From patchwork Fri Aug 18 13:44:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136092 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1930414vqi; Sat, 19 Aug 2023 02:36:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEVK+F1Biop49nteZAfvIMSCxCQhJpYdiFzE+KtbMB2uofz3kQNHLuG6PDWohvT9uw9ouPG X-Received: by 2002:a17:902:c941:b0:1b8:a67f:1c15 with SMTP id i1-20020a170902c94100b001b8a67f1c15mr2629453pla.25.1692437810204; Sat, 19 Aug 2023 02:36:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692437810; cv=none; d=google.com; s=arc-20160816; b=hDpsAQJz58MhT10FTte2H12TrR11c1djiH1ChSfqsoAz5UlPLfA1IR274SEUvsPhTl wPfhQVIl0p8Smq5s63zfUnDWqFdZjbINbMeiod9VRPdg6y8ucGFapokpBPmeq0H2c1NZ 4AfkeIZAEWzF4Dsosaz49UFssC/AMiasFUfGjNAXHnmGc/0VgA7XmUtvClPONRJJ0AXc oZ8OIDouace4ZEJLikWGLe0taz9rcj+hRwoefxspzt5iBDxjVzFPey8pnfaFmestZ/ic QQGDwZeytH/tuzoQYvNtx4OPJwNXmpgBwdhI6cQfYwnYm9Bs1Ny83XE/JFgmU1FbVnUw 4D7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2AMwjxIOWqTYGDGq5ioQT3EFHkvBSbNdDVpHb2fblM8=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=eas+EPK0P3oskSG3iy6OBRrE6Wp0/pQWIM6owUm1b+T/sssm5ZZQlX4uEfQGyAOB1D 4ALqlwOIIF29T5mG0xKzaVcI+3aDpJIPghUk3BgiOJD8I5+2DPihW4cX9tv5/NvNwz+G u8IRR++Kv+12lL2qu0HfgjzgdT7S3LkClL9pIhI9zgOBQsZph4UXjtQgfVo2YeXBXiPW CdHvLN7UsqQ0zPWZBFg7T1DnxY3rWV/nDhGYzXNXcFyqQJY9cbOJAV/tXvNP0i3A+GEv vNsIRkZ24xZkc0ClzdXGcIjjOnKiCdTclTA22iDbHJRMCC7PmqAjoqq9l4kXH3UY91uT mWXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Nxp6rUos; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id k16-20020a170902d59000b001b84c7d4716si3210229plh.32.2023.08.19.02.36.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Aug 2023 02:36:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Nxp6rUos; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 72E032A389; Sat, 19 Aug 2023 01:28:07 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377282AbjHRNpZ (ORCPT + 99 others); Fri, 18 Aug 2023 09:45:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41684 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377267AbjHRNox (ORCPT ); Fri, 18 Aug 2023 09:44:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CA6D3C27; Fri, 18 Aug 2023 06:44:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2A0706687F; Fri, 18 Aug 2023 13:44:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2330C433C9; Fri, 18 Aug 2023 13:44:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366291; bh=VFCtgicdCB5WbvZIDPnW6Rc00lf0AfjRC33aK0Uexlo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Nxp6rUosmdsXfryUMDJUKqhXQb9G76zM98qr/Q9ZohfW0xn0JV70D1wi6fCzTQtyL zaHovjpW8JMfs1VH6eFDXgnn2e5P3AqzTqz06eeCJNeURENVyqS1M+vg9KTGmh99p5 CqC+P/vRZbgvyX/s2cwr8Z7ppmi5veoi6/dtEE+psu3f1yQELphNY696BfKImaclIm oY8nIOTYwD6txUg3echc8NNEkOP3v/JnEs00TPcy0YsKk2wmPmda6zooiRGWivC87Q Q2QxISEZuO2nw6Omffj1SeamC37L4DLfLxXmq820Svv0ivZ9mOSxyMLdokDrjf65EG zgS0T7fIiqsBA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 03/17] x86/efi: Drop alignment flags from PE section headers Date: Fri, 18 Aug 2023 15:44:08 +0200 Message-Id: <20230818134422.380032-4-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1801; i=ardb@kernel.org; h=from:subject; bh=VFCtgicdCB5WbvZIDPnW6Rc00lf0AfjRC33aK0Uexlo=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6ex/V75qu3KIP9DcrrY5+fna3Z/eunX9uTnroljxZ WflzKfyHaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiFrUM/2xY5xpLfrstvOz9 3uIstYiJGyJymHyX+UpuW59oF5vg7MjIMIv91W2p9yvlG9pSX6ob8H2MtMksVxFjeWwgw2xkMbO FDwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774649669274165768 X-GMAIL-MSGID: 1774649669274165768 The section header flags for alignment are documented in the PE/COFF spec as only being applicable to PE object files, not PE executables such as the Linux bzImage, so let's drop them from the PE header. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index b04ca8e2b213c6e6..8c8148d751c6d22b 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -209,8 +209,7 @@ section_table: .word 0 # NumberOfLineNumbers .long IMAGE_SCN_CNT_CODE | \ IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_EXECUTE | \ - IMAGE_SCN_ALIGN_16BYTES # Characteristics + IMAGE_SCN_MEM_EXECUTE # Characteristics # # The EFI application loader requires a relocation section @@ -230,8 +229,7 @@ section_table: .word 0 # NumberOfLineNumbers .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_DISCARDABLE | \ - IMAGE_SCN_ALIGN_1BYTES # Characteristics + IMAGE_SCN_MEM_DISCARDABLE # Characteristics #ifdef CONFIG_EFI_MIXED # @@ -249,8 +247,7 @@ section_table: .word 0 # NumberOfLineNumbers .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_DISCARDABLE | \ - IMAGE_SCN_ALIGN_1BYTES # Characteristics + IMAGE_SCN_MEM_DISCARDABLE # Characteristics #endif # @@ -271,8 +268,7 @@ section_table: .word 0 # NumberOfLineNumbers .long IMAGE_SCN_CNT_CODE | \ IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_EXECUTE | \ - IMAGE_SCN_ALIGN_16BYTES # Characteristics + IMAGE_SCN_MEM_EXECUTE # Characteristics .set section_count, (. - section_table) / 40 #endif /* CONFIG_EFI_STUB */ From patchwork Fri Aug 18 13:44:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136294 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp2605670vqi; Sun, 20 Aug 2023 11:44:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHbGoKimfDw6ojTneAVWQpJ2CiAfe2xYH1Ggz808PqOxmofJE3PsIs4UDzcnmhsjhbwN8fn X-Received: by 2002:a05:6a20:160b:b0:132:f61e:7d41 with SMTP id l11-20020a056a20160b00b00132f61e7d41mr7595831pzj.5.1692557075726; Sun, 20 Aug 2023 11:44:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692557075; cv=none; d=google.com; s=arc-20160816; b=MrBN1w5zgcWpCABN50/aWBeFumJZfCAbkia+t/kFO1fhZHmOyh3DQq4JpV5EjHbMO9 Y5YKdwmPABfGZEewF75tWtrvvn2NF6xjQeLVRkIDj7Q1h+hbwcZDrPwoCm2kBVj9gQoZ JAY257m7O2SoT7ALJagS1rChn7bzS+faTemtGhlGrm/xMGjyyhLa4ml91EaUmB2qUPIF fcbsDnllr0gYaBX0HE0NtSxi0725nprFLqzAk+rUiuWI1dAtLq1dsd3BMTa7Ruaw7O5i wdlwNx74T5+agD4Jbb8Ps7XUrlLF1RtiNJY6JnkIBGuMtcNrJUIL3CbQJOzOxgS2OtHg udzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=T40b4PrpHyaNUFEUcMYCXMrbHpC/ygLiLfIGQCCXEtA=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=QUhIg1f6YR/WYVvV8IZf1SUHh5/Bj9YazBT5SOTVaeK9MHt4Vb8otKBOwMhe8oHPgN iC/wvNqRYxMCSygNOmpgPur4uqdZ+a4FDPFHMu2pp9kLVB4oRNF3YiDYvsewCl2UyXfR cq2ViNZaF+rWGmye2OXTDNAU8VYB+J+Y2TEICreFTS3cEemSEnMJ3p6pec4Sn/T0tWTh ycCEh6lLqS5lO9fY+v7vjru9FHFZU9Yq8giCq53LyAXsnv9V5Uv7v/gNIfSYp1R8PCUI v9YK987aWRpfbrcPoXdGbHGy50WphplzNhapGPq6u2EEbctpykK16Qd5W8jwUTUZq1uY GHtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=C0CB4lSR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id n68-20020a634047000000b00563f8ccc097si5486546pga.780.2023.08.20.11.44.