO1r+zYTOiI2YNQmKIWSIkWbSrCQSTbZrezVuXsXAlHqUw9sgGxSnDXlhfu4wetfxti4TltXAWDEG+kwRgGRFqgrQK86m0WH38mLG2avy/rje5d1113Bc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WeU18qKY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WeU18qKY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79F92C16AAE; Thu, 8 Jan 2026 09:28:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864514; bh=zfrVg75Z35z2oocHCko1HgTUe+XNiB/uDzsXNZhpNQ8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WeU18qKYZHmj0RkHtk5d54Rdrzc6BL2hnOW64m4WuAJnYYpr1yCRWDGCqur64e0p3 6Mf3BsW9dK2t4Rjdh58qeLu2X+WnNG64CqFAKFDHh/xJ6IFtJzEiVZ6U2MHQa+zAv/ spFST6PhdUX3QqUdIQFp+rBhI2Z+grdQpm6kZtE6xC5zcOpm4XjP3cAu8EofQsiI0a rJ1RUIMGEaL2aYrzJmL89SaSf3C80YoD+MDwzU9sDzENLiFg5yOwCWRVadI3FzhYbH JSfzhmTW2v1ZOTaSI5Im4j6KLM6eK/0WdNTUhTgIZF6I9Y7PAvZ753qUYS5/hRie78 VFY5s7KQB7E0w== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 14/19] x86/hibernate: Prefer RIP-relative accesses Date: Thu, 8 Jan 2026 09:25:41 +0000 Message-ID: <20260108092526.28586-35-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1165; i=ardb@kernel.org; h=from:subject; bh=zfrVg75Z35z2oocHCko1HgTUe+XNiB/uDzsXNZhpNQ8=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+Qurvnaa9+/M/zv949MW6i8Fuh5exHtr3MPV9qfIjK WdXN9WsjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR4w8Y/qde2msXrib92O/A 78/rFse/eD21jz89+OyKa4G3bU6JTDRlZJhXpnxzwuuwA5uyNJSX3zXNvr5hnsHSsLW90seeC53 dVccJAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace some absolute symbol references with RIP-relative ones, to avoid fixups at boot time. This is a prerequisite for PIE linking, which only permits 64-bit wide loader-visible absolute references. Signed-off-by: Ard Biesheuvel --- arch/x86/power/hibernate_asm_64.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/power/hibernate_asm_64.S b/arch/x86/power/hibernate_a= sm_64.S index c73be0a02a6c..173df717275a 100644 --- a/arch/x86/power/hibernate_asm_64.S +++ b/arch/x86/power/hibernate_asm_64.S @@ -40,7 +40,7 @@ SYM_FUNC_START(restore_registers) movq %rax, %cr4; # turn PGE back on =20 /* We don't restore %rax, it must be 0 anyway */ - movq $saved_context, %rax + leaq saved_context(%rip), %rax movq pt_regs_sp(%rax), %rsp movq pt_regs_bp(%rax), %rbp movq pt_regs_si(%rax), %rsi @@ -71,7 +71,7 @@ SYM_FUNC_START(restore_registers) SYM_FUNC_END(restore_registers) =20 SYM_FUNC_START(swsusp_arch_suspend) - movq $saved_context, %rax + leaq saved_context(%rip), %rax movq %rsp, pt_regs_sp(%rax) movq %rbp, pt_regs_bp(%rax) movq %rsi, pt_regs_si(%rax) --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7CAFD443CDC; Thu, 8 Jan 2026 09:28:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864521; cv=none; b=rD+oR0kXjq8QhVRccrcfyAakNPDhEvU7PlIRDqt/Rbi9KxhAk851hSKgq4QkNxVQZC5eM/Qxk8t1RlGR+rSFxtAp6ly5T6KVKjqp8e8hE911v7SYcu+TfMtZGUUrB3zelT5C521A5ou2RwqLJyW1LBCE2/gG3+R1LuBdDpsUmqo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864521; c=relaxed/simple; bh=myFOVNSBDPjvkqKce6iB/ppwMkoexRyj2C6Vu/MTr94=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XrBmo8+Xbdj/yMyan9R/44tuLj0oymhdJu4c+6Ijh8ZWPb9v4H0x63RoF8zLQuTOQw8ne1BES3JQL8vGeGNiNGCipaX/q8rS41eRChf/WUqYIjDSRIC0fnXBPIno7pqyWtLRRqUxiyPxtBOSFb0Kd85044NdvJSKi0o2r6q53iE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WtxB0+D3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WtxB0+D3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 