From patchwork Wed Feb 28 13:35:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 207864 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp3354734dyb; Wed, 28 Feb 2024 05:47:25 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXDWv0nBsxR8ahHFGvyHXadCXxJ0qBssfrGx7cIhhuy/yGblpKtHi6wU/3XfuVqPeUq0Br5jBc82kF5tbEA0CEN30LYsA== X-Google-Smtp-Source: AGHT+IEk19ShTMLvSRBU2DU4/oH1SfR0+PGV+LEq57ECEzm1eWoPwKrpXteXZo2hGwAnBya5s/Fj X-Received: by 2002:a05:6a21:670b:b0:19e:9da4:1a10 with SMTP id wh11-20020a056a21670b00b0019e9da41a10mr2975148pzb.21.1709128045061; Wed, 28 Feb 2024 05:47:25 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709128045; cv=pass; d=google.com; s=arc-20160816; b=bwdcui0pXQXymPPcWn9lfAktHkjmd23eWKneLVWJFeKkBj11e3vEYFE2nK3w3bnmep 5fqiRNYxoNPMe3Ap88Z2FOuWhlwAvz0g5wAjw0IyB/zcEcd5Lg2TLDGgwFiIHj1v3XUi UPNLnCWclRTtq3kBbIKIbS7af076eci6c43LzCyytIckFpg9pSSsG3Y/nbzlS2zIUD/I Nxh68hIN6SJBQQ3M87GDg/Duis3KpFFMjfBvbv6IUyFjglL7GJXq2Oxl1kvcBWodpxUN fVj9BJX4+rfxWu9mOId+O/65fGU6XLhVfdxeIwa7fuFAQf/o+bZTRItSqjsfTSSxQF1v Zv+g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:precedence:robot-unsubscribe:robot-id :message-id:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:references:in-reply-to:cc:subject:to:reply-to:sender :from:dkim-signature:dkim-signature:date; bh=3261/azcGbpm0bz+42s7atBucovQYrO3uk/Loe+guZw=; fh=vFXOYiU3lvhXVNhtIEy2hyx1fBYH9xVaeVH6HVphNlI=; b=GXWSFIsOENqBpTCPByKHbhQjX+bBLWHAa5PEQ/rCaWpVJ4gzlIbL6WcCNr1Pj09aRL yY4X8tpdZ6Q6QgYvDi5+FRO3BZtG1mDp/bfienXXSeff0dNjtyusxWI7WfDBD4El9pdc RmS4iRLXDk1kfY0k3o3blIwQ7HzgzCxMbnfPRGtms2H5ywlIA4Lr5soZ8GEXTePccB0V RWlG4ZiJtvNgSBOiY6bZREvzLe1bca2vssodAIJBoijJUOnpsC/Dc46DU+SE7PIMQRYf dD8KYyo56JhlMWo0aCeCkwRsKwouxj2Zz0Y3gSuJP8XI7chXjW+ErSpzNwEUYf7c2gof Yi4Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=jffe1l4Y; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-85102-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85102-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id g30-20020a63111e000000b005dcd6508942si7215936pgl.441.2024.02.28.05.47.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Feb 2024 05:47:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-85102-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=jffe1l4Y; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-85102-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85102-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3DA34B247C4 for ; Wed, 28 Feb 2024 13:36:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7613414EFCD; Wed, 28 Feb 2024 13:36:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="jffe1l4Y"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="UngALnpu" Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 671DC6CDBC; Wed, 28 Feb 2024 13:36:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709127361; cv=none; b=criSwb6oGesdgNOBKO0KMhGDSxjOoc3WaK5BVwuKW+fKI2gnFfY6uucqpB1FsYhT9dfchWMybCgyxY69NAFbvO1eHoCuAXzXOWNiOCZY6fUb4ad7iHsx68CH+sgRseZSUdGNqboBvjG07AGNyw+AhuaM9Ho5Zi4H0RLbxhCEj74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709127361; c=relaxed/simple; bh=bV7rC9AwyM7rwmPwCODY5JQR5FkAI2361fVWivOoLGU=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=SB2HQmlJBi7UTch4wutyaI0hcQgV1O9cr7YqytXwM4CtNXMC/Tcho4hUIvjLKC43b4TKsatHzKASXVzGK0TM4m8jNGt+EqFUeFYljisVEGJFvVhDMgr+SCX7nwDa9FYi0awWU0gMc5urOsQLPvR1EanL4amHVwHeYS9acEg3Ic4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=jffe1l4Y; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=UngALnpu; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Date: Wed, 28 Feb 2024 13:35:56 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1709127357; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3261/azcGbpm0bz+42s7atBucovQYrO3uk/Loe+guZw=; b=jffe1l4YFxuIeO1TsvAoU0Vfod9XgZdPHVaq5vDjM2YyGMI8vABMVp1zsBR2xcBzJ02dh+ xmvKEHdFqEuAoMb+bovewxry9hRbaavzLJu7jC343B4XMH/2fsUeHBqmborh5nNU20+OUv aVAf+02PEMt4SKsdtsbn4SXHo0Zn8+N+lDcMT+A9FenzIQZThSi6CzoYe1jFHlazu1Ogjs s+yi6UK9NaJ2hTrRt3Z2zoSiZg0y4GwABTRLthXZEJOMDtvr6CQL41g2D4ICk0tnmOu1Mj vetvwJ4wMH1ywrnKD7ovrbwhYCU6rYR1P1EV1OS0lYpTk26ngnRn6G4Kfo5c9A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1709127357; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3261/azcGbpm0bz+42s7atBucovQYrO3uk/Loe+guZw=; b=UngALnpu5WnIKr0UlT7Addn9mvStlWFfdsVUj67sBrBGhYvfDZAkA8wJSizXzR515nsXUh BoO/cunRrUBjDDBQ== From: "tip-bot2 for Ard Biesheuvel" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/boot] efi/x86: Set the PE/COFF header's NX compat flag unconditionally Cc: Ard Biesheuvel , "Borislav Petkov (AMD)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20240116085347.2193966-2-ardb+git@google.com> References: <20240116085347.2193966-2-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <170912735700.398.16561638992186941827.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1792150648668989024 X-GMAIL-MSGID: 1792150648668989024 The following commit has been merged into the x86/boot branch of tip: Commit-ID: 891f8890a4a3663da7056542757022870b499bc1 Gitweb: https://git.kernel.org/tip/891f8890a4a3663da7056542757022870b499bc1 Author: Ard Biesheuvel AuthorDate: Tue, 16 Jan 2024 09:53:48 +01:00 Committer: Borislav Petkov (AMD) CommitterDate: Wed, 28 Feb 2024 14:23:55 +01:00 efi/x86: Set the PE/COFF header's NX compat flag unconditionally Now that the proper section and file alignment is used, and the EFI memory attributes protocol to manage executable permissions where needed is invoked, set the NX compat flag unconditionally. [ bp: Remove the "we"s. ] Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240116085347.2193966-2-ardb+git@google.com --- arch/x86/boot/header.S | 4 ---- 1 file changed, 4 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index a1bbedd..b5c79f4 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -111,11 +111,7 @@ extra_header_fields: .long salign # SizeOfHeaders .long 0 # CheckSum .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) -#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics -#else - .word 0 # DllCharacteristics -#endif #ifdef CONFIG_X86_32 .long 0 # SizeOfStackReserve .long 0 # SizeOfStackCommit