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 20 Aug 2023 11:44:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=C0CB4lSR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7124D409BBC; Sat, 19 Aug 2023 12:25:36 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377286AbjHRNp2 (ORCPT + 99 others); Fri, 18 Aug 2023 09:45:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377289AbjHRNo5 (ORCPT ); Fri, 18 Aug 2023 09:44:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF5A33C2F; Fri, 18 Aug 2023 06:44:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6E1B966DF3; Fri, 18 Aug 2023 13:44:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 036D1C433C8; Fri, 18 Aug 2023 13:44:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366294; bh=7AgmzUMEbQ4q0yWpLInOQxXscQWeFd85vyZx1/xzwk4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=C0CB4lSRoUdKRQc1mqOdIZLJwdcCx/fBMjF813KLDJneWPNDkTDMPnx5HJH5j7Kkw JVRmTD3FpRiIXcyTu0hKouFR4M9YdDFGDqPkcseZk4/VZkAJT4YwIZPrf3Er3I84Oh +DPPdstkV12Ym8PGAM1QzP4ajIhRSahGSHQ5pxuM9OUmiBxveWMDHbaivyg7FEnraO R451STsbKBKupthOluGN8TqVCUS3F2h/8y2K2b+ouhGHV0U8valqscuWLaj15C7iEh AGv3+rKMSpi0HJ3mB++RioNF0Mq/l1OflH8huN/H++djHKEnWrta6CE7vAb+8dtQLm W6lBZWo9B8oEA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 04/17] x86/boot: Remove the 'bugger off' message Date: Fri, 18 Aug 2023 15:44:09 +0200 Message-Id: <20230818134422.380032-5-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2992; i=ardb@kernel.org; h=from:subject; bh=7AgmzUMEbQ4q0yWpLInOQxXscQWeFd85vyZx1/xzwk4=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6Tzz+5EtxvJ5KyctFXv7Yp3ej++sWpVTpi1sv/F76 mt/JvatHaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAi6rIM/2yvtK18c6+zx+D5 rOlc6tmr1BM3/88JP90fpxP1c4kWy1qGfzqH7zHyzIst//ytTn7BVfPpqt+MFt5dfet5kBzLzW9 mkqwA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774774728108996755 X-GMAIL-MSGID: 1774774728108996755 Ancient (pre-2003) x86 kernels could boot from a floppy disk straight from the BIOS, using a small real mode boot stub at the start of the image where the BIOS would expect the boot record (or boot block) to appear. Due to its limitations (kernel size < 1 MiB, no support for IDE, USB or El Torito floppy emulation), this support was dropped, and a Linux aware bootloader is now always required to boot the kernel from a legacy BIOS. To smoothen this transition, the boot stub was not removed entirely, but replaced with one that just prints an error message telling the user to install a bootloader. As it is unlikely that anyone doing direct floppy boot with such an ancient kernel is going to upgrade to v6.5+ and expect that this boot method still works, printing this message is kind of pointless, and so it should be possible to remove the logic that emits it. Let's free up this space so it can be used to expand the PE header in a subsequent patch. Signed-off-by: Ard Biesheuvel Acked-by: H. Peter Anvin (Intel) --- arch/x86/boot/header.S | 49 -------------------- arch/x86/boot/setup.ld | 7 +-- 2 files changed, 4 insertions(+), 52 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 8c8148d751c6d22b..b24fa50a98986945 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -38,64 +38,15 @@ SYSSEG = 0x1000 /* historical load address >> 4 */ .code16 .section ".bstext", "ax" - - .global bootsect_start -bootsect_start: #ifdef CONFIG_EFI_STUB # "MZ", MS-DOS header .word MZ_MAGIC -#endif - - # Normalize the start address - ljmp $BOOTSEG, $start2 - -start2: - movw %cs, %ax - movw %ax, %ds - movw %ax, %es - movw %ax, %ss - xorw %sp, %sp - sti - cld - - movw $bugger_off_msg, %si - -msg_loop: - lodsb - andb %al, %al - jz bs_die - movb $0xe, %ah - movw $7, %bx - int $0x10 - jmp msg_loop - -bs_die: - # Allow the user to press a key, then reboot - xorw %ax, %ax - int $0x16 - int $0x19 - - # int 0x19 should never return. In case it does anyway, - # invoke the BIOS reset code... - ljmp $0xf000,$0xfff0 - -#ifdef CONFIG_EFI_STUB .org 0x38 # # Offset to the PE header. # .long LINUX_PE_MAGIC .long pe_header -#endif /* CONFIG_EFI_STUB */ - - .section ".bsdata", "a" -bugger_off_msg: - .ascii "Use a boot loader.\r\n" - .ascii "\n" - .ascii "Remove disk and press any key to reboot...\r\n" - .byte 0 - -#ifdef CONFIG_EFI_STUB pe_header: .long PE_MAGIC diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld index 49546c247ae25e97..b11c45b9e51ed90e 100644 --- a/arch/x86/boot/setup.ld +++ b/arch/x86/boot/setup.ld @@ -10,10 +10,11 @@ ENTRY(_start) SECTIONS { . = 0; - .bstext : { *(.bstext) } - .bsdata : { *(.bsdata) } + .bstext : { + *(.bstext) + . = 495; + } =0xffffffff - . = 495; .header : { *(.header) } .entrytext : { *(.entrytext) } .inittext : { *(.inittext) } From patchwork Fri Aug 18 13:44:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136283 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp2571405vqi; Sun, 20 Aug 2023 10:11:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHayO3qsEoFNxZqCsqbs2RNu/pdYURbNbfu1cwBre9BHqRM0tuWORhwgI6lb4oCWxg7SR/D X-Received: by 2002:a17:90a:a090:b0:26b:494f:ae5d with SMTP id r16-20020a17090aa09000b0026b494fae5dmr6697116pjp.1.1692551502561; Sun, 20 Aug 2023 10:11:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692551502; cv=none; d=google.com; s=arc-20160816; b=0Rci1bYR+cKXu4LdCACHl8USZ/gnIbuq7lp0iianWQw2u6SjeMAkCDylnoyfBrU1cQ 8mekkugDzRhsj5gT9nqX2iAPRRk7wViepbDRmBjIWu4VrR+IFJLc7zKjgAWwZVy3NsON e4v3Isw5f9tU9hBZ7QudU1P8r+4/g6vYlKtguVrjgLlEA5r/fkePm6Woi7vgeWtZHVWt NEdI6SzwDNao8uO3/q5cYnriB4063qNytQmqNVq85DCrirloiJ7UDEgmRyvK9+3TUWXA U/WQMnROt+9TitI1nVMW4JU8GdKWCiiRwHALDwwrC6qL9t9JWA6Y5SOw2nQD3Tm7Uing tB1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VYuMK9lzweKJYyVPBIpfGheW2P59F458KdgLzTm/k4A=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=ldVKmPqI4y6HwmTu9M64yuDlSDba978m06WY22763Odak1tHiFw3lWkKVWXwx7uyYw IP8jMXAFNUCYSa0DTIdsDkkUZTuwfIBcZmuoUGstY857mNXJOBC2BVtiH/i4TGP54nk6 DlWhufq9Gup2wbefXpPF2x/5u7BHDiLRW1uvT/wVkBEGTw2x4+ahayxnj3fTk30aeRoV 7x5YnVgPoIrUYOxQgTUJ1hZYfxqG7kow0dXCziVqoQYR6JSLh11aQ6UC8y9JsFAsgLGu C74AkfoS6iNoWB/rb/bRWopXzZ2zN/TNIczslAN6C+lfO98DQ5zYRRiVF8jtcyRAqCgZ A3+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ctcKeCje; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x2-20020a17090abc8200b0026b4e68d1a7si7256960pjr.117.2023.08.20.10.11.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 20 Aug 2023 10:11:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ctcKeCje; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 63CB33A780D; Sat, 19 Aug 2023 12:15:20 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377291AbjHRNpa (ORCPT + 99 others); Fri, 18 Aug 2023 09:45:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377303AbjHRNpE (ORCPT ); Fri, 18 Aug 2023 09:45:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21F3E3C3C; Fri, 18 Aug 2023 06:44:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A981B66DF3; Fri, 18 Aug 2023 13:44:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47FA1C433C9; Fri, 18 Aug 2023 13:44:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366298; bh=ZPAhqjwxE/sskeygZ8pPFIw9ZGF696+JeFy5DBEGMD4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ctcKeCjeTqGKSDJnrmhYeHe4bPrMvhKv02wqeQ2slFTSofmQ+O1Ppurfq5CjmFVxu 49/LBYrczUzaT8T2Oemggj+t60L8jpH0MHWwzWsaqEbqtTZzdEON8jU2lQZi6zXPft cyVhBReIJ3TeDmX+xyKVo4eHmnJ+TID/j78yR3c1rtPjvgccQ/dmCioHa+rBy01rXS S8oHBcl/AzRzC1Z19Tb1brqSTPSZjaQMCnwgeHTfJBd6L9SBdawVYw1KHi+vCfUUXe eiS5GSbtARTpz0GlEEAZVLchrLTbpw8SqA6y1ZbvoYYayIzphrCrpnT4sSIHwYCIEx +tWUYa3PtUW8A== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 05/17] x86/boot: Omit compression buffer from PE/COFF image memory footprint Date: Fri, 18 Aug 2023 15:44:10 +0200 Message-Id: <20230818134422.380032-6-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5235; i=ardb@kernel.org; h=from:subject; bh=ZPAhqjwxE/sskeygZ8pPFIw9ZGF696+JeFy5DBEGMD4=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6QLXfr+EHMspFTEpk+Tl4qJ6t8nez/qUKW99R3f7T 1PRZfc6SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwETO32NkeLuCI/4307Tm61c/ lbfP42yansBw5fWUWa9WeEkElryqWM3I8H7ti3r+iG3301UnFt1bdOZoVmXF96WOrqpTpx36v6T qAycA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774768884251526523 X-GMAIL-MSGID: 1774768884251526523 Now that the EFI stub decompresses the kernel and hands over to the decompressed image directly, there is no longer a need to provide a decompression buffer as part of the .BSS allocation of the PE/COFF image. It also means the PE/COFF image can be loaded anywhere in memory, and setting the preferred image base is unnecessary. So drop the handling of this from the header and from the build tool. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 6 +-- arch/x86/boot/tools/build.c | 50 +++----------------- 2 files changed, 8 insertions(+), 48 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index b24fa50a98986945..a87d9133384b0986 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -90,12 +90,10 @@ optional_header: #endif extra_header_fields: - # PE specification requires ImageBase to be 64k aligned - .set image_base, (LOAD_PHYSICAL_ADDR + 0xffff) & ~0xffff #ifdef CONFIG_X86_32 - .long image_base # ImageBase + .long 0 # ImageBase #else - .quad image_base # ImageBase + .quad 0 # ImageBase #endif .long 0x20 # SectionAlignment .long 0x20 # FileAlignment diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index bd247692b70174f0..0354c223e35492b6 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -65,7 +65,6 @@ static unsigned long efi_pe_entry; static unsigned long efi32_pe_entry; static unsigned long kernel_info; static unsigned long startup_64; -static unsigned long _ehead; static unsigned long _end; /*----------------------------------------------------------------------*/ @@ -229,27 +228,14 @@ static void update_pecoff_setup_and_reloc(unsigned int size) #endif } -static void update_pecoff_text(unsigned int text_start, unsigned int file_sz, - unsigned int init_sz) +static void update_pecoff_text(unsigned int text_start, unsigned int file_sz) { unsigned int pe_header; unsigned int text_sz = file_sz - text_start; - unsigned int bss_sz = init_sz - file_sz; + unsigned int bss_sz = _end - text_sz; pe_header = get_unaligned_le32(&buf[0x3c]); - /* - * The PE/COFF loader may load the image at an address which is - * misaligned with respect to the kernel_alignment field in the setup - * header. - * - * In order to avoid relocating the kernel to correct the misalignment, - * add slack to allow the buffer to be aligned within the declared size - * of the image. - */ - bss_sz += CONFIG_PHYSICAL_ALIGN; - init_sz += CONFIG_PHYSICAL_ALIGN; - /* * Size of code: Subtract the size of the first sector (512 bytes) * which includes the header. @@ -257,7 +243,7 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz, put_unaligned_le32(file_sz - 512 + bss_sz, &buf[pe_header + 0x1c]); /* Size of image */ - put_unaligned_le32(init_sz, &buf[pe_header + 0x50]); + put_unaligned_le32(file_sz + bss_sz, &buf[pe_header + 0x50]); /* * Address of entry point for PE/COFF executable @@ -308,8 +294,7 @@ static void efi_stub_entry_update(void) static inline void update_pecoff_setup_and_reloc(unsigned int size) {} static inline void update_pecoff_text(unsigned int text_start, - unsigned int file_sz, - unsigned int init_sz) {} + unsigned int file_sz) {} static inline void efi_stub_defaults(void) {} static inline void efi_stub_entry_update(void) {} @@ -360,7 +345,6 @@ static void parse_zoffset(char *fname) PARSE_ZOFS(p, efi32_pe_entry); PARSE_ZOFS(p, kernel_info); PARSE_ZOFS(p, startup_64); - PARSE_ZOFS(p, _ehead); PARSE_ZOFS(p, _end); p = strchr(p, '\n'); @@ -371,7 +355,7 @@ static void parse_zoffset(char *fname) int main(int argc, char ** argv) { - unsigned int i, sz, setup_sectors, init_sz; + unsigned int i, sz, setup_sectors; int c; u32 sys_size; struct stat sb; @@ -442,31 +426,9 @@ int main(int argc, char ** argv) buf[0x1f1] = setup_sectors-1; put_unaligned_le32(sys_size, &buf[0x1f4]); - init_sz = get_unaligned_le32(&buf[0x260]); -#ifdef CONFIG_EFI_STUB - /* - * The decompression buffer will start at ImageBase. When relocating - * the compressed kernel to its end, we must ensure that the head - * section does not get overwritten. The head section occupies - * [i, i + _ehead), and the destination is [init_sz - _end, init_sz). - * - * At present these should never overlap, because 'i' is at most 32k - * because of SETUP_SECT_MAX, '_ehead' is less than 1k, and the - * calculation of INIT_SIZE in boot/header.S ensures that - * 'init_sz - _end' is at least 64k. - * - * For future-proofing, increase init_sz if necessary. - */ - - if (init_sz - _end < i + _ehead) { - init_sz = (i + _ehead + _end + 4095) & ~4095; - put_unaligned_le32(init_sz, &buf[0x260]); - } -#endif - update_pecoff_text(setup_sectors * 512, i + (sys_size * 16), init_sz); + update_pecoff_text(setup_sectors * 512, i + (sys_size * 16)); efi_stub_entry_update(); - /* Update kernel_info offset. */ put_unaligned_le32(kernel_info, &buf[0x268]); From patchwork Fri Aug 18 13:44:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136108 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1952241vqi; Sat, 19 Aug 2023 03:46:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGX7vm0h7+/DznsBEhqb0NYs7nuU8SZtZ7KnUjCBhGFrXe2To17lXoL3Ori3K50RDfAIXpa X-Received: by 2002:a19:650a:0:b0:4f9:5933:8eea with SMTP id z10-20020a19650a000000b004f959338eeamr902547lfb.3.1692442000102; Sat, 19 Aug 2023 03:46:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692442000; cv=none; d=google.com; s=arc-20160816; b=JeOncM6vNAo0ZNZ/MUXVaSxFr1H/kBABLcTCFUQINkjo2aW/VPbDoIPjGJNLgi5u2M CpMbtJkyPnckm5is+u/Asyx1bz9M16b2HT9NMgkOx01QKzH3qypQSajzNRxI3dPTUKto klfQMnOUNAxxy0RjFoMmTRY9gd1nKBG+SbjCJq1hyTIFJG7CR4VYwqViQec1UJck4u/I oWf1KWwRVgHssJRrNC/xEr5Hx1w+N3tBRJ4GQFeokKVFoWb2zwiw0YhOK4MX9Qvm36uJ 4flGm0Qjpx7y1t3POi8LRqrmvDzTrap+mjk6g4Zq28RoGvP9azZn9MRv0CAtMJTTpQwf uPCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LTL5AEjO2PWH8n4hN60j/N8inHnNmrIL7NtsiPTT0tQ=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=OTWa4Wl/wYct48FLtbZyF2akt5lY+q28etCGW7txoMgNQtHerKauYmobpFBXh18wnr zjCARZOfblHwzDV44vxreymqJyUUTE0gmIJADnGHJoJRPdqOSASPNnFVckYRHKotlQIY MZL1X7i1+7bSmLkfpyrhDQGsjbEh1El5XexWk3lxymcQAig2RNT7iqqXiN76tJzHK4q6 /EXavXDCvuMg9UX9HHsogLVL/OpGE4H1F7Ek/70+IYRESAz8ttYaLk/Ped04WUhvC/Go bV9caCq9GRqSJunXUr8Im8VOQKuuTbptaMYVzhIhHyVDX4i35DtE8L0OYr6djyC5Z8xs O8tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="qLC5PM2/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j5-20020aa7c405000000b0052338778fd6si2821777edq.478.2023.08.19.03.46.14; Sat, 19 Aug 2023 03:46:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="qLC5PM2/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377299AbjHRNpb (ORCPT + 99 others); Fri, 18 Aug 2023 09:45:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377318AbjHRNpJ (ORCPT ); Fri, 18 Aug 2023 09:45:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6912A35A1; Fri, 18 Aug 2023 06:45:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ED2806687F; Fri, 18 Aug 2023 13:45:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 89F9CC433C8; Fri, 18 Aug 2023 13:44:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366301; bh=KXwq9TIexKeoFJMf73ZZ2z1OlZnYPznYgRrnV6bXa4k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qLC5PM2/bd0Na10cgxrtTKAf60DSaGbvPSENzA4JufqgeFKnbPlBPep2ohHyXsnjt NMoruYnpibsCo1qZivVfHLWQBgoFifPqmmOlUD3Bs/GKgQsHr93S5aOmV+ebDMREqC Y+qT+Rwe1GDsPdxorep9HcVw3f4g57ToogKZBzZdUMETk2Nwox2H9cGcRy8hlbXjCP BsNZcOl1fZqWae4nf27aBDLtSAii9YMOduA/2BC1zPbfZj8duOF+Kp53I/KPluGB1E XIbkvf2PqZpl5KnTltr3IxBbx8LXkgNaAfO8M/CNeCjRswXNdQ2DIK8EJkSFTzM7rN n8k4uDkIsheJg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 06/17] x86/boot: Drop redundant code setting the root device Date: Fri, 18 Aug 2023 15:44:11 +0200 Message-Id: <20230818134422.380032-7-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1741; i=ardb@kernel.org; h=from:subject; bh=KXwq9TIexKeoFJMf73ZZ2z1OlZnYPznYgRrnV6bXa4k=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6UKb7y/004Qcrdsz5D5VJLf6Pe7U/rXmwwINuUh76 