433E4C116C6; Thu, 8 Jan 2026 09:28:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864517; bh=myFOVNSBDPjvkqKce6iB/ppwMkoexRyj2C6Vu/MTr94=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WtxB0+D36MMYwbk09SqTbMQnN1/jkA2LcpXbXKeapCcyDt8AHHWLDUUbyiC9GfbYC vgGnS/Cl45q7ir4PJrcBIKZKrx8IdXel4G2trIUtu7wReBtC32t1sXvSxWJcvNAsKh 6hD21Cb64KGJiCLFFsFmA99hHxO9gVqzjc5ihQ79flSoFy6U3BYLdeyFqDcL2c4HMv ovzUOhIINpPfuJujBM6hoGJIkH9S5UFa90QqnQ8YpF8cce8c1yoZNI9KuFeZ2JK6Wm oBStLOTEIvG5kA3vxz0H3NKt1yfamRKi8UWW7QWXuhNy7m+ap3MJbWqLFlygioovkF xyzK7Ea2Zsz/Q== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 15/19] x64/acpi: Use PIC-compatible references in wakeup_64.S Date: Thu, 8 Jan 2026 09:25:42 +0000 Message-ID: <20260108092526.28586-36-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2095; i=ardb@kernel.org; h=from:subject; bh=myFOVNSBDPjvkqKce6iB/ppwMkoexRyj2C6Vu/MTr94=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QvpUotLx3eZMygfvNUyYseTwhO2t65c9bvlXtFYu6 5L1pyfbO0pZGMS4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEcq4w/LNdUTjl++vb/7ky k/KX2j4OOXV77Se317XdJ711/9c5np3C8FdAgWG5ukr5T4VNArOcJDuvVnx4nv3aVdP/NIPnjPU N8zgB X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use ordinary RIP-relative references to make the code compatible with running the linker in PIE mode. Note that wakeup_long64() runs in the kernel's ordinary virtual mapping so there is no need to record the address of .Lresume_point in a global variable. And fix the comment while at it. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/acpi/wakeup_64.S | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/acpi/wakeup_64.S b/arch/x86/kernel/acpi/wakeup= _64.S index 04f561f75e99..15233a4e1c95 100644 --- a/arch/x86/kernel/acpi/wakeup_64.S +++ b/arch/x86/kernel/acpi/wakeup_64.S @@ -14,7 +14,7 @@ =20 .code64 /* - * Hooray, we are in Long 64-bit mode (but still running in low memory) + * Hooray, we are in Long 64-bit mode */ SYM_FUNC_START(wakeup_long64) ANNOTATE_NOENDBR @@ -41,7 +41,7 @@ SYM_FUNC_START(wakeup_long64) movq saved_rsi(%rip), %rsi movq saved_rbp(%rip), %rbp =20 - movq saved_rip(%rip), %rax + leaq .Lresume_point(%rip), %rax ANNOTATE_RETPOLINE_SAFE jmp *%rax SYM_FUNC_END(wakeup_long64) @@ -52,7 +52,7 @@ SYM_FUNC_START(do_suspend_lowlevel) xorl %eax, %eax call save_processor_state =20 - movq $saved_context, %rax + leaq saved_context(%rip), %rax movq %rsp, pt_regs_sp(%rax) movq %rbp, pt_regs_bp(%rax) movq %rsi, pt_regs_si(%rax) @@ -71,8 +71,6 @@ SYM_FUNC_START(do_suspend_lowlevel) pushfq popq pt_regs_flags(%rax) =20 - movq $.Lresume_point, saved_rip(%rip) - movq %rsp, saved_rsp(%rip) movq %rbp, saved_rbp(%rip) movq %rbx, saved_rbx(%rip) @@ -90,7 +88,7 @@ SYM_FUNC_START(do_suspend_lowlevel) .Lresume_point: ANNOTATE_NOENDBR /* We don't restore %rax, it must be 0 anyway */ - movq $saved_context, %rax + leaq saved_context(%rip), %rax movq saved_context_cr4(%rax), %rbx movq %rbx, %cr4 movq saved_context_cr3(%rax), %rbx @@ -139,7 +137,6 @@ saved_rsi: .quad 0 saved_rdi: .quad 0 saved_rbx: .quad 0 =20 -saved_rip: .quad 0 saved_rsp: .quad 0 =20 SYM_DATA(saved_magic, .quad 0) --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D850443CD3; Thu, 8 Jan 2026 09:28:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864521; cv=none; b=bLrXPzheg0yTNT7NVViM0gdkloPTTggOkQ1W/91/NKwxzMppv221HL/MvkLXCJjRPlUnl9sHmFqckEgTHth8osox9yYagXCuaA7evTuKZrFlVz3n/OS/U+sQWf0+auu4AIRBapJyuueVCk86Kt68uKzziQb1UjqzP+5wmpa76JU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864521; c=relaxed/simple; bh=Me24Xe8jlmsEJjlmbTQiFymbguEG0EEq4PfTyqWGNgg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Pr2LkVM1lLfaE/UDvQZUiCMjaBPGmaIqUS7+kGJ+xdMpNOOBgkKt5cZiqtJv+2H6va5jlAFGiWz5BT/d99VuucUEiJyCaYRQmyzmBKySMfXn43QykaDmDEiFVSRHmLV1xUh+Q6PQZ3FmmItzOwmvo2MTa625USLjcdzp9HSrmGQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gIjAAvpY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gIjAAvpY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D19FC16AAE; Thu, 8 Jan 2026 09:28:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864520; bh=Me24Xe8jlmsEJjlmbTQiFymbguEG0EEq4PfTyqWGNgg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gIjAAvpY/cJ9+muqPobtVjzBZDh6MSC5vwV4o/rqtNneRFQJmcW+TlUKxNIBewyBJ 66c8+ysys9upa/25hVQfSkO8rBKTOg7FQqAKEHBqj2MhB1Ahzpd+9U4gmsr7xuRj98 2XSYD2B9ofk7OB8a7hlX8UNsp06w5eoPpLnSRNAcN145deJSvZSDBQO7yMJKB3Z5WK o6v5xkM2u8wf7gB/jL+eHJE4eAajmmw7FfZ7QDfchqfIDmnV1K/5ohXn3HvRst5QU0 5HBx9LaAMHVC/H73IB/akhYDZ9uTDn5Q4TAfY2kMlAlpAwIyCFIYmcJ0qG5qED4Dxo PP76ZWnxj46Hg== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 16/19] x86/kexec: Use 64-bit wide absolute reference from relocated code Date: Thu, 8 Jan 2026 09:25:43 +0000 Message-ID: <20260108092526.28586-37-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=919; i=ardb@kernel.org; h=from:subject; bh=Me24Xe8jlmsEJjlmbTQiFymbguEG0EEq4PfTyqWGNgg=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+Qoa9260i3M7Rs9vyys20PzuTFlg3MsybIlq6o0Gbb 4Fu5JqOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJHmcEaGR5/uJ55saGL/NzXK itdX0uXAOu1i61OrSpQPRwYHX5W0Z2RY5rpGhdde8o1VhuzhOzwTZX5+Pne7J/NVcsmmqdc/LWb lAgA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The virtual_mapped() kexec routine runs from a different virtual address than it was linked at, and so it needs to use an absolute reference to load the address of 'saved_context'. Change this reference to a 64-bit wide one, to make the code compatible with linking in PIE mode. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/relocate_kernel_64.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocat= e_kernel_64.S index 4ffba68dc57b..3fc1a3002e32 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -311,7 +311,7 @@ SYM_CODE_START_LOCAL_NOALIGN(virtual_mapped) =20 #ifdef CONFIG_KEXEC_JUMP /* Saved in save_processor_state. */ - movq $saved_context, %rax + movabsq $saved_context, %rax lgdt saved_context_gdt_desc(%rax) #endif =20 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98DB5443CAE; Thu, 8 Jan 2026 