hv: build hypervisor as PIE (position-independent executable)

Build and link hypervisor with "-pie" and remove static linking so that
it generates .rela sections for relocation

Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin fengwei <fengwei.yin@intel.com>

hypervisor/Makefile

@@ -42,6 +42,7 @@ CFLAGS += -mno-red-zone
 CFLAGS += -static -nostdinc -nostdlib -fno-common
 CFLAGS += -O2 -D_FORTIFY_SOURCE=2
 CFLAGS += -Wformat -Wformat-security
+CFLAGS += -fpie
 
 ifdef STACK_PROTECTOR
 ifeq (true, $(shell [ $(GCC_MAJOR) -gt 4 ] && echo true))
@@ -58,10 +59,17 @@ endif
 
 ASFLAGS += -m64 -nostdinc -nostdlib
 
-LDFLAGS += -Wl,--gc-sections -static -nostartfiles -nostdlib
+LDFLAGS += -Wl,--gc-sections -nostartfiles -nostdlib
 LDFLAGS += -Wl,-n,-z,max-page-size=0x1000
 LDFLAGS += -Wl,-z,noexecstack
 
+# on X86_64, when build with "-pie", GCC fails on linking R_X86_64_32
+# relocations with "recompile with fPIC" error, because it may cause
+# run-time relocation overflow if it runs at address above 4GB.
+# We know it's safe because Hypervisor runs under 4GB. "noreloc-overflow"
+# is used to avoid the compile error
+LDFLAGS += -pie -z noreloc-overflow
+
 ARCH_CFLAGS += -gdwarf-2
 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1
 ARCH_ARFLAGS +=

hypervisor/arch/x86/cpu_primary.S

@@ -136,7 +136,7 @@ primary_start_long_mode:
      * Notes: this includes the fixup to IDT tables and temporary
      *     page tables
      */
-    /*call _relocate*/
+    call _relocate
 
     /* Load temportary GDT pointer value */
     lea     cpu_primary32_gdt_ptr(%rip), %rbx

hypervisor/bsp/ld/link_ram.ld.in

@@ -39,6 +39,13 @@ SECTIONS
 
     } > ram
 
+	.rela :
+	{
+		*(.rela*)
+		*(.dyn*)
+	} > ram
+
+	. = ALIGN(4) ;
     _ld_trampoline_load = .;
 
     .trampoline : AT (_ld_trampoline_load)