W3z5n/oKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABM528TwP6184/+gw+me9U4+ N/YdP9Vcb/XBY9H/muPWDAlrn1hKPGP4Z/+z8fvy84w1YdeK9/mbWTZ2J3THLfGScl4oEb0u0+Q /LwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774654062557478182 X-GMAIL-MSGID: 1774654062557478182 The root device defaults to 0,0 and is no longer configurable at build time [0], so there is no need for the build tool to ever write to this field. [0] 079f85e624189292 ("x86, build: Do not set the root_dev field in bzImage") Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index a87d9133384b0986..6059f87b159d0e14 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -236,7 +236,7 @@ root_flags: .word ROOT_RDONLY syssize: .long 0 /* Filled in by build.c */ ram_size: .word 0 /* Obsolete */ vid_mode: .word SVGA_MODE -root_dev: .word 0 /* Filled in by build.c */ +root_dev: .word 0 /* Default to major/minor 0/0 */ boot_flag: .word 0xAA55 # offset 512, entry point diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 0354c223e35492b6..efa4e9c7d7135ba7 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -40,10 +40,6 @@ typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; -#define DEFAULT_MAJOR_ROOT 0 -#define DEFAULT_MINOR_ROOT 0 -#define DEFAULT_ROOT_DEV (DEFAULT_MAJOR_ROOT << 8 | DEFAULT_MINOR_ROOT) - /* Minimal number of setup sectors */ #define SETUP_SECT_MIN 5 #define SETUP_SECT_MAX 64 @@ -399,9 +395,6 @@ int main(int argc, char ** argv) update_pecoff_setup_and_reloc(i); - /* Set the default root device */ - put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]); - /* Open and stat the kernel file */ fd = open(argv[2], O_RDONLY); if (fd < 0) From patchwork Fri Aug 18 13:44:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136070 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1716158vqi; Fri, 18 Aug 2023 15:47:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEFQVI5+GQR4NIBYaMQP00ogFaarY4QYzK76QU5pyx5jlJsGy051kAe/bZyvw/I9bZ+cMt4 X-Received: by 2002:a17:903:22c1:b0:1bf:728:7459 with SMTP id y1-20020a17090322c100b001bf07287459mr632357plg.63.1692398848764; Fri, 18 Aug 2023 15:47:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692398848; cv=none; d=google.com; s=arc-20160816; b=FIIALDailQoqq5c5ys+LE02YwA0BFyRl8O9xjW7GRYslNSNjnLznVECN7/OsrReB+n 7xYwdHe9rfKkXKNjTT3ZWNwyPTfq7K1/cC9WDKGKTCRkDDO7H5pN1+8MhUILxjWOR5zX lLjZGSZyar8ZdkIhQxdwAKMA5Gl+Ruw/J8S+Uhjbo81vjSIT+LF1tpijYnjkIR7oDsMG N8roEmR2q94QMUTBw6XwHgqxDRISRPWfM7nRJG6mBR1ev3ACBlm/WW+lAo4mCOM1ehHh EhWW18FCsLzmqw0pUCO7DGJ/S4nm3tgM0+REu1euS5Y8V6NJKyE0xyR44tzj4WoD+eZK 4vlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CmuKA2g/Vyyd0U8J9Xtey2qOWmtwXJQMUS7ZDeut568=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=HCpnEvKPjVcJZ+mXavL6EEPCdbSLGbdkfzS38Ki3VI83B/pqXDnRgs0BIn0LLtxWRN eti4D6RtTorU3U+Gjbios1Q9FxpiLTBKwGMaqb4lCQdGtMd8Ow1/7T6rhAaQEmVgbDQg rjID4f50TA9/vphmp05+g2JndQSQ6XixM8t+ktvG2Nwh56Beeps6L/p2DIsa5TuJ/VMT 61GjMvUgEXnC30BL+BHsGizPAh+Tgv/He63VDuFeBkymL1UHhv89JIsda+adG7NlDjBi bfnTR2/MGW9Xs4Z2UFK6HA4yWx0bzPJhWuJQYEllEE3t/M3dk5eoN0UW+341pZE8xT+J 5kQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cimQY2u8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n19-20020a170903405300b001bbca0a8393si2164468pla.56.2023.08.18.15.47.05; Fri, 18 Aug 2023 15:47:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cimQY2u8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377336AbjHRNqM (ORCPT + 99 others); Fri, 18 Aug 2023 09:46:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377326AbjHRNpd (ORCPT ); Fri, 18 Aug 2023 09:45:33 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B50B4206; Fri, 18 Aug 2023 06:45:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9DBE461D29; Fri, 18 Aug 2023 13:45:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E6FAC433CA; Fri, 18 Aug 2023 13:45:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366321; bh=SudZY6dM7iSHDEmunRbCEUlfeF/tUhKpZ/EYxjc0s/s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cimQY2u8Md+cTQUQKq3hu/hZRzXj0O6p0yrhV/8Pm0Zdz/d6lG6895KnN5VDtiJLH vl+FnH2uwaHkjq70KugigaTZfboNBBTe+EsXezVPhrdtYCDhv9lYdHDmY8Z4l5f3HK AH3MhsySmoeXYzaEuPEn/qXK2boU9+1HG4c724fWK5HRSpSjTUfUKpXlsoy3xqMBvI i9ZZV1DLk4mfPF4vDUv5/txT41rPx8LACuiBOO/J9ns9eqcKBpdp8JVZf3W6ITKsXk +GLvdTt7EQFOI8gyG/6zazpasv10HbpeIlao/afdMrCVlq2l/s4+7yFQaMVSqSqq8I E8MFhNE3MmaWw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 12/17] x86/boot: Derive file size from _edata symbol Date: Fri, 18 Aug 2023 15:44:17 +0200 Message-Id: <20230818134422.380032-13-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5014; i=ardb@kernel.org; h=from:subject; bh=SudZY6dM7iSHDEmunRbCEUlfeF/tUhKpZ/EYxjc0s/s=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6aob+1L9p4UdjnJby7qOWeLKN9V7gXq7Dyb/sbJ2f dr6IXd5RykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIbz/DfxcX75tSH9IvXeBb cPSnvdD25w27fdju7K3SXlw+oXLmjBCG//5370y5IxObq753knMgz/ct9VXsaxacZ9QuUlvBulK inxsA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774608815351865660 X-GMAIL-MSGID: 1774608815351865660 Tweak the linker script so that the value of _edata represents the decompressor binary's file size rounded up to the appropriate alignment. This removes the need to calculate it in the build tool, and will make it easier to refer to the file size from the header directly in subsequent changes to the PE header layout. While adding _edata to the sed regex that parses the compressed vmlinux's symbol list, tweak the regex a bit for conciseness. Note that the resulting binary is identical (for CONFIG_EFI_STUB=y builds) Signed-off-by: Ard Biesheuvel --- arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/vmlinux.lds.S | 3 ++ arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 30 +++++--------------- 4 files changed, 12 insertions(+), 25 deletions(-) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index be1e8b94c93afa4a..b26e30a2d865f72d 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -90,7 +90,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE SETUP_OBJS = $(addprefix $(obj)/,$(setup-y)) -sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi32_stub_entry\|efi64_stub_entry\|efi_pe_entry\|efi32_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|z_.*\)$$/\#define ZO_\2 0x\1/p' +sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p' quiet_cmd_zoffset = ZOFFSET $@ cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@ diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 4ff6ab1b67d9b336..5326f3b441948c5d 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -47,6 +47,9 @@ SECTIONS _data = . ; *(.data) *(.data.