Commit 00cda11d authored by Sumanth Korikkar's avatar Sumanth Korikkar Committed by Alexander Gordeev
Browse files

s390: Compile kernel with -fPIC and link with -no-pie 



When the kernel is built with CONFIG_PIE_BUILD option enabled it
uses dynamic symbols, for which the linker does not allow more
than 64K number of entries. This can break features like kpatch.

Hence, whenever possible the kernel is built with CONFIG_PIE_BUILD
option disabled. For that support of unaligned symbols generated by
linker scripts in the compiler is necessary.

However, older compilers might lack such support. In that case the
build process resorts to CONFIG_PIE_BUILD option-enabled build.

Compile object files with -fPIC option and then link the kernel
binary with -no-pie linker option.

As result, the dynamic symbols are not generated and not only kpatch
feature succeeds, but also the whole CONFIG_PIE_BUILD option-enabled
code could be dropped.

[ agordeev: Reworded the commit message ]

Suggested-by: default avatarUlrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
Reviewed-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
parent 5f90003f

arch/s390/Kconfig

+0 −12
Original line number Diff line number Diff line
@@ -593,18 +593,6 @@ config RELOCATABLE 
	  Note: this option exists only for documentation purposes, please do

	  not remove it.



config PIE_BUILD

	def_bool CC_IS_CLANG && !$(cc-option,-munaligned-symbols)

	help

	  If the compiler is unable to generate code that can manage unaligned

	  symbols, the kernel is linked as a position-independent executable

	  (PIE) and includes dynamic relocations that are processed early

	  during bootup.



	  For kpatch functionality, it is recommended to build the kernel

	  without the PIE_BUILD option. PIE_BUILD is only enabled when the

	  compiler lacks proper support for handling unaligned symbols.



config RANDOMIZE_BASE

	bool "Randomize the address of the kernel image (KASLR)"

	default y

arch/s390/Makefile

+2 −7
Original line number Diff line number Diff line
@@ -14,14 +14,9 @@ KBUILD_AFLAGS_MODULE += -fPIC 
KBUILD_CFLAGS_MODULE += -fPIC

KBUILD_AFLAGS	+= -m64

KBUILD_CFLAGS	+= -m64

ifdef CONFIG_PIE_BUILD

KBUILD_CFLAGS	+= -fPIE

LDFLAGS_vmlinux	:= -pie -z notext

else

KBUILD_CFLAGS	+= $(call cc-option,-munaligned-symbols,)

LDFLAGS_vmlinux	:= --emit-relocs --discard-none

KBUILD_CFLAGS	+= -fPIC

LDFLAGS_vmlinux	:= -no-pie --emit-relocs --discard-none

extra_tools	:= relocs

endif

aflags_dwarf	:= -Wa,-gdwarf-2

KBUILD_AFLAGS_DECOMPRESSOR := $(CLANG_FLAGS) -m64 -D__ASSEMBLY__

ifndef CONFIG_AS_IS_LLVM

arch/s390/boot/Makefile

+1 −6
Original line number Diff line number Diff line
@@ -37,8 +37,7 @@ CFLAGS_sclp_early_core.o += -I$(srctree)/drivers/s390/char 


obj-y	:= head.o als.o startup.o physmem_info.o ipl_parm.o ipl_report.o vmem.o

obj-y	+= string.o ebcdic.o sclp_early_core.o mem.o ipl_vmparm.o cmdline.o

obj-y	+= version.o pgm_check_info.o ctype.o ipl_data.o

obj-y	+= $(if $(CONFIG_PIE_BUILD),machine_kexec_reloc.o,relocs.o)

obj-y	+= version.o pgm_check_info.o ctype.o ipl_data.o relocs.o

obj-$(findstring y, $(CONFIG_PROTECTED_VIRTUALIZATION_GUEST) $(CONFIG_PGSTE))	+= uv.o

obj-$(CONFIG_RANDOMIZE_BASE)	+= kaslr.o

obj-y	+= $(if $(CONFIG_KERNEL_UNCOMPRESSED),,decompressor.o) info.o
@@ -49,9 +48,7 @@ targets := bzImage section_cmp.boot.data section_cmp.boot.preserved.data $(obj-y 
targets	+= vmlinux.lds vmlinux vmlinux.bin vmlinux.bin.gz vmlinux.bin.bz2

targets += vmlinux.bin.xz vmlinux.bin.lzma vmlinux.bin.lzo vmlinux.bin.lz4

targets += vmlinux.bin.zst info.bin syms.bin vmlinux.syms $(obj-all)

ifndef CONFIG_PIE_BUILD

targets += relocs.S

endif



OBJECTS := $(addprefix $(obj)/,$(obj-y))

