commit: 08271e9f6435f27dbb65567926c68bb012cf4c74 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon Aug 28 19:09:25 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Aug 28 19:09:52 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08271e9f
sys-firmware/edk2-ovmf: fix build w/ binutils-2.41[hardened] Closes: https://bugs.gentoo.org/913110 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild | 6 +++ .../edk2-ovmf-202202-binutils-2.41-textrels.patch | 21 +++++++++++ .../files/edk2-ovmf-202202-lld-textrels.patch | 43 ++++++++++++++++++++++ 3 files changed, 70 insertions(+) diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild index 322c5a16bc5d..04de01f008bb 100644 --- a/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild +++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild @@ -36,6 +36,8 @@ RDEPEND="!sys-firmware/edk2-ovmf-bin" PATCHES=( "${FILESDIR}/${PN}-202105-werror.patch" + "${FILESDIR}/${PN}-202202-lld-textrels.patch" + "${FILESDIR}/${PN}-202202-binutils-2.41-textrels.patch" ) S="${WORKDIR}/edk2-edk2-stable${PV}" @@ -104,6 +106,10 @@ src_compile() { -D SMM_REQUIRE \ -D EXCLUDE_SHELL_FROM_FD" + export LDFLAGS="-z notext" + export EXTRA_LDFLAGS="-z notext" + export DLINK_FLAGS="-z notext" + emake ARCH=${TARGET_ARCH} -C BaseTools . ./edksetup.sh diff --git a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch new file mode 100644 index 000000000000..22d33c9097aa --- /dev/null +++ b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch @@ -0,0 +1,21 @@ +https://bugs.gentoo.org/913110 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -1906,7 +1906,7 @@ DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z comm + DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address + DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address + DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON) + DEFINE GCC48_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie + DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(GCC_DLINK2_FLAGS_COMMON) +@@ -1929,7 +1929,7 @@ DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pi + DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) + DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 + DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS) + DEFINE GCC49_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie + DEFINE GCC49_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS) diff --git a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch new file mode 100644 index 000000000000..eb8b6296fcff --- /dev/null +++ b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/913110 +https://github.com/tianocore/edk2/commit/a257988f590ba90dd8394dd6bc7014ae9d814a08 + +From a257988f590ba90dd8394dd6bc7014ae9d814a08 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel <a...@kernel.org> +Date: Mon, 3 Apr 2023 22:29:15 +0800 +Subject: [PATCH] BaseTools/tools_def CLANGDWARF: Permit text relocations + +We rely on PIE executables to get the codegen that is suitable for +PE/COFF conversion where the resulting executables can be loaded +anywhere in the address space. + +However, ELF linkers may default to disallowing text relocations in PIE +executables, as this would require text segments to be updated at +runtime, which is bad for security and increases the copy-on-write +footprint of ELF executables and shared libraries. + +However, none of those concerns apply to PE/COFF executables in the +context of EFI, which are copied into memory rather than mmap()'ed, and +fixed up by the loader before launch. + +So pass -z notext to the LLD linker to permit runtime relocations in +read-only sections. + +Signed-off-by: Ard Biesheuvel <a...@kernel.org> +Reviewed-by: Rebecca Cran <rebe...@bsdio.com> +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 39c49b8001f4..9a5c11f6a385 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -2870,7 +2870,7 @@ DEFINE CLANGDWARF_X64_PREFIX = ENV(CLANG_BIN) + DEFINE CLANGDWARF_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-q,--gc-sections -z max-page-size=0x40 + DEFINE CLANGDWARF_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/ClangBase.lds + DEFINE CLANGDWARF_IA32_X64_ASLDLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE CLANGDWARF_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) + DEFINE CLANGDWARF_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) +
