From patchwork Tue Nov 22 11:12:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Evgeniy Baskov X-Patchwork-Id: 24293 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2139967wrr; Tue, 22 Nov 2022 03:20:42 -0800 (PST) X-Google-Smtp-Source: AA0mqf5Wf036HR+CJk3Gff7qfazGiHxe1+5LaXlsv3nLWO0hUEw8u7nYcE3I95+puImsUVUZbZHO X-Received: by 2002:a17:906:a2d1:b0:781:bc28:f455 with SMTP id by17-20020a170906a2d100b00781bc28f455mr19087808ejb.170.1669116042191; Tue, 22 Nov 2022 03:20:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669116042; cv=none; d=google.com; s=arc-20160816; b=NLIk6VBCZ9AE4Dq4ZRXzuh7im8VXqaB40nK/OtEfZREW94eIDwUQtec1GXF4gVdVLm sd3I0FlxjHSYlGmAkJUA70pFFa/wi/8VQZP4Ugb6TrExhLwkm+UXkOAE9p2kqiRZvlQJ twFbF9elkZpIQIk/9we5T7YQVhcAKQ4u7PZH0aN+uRAcN4O6AUiXjGMNst/RlvzUJ3Po gdDMXPZBNFX+dcqYX60w4oTMrYftfPMvWGMDzJIOHzjVFMNEbrpxUlU+ZVsC63bq+LUQ EkZyeG5EkVExwrap6wgC2cVv6uAwJaO29NuAgc5v1eQAvnrdOQ1v70jYJnRzMbhm6Unx a2rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=ZUJpRbIyPzAf4A80RpXrKYrL/K9OYgNwdLc+ngJr0bg=; b=ow3ovmX/+FWKH5ZrHNGnWwpLB5u2AAiZNpKpQgyOmw71c74+MNah5xDqX7GVCLgNUN vD9RToF0R9dUodxAtpAiPOXyj9uVxUzkVDkXYzuvQvO+u5qyPxjp3NSETRjnbgYm09rU CkMxCA6brF9YaRz1SHEPBlvFZR7/pTf1wwX0FiZdbSfJcl3qpk4+iO/dbskzFdFBlfaB QWJooDBrg+A3f/QqDne0JSIDpeWfEEdE2RGmQpEMsMk1d9bYHadC+mCAdAZm0LaI6nFv Xr+tICXLtjTqzugJte8jJm5e4V+ePrHhBvATVr67w6QdgQ+pvkp/xWqlzxqAiZXchoid qPvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=Cmk+mb5h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cw15-20020a170906478f00b0078e11a20640si13741253ejc.2.2022.11.22.03.20.18; Tue, 22 Nov 2022 03:20:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=Cmk+mb5h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233340AbiKVLTK (ORCPT + 99 others); Tue, 22 Nov 2022 06:19:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233008AbiKVLRf (ORCPT ); Tue, 22 Nov 2022 06:17:35 -0500 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27E656069C; Tue, 22 Nov 2022 03:14:50 -0800 (PST) Received: from localhost.localdomain (unknown [83.149.199.65]) by mail.ispras.ru (Postfix) with ESMTPSA id B3D3340737C9; Tue, 22 Nov 2022 11:14:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru B3D3340737C9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1669115685; bh=ZUJpRbIyPzAf4A80RpXrKYrL/K9OYgNwdLc+ngJr0bg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Cmk+mb5huszA2qUFj6o4xt2AVcWngG+nCNUXrywyMMftoNEzoH1yIW/BlZ68vjIAy Hf7zgiAUUOm2pr1Xbrn2xDzRLWWWhw8MnYOKl4531bY6OOICWrEMmjn3n/zbcDKJ/q yj9lRV7Xe7xSb2tS0ae/DT7XA1UVQGIXKExqa6ng= From: Evgeniy Baskov To: Ard Biesheuvel Cc: Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , "Limonciello, Mario" , joeyli , lvc-project@linuxtesting.org, x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v3 21/24] efi/x86: Explicitly set sections memory attributes Date: Tue, 22 Nov 2022 14:12:30 +0300 Message-Id: <9b18f9efb457e9aa88e814928fdaa37c76f080e1.1668958803.git.baskov@ispras.ru> X-Mailer: git-send-email 2.37.4 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750195022890611865?= X-GMAIL-MSGID: =?utf-8?q?1750195022890611865?= Explicitly change sections memory attributes in efi_pe_entry in case of incorrect EFI implementations and to reduce access rights to compressed kernel blob. By default it is set executable due to restriction in maximum number of sections that can fit before zero page. Signed-off-by: Evgeniy Baskov --- drivers/firmware/efi/libstub/x86-stub.c | 54 +++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index d9b239d7289f..56b8e7207361 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -27,6 +27,12 @@ const efi_dxe_services_table_t *efi_dxe_table; extern u32 image_offset; static efi_loaded_image_t *image __section(".data"); +extern char _head[], _ehead[]; +extern char _compressed[], _ecompressed[]; +extern char _text[], _etext[]; +extern char _rodata[], _erodata[]; +extern char _data[]; + static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) { @@ -343,6 +349,52 @@ void __noreturn efi_exit(efi_handle_t handle, efi_status_t status) asm("hlt"); } + +/* + * Manually setup memory protection attributes for each ELF section + * since we cannot do it properly by using PE sections. + */ +static void setup_sections_memory_protection(unsigned long image_base) +{ +#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + + if (!efi_dxe_table || + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Unable to locate EFI DXE services table\n"); + efi_dxe_table = NULL; + return; + } + + /* .setup [image_base, _head] */ + efi_adjust_memory_range_protection(image_base, + (unsigned long)_head - image_base, + EFI_MEMORY_RO | EFI_MEMORY_XP); + /* .head.text [_head, _ehead] */ + efi_adjust_memory_range_protection((unsigned long)_head, + (unsigned long)_ehead - (unsigned long)_head, + EFI_MEMORY_RO); + /* .rodata..compressed [_compressed, _ecompressed] */ + efi_adjust_memory_range_protection((unsigned long)_compressed, + (unsigned long)_ecompressed - (unsigned long)_compressed, + EFI_MEMORY_RO | EFI_MEMORY_XP); + /* .text [_text, _etext] */ + efi_adjust_memory_range_protection((unsigned long)_text, + (unsigned long)_etext - (unsigned long)_text, + EFI_MEMORY_RO); + /* .rodata [_rodata, _erodata] */ + efi_adjust_memory_range_protection((unsigned long)_rodata, + (unsigned long)_erodata - (unsigned long)_rodata, + EFI_MEMORY_RO | EFI_MEMORY_XP); + /* .data, .bss [_data, _end] */ + efi_adjust_memory_range_protection((unsigned long)_data, + (unsigned long)_end - (unsigned long)_data, + EFI_MEMORY_XP); +#else + (void)image_base; +#endif +} + void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params); @@ -687,6 +739,8 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, efi_dxe_table = NULL; } + setup_sections_memory_protection(bzimage_addr - image_offset); + #ifdef CONFIG_CMDLINE_BOOL status = efi_parse_options(CONFIG_CMDLINE); if (status != EFI_SUCCESS) {