From patchwork Sun Sep 17 18:12:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 141194 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp2284155vqi; Sun, 17 Sep 2023 13:10:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEiCTGhMhhuGYhsCEavlrA/IchuNz14tS0L1FSN0qwu1WGSZeF/XpSkxCVP06PUldZDUE5N X-Received: by 2002:a05:6a00:178e:b0:68a:69ba:6791 with SMTP id s14-20020a056a00178e00b0068a69ba6791mr7388258pfg.8.1694981440126; Sun, 17 Sep 2023 13:10:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694981440; cv=none; d=google.com; s=arc-20160816; b=B/fiwCpa5LuisN9hCuzBypTbuxjBlxJwE8E1XUv2oo6dJPP4FPUIBClO+Lfo0QB0nn xeeVg/2rv4iu441JZzrdUix+gksvRI590JhvAdIOM+FZ+mEOK0jRjuvBSXTddtQmh+u7 0tVUF08gj+fMHwt4DGwwVUXc+m8W6rB7xWlmIvIRKVquTEnBSY+JI8zsDvtn6fGeaLbb +RcQp2bhXRMuwZPMaV7ldt/1xNYFiVAum25r8aX15hgDyGOKdSNCNS8ZoNu9Rrq0Gmak Pc4x9/3Ozrz8CWrXE8p3f246QusdrQNrJzvJXGMBGLqeVNswYRx4VsNFjcbro6eHJOZq x5tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=JfJMaa8naCteY7tF1ftfRkzpZUEx4EL9oXimasrpX/8=; fh=mh/EFXDyWz6SYA4qEbcbMgOZ07AT4DlRJonTEXgTb50=; b=Cvik165uZ3IaJmSZLDp5shzKpHAVguJB4Qubf8jphnO98GJNgYsICrKIOIR/V9NUuf 6ogFlU16fOZF7kW6MSUsDViZuQG9MYyIDfssZxwdG1Clr9jybg7pYuzmihGopB5P3qHh 3n+K7J0dE1Iwa6CHelkU7kFp+sbsOKPz9EAGSeeHPy07dfQtAbCfXS4MmdhjiYTgegut PqHgia/M/Si7aFt27bGA1mEqtSLgN5hykfzAznJsf885Ptriw9myPGVMzf5yPzsB6T3B WyTrzK785EnwpLO3PACbzznN6pIPtu8qcyxTMMjU6v0Hu21Qd4XErbSLrGYa/YCciDc9 eP3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=FYEbP67k; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=4cZ+ujD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id by7-20020a056a00400700b006903fc94799si5335054pfb.319.2023.09.17.13.10.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Sep 2023 13:10:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=FYEbP67k; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=4cZ+ujD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 900C3809B089; Sun, 17 Sep 2023 11:15:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238377AbjIQSNN (ORCPT + 28 others); Sun, 17 Sep 2023 14:13:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238110AbjIQSM6 (ORCPT ); Sun, 17 Sep 2023 14:12:58 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 180EB137; Sun, 17 Sep 2023 11:12:52 -0700 (PDT) Date: Sun, 17 Sep 2023 18:12:49 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694974370; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JfJMaa8naCteY7tF1ftfRkzpZUEx4EL9oXimasrpX/8=; b=FYEbP67kEtEnE534M0aSBewYHmvhMjVh1sxNQ/HcWUo6KqJjqngvlYFbgjkBS4tBXfX7hV exAn2SKXV9b5SzkNBkfE7l3EVV5mGi6sv/JOFUrPOUwZ4QyZfTwLDeEj3pixqxTKY88+wi L9fNkGodzglfJj65wnHS0VnYI2VW9R3+6Zmj2Hjy3YGGTu3z0CoOqzHoDS8gViveu5sb5m KbusKK+16k1D1WABHvhrjETA7uIwu2NKJSSnTtBgbZNfo1F3MU/GurqkpgcVQ8JYtsXmbq iL6cuErytM+AG7LUIICFYFvgxEJk8PsdnIERrFN1fcgIxImWJ47dtMEWteyT2w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694974370; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JfJMaa8naCteY7tF1ftfRkzpZUEx4EL9oXimasrpX/8=; b=4cZ+ujD3d6wGS6yaoBEk5OzY7iR1pEAjRvbPLFA29fkNgZY3VDwEdQmcMqPJUuiIe7rAEX pV07oSGiNCZtPkDg== From: "tip-bot2 for Ard Biesheuvel" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/boot] x86/boot: Split off PE/COFF .data section Cc: Ard Biesheuvel , Ingo Molnar , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230915171623.655440-17-ardb@google.com> References: <20230915171623.655440-17-ardb@google.com> MIME-Version: 1.0 Message-ID: <169497436951.27769.6427183545577829758.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sun, 17 Sep 2023 11:15:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777137070178872462 X-GMAIL-MSGID: 1777316858582099211 The following commit has been merged into the x86/boot branch of tip: Commit-ID: 34951f3c28bdf6481d949a20413b2ce7693687b2 Gitweb: https://git.kernel.org/tip/34951f3c28bdf6481d949a20413b2ce7693687b2 Author: Ard Biesheuvel AuthorDate: Fri, 15 Sep 2023 17:16:31 Committer: Ingo Molnar CommitterDate: Sun, 17 Sep 2023 19:48:43 +02:00 x86/boot: Split off PE/COFF .data section Describe the code and data of the decompressor binary using separate .text and .data PE/COFF sections, so that we will be able to map them using restricted permissions once we increase the section and file alignment sufficiently. This avoids the need for memory mappings that are writable and executable at the same time, which is something that is best avoided for security reasons. Signed-off-by: Ard Biesheuvel Signed-off-by: Ingo Molnar Link: https://lore.kernel.org/r/20230915171623.655440-17-ardb@google.com --- arch/x86/boot/Makefile | 2 +- arch/x86/boot/header.S | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index cc04917..3cece19 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -89,7 +89,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE SETUP_OBJS = $(addprefix $(obj)/,$(setup-y)) -sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p' +sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p' quiet_cmd_zoffset = ZOFFSET $@ cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@ diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 9e9641e..a1f9861 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -75,9 +75,9 @@ optional_header: .byte 0x02 # MajorLinkerVersion .byte 0x14 # MinorLinkerVersion - .long setup_size + ZO__end - 0x200 # SizeOfCode + .long ZO__data # SizeOfCode - .long 0 # SizeOfInitializedData + .long ZO__end - ZO__data # SizeOfInitializedData .long 0 # SizeOfUninitializedData .long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint @@ -178,9 +178,9 @@ section_table: .byte 0 .byte 0 .byte 0 - .long ZO__end + .long ZO__data .long setup_size - .long ZO__edata # Size of initialized data + .long ZO__data # Size of initialized data # on disk .long setup_size .long 0 # PointerToRelocations @@ -191,6 +191,17 @@ section_table: IMAGE_SCN_MEM_READ | \ IMAGE_SCN_MEM_EXECUTE # Characteristics + .ascii ".data\0\0\0" + .long ZO__end - ZO__data # VirtualSize + .long setup_size + ZO__data # VirtualAddress + .long ZO__edata - ZO__data # SizeOfRawData + .long setup_size + ZO__data # PointerToRawData + + .long 0, 0, 0 + .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ + IMAGE_SCN_MEM_READ | \ + IMAGE_SCN_MEM_WRITE # Characteristics + .set section_count, (. - section_table) / 40 #endif /* CONFIG_EFI_STUB */