From patchwork Fri Aug 18 13:44:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 715251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B62FDC71159 for ; Fri, 18 Aug 2023 13:46:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377320AbjHRNqB (ORCPT ); Fri, 18 Aug 2023 09:46:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377368AbjHRNpi (ORCPT ); Fri, 18 Aug 2023 09:45:38 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B091644A5; Fri, 18 Aug 2023 06:45:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8174461977; Fri, 18 Aug 2023 13:45:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18F1AC433CA; Fri, 18 Aug 2023 13:45:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692366330; bh=FNnkYL7mwoRATtzj5cqX2qJJtF9ooKjq7YNdjbAw2ho=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z0Z9wZXRxHx3BtkarpLVIfpYkozunLjGlmj/Fa6rI5ESHBcUVQde60mDupHWYikNn qi1cyv/w8K6Gs5XjmH/fhNY1NNUTSAQyfAgIkDqFXA2qRbZooJ9MsOrfMsmz6yelq9 LqIlkpDh9tNiWMnya6LWnqGFTGBBY1n1SsIThW42r6RlzZtDa7LgwtGVAfQGZ+GIO2 1TQmQenwLihv7yWfKgPFrb2mbF00hE2hfUIY9Ov8PXGO2PON6C3ceKbFtGR6lxlUH6 yxV9DB2fzFj3Qq/07sK57UHk+fczj4iUC2aLjtAI8AMcmHA6/nhIWNwro7q26yy6j+ d07oaXpu7o0tg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" , =?utf-8?q?Marvin_H=C3=A4user?= Subject: [PATCH 15/17] x86/boot: Split off PE/COFF .data section Date: Fri, 18 Aug 2023 15:44:20 +0200 Message-Id: <20230818134422.380032-16-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230818134422.380032-1-ardb@kernel.org> References: <20230818134422.380032-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2777; i=ardb@kernel.org; h=from:subject; bh=FNnkYL7mwoRATtzj5cqX2qJJtF9ooKjq7YNdjbAw2ho=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV+6QbVmIiARVEbmbbtsjzePVvDafGpooNaEWriIie5y /3vPQrvKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABOpy2ZkuLu7ev3XI1+C1bc/ OhH4t8y+ku3Pn31T5j6XeXrg8cliUUZGhsXZVhkrlI+u5znRw5Qe/qJ0Tu5ZbbE8r4bDz7czruA L4wAA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Describe the code and data of the decompressor binary using separate .text and .data PE/COFF sections, so that we will be able to map them using restricted permissions once we increase the section and file alignment sufficiently. This avoids the need for memory mappings that are writable and executable at the same time, which is something that is best avoided for security reasons. Signed-off-by: Ard Biesheuvel --- arch/x86/boot/Makefile | 2 +- arch/x86/boot/header.S | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index b26e30a2d865f72d..50c50fce646e2417 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -90,7 +90,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE SETUP_OBJS = $(addprefix $(obj)/,$(setup-y)) -sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p' +sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p' quiet_cmd_zoffset = ZOFFSET $@ cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@ diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index ccfb7a7d8c29275e..25dda40dacb52292 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -79,9 +79,9 @@ optional_header: .byte 0x02 # MajorLinkerVersion .byte 0x14 # MinorLinkerVersion - .long setup_size + ZO__end - 0x200 # SizeOfCode + .long ZO__data # SizeOfCode - .long 0 # SizeOfInitializedData + .long ZO__end - ZO__data # SizeOfInitializedData .long 0 # SizeOfUninitializedData .long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint @@ -182,9 +182,9 @@ section_table: .byte 0 .byte 0 .byte 0 - .long ZO__end + .long ZO__data .long setup_size - .long ZO__edata # Size of initialized data + .long ZO__data # Size of initialized data # on disk .long setup_size .long 0 # PointerToRelocations @@ -195,6 +195,17 @@ section_table: IMAGE_SCN_MEM_READ | \ IMAGE_SCN_MEM_EXECUTE # Characteristics + .ascii ".data\0\0\0" + .long ZO__end - ZO__data # VirtualSize + .long setup_size + ZO__data # VirtualAddress + .long ZO__edata - ZO__data # SizeOfRawData + .long setup_size + ZO__data # PointerToRawData + + .long 0, 0, 0 + .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ + IMAGE_SCN_MEM_READ | \ + IMAGE_SCN_MEM_WRITE # Characteristics + .set section_count, (. - section_table) / 40 #endif /* CONFIG_EFI_STUB */