*) + + /* add 4 bytes of extra space for a CRC-32 checksum */ + . = ALIGN(. + 4, 0x20); _edata = . ; } . = ALIGN(L1_CACHE_BYTES); diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index bef9265173757a5a..f1fdffc9d2ca984b 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -237,7 +237,7 @@ sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ hdr: setup_sects: .byte (setup_size / 512) - 1 root_flags: .word ROOT_RDONLY -syssize: .long 0 /* Filled in by build.c */ +syssize: .long ZO__edata / 16 ram_size: .word 0 /* Obsolete */ vid_mode: .word SVGA_MODE root_dev: .word 0 /* Default to major/minor 0/0 */ diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 665ce7241542e475..082c38a097713a2d 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -55,6 +55,7 @@ u8 buf[(SETUP_SECT_NUM+1)*512]; static unsigned long efi_pe_entry; static unsigned long efi32_pe_entry; +static unsigned long _edata; static unsigned long _end; /*----------------------------------------------------------------------*/ @@ -311,6 +312,7 @@ static void parse_zoffset(char *fname) while (p && *p) { PARSE_ZOFS(p, efi_pe_entry); PARSE_ZOFS(p, efi32_pe_entry); + PARSE_ZOFS(p, _edata); PARSE_ZOFS(p, _end); p = strchr(p, '\n'); @@ -323,7 +325,6 @@ int main(int argc, char ** argv) { unsigned int i, sz, setup_sectors; int c; - u32 sys_size; struct stat sb; FILE *file, *dest; int fd; @@ -372,24 +373,14 @@ int main(int argc, char ** argv) die("Unable to open `%s': %m", argv[2]); if (fstat(fd, &sb)) die("Unable to stat `%s': %m", argv[2]); - sz = sb.st_size; + if (_edata != sb.st_size) + die("Unexpected file size `%s': %u != %u", argv[2], _edata, + sb.st_size); + sz = _edata - 4; kernel = mmap(NULL, sz, PROT_READ, MAP_SHARED, fd, 0); if (kernel == MAP_FAILED) die("Unable to mmap '%s': %m", argv[2]); - /* Number of 16-byte paragraphs, including space for a 4-byte CRC */ - sys_size = (sz + 15 + 4) / 16; -#ifdef CONFIG_EFI_STUB - /* - * COFF requires minimum 32-byte alignment of sections, and - * adding a signature is problematic without that alignment. - */ - sys_size = (sys_size + 1) & ~1; -#endif - - /* Patch the setup code with the appropriate size parameters */ - put_unaligned_le32(sys_size, &buf[0x1f4]); - - update_pecoff_text(setup_sectors * 512, i + (sys_size * 16)); + update_pecoff_text(setup_sectors * 512, i + _edata); crc = partial_crc32(buf, i, crc); @@ -401,13 +392,6 @@ int main(int argc, char ** argv) if (fwrite(kernel, 1, sz, dest) != sz) die("Writing kernel failed"); - /* Add padding leaving 4 bytes for the checksum */ - while (sz++ < (sys_size*16) - 4) { - crc = partial_crc32_one('\0', crc); - if (fwrite("\0", 1, 1, dest) != 1) - die("Writing padding failed"); - } - /* Write the CRC */ put_unaligned_le32(crc, buf); if (fwrite(buf, 1, 4, dest) != 4) From patchwork Fri Aug 18 13:44:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136061 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1638356vqi; Fri, 18 Aug 2023 12:54:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHgd3VF9Fn6d/+9j4BStZaTBD3v4GevhiEViP9xU0EnzS+sO/0rgkVsAaILKulegtnzOToS X-Received: by 2002:a17:90a:bc82:b0:26d:1844:c24f with SMTP id x2-20020a17090abc8200b0026d1844c24fmr187316pjr.47.1692388453091; Fri, 18 Aug 2023 12:54:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692388453; cv=none; d=google.com; s=arc-20160816; b=Ki3qoIjcYeHKIuTM0EzbzGb7yfLs1YwO+eRMgaJhXtcDdXY7x0LqlnxxO7diLMq60E dNeuMxyZn2qrowji6TXyIIsDl5U150Jd09yASExI3s1xWDeG5QAyWIg7gEPFzpfSF0mi Gr70SYcQQbsZB/eJMIgGDTBNirqgRtul40gWM2D0A2kshP2ZJYhJgn2v0OnyYSr8pCPS QR1gF7nJKe3HgWhNThdkWLPuOLIMoo0o1m53nUslRLPuYJkTjVVFVU6u0L35V4acpshJ icUmrHi0KCx0Rx1wYIAf6giWfjmCanQlDvGmZYW5m0xB7kXYU+Rck6Dk5YQtl0lZA1T1 j5wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zc/et9UbrMnijHyoPJlTja204Agag7yGEQJQ064UNRQ=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=NYCQ3hDJSuROxTz6EeajrgQwtnz0LHhNl2HfVkcL5Wi3fFaJfS9m+OoQgSyuJ8agVX 8TcLrYo2LbSQidhsiaApfigSxY3vD4nA9i+L48oqU8NUZxZdvX9qh2p6tOSTkhLoIrkG 78XLXyhlwHeoJRZSZHTNO7OHEWv1VHbKR7vd5u1/xlI+bUSSRHQq19slNtxR0pdrPaCm 47U5y1VOQONTtukgSrz5zWQhk9FReBJxUKX1wieasJZ0NrjEf/toC21eWLXlsPJWvR8k AeySlvN44HkHxk5JuSq1EOLPaQtzlz6zhHFTvJw+cdTj5WdMkfvNPHR9+OSSzduotRPP 2ojg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f+aJPIvq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a17090a718200b002691e659560si3672081pjk.163.2023.08.18.12.53.58; Fri, 18 Aug 2023 12:54:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f+aJPIvq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377351AbjHRNqR (ORCPT + 99 others); Fri, 18 Aug 2023 09:46:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377337AbjHRNpe (ORCPT ); Fri, 18 Aug 2023 09:45:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51B404220; Fri, 18 Aug 2023 06:45:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E3C9A61B66; Fri, 18 Aug 2023 13:45:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 80A1FC433CB; Fri, 18 Aug 2023 13:45:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366324; bh=2tNYvCTQETnYKJxzTWyBNXcGaf0lQQ9jGnUVDVr3vNI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f+aJPIvqFwCwaewVyyYQRfsdJYX4ak8lcaMhVlpT35Xer857YFF4dsXSH57MS+kje nt7umP7spkcxjXMyggtRV3HCV+grUyogv3D+rEJRA65Wmixyc6RfE0b9EPcA9pjLZE yGZ0/u2mk6zvFF28oNpyxDF98A5V221w4wRFOBnCSUX+JsKHtIrwcEYqKrA1Sh2QHB ImvGma7PDDOAERURNTcSnke+HRgn82bQDmNhgh2vhP+lxhc8bvzKLjteXJyk4xiY5T B8Yw/qwFCSU1X/SZVfQY3VJpcsfvKUStluPvDKJ4qPjsiWvgFYASX0H94B7NL9JSl5 vMBXUqNsbMQ5A== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 13/17] x86/boot: Construct PE/COFF .text section from assembler Date: Fri, 18 Aug 2023 15:44:18 +0200 Message-Id: <20230818134422.380032-14-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5082; i=ardb@kernel.org; h=from:subject; bh=2tNYvCTQETnYKJxzTWyBNXcGaf0lQQ9jGnUVDVr3vNI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6RqH2xp9W+Z3zdk8uVjXpV4z84p8intW/Ovje/suT fP9J3Oyo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEyk+jjDf/8DhTOTX1mWr1m/ ulr6YPtUH4l1diY94TdVznnOLH0R+oORYdUOxV1/T/++cUBZpPTDGuuUi0krVv5e7vvfWGXhlY+ TD3IAAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774597914491967423 X-GMAIL-MSGID: 1774597914491967423 Now that the size of the setup block is fixed and visible to the assembler, it is possible to populate the PE/COFF header fields from the asm code directly, instead of poking the values into the binary using the build tool. This will make it easier to reorganize the section layout without having to tweak the build tool in lockstep. Note that this change results in no differences in the resulting bzImage binary. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 22 +++------ arch/x86/boot/tools/build.c | 47 -------------------- 2 files changed, 7 insertions(+), 62 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index f1fdffc9d2ca984b..c23c5feef37e55ed 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -79,14 +79,12 @@ optional_header: .byte 0x02 # MajorLinkerVersion .byte 0x14 # MinorLinkerVersion - # Filled in by build.c - .long 0 # SizeOfCode + .long setup_size + ZO__end - 0x200 # SizeOfCode .long 0 # SizeOfInitializedData .long 0 # SizeOfUninitializedData - # Filled in by build.c - .long 0x0000 # AddressOfEntryPoint + .long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint .long 0x0200 # BaseOfCode #ifdef CONFIG_X86_32 @@ -109,10 +107,7 @@ extra_header_fields: .word 0 # MinorSubsystemVersion .long 0 # Win32VersionValue - # - # The size of the bzImage is written in tools/build.c - # - .long 0 # SizeOfImage + .long setup_size + ZO__end # SizeOfImage .long 0x200 # SizeOfHeaders .long 0 # CheckSum @@ -203,18 +198,15 @@ section_table: IMAGE_SCN_MEM_DISCARDABLE # Characteristics #endif - # - # The offset & size fields are filled in by build.c. - # .ascii ".text" .byte 0 .byte 0 .byte 0 - .long 0 - .long 0x0 # startup_{32,64} - .long 0 # Size of initialized data + .long ZO__end + .long setup_size + .long ZO__edata # Size of initialized data # on disk - .long 0x0 # startup_{32,64} + .long setup_size .long 0 # PointerToRelocations .long 0 # PointerToLineNumbers .word 0 # NumberOfRelocations diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 082c38a097713a2d..6b6282a96c6ab24d 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -53,10 +53,8 @@ u8 buf[(SETUP_SECT_NUM+1)*512]; #define PECOFF_COMPAT_RESERVE 0x0 #endif -static unsigned long efi_pe_entry; static unsigned long efi32_pe_entry; static unsigned long _edata; -static unsigned long _end; /*----------------------------------------------------------------------*/ @@ -219,32 +217,6 @@ static