09:28:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864523; cv=none; b=g+YmFq39pczsKpfKaMtb4aHtz0UHsfL0k944YXMOt2iScpeInH1V9ZPoUzONrklZxKfwdn8nClkZqPhaCll2yTEfTPmPUZOfnkbjDHi9LKzQG7REewqFpnT6/f+swrBeZCz3LHd4yKoYRR7lGmHngFkSir/Dh/cCwsW7yqPQ0P8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864523; c=relaxed/simple; bh=bpSLYp7XpHWabHOuGWxPQHhBYa5mB/Z2Nl1nh/H2Kwc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GudJMCxNjuX393MLeimfSeCv31IsPKjmzKbbR9L39G7vW0CZ9R007LW2xAn82L78SnICsIHOW75STFzJHzWIJ3GpSfRikcd8sqe9eGST44Z4TUNYZ84ebDr0vc/hCtX+jZcoSKFSd/j3dGlstu+zLCywsiYcOniYb1WflbNWsbA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LqZNnF1s; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LqZNnF1s" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CAB7CC19421; Thu, 8 Jan 2026 09:28:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864523; bh=bpSLYp7XpHWabHOuGWxPQHhBYa5mB/Z2Nl1nh/H2Kwc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LqZNnF1slLo3Axq/G/d2YKNvL1wn6cFtsiv8dlEwG2SasZU3wx3NsXDu8KqCJAtiw CvMQW5tAMMCV32o4pS+F3k30lJsBqahp4MzBx8/Rk2YNNR6hmcll2DA1wJK1aBk+h/ XtIPSiG6P1lAPzFO5PcIai3QOp2Oxkj+4e+bxYfFFego7VwwWNfEMU5VduJ9fiF9kJ XDYfdoc1/wWFwtOQDECXXmiNto4Ca6ufi+9SAaQMj/82ddOmEsd+/PmL1IoqNUJzdU 9FGHkN7AvbAvO2gPce38IORUABhcpL3geN+3WxbnS0Ni8suTaQ2o1Qi7Vnw0dgRavY fZ3GF8Xu9V6Ng== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 17/19] x86/head64: Avoid absolute references in startup asm Date: Thu, 8 Jan 2026 09:25:44 +0000 Message-ID: <20260108092526.28586-38-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2510; i=ardb@kernel.org; h=from:subject; bh=bpSLYp7XpHWabHOuGWxPQHhBYa5mB/Z2Nl1nh/H2Kwc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+Qi5T13rPBbOnk3ZrNbrqn2+eNHFZuM43h/LVmvO/r JvMLu7UUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACayZibDP0Mbr3ULb7t7hcYo 8z1t35p+O4MvL2LljA82xjxBjScNLBgZtu/ckWgS9GG99GTjfIZDRXNNtu3tkOn85JQcY6T9Mo6 TGwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace a couple of occurrences of absolute references with RIP-relative ones. This removes the need for boot-time fixups. This is a prerequisite for PIE linking, which only permits 64-bit wide loader-visible absolute references. Signed-off-by: Ard Biesheuvel --- arch/x86/kernel/head_64.S | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 21816b48537c..2c666c8c4519 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -179,8 +179,9 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_G= LOBAL) xorl %r15d, %r15d =20 /* Derive the runtime physical address of init_top_pgt[] */ - movq phys_base(%rip), %rax - addq $(init_top_pgt - __START_KERNEL_map), %rax + leaq init_top_pgt(%rip), %rax + subq $__START_KERNEL_map, %rax + addq phys_base(%rip), %rax =20 /* * Retrieve the modifier (SME encryption mask if SME is active) to be @@ -232,6 +233,9 @@ SYM_INNER_LABEL(common_startup_64, SYM_L_LOCAL) btsl $X86_CR4_PGE_BIT, %ecx movq %rcx, %cr4 =20 + /* Use .text as an anchor to emit PC-relative symbol references */ + leaq .text(%rip), %rbx + #ifdef CONFIG_SMP /* * For parallel boot, the APIC ID is read from the APIC, and then @@ -288,10 +292,9 @@ SYM_INNER_LABEL(common_startup_64, SYM_L_LOCAL) .Llookup_AP: /* EAX contains the APIC ID of the current CPU */ xorl %ecx, %ecx - leaq cpuid_to_apicid(%rip), %rbx =20 .Lfind_cpunr: - cmpl (%rbx,%rcx,4), %eax + cmpl cpuid_to_apicid - .text(%rbx,%rcx,4), %eax jz .Lsetup_cpu inc %ecx #ifdef CONFIG_FORCE_NR_CPUS @@ -311,7 +314,7 @@ SYM_INNER_LABEL(common_startup_64, SYM_L_LOCAL) =20 .Lsetup_cpu: /* Get the per cpu offset for the given CPU# which is in ECX */ - movq __per_cpu_offset(,%rcx,8), %rdx + movq __per_cpu_offset - .text(%rbx,%rcx,8), %rdx #else xorl %edx, %edx /* zero-extended to clear all of RDX */ #endif /* CONFIG_SMP */ @@ -322,7 +325,7 @@ SYM_INNER_LABEL(common_startup_64, SYM_L_LOCAL) * * RDX contains the per-cpu offset */ - movq current_task(%rdx), %rax + movq current_task - .text(%rbx,%rdx), %rax movq TASK_threadsp(%rax), %rsp =20 /* @@ -343,7 +346,7 @@ SYM_INNER_LABEL(common_startup_64, SYM_L_LOCAL) */ subq $16, %rsp movw $(GDT_SIZE-1), (%rsp) - leaq gdt_page(%rdx), %rax + leaq gdt_page - .text(%rbx,%rdx), %rax movq %rax, 2(%rsp) lgdt (%rsp) addq $16, %rsp --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58ED3444822; Thu, 8 Jan 2026 09:28:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864527; cv=none; b=Avjw0UHUQmmiRvcaCYPpDFrNXOf1ojFeOEB1eeq8sg2VjZEbcB50KsTu2Pnv0thrCKIvdoa7j8SgSWluUEYXXFIZsLvYTetl0XoVK2yovniNSoMlqyEw3ZxSIHvaXYbTjFl7F7RY/wb0ZV4yLGucV/uEWKAC+On1DDXcWyEKSO8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864527; c=relaxed/simple; bh=P1lJeWjCS3Z/ecUvYNiclBWHLgcgxigfGGdI48tiRW8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NMRygra1XNjGu/TBCy3sDaN2kIGNPTr27p1q/BoyEDgG4/CUOmrU/tOb+950JCH+gGxr3a3TygIvFwXod7mfM+9ZtYzTeyhOqlMfh2T6X/hHBq0oxm65GSFTlrCLu5GMWfUNY9/MJqNXYqCiyDZYMCLuGEbt/d0YRpOdF86oBV0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=u0UNqmCZ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="u0UNqmCZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93DB3C16AAE; Thu, 8 Jan 2026 09:28:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864526; bh=P1lJeWjCS3Z/ecUvYNiclBWHLgcgxigfGGdI48tiRW8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u0UNqmCZ+DFoIsCdMmJJKGAn44VXz4xiIoe26PDpbFJUg7WCOfLVipErMD++H3VW3 QXFWKBIxdB5laWUic9JuYSfdJvIpzwe69v0gfdf37hFKPaw4FDhrocpbGj1TpD40jm ycvMhQX27uh/h2VkHjdpq4sq7VQHNVIFK1Mvfx8N5RF2IVo0gEK13yY0qQF947YzIH S/h/uD5SinqOgmpHnElBo9BQalaLAh77I6EDUzbMs+pr5W03Ftwlxw032p1FZoI3w7 18Q60yhzUS+u3Yj5IfHx6mud13AKH71hEZXvyzaQJw2iBJOSiaNae6D7Oz7b5sk0pV UIaYPgCgTf0MQ== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 18/19] x86/boot: Implement support for RELA/RELR/REL runtime relocations Date: Thu, 8 Jan 2026 09:25:45 +0000 Message-ID: <20260108092526.28586-39-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4132; i=ardb@kernel.org; h=from:subject; bh=P1lJeWjCS3Z/ecUvYNiclBWHLgcgxigfGGdI48tiRW8=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+Qt7gw6xPobaxR/5ek+LUbV402XbPNuc97fX9rHO8J vrI96p0lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlMbWX4H39takRyofbbi0zX f6s98DqhzvrgoDDrLNG3c3K1eTuFbjL8Uw1f8mnyqbMMTDIR+67eEuLTDJu5hedKYN6p+7/6HnX 8ZgEA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Given that the decompressor already incorporates an ELF loader that parses the program headers of the decompressed ELF image, support for dealing with the PT_DYNAMIC program header can be added quite easily, which describes the location of the RELA and RELR relocation tables in the image. This is a more efficient, and more idiomatic format, which allows the handling of boot-time randomization (KASLR) in a generic manner, rather than based on a bespoke x86-specific relocation format. This is a prerequisite for enabling further hardening measures that are implemented in the ELF domain, i.e., fgkaslr. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/misc.c | 73 +++++++++++++++++++- include/uapi/linux/elf.h | 3 + 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/mis= c.c index 1ea419cf88fe..bc5677e697ca 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -278,7 +278,68 @@ static inline void handle_relocations(void *output, un= signed long output_len, { } #endif =20 -static size_t parse_elf(void *output) +#define ELF(type) __PASTE(__PASTE(Elf, __LONG_WIDTH__), __PASTE(_, type)) + +static void handle_dynamic(const ELF(Dyn) *dyn, unsigned long p2v_offset, + unsigned long va_shift) +{ + const ELF(Rela) *rela =3D NULL; + const ELF(Rel) *rel =3D NULL; + unsigned long *relr =3D NULL; + unsigned long *place; + int relasize =3D 0; + int relrsize =3D 0; + int relsize =3D 0; + + for (auto d =3D dyn; d->d_tag !=3D DT_NULL; d++) { + switch (d->d_tag) { + case DT_RELA: + rela =3D (void *)(d->d_un.d_ptr + p2v_offset); + break; + case DT_RELASZ: + relasize =3D d->d_un.d_val; + break; + case DT_RELR: + relr =3D (void *)(d->d_un.d_ptr + p2v_offset); + break; + case DT_RELRSZ: + relrsize =3D d->d_un.d_val; + break; + case DT_REL: + rel =3D (void *)(d->d_un.d_ptr + p2v_offset); + break; + case DT_RELSZ: + relsize =3D d->d_un.d_val; + break; + } + } + + for (int i =3D 0; i < relasize / sizeof(*rela); i++) { + place =3D (unsigned long *)(rela[i].r_offset + p2v_offset); + *place +=3D va_shift; + } + + for (int i =3D 0; i < relrsize / sizeof(*relr); i++) { + if ((relr[i] & 1) =3D=3D 0) { + place =3D (unsigned long *)(relr[i] + p2v_offset); + *place++ +=3D va_shift; + continue; + } + + for (unsigned long *p =3D place, r =3D relr[i] >> 1; r; p++, r >>=3D 1) + if (r & 1) + *p +=3D va_shift; + place +=3D 8 * sizeof(*relr) - 1; + } + + for (int i =3D 0; i < relsize / sizeof(*rel); i++) { + place =3D (unsigned long *)(rel[i].r_offset + p2v_offset); + *place +=3D va_shift; + } + +} + +static size_t parse_elf(void *output, u64 va_shift) { #ifdef CONFIG_X86_64 Elf64_Ehdr ehdr; @@ -320,6 +381,12 @@ static size_t parse_elf(void *output) dest +=3D (unsigned long)output - LOAD_PHYSICAL_ADDR; memmove(dest, output + phdr->p_offset, phdr->p_filesz); break; + case PT_DYNAMIC: + if (!va_shift) + break; + dest =3D (void *)(output + phdr->p_paddr - LOAD_PHYSICAL_ADDR); + handle_dynamic(dest, (unsigned long)dest - phdr->p_vaddr, va_shift); + break; default: /* Ignore other PT_* */ break; } } @@ -351,7 +418,9 @@ unsigned long decompress_kernel(unsigned char *outbuf, = unsigned long virt_addr, NULL, error) < 0) return ULONG_MAX; =20 - entry =3D parse_elf(outbuf); + if (IS_ENABLED(CONFIG_X86_32)) + virt_addr =3D (unsigned long)outbuf; + entry =3D parse_elf(outbuf, virt_addr - LOAD_PHYSICAL_ADDR); handle_relocations(outbuf, output_len, virt_addr); =20 return entry; diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 819ded2d39de..868cd67f0ea7 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -103,6 +103,9 @@ typedef __u16 Elf64_Versym; #define DT_TEXTREL 22 #define DT_JMPREL 23 #define DT_ENCODING 32 +#define DT_RELRSZ 35 +#define DT_RELR 36 +#define DT_RELRENT 37 #define OLD_DT_LOOS 0x60000000 #define DT_LOOS 0x6000000d #define DT_HIOS 0x6ffff000 --=20 2.47.3 From nobody Mon Feb 9 07:19:27 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBB7C44484A; Thu, 8 Jan 2026 09:28:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864529; cv=none; b=P2jIJW5pKr3CnNdZUcrvKXbrAEG+UH/0SOg7wCzvZ1KVaEYwNwzTbWvZ5KUQgqKVhqjiT/95ZszhXOzoENlgkuL/jhbw+sft80nUl57xpA4jwLvIXv/7jlqGHA3B9NoRcWOT0eBxL+KdFrG3HZMckgG0l6MA+eV6V64Xcnvuh8o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767864529; c=relaxed/simple; bh=OhsEzHir8OBQE+v0lxOGIwf/pL9va7usB5B7SPjaMso=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hHi1IMvoTb5JxZHgR82uM8XQjeDNGM2OVGys+DR0Mr0aX0J7ufqxCb9Mw0xwZr2GZ8bIaaZBwPAko46A2Lr2rtTJaEzAoA4qw0TeWjtZLZpi3IKNADTk1NjX67ueV6TTosbj/g4ZFF3Q7JS7blXaIePSQuT4MWwVPSvy4C9OiU0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Yv89xaTY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Yv89xaTY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5CDE2C19424; Thu, 8 Jan 2026 09:28:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767864528; bh=OhsEzHir8OBQE+v0lxOGIwf/pL9va7usB5B7SPjaMso=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Yv89xaTYLQzPTEmHc7sQvhrDbB/7L7x4clGSSM+4qnVeRv2zZyh3NRvtEqt3X8exu Y6v0SAph6/AZ1c6CwxDHT0TgCxPPG6xeasEjacraQgMNAYv8eWX0y81eKuzVbAmT27 q+dZdgGI6+gRrjIiTm9iDrMY7TPIToHnxRvy8djBwF/y3de8D4zab4d1O1ZHfKA8Lo VshgkH/0/m24TirP9nbc6oFADb8leF+rdvB5MITT4yynEpPnn6/fRA91dJLpq39BAV lxKIx7pOnRVeGWI/bi2YA8eVjQ9BMP3QXNse9iUvfpzDQy/aimRhjy6NLCwG/R4pIF qCWDIi8xf1XtQ== From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Josh Poimboeuf , Peter Zijlstra , Kees Cook , Uros Bizjak , Brian Gerst , linux-hardening@vger.kernel.org Subject: [RFC/RFT PATCH 19/19] x86/kernel: Switch to PIE linking for the relocatable kernel Date: Thu, 8 Jan 2026 09:25:46 +0000 Message-ID: <20260108092526.28586-40-ardb@kernel.org> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260108092526.28586-21-ardb@kernel.org> References: <20260108092526.28586-21-ardb@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4330; i=ardb@kernel.org; h=from:subject; bh=OhsEzHir8OBQE+v0lxOGIwf/pL9va7usB5B7SPjaMso=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITO+QkGm4DrfnC6Lhdwbb7IbHI/sVGN/t5xtQ57k89U8b Bd3drJ1lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIkkxTP8Zj+re+KpyWyf+3qO x2Z+EggW216Tl2vCaf7ci9dy4Q4rLkaGW/anC620Il4tO1bOc/pfyrOl86Xefd9WwLhVYufZK3u deAA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If the toolchain supports RELR relocation packing, build the virtually relocatable kernels as Position Independent (PIE) Executables. This results in more efficient relocation processing for the virtual displacement of the kernel applied at boot, using RELR relocations that take up only a fraction of the space occupied by ordinary RELA relocations. More importantly, it instructs the linker to generate a binary that is really meant to be relocated at boot, using data structures that are intended for this purpose. Doing so is important for a couple of reasons: - Relying on --emit-relocs is problematic, because it produces the static relocations that are consumed by the linker as input, and these