From 84d9da1d6ab2a156079aab005908e13bf8a9bf6b Mon Sep 17 00:00:00 2001 From: Zide Chen Date: Fri, 22 Jun 2018 10:25:24 -0700 Subject: [PATCH] hv: build hypervisor as PIE (position-independent executable) Build and link hypervisor with "-pie" and remove static linking so that it generates .rela sections for relocation Signed-off-by: Zheng Gen Signed-off-by: Zide Chen Reviewed-by: Yin fengwei --- hypervisor/Makefile | 10 +++++++++- hypervisor/arch/x86/cpu_primary.S | 2 +- hypervisor/bsp/ld/link_ram.ld.in | 7 +++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/hypervisor/Makefile b/hypervisor/Makefile index 49175822e..5c53f124e 100644 --- a/hypervisor/Makefile +++ b/hypervisor/Makefile @@ -42,6 +42,7 @@ CFLAGS += -mno-red-zone CFLAGS += -static -nostdinc -nostdlib -fno-common CFLAGS += -O2 -D_FORTIFY_SOURCE=2 CFLAGS += -Wformat -Wformat-security +CFLAGS += -fpie ifdef STACK_PROTECTOR ifeq (true, $(shell [ $(GCC_MAJOR) -gt 4 ] && echo true)) @@ -58,10 +59,17 @@ endif ASFLAGS += -m64 -nostdinc -nostdlib -LDFLAGS += -Wl,--gc-sections -static -nostartfiles -nostdlib +LDFLAGS += -Wl,--gc-sections -nostartfiles -nostdlib LDFLAGS += -Wl,-n,-z,max-page-size=0x1000 LDFLAGS += -Wl,-z,noexecstack +# on X86_64, when build with "-pie", GCC fails on linking R_X86_64_32 +# relocations with "recompile with fPIC" error, because it may cause +# run-time relocation overflow if it runs at address above 4GB. +# We know it's safe because Hypervisor runs under 4GB. "noreloc-overflow" +# is used to avoid the compile error +LDFLAGS += -pie -z noreloc-overflow + ARCH_CFLAGS += -gdwarf-2 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1 ARCH_ARFLAGS += diff --git a/hypervisor/arch/x86/cpu_primary.S b/hypervisor/arch/x86/cpu_primary.S index 805fb6666..be389b286 100644 --- a/hypervisor/arch/x86/cpu_primary.S +++ b/hypervisor/arch/x86/cpu_primary.S @@ -136,7 +136,7 @@ primary_start_long_mode: * Notes: this includes the fixup to IDT tables and temporary * page tables */ - /*call _relocate*/ + call _relocate /* Load temportary GDT pointer value */ lea cpu_primary32_gdt_ptr(%rip), %rbx diff --git a/hypervisor/bsp/ld/link_ram.ld.in b/hypervisor/bsp/ld/link_ram.ld.in index 8f55db7fb..ceddf4704 100644 --- a/hypervisor/bsp/ld/link_ram.ld.in +++ b/hypervisor/bsp/ld/link_ram.ld.in @@ -39,6 +39,13 @@ SECTIONS } > ram + .rela : + { + *(.rela*) + *(.dyn*) + } > ram + + . = ALIGN(4) ; _ld_trampoline_load = .; .trampoline : AT (_ld_trampoline_load)