void update_pecoff_setup_and_reloc(unsigned int size) #endif } -static void update_pecoff_text(unsigned int text_start, unsigned int file_sz) -{ - unsigned int pe_header; - unsigned int text_sz = file_sz - text_start; - unsigned int bss_sz = _end - text_sz; - - pe_header = get_unaligned_le32(&buf[0x3c]); - - /* - * Size of code: Subtract the size of the first sector (512 bytes) - * which includes the header. - */ - put_unaligned_le32(file_sz - 512 + bss_sz, &buf[pe_header + 0x1c]); - - /* Size of image */ - put_unaligned_le32(file_sz + bss_sz, &buf[pe_header + 0x50]); - - /* - * Address of entry point for PE/COFF executable - */ - put_unaligned_le32(text_start + efi_pe_entry, &buf[pe_header + 0x28]); - - update_pecoff_section_header_fields(".text", text_start, text_sz + bss_sz, - text_sz, text_start); -} - static int reserve_pecoff_reloc_section(int c) { /* Reserve 0x20 bytes for .reloc section */ @@ -252,22 +224,9 @@ static int reserve_pecoff_reloc_section(int c) return PECOFF_RELOC_RESERVE; } -static void efi_stub_defaults(void) -{ - /* Defaults for old kernel */ -#ifdef CONFIG_X86_32 - efi_pe_entry = 0x10; -#else - efi_pe_entry = 0x210; -#endif -} - #else static inline void update_pecoff_setup_and_reloc(unsigned int size) {} -static inline void update_pecoff_text(unsigned int text_start, - unsigned int file_sz) {} -static inline void efi_stub_defaults(void) {} static inline int reserve_pecoff_reloc_section(int c) { @@ -310,10 +269,8 @@ static void parse_zoffset(char *fname) p = (char *)buf; while (p && *p) { - PARSE_ZOFS(p, efi_pe_entry); PARSE_ZOFS(p, efi32_pe_entry); PARSE_ZOFS(p, _edata); - PARSE_ZOFS(p, _end); p = strchr(p, '\n'); while (p && (*p == '\r' || *p == '\n')) @@ -331,8 +288,6 @@ int main(int argc, char ** argv) void *kernel; u32 crc = 0xffffffffUL; - efi_stub_defaults(); - if (argc != 5) usage(); parse_zoffset(argv[3]); @@ -380,8 +335,6 @@ int main(int argc, char ** argv) kernel = mmap(NULL, sz, PROT_READ, MAP_SHARED, fd, 0); if (kernel == MAP_FAILED) die("Unable to mmap '%s': %m", argv[2]); - update_pecoff_text(setup_sectors * 512, i + _edata); - crc = partial_crc32(buf, i, crc); if (fwrite(buf, 1, i, dest) != i) From patchwork Fri Aug 18 13:44:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136056 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1631817vqi; Fri, 18 Aug 2023 12:40:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGM6gELAhRKnLokJPgJyHuHNNN6A7Mlf7hksDaCRK0C0YQ14P4Whh1lkbtPWRAzLD9CyPwh X-Received: by 2002:a17:906:311b:b0:99d:6b79:6ed1 with SMTP id 27-20020a170906311b00b0099d6b796ed1mr118292ejx.55.1692387606548; Fri, 18 Aug 2023 12:40:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692387606; cv=none; d=google.com; s=arc-20160816; b=ybMXlheVEblyohgTWSBMxQCZpdkeVb5Sn/E/cYRNOwDwxbdaoOAC3qRKHqQoIiS2S1 Tg+dGxIQMkjQYgWaL1YurDjLtlfiwtw/toXMH9V9jxjpJo9XQIoJsoqzV2qAswGOu0rg UMobTA/4qiQ7WhY0cHAgKjCUdGVx8kPBy74RLNwe66U182jHMgio2kOXXVHiszn4snLw BqFJ0GwnE7ty2jUjf6WEP4fqZl/rhkqI53UjPH/Qdk4EkGcpDDdAJ7svt/lJia1E0LhR EvFhuH6yRh6N9/c3s86TxOOoSM/pdfckS1aJUGQPineeMf4wwZkVzzgxMdlZwuOVz2tk Jr6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Cvi9Pjg0p6+K0AnnAC6MpibEu0xLOnjNgnjm7H/bjUA=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=vyT+C9loueS1zeHy/MERvxhPtwBvCApB5G4o/SWS+hIDDrdHMxCfijRh4GlE6AZ9pJ GobntPKhCls0j6RlU5Bv+VVFYG54QB+XjPbENK+A42s2B665Wbcn7PYKhoHjeIv/n6/N bTlhfhx+vi1iTL/A5Rw03sbGh2P4wRmrwBMCy4bvSrmhL8btw2jIA5LTbmNvOLbXeRZR ecALHsrZPDUKDf4Fr7wiX36bQftCJGERPDctnizkl1ijdi5PUrq5GvnCDYTflM4RB7Ci kv6jOSx2H9y+XlqLNZZT8u9JIWZWQqc7+bTXDevzuAzMWXl/SkTfbDLLvsdf6AdRjbQQ sqyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y5jQQ1r0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r21-20020a170906a21500b0099caa5368easi1971613ejy.462.2023.08.18.12.39.36; Fri, 18 Aug 2023 12:40:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y5jQQ1r0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377356AbjHRNqT (ORCPT + 99 others); Fri, 18 Aug 2023 09:46:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377349AbjHRNpf (ORCPT ); Fri, 18 Aug 2023 09:45:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F45D4229; Fri, 18 Aug 2023 06:45:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 372BE60F45; Fri, 18 Aug 2023 13:45:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4782C433C7; Fri, 18 Aug 2023 13:45:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366327; bh=qP277qhLgzUM7xLfNEHA2KtyZSQajU/8gNGhoczKCNU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Y5jQQ1r0XnlB1X+scrqBdqKpUVl7fIgolmkGJKwh9Vr+kzEzOj3NHAH1TDZa+FcfC 12JV7ea5LOUVn3irW9PuVQhsz5e0wvxXhznwmhey5RmoO6Bk6JgjH6yc8KibA92uwf HWTZLzSLNFO6pDp1KESRlYhXWO6BRWDXHYCam/Bp7wrXvfHqPQrZHEKEPjzDb2M60C qn7q6nHcJD/PP9jhv7Iw/aNx9rJRsK2YMYMkVrojW66EwOOq9eKctShnwk/OHDjUyM iuLDp17XxNboxY+6NHxvSdFzmzCFjsuDAkrHIN3sMuOTJpthN9TUHVpUTqUjSn8U9n 031aI9YS89KPQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 14/17] x86/boot: Drop PE/COFF .reloc section Date: Fri, 18 Aug 2023 15:44:19 +0200 Message-Id: <20230818134422.380032-15-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4068; i=ardb@kernel.org; h=from:subject; bh=qP277qhLgzUM7xLfNEHA2KtyZSQajU/8gNGhoczKCNU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6Vr+peb/F52Qf3dWb15c1Tx2/r/n19vX1r44fOvwQ dVv/ziUOkpZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBE8iQY/so5fv1f3BmivW5y kHFCzH+b1qDzfOUpjdWsrSddWSLuvWT4Xxq+LcYg8/Kttgvy12P6C2e+jpwhm8LyLvhzTHD/irs h7AA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774597027000385364 X-GMAIL-MSGID: 1774597027000385364 Ancient buggy EFI loaders may have required a .reloc section to be present at some point in time, but this has not been true for a long time so the .reloc section can just be dropped. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/header.S | 20 ----------- arch/x86/boot/tools/build.c | 35 +++----------------- 2 files changed, 5 insertions(+), 50 deletions(-) diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index c23c5feef37e55ed..ccfb7a7d8c29275e 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -159,26 +159,6 @@ section_table: IMAGE_SCN_MEM_READ | \ IMAGE_SCN_MEM_EXECUTE # Characteristics - # - # The EFI application loader requires a relocation section - # because EFI applications must be relocatable. The .reloc - # offset & size fields are filled in by build.c. - # - .ascii ".reloc" - .byte 0 - .byte 0 - .long 0 - .long 0 - .long 0 # SizeOfRawData - .long 0 # PointerToRawData - .long 0 # PointerToRelocations - .long 0 # PointerToLineNumbers - .word 0 # NumberOfRelocations - .word 0 # NumberOfLineNumbers - .