From patchwork Thu Feb 23 18:30:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94389 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp339921qgi; Thu, 23 Feb 2017 10:31:05 -0800 (PST) X-Received: by 10.99.206.5 with SMTP id y5mr49603976pgf.212.1487874665587; Thu, 23 Feb 2017 10:31:05 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id r67si4986118pfj.224.2017.02.23.10.31.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Feb 2017 10:31:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id CA00182174; Thu, 23 Feb 2017 10:31:04 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 15A9182173 for ; Thu, 23 Feb 2017 10:31:03 -0800 (PST) Received: by mail-wm0-x22d.google.com with SMTP id v77so37537060wmv.1 for ; Thu, 23 Feb 2017 10:31:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=87MisnZw9yZaCn1QChnGh+qPU75+cCEU56eLzs9EHPA=; b=JSg3kSYw3u/1Ie2+pYQqRIRA+f5OoyK059cqODIRltGGtQTJ237IJ4DsFvbU2IZ9u4 D/94XWk86UhR757RJgakKFwjHBsUBsEL9F06YU47K3XEsqOfQGqeFElVMYTb2JYSVth5 vsUl+kfVIP4lgtJJU3eMfaOMr82vJu2b/dK8M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=87MisnZw9yZaCn1QChnGh+qPU75+cCEU56eLzs9EHPA=; b=t7Gb4EI01iO1shOEnTUghivL3di3sKRc/PPBEbN8U7b2qJWaYW2+tVgSrHoXxRdXPj sDtPnjqCnSQSWnhOQYKDJXW4lTg/QeCo9rJUBsFdicBbCGSNFVUF+NBTkr3RuJ/+PvZy KcdIQRRZBmh8z0SmRAcS6gGBeBK0A2Ecohk8iuHvQZMXPhHXXHweC8I8xZF36LLBQgeX o/3NZS9i/7KyLT35A24OX1ST0dl8P1whQpkYI/LNiS/iMUdLveNHefPvuXWdxQWlUUEF 1qkq2tU9B4GRK8lh33cb9CrTIqzo3SPuICwk/YCBjD5VpW1BHpQqZ57KNeHjAqbmEDD5 F/Cw== X-Gm-Message-State: AMke39l6P75mJ27CqcZeh3BwKijFgVTB2zta2XvcyFK5jWV1WEgzgej0lV5ZzD6pCDJ5ddgE X-Received: by 10.28.125.22 with SMTP id y22mr3885860wmc.112.1487874661649; Thu, 23 Feb 2017 10:31:01 -0800 (PST) Received: from localhost.localdomain ([105.149.201.216]) by smtp.gmail.com with ESMTPSA id o2sm7081981wra.42.2017.02.23.10.31.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 23 Feb 2017 10:31:01 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com, liming.gao@intel.com, yonghong.zhu@intel.com Date: Thu, 23 Feb 2017 18:30:51 +0000 Message-Id: <1487874651-19202-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] BaseTools: GCC: move most AutoGen.obj contents back to .data section X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" The generated AutoGen.c files mostly contain read-only data, but due to lacking annotations, all of it is emitted into the .data section by the compiler. Given that GUIDs are UEFI's gaffer tape, having writable GUIDs is a security hazard, and this was the main rationale for putting AutoGen.obj in the .text section. However, as it turns out, patchable PCDs are emitted there as well, which can legally be modified at runtime. So update the wildcard pattern to only match g...Guid sections, and move everything else back to .data (Note that this relies on -fdata-sections, without that option, everything is emitted into .data) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- BaseTools/Scripts/GccBase.lds | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Tested-by: Laszlo Ersek Reviewed-by: Liming Gao diff --git a/BaseTools/Scripts/GccBase.lds b/BaseTools/Scripts/GccBase.lds index 900848747144..41e5c0b4a769 100644 --- a/BaseTools/Scripts/GccBase.lds +++ b/BaseTools/Scripts/GccBase.lds @@ -32,11 +32,14 @@ SECTIONS { *(.got .got.*) /* - * The contents of AutoGen.c files are constant from the POV of the program, - * but most of its contents end up in .data or .bss by default since few of + * The contents of AutoGen.c files are mostly constant from the POV of the + * program, but most of it ends up in .data or .bss by default since few of * the variable definitions that get emitted are declared as CONST. + * Unfortunately, we cannot pull it into the .text section entirely, since + * patchable PCDs are also emitted here, but we can at least move all of the + * emitted GUIDs here. */ - *:AutoGen.obj(.data .data.* .bss .bss.*) + *:AutoGen.obj(.data.g*Guid) } /*