are not meant for describing a runtime relocatable image. For example, the linker may apply relaxations that result in the code and the static relocation going out of sync (and ld.bfd and ld.lld already handle this in a different way). - The 'relocs' tool relies on manually kept allow/deny lists of symbol names. These are needed because ELF absolute/relative symbol designations are often inaccurate. - x86 deviates from other architectures in the kernel when it comes to its implementation of boot-time relocation, making it difficult to implement further enhancements (e.g., fgkaslr, EFI zboot) in a portable manner. Note that this means that all codegen on x86_64 should be position independent, to be compatible with PIE linking, but only if KASLR is enabled. On i386, no changes to the codegen are needed, as the ordinary position dependent relocation model is supported by the linker when operating in PIE mode. Signed-off-by: Ard Biesheuvel --- arch/x86/Kconfig | 3 ++- arch/x86/Makefile | 5 +++++ arch/x86/kernel/vmlinux.lds.S | 18 ++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index b3a64cfe04cf..2aa50aa8dc68 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -103,6 +103,7 @@ config X86 select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 select ARCH_HAS_COPY_MC if X86_64 + select ARCH_HAS_RELR select ARCH_HAS_SET_MEMORY select ARCH_HAS_SET_DIRECT_MAP select ARCH_HAS_STRICT_KERNEL_RWX @@ -2129,7 +2130,7 @@ config RANDOMIZE_BASE # Relocation on x86 needs some additional build support config X86_NEED_RELOCS def_bool y - depends on RELOCATABLE + depends on RELOCATABLE && !TOOLS_SUPPORT_RELR select ARCH_VMLINUX_NEEDS_RELOCS =20 config PHYSICAL_ALIGN diff --git a/arch/x86/Makefile b/arch/x86/Makefile index b211d6c950aa..7eac705c4ff4 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -258,6 +258,11 @@ endif =20 KBUILD_LDFLAGS +=3D -m elf_$(UTS_MACHINE) =20 +ldflags-pie-$(CONFIG_LD_IS_LLD) :=3D --apply-dynamic-relocs +ldflags-pie-$(CONFIG_LD_IS_BFD) :=3D -z call-nop=3Dsuffix-nop +ldflags-$(CONFIG_RELOCATABLE_PIE) :=3D --pie -z notext $(ldflags-pie-y) +LDFLAGS_vmlinux +=3D $(ldflags-y) + # # The 64-bit kernel must be aligned to 2MB. Pass -z max-page-size=3D0x200= 000 to # the linker to force 2MB page size regardless of the default page size us= ed diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 6772fe9a9957..cfaf6ab80684 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -127,6 +127,9 @@ PHDRS { text PT_LOAD FLAGS(5); /* R_E */ data PT_LOAD FLAGS(6); /* RW_ */ note PT_NOTE FLAGS(0); /* ___ */ +#ifdef CONFIG_RELOCATABLE_PIE + dynamic PT_DYNAMIC; +#endif } =20 SECTIONS @@ -201,6 +204,21 @@ SECTIONS DATA_SEGMENT_START INIT_DATA_SECTION(16) :data =20 +#ifdef CONFIG_RELOCATABLE_PIE + /DISCARD/ : { + *(.interp .dynbss .eh_frame .sframe .relr.auth.dyn) + } + + .dynamic : { *(.dynamic) } :dynamic :data + .dynstr : { *(.dynstr) } :data + .dynsym : { *(.dynsym) } + .gnu.hash : { *(.gnu.hash) } + .hash : { *(.hash) } + .init.rela : { *(.rela.*) *(.rela_*) } + .init.rel : { *(.rel.*) *(.rel_*) } + .init.relr : { *(.relr.*) } +#endif + .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { __x86_cpu_dev_start =3D .; *(.x86_cpu_dev.init) --=20 2.47.3