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ - IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_DISCARDABLE # Characteristics - #ifdef CONFIG_EFI_MIXED # # The offset & size fields are filled in by build.c. diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 6b6282a96c6ab24d..08065c333b482174 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -45,8 +45,6 @@ typedef unsigned int u32; /* This must be large enough to hold the entire setup */ u8 buf[(SETUP_SECT_NUM+1)*512]; -#define PECOFF_RELOC_RESERVE 0x20 - #ifdef CONFIG_EFI_MIXED #define PECOFF_COMPAT_RESERVE 0x20 #else @@ -183,24 +181,13 @@ static void update_pecoff_section_header(char *section_name, u32 offset, u32 siz update_pecoff_section_header_fields(section_name, offset, size, size, offset); } -static void update_pecoff_setup_and_reloc(unsigned int size) +static void update_pecoff_setup(unsigned int size) { u32 setup_offset = 0x200; - u32 reloc_offset = size - PECOFF_RELOC_RESERVE - PECOFF_COMPAT_RESERVE; -#ifdef CONFIG_EFI_MIXED - u32 compat_offset = reloc_offset + PECOFF_RELOC_RESERVE; -#endif - u32 setup_size = reloc_offset - setup_offset; + u32 compat_offset = size - PECOFF_COMPAT_RESERVE; + u32 setup_size = compat_offset - setup_offset; update_pecoff_section_header(".setup", setup_offset, setup_size); - update_pecoff_section_header(".reloc", reloc_offset, PECOFF_RELOC_RESERVE); - - /* - * Modify .reloc section contents with a single entry. The - * relocation is applied to offset 10 of the relocation section. - */ - put_unaligned_le32(reloc_offset + 10, &buf[reloc_offset]); - put_unaligned_le32(10, &buf[reloc_offset + 4]); #ifdef CONFIG_EFI_MIXED update_pecoff_section_header(".compat", compat_offset, PECOFF_COMPAT_RESERVE); @@ -217,21 +204,10 @@ static void update_pecoff_setup_and_reloc(unsigned int size) #endif } -static int reserve_pecoff_reloc_section(int c) -{ - /* Reserve 0x20 bytes for .reloc section */ - memset(buf+c, 0, PECOFF_RELOC_RESERVE); - return PECOFF_RELOC_RESERVE; -} - #else -static inline void update_pecoff_setup_and_reloc(unsigned int size) {} +static inline void update_pecoff_setup(unsigned int size) {} -static inline int reserve_pecoff_reloc_section(int c) -{ - return 0; -} #endif /* CONFIG_EFI_STUB */ static int reserve_pecoff_compat_section(int c) @@ -310,7 +286,6 @@ int main(int argc, char ** argv) fclose(file); c += reserve_pecoff_compat_section(c); - c += reserve_pecoff_reloc_section(c); /* Pad unused space with zeros */ setup_sectors = (c + 511) / 512; @@ -320,7 +295,7 @@ int main(int argc, char ** argv) i = setup_sectors*512; memset(buf+c, 0, i-c); - update_pecoff_setup_and_reloc(i); + update_pecoff_setup(i); /* Open and stat the kernel file */ fd = open(argv[2], O_RDONLY); From patchwork Fri Aug 18 13:44:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136121 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp1972719vqi; Sat, 19 Aug 2023 04:40:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrWLI1pbQfDtWZg0C1eDLboDrBVq9CwH8ibOzbfU6uodecIgoKW78yZDUM/1PyC2NNAyLp X-Received: by 2002:a17:903:22c8:b0:1bd:f1a7:8285 with SMTP id y8-20020a17090322c800b001bdf1a78285mr1590065plg.1.1692445212142; Sat, 19 Aug 2023 04:40:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692445212; cv=none; d=google.com; s=arc-20160816; b=NEeEFPYXocHVmtPFW+HFtLoGRHF5njLMgWO60xu52KFydp7vV0+BP4/IwWMarAAoi6 lKX0kLvUnoDjmyTy2bSP06ZhnTt8k+rbDXMRCpkGiL8/O7m/VwNigIqrh8cv5dhkgyMm 7BSfjAVrzcaTIHsCfQnZSO6g7VVIk1SdKY7cEFGnk1g9hj42GG/EwzbyM5JuIFinqGfk Ijim7mWa83SS4mLJJCrnPeRil7qnLqMSf3NLFemecaJIIekAr9Ic0kezb8pT5aoGrDsS a08Imrco2rthiWvEKqP9PwNKsImTyW/FCuQRHJfo7JZrEH9cSDoNonffoqbLOzBfaxQu LAXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3LL+5MeGdQzWdUJclwusq+MSQgOATrQk2MRa0x/Eow0=; fh=2K0cnVWNN/lSoXOQ2Jt2UifFp/1e7O4elwn57wGf9gU=; b=KX2al5gxE2CbltHugxLZmvyhKBevB1QiuRTubSqqj9YFTuatt0nlyUmo5f+Vra1SCb 1+A+TLgieSjXOfvXt4b8JgDjBztE0L722zeJZdkd+vbTZcb71RvuKtTcb0fDE3a+IdpS 4NvIZ76p4upl5DfrDnEu6FRIXcrfKWuzzT/vX2tCnEyVBYGAUe1obz45crp+zJSniSAG OZwZYM6klM1LjDASUXQxTTmE/mflJtNoIpaU09TFDaJ+j+uW+jGhVNPHNzrxIfBpmlLH xRvyTwuhLySpJHhoSsatnOYugLsTBzd1wEuISjjEO7iDpOp4Sd4IclWm+8dPLAwFtv6k nMMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qfTuC2lg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id kv4-20020a17090328c400b001b8039317cesi3152939plb.301.2023.08.19.04.40.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Aug 2023 04:40:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qfTuC2lg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 73D646B5C6; Sat, 19 Aug 2023 01:34:51 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377378AbjHRNqW (ORCPT + 99 others); Fri, 18 Aug 2023 09:46:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377405AbjHRNpo (ORCPT ); Fri, 18 Aug 2023 09:45:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 586A24217; Fri, 18 Aug 2023 06:45:35 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C207F616E0; Fri, 18 Aug 2023 13:45:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5EDDCC433C8; Fri, 18 Aug 2023 13:45:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366334; bh=EJx0d6hkMvf7DTB/18tohg9RjVBeeiAwdn4lnoe+9vU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qfTuC2lgbbebu7X5PLd9wg3ChTBLD4D4SxwbP7cG3W69ZLFrOnqTtGRQBFcisGqeS im9i3pzU19p0F/N+YLGROGgTyd07znixgLCxVO93sd7zLfA4hh0w1q4udSsLQKOXx9 cnJxROBOblqrP16kP2/cUaNMei+m5B53euzOCxx9YzaGINNQEkOCV/BYSsLts++YeW KswmyLM0aJ7sYjGTDtz04z1bEHXL5HHO54LK+3wfiiqbpaWp2wbO3f2r/v/yzksHce sQsjX+MonIfCP4GXekE4zSFiieFm/FYbegydfPJ2y9TdaNbzgfizaD+dagGXMrE0+w L0Cc7rpZsm5SQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 16/17] x86/boot: Increase section and file alignment to 4k/512 Date: Fri, 18 Aug 2023 15:44:21 +0200 Message-Id: <20230818134422.380032-17-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=10918; i=ardb@kernel.org; h=from:subject; bh=EJx0d6hkMvf7DTB/18tohg9RjVBeeiAwdn4lnoe+9vU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6cbAdauqvzz80XdHxpV/Tk2JmXsD/6ms4qwPzgtKV Ho2zF/QUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyeCIjw3Lxuyzi18qqe/kj tCTUv66VendjGXsswwr2U6s4Cyx1mhkZjh3L+PJm8tmft3lEf5941FCV+eb3xA33jdpt0hcK/J7 oxAAA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774657430521024850 X-GMAIL-MSGID: 1774657430521024850 Align x86 with other EFI architectures, and increase the section alignment to the EFI page size (4k), so that firmware is able to honour the section permission attributes and map code read-only and data non-executable. There are a number of requirements that have to be taken into account: - the sign tools get cranky when there are gaps between sections in the file view of the image - the virtual offset of each section must be aligned to the image's section alignment - the file offset *and size* of each section must be aligned to the image's file alignment - the image size must be aligned to the section alignment - each section's virtual offset must be greater than or equal to the size of the headers. In order to meet all these requirements, while avoiding the need for lots of padding the accommodate the .pecompat section, the latter is placed at an arbitrary offset >= 4k in the image, but aligned to the minimum file alignment (512 bytes). The space before the .text section is therefore distributed between the PE header, the .setup section and the .pecompat section, leaving no gaps in the file coverage, making the signing tools happy. The virtual placement of the .pecompat section is at the end of the image. Whether or not the data gets loaded there depends on how the PE loader interprets the EFI_IMAGE_SCN_MEM_DISCARDABLE section attribute, but this doesn't really matter as the contents are only relevant to mixed mode capable PE loaders anyway. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/vmlinux.lds.S | 4 +- arch/x86/boot/header.S | 81 +++++++++-------- arch/x86/boot/setup.ld | 3 +- arch/x86/boot/tools/build.c | 91 -------------------- 5 files changed, 51 insertions(+), 129 deletions(-) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index 50c50fce646e2417..18548e351ffb4867 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -68,6 +68,7 @@ targets += cpustr.h KBUILD_CFLAGS := $(REALMODE_CFLAGS) -D_SETUP KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) +KBUILD_CFLAGS += $(call cc-option,-Oz) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables KBUILD_CFLAGS += $(call cc-option,-Oz) GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 5326f3b441948c5d..3df57cdf500375f2 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -43,13 +43,13 @@ SECTIONS *(.rodata.