diff options
| author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2024-03-04 19:59:43 +0100 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2024-03-05 16:28:05 +0100 |
| commit | a7e6cd8e3efa75b5625c1df3b9ae44c76dd51c0d (patch) | |
| tree | 82eed4a92a9da46807a4f73bc8444ed835283de8 /scripts | |
| parent | 22ae71e69d20972f1f8bb80ba9fa971293d5d3f4 (diff) | |
| download | barebox-a7e6cd8e3efa75b5625c1df3b9ae44c76dd51c0d.tar.gz barebox-a7e6cd8e3efa75b5625c1df3b9ae44c76dd51c0d.tar.xz | |
pbl: introduce CONFIG_PBL_FULLY_PIC
In the quest for making barebox PBL code W^X mappable, we have now taken
care to make the ARM64 assembly routines not emit code relocations,
so let's do the same for the C code as well.
We do this by setting pragma GCC visibility push(hidden) globally. This
option is stronger than -fvisibility=hidden and ensures we are
completely position-independent. See kernel commit e544ea57ac07
("x86/boot/compressed: Force hidden visibility for all symbol references")
for more information.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20240304190038.3486881-59-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Makefile.lib | 5 | ||||
| -rw-r--r-- | scripts/Makefile.pic | 22 |
2 files changed, 27 insertions, 0 deletions
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index f205e08afc..6b1f0ccbc0 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -170,6 +170,11 @@ _stackp_flags_pbl-$(CONFIG_PBL_STACKPROTECTOR_ALL) := -fstack-protector-all _c_flags += $(if $(part-of-pbl),$(_stackp_flags_pbl-y),$(_stackp_flags-y)) +ifeq ($(CONFIG_PBL_FULLY_PIC),y) +include scripts/Makefile.pic +PBL_CPPFLAGS += $(picflags-y) +endif + # If building barebox in a separate objtree expand all occurrences # of -Idir to -I$(srctree)/dir except for absolute paths (starting with '/'). diff --git a/scripts/Makefile.pic b/scripts/Makefile.pic new file mode 100644 index 0000000000..c30894ba98 --- /dev/null +++ b/scripts/Makefile.pic @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# The stub may be linked into the kernel proper or into a separate boot binary, +# but in either case, it executes before the kernel does (with MMU disabled) so +# things like ftrace and stack-protector are likely to cause trouble if left +# enabled, even if doing so doesn't break the build. +# +picflags-$(CONFIG_X86_64) := -mcmodel=small +picflags-$(CONFIG_X86) += -fPIC -fno-asynchronous-unwind-tables + +ifeq ($(CONFIG_ARM),y) +picflags-$(CONFIG_CPU_32) := -fpic -mno-single-pic-base +picflags-$(CONFIG_CPU_64) := -fpie +endif + +picflags-y += -include $(srctree)/include/linux/hidden.h \ + -D__fully_pic__ \ + -D__NO_FORTIFY \ + -ffreestanding \ + -fno-stack-protector \ + $(call cc-option,-fno-addrsig) \ + -D__DISABLE_EXPORTS |