| Message ID | 20250401130840.72119-7-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | x86/EFI: prevent write-execute sections | expand |
On 01.04.2025 15:08, Roger Pau Monne wrote: > The multiboot headers are not consumed in the PE binary, hence discard them > in the linker script when doing a PE build. > > That removes some relocations that otherwise appear due to the usage of the > start and __efi64_mb2_start symbols in the multiboot2 header. > > No functional change intended. > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> > --- > We could also place the multiboot header in it's own isolated section and > skip such section for relocations generation in mkreloc, but it seems best > to just remove the code if it's unused. I agree. I'd like to mention that I recall people intending to try to make xen.efi usable with an MB loader. Nothing ever came of that, so if anyone still wanted to pursue that route, they'd need to undo / redo what you're doing here. Jan
On 01/04/2025 2:18 pm, Jan Beulich wrote: > On 01.04.2025 15:08, Roger Pau Monne wrote: >> The multiboot headers are not consumed in the PE binary, hence discard them >> in the linker script when doing a PE build. >> >> That removes some relocations that otherwise appear due to the usage of the >> start and __efi64_mb2_start symbols in the multiboot2 header. >> >> No functional change intended. >> >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > Reviewed-by: Jan Beulich <jbeulich@suse.com> > >> --- >> We could also place the multiboot header in it's own isolated section and >> skip such section for relocations generation in mkreloc, but it seems best >> to just remove the code if it's unused. > I agree. I'd like to mention that I recall people intending to try to make > xen.efi usable with an MB loader. Nothing ever came of that, so if anyone > still wanted to pursue that route, they'd need to undo / redo what you're > doing here. It was Frediano, and for this same task (Host UEFI SecureBoot). ~Andrew
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index d4dd6434c466..ad908539f38a 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -61,6 +61,9 @@ SECTIONS __image_base__ = .; #else . = __image_base__; + /DISCARD/ : { + *(.text.header) + } #endif #if 0
The multiboot headers are not consumed in the PE binary, hence discard them in the linker script when doing a PE build. That removes some relocations that otherwise appear due to the usage of the start and __efi64_mb2_start symbols in the multiboot2 header. No functional change intended. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- We could also place the multiboot header in it's own isolated section and skip such section for relocations generation in mkreloc, but it seems best to just remove the code if it's unused. --- xen/arch/x86/xen.lds.S | 3 +++ 1 file changed, 3 insertions(+)