*) _erodata = . ; } - .data : { + .data : ALIGN(0x1000) { _data = . ; *(.data) *(.data.*) /* add 4 bytes of extra space for a CRC-32 checksum */ - . = ALIGN(. + 4, 0x20); + . = ALIGN(. + 4, 0x200); _edata = . ; } . = ALIGN(L1_CACHE_BYTES); diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 25dda40dacb52292..695ce5344350a4db 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -40,6 +40,9 @@ SYSSEG = 0x1000 /* historical load address >> 4 */ .globl setup_size .set setup_size, 0x4000 + .set salign, 0x1000 + .set falign, 0x200 + .code16 .section ".bstext", "ax" #ifdef CONFIG_EFI_STUB @@ -86,7 +89,7 @@ optional_header: .long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint - .long 0x0200 # BaseOfCode + .long setup_size # BaseOfCode #ifdef CONFIG_X86_32 .long 0 # data #endif @@ -97,8 +100,8 @@ extra_header_fields: #else .quad 0 # ImageBase #endif - .long 0x20 # SectionAlignment - .long 0x20 # FileAlignment + .long salign # SectionAlignment + .long falign # FileAlignment .word 0 # MajorOperatingSystemVersion .word 0 # MinorOperatingSystemVersion .word LINUX_EFISTUB_MAJOR_VERSION # MajorImageVersion @@ -107,9 +110,10 @@ extra_header_fields: .word 0 # MinorSubsystemVersion .long 0 # Win32VersionValue - .long setup_size + ZO__end # SizeOfImage + .long setup_size + ZO__end + pecompat_vsize + # SizeOfImage - .long 0x200 # SizeOfHeaders + .long salign # SizeOfHeaders .long 0 # CheckSum .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) #ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES @@ -140,44 +144,51 @@ extra_header_fields: # Section table section_table: - # - # The offset & size fields are filled in by build.c. - # .ascii ".setup" .byte 0 .byte 0 - .long 0 - .long 0x0 # startup_{32,64} - .long 0 # Size of initialized data - # on disk - .long 0x0 # startup_{32,64} - .long 0 # PointerToRelocations - .long 0 # PointerToLineNumbers - .word 0 # NumberOfRelocations - .word 0 # NumberOfLineNumbers - .long IMAGE_SCN_CNT_CODE | \ - IMAGE_SCN_MEM_READ | \ - IMAGE_SCN_MEM_EXECUTE # Characteristics + .long setup_size - salign # VirtualSize + .long salign # VirtualAddress + .long pecompat_fstart - salign # SizeOfRawData + .long salign # PointerToRawData -#ifdef CONFIG_EFI_MIXED - # - # The offset & size fields are filled in by build.c. - # - .asciz ".compat" - .long 0 - .long 0x0 - .long 0 # Size of initialized data - # on disk - .long 0x0 - .long 0 # PointerToRelocations - .long 0 # PointerToLineNumbers - .word 0 # NumberOfRelocations - .word 0 # NumberOfLineNumbers + .long 0, 0, 0 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ IMAGE_SCN_MEM_READ | \ IMAGE_SCN_MEM_DISCARDABLE # Characteristics -#endif +#ifdef CONFIG_EFI_MIXED + .asciz ".compat" + + .long 8 # VirtualSize + .long setup_size + ZO__end # VirtualAddress + .long pecompat_fsize # SizeOfRawData + .long pecompat_fstart # PointerToRawData + + .long 0, 0, 0 + .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ + IMAGE_SCN_MEM_READ | \ + IMAGE_SCN_MEM_DISCARDABLE # Characteristics + + /* + * Put the IA-32 machine type and the associated entry point address in + * the .compat section, so loaders can figure out which other execution + * modes this image supports. + */ + .pushsection ".pecompat", "a", @progbits + .balign falign + .set pecompat_vsize, salign + .globl pecompat_fstart +pecompat_fstart: + .byte 0x1 # version + .byte 8 # size + .word IMAGE_FILE_MACHINE_I386 # PE machine type + .long setup_size + ZO_efi32_pe_entry # entrypoint + .popsection +#else + .set pecompat_vsize, 0 + .set pecompat_fstart, setup_size +#endif .ascii ".text" .byte 0 .byte 0 diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld index f1c14616cd80390d..e44750db4b1f2e55 100644 --- a/arch/x86/boot/setup.ld +++ b/arch/x86/boot/setup.ld @@ -25,7 +25,8 @@ SECTIONS .text32 : { *(.text32) } . = ALIGN(16); - .rodata : { *(.rodata*) } + .rodata : { *(.pecompat) *(.rodata*) } + PROVIDE(pecompat_fsize = setup_size - pecompat_fstart); .videocards : { video_cards = .; diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 08065c333b482174..bc2585df100572bc 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -45,13 +45,6 @@ typedef unsigned int u32; /* This must be large enough to hold the entire setup */ u8 buf[(SETUP_SECT_NUM+1)*512]; -#ifdef CONFIG_EFI_MIXED -#define PECOFF_COMPAT_RESERVE 0x20 -#else -#define PECOFF_COMPAT_RESERVE 0x0 -#endif - -static unsigned long efi32_pe_entry; static unsigned long _edata; /*----------------------------------------------------------------------*/ @@ -138,85 +131,6 @@ static void usage(void) die("Usage: build setup system zoffset.h image"); } -#ifdef CONFIG_EFI_STUB - -static void update_pecoff_section_header_fields(char *section_name, u32 vma, u32 size, u32 datasz, u32 offset) -{ - unsigned int pe_header; - unsigned short num_sections; - u8 *section; - - pe_header = get_unaligned_le32(&buf[0x3c]); - num_sections = get_unaligned_le16(&buf[pe_header + 6]); - -#ifdef CONFIG_X86_32 - section = &buf[pe_header + 0xa8]; -#else - section = &buf[pe_header + 0xb8]; -#endif - - while (num_sections > 0) { - if (strncmp((char*)section, section_name, 8) == 0) { - /* section header size field */ - put_unaligned_le32(size, section + 0x8); - - /* section header vma field */ - put_unaligned_le32(vma, section + 0xc); - - /* section header 'size of initialised data' field */ - put_unaligned_le32(datasz, section + 0x10); - - /* section header 'file offset' field */ - put_unaligned_le32(offset, section + 0x14); - - break; - } - section += 0x28; - num_sections--; - } -} - -static void update_pecoff_section_header(char *section_name, u32 offset, u32 size) -{ - update_pecoff_section_header_fields(section_name, offset, size, size, offset); -} - -static void update_pecoff_setup(unsigned int size) -{ - u32 setup_offset = 0x200; - u32 compat_offset = size - PECOFF_COMPAT_RESERVE; - u32 setup_size = compat_offset - setup_offset; - - update_pecoff_section_header(".setup", setup_offset, setup_size); - -#ifdef CONFIG_EFI_MIXED - update_pecoff_section_header(".compat", compat_offset, PECOFF_COMPAT_RESERVE); - - /* - * Put the IA-32 machine type (0x14c) and the associated entry point - * address in the .compat section, so loaders can figure out which other - * execution modes this image supports. - */ - buf[compat_offset] = 0x1; - buf[compat_offset + 1] = 0x8; - put_unaligned_le16(0x14c, &buf[compat_offset + 2]); - put_unaligned_le32(efi32_pe_entry + size, &buf[compat_offset + 4]); -#endif -} - -#else - -static inline void update_pecoff_setup(unsigned int size) {} - -#endif /* CONFIG_EFI_STUB */ - -static int reserve_pecoff_compat_section(int c) -{ - /* Reserve 0x20 bytes for .compat section */ - memset(buf+c, 0, PECOFF_COMPAT_RESERVE); - return PECOFF_COMPAT_RESERVE; -} - /* * Parse zoffset.h and find the entry points. We could just #include zoffset.h * but that would mean tools/build would have to be rebuilt every time. It's @@ -245,7 +159,6 @@ static void parse_zoffset(char *fname) p = (char *)buf; while (p && *p) { - PARSE_ZOFS(p, efi32_pe_entry); PARSE_ZOFS(p, _edata); p = strchr(p, '\n'); @@ -285,8 +198,6 @@ int main(int argc, char ** argv) die("Boot block hasn't got boot flag (0xAA55)"); fclose(file); - c += reserve_pecoff_compat_section(c); - /* Pad unused space with zeros */ setup_sectors = (c + 511) / 512; if (setup_sectors > SETUP_SECT_NUM) @@ -295,8 +206,6 @@ int main(int argc, char ** argv) i = setup_sectors*512; memset(buf+c, 0, i-c); - update_pecoff_setup(i); - /* Open and stat the kernel file */ fd = open(argv[2], O_RDONLY); if (fd < 0)