x86/EFI: sanitize DLL characteristics in binary

In GNU ld --disable-reloc-section implies --disable-dynamicbase (and
also --disable-high-entropy-va, just fyi). Therefore to yield
functionally identical binaries independent of whether mkreloc needs to
come into play, add --dynamicbase as well.

GNU ld further defaults to --high-entropy-va (along with --dynamicbase
and --nxcompat) unless "Cygwin-like". This seems wrong to me; that
default should be dependent upon "MinGW-like" instead; for the purpose
of building EFI binaries with a PE32+-capable ELF linker neither
"Cygwin-like" nor "MinGW-like" ought to be true. We certainly don't mean
to have this bit set in the DLL characteristics, so suppress its
setting.

Sadly while --high-entropy-va is supported by GNU ld 2.25,
--disable-high-entropy-va was introduced only in 2.36. Luckily the
defaulting to --high-entropy-va was also only introduced in 2.36. Plus
--disable-reloc-section was introduced precisely there, too. Hence
leverage the probing we do as to base relocation generation, to also
determine whether to pass --disable-high-entropy-va.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>

diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index 7882fb895e1fec4462a8e8cc8bfab3a6fc05d7e8..09b6d8758e95baf9dedb2bfccdd6ff407055fb5e 100644 (file)
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -103,6 +103,7 @@ efi-nr-fixups := $(shell LC_ALL=C $(OBJDUMP) -p $(efi-check).efi | grep '^[[:bla
 
 ifeq ($(efi-nr-fixups),2)
 MKRELOC := :
+EFI_LDFLAGS += --disable-high-entropy-va
 else
 MKRELOC := arch/x86/efi/mkreloc
 # If the linker produced fixups but not precisely two of them, we need to
@@ -113,6 +114,8 @@ EFI_LDFLAGS += --disable-reloc-section
 endif
 endif
 
+EFI_LDFLAGS += --dynamicbase
+
 endif # $(XEN_BUILD_PE)
 
 export XEN_BUILD_EFI XEN_BUILD_PE