x86/EFI: sanitize DLL characteristics in binary

Commit Message

Jan Beulich April 2, 2025, 8:51 a.m. UTC

In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
also --disable-high-entropy-va, just fyi). Therefore to yield
functionally identical binaries independent of whether mkreloc needs to
come into play, add --dynamicbase as well.

GNU ld further defaults to --high-entropy-va (along with --dynamicbase
and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
default should be dependent upon "MinGW-like" instead; for the purpose
of building EFI binaries with a PE32+-capable ELF linker neither
"Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
to have this bit set in the DLL characteristics, so suppress its
setting.

Sadly while --high-entropy-va is supported by GNU ld 2.25,
--disable-high-entropy-va was introduced only in 2.36. Luckily the
defaulting to --high-entropy-va was also only introduced in 2.36. Plus
--disable-reloc-section was introduced precisely there, too. Hence
leverage the probing we do as to base relocation generation, to also
determine whether to pass --disable-high-entropy-va.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
I remain uncertain about the applicability of DLL characteristics to
non-DLLs, i.e. images without IMAGE_FILE_DLL set; current MS doc says
nothing either way. Yet producing consistent binaries still seems
desirable, even if the field wasn't to be used by loaders.

Patch

--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -113,6 +113,7 @@  efi-nr-fixups := $(shell LC_ALL=C $(OBJD
 
 ifeq ($(efi-nr-fixups),2)
 MKRELOC := :
+EFI_LDFLAGS += --disable-high-entropy-va
 else
 MKRELOC := arch/x86/efi/mkreloc
 # If the linker produced fixups but not precisely two of them, we need to
@@ -123,6 +124,8 @@  EFI_LDFLAGS += --disable-reloc-section
 endif
 endif
 
+EFI_LDFLAGS += --dynamicbase
+
 endif # $(XEN_BUILD_PE)
 
 export XEN_BUILD_EFI XEN_BUILD_PE