OBJECTS_ALL := $(addprefix $(obj)/,$(obj-all))
@@ -110,13 +107,11 @@ OBJCOPYFLAGS_vmlinux.bin := -O binary --remove-section=.comment --remove-section 
$(obj)/vmlinux.bin: vmlinux FORCE

	$(call if_changed,objcopy)



ifndef CONFIG_PIE_BUILD

CMD_RELOCS=arch/s390/tools/relocs

quiet_cmd_relocs = RELOCS  $@

	cmd_relocs = $(CMD_RELOCS) $< > $@

$(obj)/relocs.S: vmlinux FORCE

	$(call if_changed,relocs)

endif



suffix-$(CONFIG_KERNEL_GZIP)  := .gz

suffix-$(CONFIG_KERNEL_BZIP2) := .bz2

arch/s390/boot/boot.h

+0 −6
Original line number Diff line number Diff line
@@ -24,14 +24,8 @@ struct vmlinux_info { 
	unsigned long bootdata_size;

	unsigned long bootdata_preserved_off;

	unsigned long bootdata_preserved_size;

#ifdef CONFIG_PIE_BUILD

	unsigned long dynsym_start;

	unsigned long rela_dyn_start;

	unsigned long rela_dyn_end;

#else

	unsigned long got_start;

	unsigned long got_end;

#endif

	unsigned long amode31_size;

	unsigned long init_mm_off;

	unsigned long swapper_pg_dir_off;

arch/s390/boot/startup.c

+0 −42
Original line number Diff line number Diff line
@@ -151,41 +151,6 @@ static void copy_bootdata(void) 
	memcpy((void *)vmlinux.bootdata_preserved_off, __boot_data_preserved_start, vmlinux.bootdata_preserved_size);

}



#ifdef CONFIG_PIE_BUILD

static void kaslr_adjust_relocs(unsigned long min_addr, unsigned long max_addr,

				unsigned long offset, unsigned long phys_offset)

{

	Elf64_Rela *rela_start, *rela_end, *rela;

	int r_type, r_sym, rc;

	Elf64_Addr loc, val;

	Elf64_Sym *dynsym;



	rela_start = (Elf64_Rela *) vmlinux.rela_dyn_start;

	rela_end = (Elf64_Rela *) vmlinux.rela_dyn_end;

	dynsym = (Elf64_Sym *) vmlinux.dynsym_start;

	for (rela = rela_start; rela < rela_end; rela++) {

		loc = rela->r_offset + phys_offset - __START_KERNEL;

		val = rela->r_addend;

		r_sym = ELF64_R_SYM(rela->r_info);

		if (r_sym) {

			if (dynsym[r_sym].st_shndx != SHN_UNDEF)

				val += dynsym[r_sym].st_value + offset - __START_KERNEL;

		} else {

			/*

			 * 0 == undefined symbol table index (SHN_UNDEF),

			 * used for R_390_RELATIVE, only add KASLR offset

			 */

			val += offset - __START_KERNEL;

		}

		r_type = ELF64_R_TYPE(rela->r_info);

		rc = arch_kexec_do_relocs(r_type, (void *) loc, val, 0);

		if (rc)

			error("Unknown relocation type");

	}

}



static void kaslr_adjust_got(unsigned long offset) {}

#else

static void kaslr_adjust_relocs(unsigned long min_addr, unsigned long max_addr,

				unsigned long offset, unsigned long phys_offset)

{
@@ -212,7 +177,6 @@ static void kaslr_adjust_got(unsigned long offset) 
	for (entry = (u64 *)vmlinux.got_start; entry < (u64 *)vmlinux.got_end; entry++)

		*entry += offset - __START_KERNEL;

}

#endif



/*

 * Merge information from several sources into a single ident_map_size value.
@@ -398,14 +362,8 @@ static void kaslr_adjust_vmlinux_info(long offset) 
{

	vmlinux.bootdata_off += offset;

	vmlinux.bootdata_preserved_off += offset;

#ifdef CONFIG_PIE_BUILD

	vmlinux.rela_dyn_start += offset;

	vmlinux.rela_dyn_end += offset;

	vmlinux.dynsym_start += offset;

#else

	vmlinux.got_start += offset;

	vmlinux.got_end += offset;

#endif

	vmlinux.init_mm_off += offset;

	vmlinux.swapper_pg_dir_off += offset;

	vmlinux.invalid_pg_dir_off += offset;