summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-03-31 09:22:56 +0100
committerArd Biesheuvel <ard.biesheuvel@linaro.org>2017-03-31 10:34:34 +0100
commitc2d56a894b3211bd96a63f388932ea8b38ae3463 (patch)
tree178b909a61639916c8731a95ebc8f57bc746b752
parentaf8388059a2805f61dd5d06c7cad21bb90a72526 (diff)
downloadedk2-platforms-c2d56a894b3211bd96a63f388932ea8b38ae3463.tar.xz
BaseTools/GCC AARCH64: force disable PIC code generation
As a security measure, some distro toolchains now default to PIC code generation, allowing executables (as opposed to shared libraries) using the objects to be built as PIE binaries, which can be loaded at a random virtual offset. However, our ELF to PE/COFF generation code does not deal with the resulting relocation types (i.e., GOT based), and so the use of PIC code leads to GenFw errors. Given that a) our non-PIC PE/COFF executables are already relocatable, b) PIC code leads to all symbol references to be indirected via GOT entries containing absolute addresses, each requiring an entry in the relocation table, c) the AArch64 ISA makes it perfectly feasible to built PIE executables from non-PIC code, there is absolutely no upside to using PIC code for building EDK2 modules, and so we're better off simply disabling it unconditionally. Note that when running under the OS, the GOT has an additional advantage, i.e., that all .text/.rodata pages remain clean and so can be shared between processes. This does not apply to the UEFI environment, however. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Laszlo Ersek <lersek@redhat.com>
-rwxr-xr-xBaseTools/Conf/tools_def.template2
1 files changed, 1 insertions, 1 deletions
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 0aabdeb2d9..2c5cd58089 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -4341,7 +4341,7 @@ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-ad
DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -fno-builtin -Wno-address -mthumb -mfloat-abi=soft
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables
+DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -fno-builtin -Wno-address -fno-asynchronous-unwind-tables -fno-pic
DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align
DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds