From patchwork Thu Apr 16 15:12:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206406 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 036E8C2BB85 for ; Thu, 16 Apr 2020 15:13:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E139F206A2 for ; Thu, 16 Apr 2020 15:13:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2438646AbgDPPNu (ORCPT ); Thu, 16 Apr 2020 11:13:50 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:43544 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2395067AbgDPPMc (ORCPT ); Thu, 16 Apr 2020 11:12:32 -0400 Received: by mail-qt1-f193.google.com with SMTP id z90so16606157qtd.10; Thu, 16 Apr 2020 08:12:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=imM7gqSOmjnj0wLJRzezT2h41SI88XC5LjGCQYHrvNA=; b=AYjrBysu632X4CYN38xkeaCnbPj1dQEo0rNA+77p95vZQHenGv1jEfzaIyAGZNzGFc +akHzWEmHU8ZXwq4FwHFmfF+bYn4j2XJOZi+3JblObHPw5wib0kPReEHWu8JxpuSfCOI FxhHIhal8f54LasOYnRBYOZskYHuC+ggd+xQ/e0+rOoTtxl5hsbRU+AiZIrZWeJeb0ap 2Au7IDoyfz20JLUvhVRO9GH3OzLwWpS3t4L5/nC847W2DB/bx1UFGWM2G8TTI0atMNKE STIw+HMd739MHkQrijslIwDa2ovj3SP3uYQUNRbQ8d/OnMknsrLCXSVUeZRP65ZBOCtc 3aJQ== X-Gm-Message-State: AGi0PuZdyb6FoBawFSND/j4dBI0dBio6spHCuv/qle57XCDHFZ6O+1Vh u0LWAZLYi5TJFlJgRLz9w24= X-Google-Smtp-Source: APiQypICZD8HX0Ag/0fyyN0plcalNvAkwlqULHJHnrsXM4DNaQJR+ueS8IG2TsC0OBzxINWC7ELOiw== X-Received: by 2002:ac8:45cf:: with SMTP id e15mr27114418qto.21.1587049950302; Thu, 16 Apr 2020 08:12:30 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id c207sm15252197qkb.7.2020.04.16.08.12.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2020 08:12:29 -0700 (PDT) From: Arvind Sankar To: Arvind Sankar Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org Subject: [PATCH v2 1/3] efi/arm: Remove __efistub_global annotation Date: Thu, 16 Apr 2020 11:12:25 -0400 Message-Id: <20200416151227.3360778-2-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200415221520.2692512-1-nivedita@alum.mit.edu> References: <20200415221520.2692512-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Instead of using __efistub_global to force variables into the .data section, leave them in the .bss but pull the EFI stub's .bss section into .data in the linker script for the compressed kernel. Signed-off-by: Arvind Sankar Reviewed-by: Ard Biesheuvel --- arch/arm/boot/compressed/vmlinux.lds.S | 2 +- drivers/firmware/efi/libstub/Makefile | 7 ++++--- drivers/firmware/efi/libstub/efistub.h | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S index b247f399de71..b6793c7932a9 100644 --- a/arch/arm/boot/compressed/vmlinux.lds.S +++ b/arch/arm/boot/compressed/vmlinux.lds.S @@ -78,7 +78,7 @@ SECTIONS * The EFI stub always executes from RAM, and runs strictly before the * decompressor, so we can make an exception for its r/w data, and keep it */ - *(.data.efistub) + *(.data.efistub .bss.efistub) __pecoff_data_end = .; /* diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 094eabdecfe6..45ffe0822df1 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -100,8 +100,9 @@ quiet_cmd_stubcopy = STUBCPY $@ # # ARM discards the .data section because it disallows r/w data in the -# decompressor. So move our .data to .data.efistub, which is preserved -# explicitly by the decompressor linker script. +# decompressor. So move our .data to .data.efistub and .bss to .bss.efistub, +# which are preserved explicitly by the decompressor linker script. # -STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub +STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub \ + --rename-section .bss=.bss.efistub,load,alloc STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index bd0b86b63936..a92d42ffd9f7 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -25,7 +25,7 @@ #define EFI_ALLOC_ALIGN EFI_PAGE_SIZE #endif -#if defined(CONFIG_ARM) || defined(CONFIG_X86) +#if defined(CONFIG_X86) #define __efistub_global __section(.data) #else #define __efistub_global From patchwork Thu Apr 16 15:12:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206407 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07571C2BB55 for ; Thu, 16 Apr 2020 15:12:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DDB0C2222D for ; Thu, 16 Apr 2020 15:12:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2395086AbgDPPMf (ORCPT ); Thu, 16 Apr 2020 11:12:35 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:46394 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2395080AbgDPPMc (ORCPT ); Thu, 16 Apr 2020 11:12:32 -0400 Received: by mail-qk1-f195.google.com with SMTP id g74so21562647qke.13; Thu, 16 Apr 2020 08:12:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Dyf4r03T42/Fy8x1nrv3/xsvgPjc2y6s6Z0vSeQSYSg=; b=pcC9rpeySHk3w+NjLlo6qNuB8XsZMgtE+AfteIHyR0pnxMX1kyI690eDiNL+lxJBm3 VKCv7R97umCPM/AW9dSGq7m6r0Z4w7AzMrsYcHpRYexJUlD5KgSyNGW3SrD6ilLwwzR3 lkjLhv2VxamOKkmP0kvJ8h4Z/IuOt93nHXTdbQwOvZUqEqVdf0aZC2Fxkfxz/MQDqH5P 13+KH/2vq74cM96sas+AgkmMcI7lu2hYvZX5L+8K2KH5s9DgMpHKVBfBtTs9Uge0vOCg CAMkdmAHPibb0P+xcSgtErq7xTLpZvRgaZHCgVaRPMHnrblGDGagBQnKRz+7ulaF6wXd v1ag== X-Gm-Message-State: AGi0PuYZpqzf2mpWngvswMGChSJ16bi32Jz9/BNykR18rSDlYkY7kIMB tCvUjUk9vf3Gf/rtigmGLow= X-Google-Smtp-Source: APiQypKLdtvWPbVerN9afGD477FA7gKjijbQItkiMGN23vQW6YEg3e2VjR3oP6K+WdheuvtL1luyQQ== X-Received: by 2002:a37:58a:: with SMTP id 132mr21979682qkf.303.1587049951094; Thu, 16 Apr 2020 08:12:31 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id c207sm15252197qkb.7.2020.04.16.08.12.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2020 08:12:30 -0700 (PDT) From: Arvind Sankar To: Arvind Sankar Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org Subject: [PATCH v2 2/3] efi/x86: Remove __efistub_global and add relocation check Date: Thu, 16 Apr 2020 11:12:26 -0400 Message-Id: <20200416151227.3360778-3-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200415221520.2692512-1-nivedita@alum.mit.edu> References: <20200415221520.2692512-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Instead of using __efistub_global to force variables into the .data section, leave them in the .bss but pull the EFI stub's .bss section into .data in the linker script for the compressed kernel. Add relocation checking for x86 as well to catch non-PC-relative relocations that require runtime processing, since the EFI stub does not do any runtime relocation processing. This will catch, for example, data relocations created by static initializers of pointers. Signed-off-by: Arvind Sankar --- arch/x86/boot/compressed/vmlinux.lds.S | 1 + drivers/firmware/efi/libstub/Makefile | 32 +++++++++++++++++--------- drivers/firmware/efi/libstub/efistub.h | 4 ---- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 508cfa6828c5..0dc5c2b9614b 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -52,6 +52,7 @@ SECTIONS _data = . ; *(.data) *(.data.*) + *(.bss.efistub) _edata = . ; } . = ALIGN(L1_CACHE_BYTES); diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 45ffe0822df1..069d117d5451 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -73,13 +73,32 @@ CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) # a verification pass to see if any absolute relocations exist in any of the # object files. # -extra-$(CONFIG_EFI_ARMSTUB) := $(lib-y) -lib-$(CONFIG_EFI_ARMSTUB) := $(patsubst %.o,%.stub.o,$(lib-y)) +extra-y := $(lib-y) +lib-y := $(patsubst %.o,%.stub.o,$(lib-y)) STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \ --prefix-symbols=__efistub_ STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS +# +# ARM discards the .data section because it disallows r/w data in the +# decompressor. So move our .data to .data.efistub and .bss to .bss.efistub, +# which are preserved explicitly by the decompressor linker script. +# +STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub \ + --rename-section .bss=.bss.efistub,load,alloc +STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS + +# +# For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the +# .bss section, so the .bss section of the EFI stub needs to be included in the +# .data section of the compressed kernel to ensure initialization. Rename the +# .bss section here so it's easy to pick out in the linker script. +# +STUBCOPY_FLAGS-$(CONFIG_X86) += --rename-section .bss=.bss.efistub,load,alloc +STUBCOPY_RELOC-$(CONFIG_X86_32) := R_386_32 +STUBCOPY_RELOC-$(CONFIG_X86_64) := R_X86_64_64 + $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,stubcopy) @@ -97,12 +116,3 @@ quiet_cmd_stubcopy = STUBCPY $@ /bin/false; \ fi; \ $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@ - -# -# ARM discards the .data section because it disallows r/w data in the -# decompressor. So move our .data to .data.efistub and .bss to .bss.efistub, -# which are preserved explicitly by the decompressor linker script. -# -STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub \ - --rename-section .bss=.bss.efistub,load,alloc -STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index a92d42ffd9f7..49651e20bb9f 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -25,11 +25,7 @@ #define EFI_ALLOC_ALIGN EFI_PAGE_SIZE #endif -#if defined(CONFIG_X86) -#define __efistub_global __section(.data) -#else #define __efistub_global -#endif extern bool __pure nochunk(void); extern bool __pure nokaslr(void); From patchwork Wed Apr 15 22:15:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206410 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F5A1C2BA19 for ; Wed, 15 Apr 2020 22:15:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 036B3206E9 for ; Wed, 15 Apr 2020 22:15:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731327AbgDOWP3 (ORCPT ); Wed, 15 Apr 2020 18:15:29 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:37966 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731102AbgDOWP0 (ORCPT ); Wed, 15 Apr 2020 18:15:26 -0400 Received: by mail-qt1-f193.google.com with SMTP id f13so14732828qti.5; Wed, 15 Apr 2020 15:15:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/884Y4S8L6kS/iSrGalw7uxiGyhKVKiR3Ww6KT2GqZU=; b=saoxkQ4jJVC78vnE7dGC4IvxFpewAunuLSS1GBV2UU7+/aY8YP0ZUCxQSL9/NTjs3/ StK1LsgBQ//j6tdvfWfyiTtfUuXY1Alu0suw1PiJCmsOqweAn+ibUuF8tbJDZaOu/YJi DIOM4AkkB/fywG7oHS4ZRh/j5Utkg5svGRmF/ocr5W92Zs9WQjZRyn8NtjQ10KsRJNau 7sI0kNkPa1rYOeOWJKI/igqhCT6DEesKkiJItvAWGiyp6nOXgetrPwqMQLHtANmBBbbn 4YF+30VfvY1u0iTUGpSa1Ro1MbZ4wPitGixqaDgvSWF7WDk7k90JEJ5m92AO+X7F1GaE MjxA== X-Gm-Message-State: AGi0PubQkVoUDJ7TdHyqn55gCAR4+dko2Qe322/tCWI+Pix3b+gOMMD2 eAC3jbe8Nai9oG+XRUTZ3g4= X-Google-Smtp-Source: APiQypJlrUQQ2en4qUdzPOfXDNxDRWtBRRylqygI8Tcxmp3E2gsu+n70rOWANLLUxOh7H3FryRVBlg== X-Received: by 2002:ac8:7309:: with SMTP id x9mr21688226qto.68.1586988924230; Wed, 15 Apr 2020 15:15:24 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id i20sm13264340qkl.135.2020.04.15.15.15.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2020 15:15:23 -0700 (PDT) From: Arvind Sankar To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org Subject: [PATCH 3/5] efi/x86: Remove __efistub_global annotation Date: Wed, 15 Apr 2020 18:15:18 -0400 Message-Id: <20200415221520.2692512-4-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200415221520.2692512-1-nivedita@alum.mit.edu> References: <20200415221520.2692512-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Instead of using __efistub_global to force variables into the .data section, leave them in the .bss but pull the EFI stub's .bss section into .data in the linker script for the compressed kernel. Signed-off-by: Arvind Sankar --- arch/x86/boot/compressed/vmlinux.lds.S | 1 + drivers/firmware/efi/libstub/Makefile | 12 ++++++++++-- drivers/firmware/efi/libstub/efistub.h | 4 ---- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 508cfa6828c5..0dc5c2b9614b 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -52,6 +52,7 @@ SECTIONS _data = . ; *(.data) *(.data.*) + *(.bss.efistub) _edata = . ; } . = ALIGN(L1_CACHE_BYTES); diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index e5e76677f2da..0bb2916eb12b 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -73,8 +73,8 @@ CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) # a verification pass to see if any absolute relocations exist in any of the # object files. # -extra-$(CONFIG_EFI_ARMSTUB) := $(lib-y) -lib-$(CONFIG_EFI_ARMSTUB) := $(patsubst %.o,%.stub.o,$(lib-y)) +extra-y := $(lib-y) +lib-y := $(patsubst %.o,%.stub.o,$(lib-y)) STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \ --prefix-symbols=__efistub_ @@ -89,6 +89,14 @@ STUBCOPY_FLAGS-$(CONFIG_ARM) += --rename-section .data=.data.efistub \ --rename-section .bss=.bss.efistub,load,alloc STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS +# +# For x86, bootloaders like systemd-boot or grub-efi do not zero-initialize the +# .bss section, so the .bss section of the EFI stub needs to be included in the +# .data section of the compressed kernel to ensure initialization. Rename the +# .bss section here so it's easy to pick out in the linker script. +# +STUBCOPY_FLAGS-$(CONFIG_X86) += --rename-section .bss=.bss.efistub,load,alloc + $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,stubcopy) diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index a92d42ffd9f7..49651e20bb9f 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -25,11 +25,7 @@ #define EFI_ALLOC_ALIGN EFI_PAGE_SIZE #endif -#if defined(CONFIG_X86) -#define __efistub_global __section(.data) -#else #define __efistub_global -#endif extern bool __pure nochunk(void); extern bool __pure nokaslr(void); From patchwork Wed Apr 15 22:15:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206409 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EE0CC2BA2B for ; Wed, 15 Apr 2020 22:15:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5232520787 for ; Wed, 15 Apr 2020 22:15:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731369AbgDOWPd (ORCPT ); Wed, 15 Apr 2020 18:15:33 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:44191 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731293AbgDOWP2 (ORCPT ); Wed, 15 Apr 2020 18:15:28 -0400 Received: by mail-qt1-f195.google.com with SMTP id w24so14816101qts.11; Wed, 15 Apr 2020 15:15:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rOrczQkTIxOcY6UFnnC40rT9zyAvKX1Bi6yBMzeK9G0=; b=R3YrZgITU3hxn/wx6wEqa+HsWygMsyqSGlz3K3xiaxZCkI21FpTsNMYfE3bz2zo2dA rPxWSeIZgbg84L/wBVX4JmyKEyuXsFMHUoHcjI1/P0I/HIbx27FtpzTIZOV8P4Jw10Ta zjKTmS4yzpRybNM3HBYRgAdZhrzO6scSscMeK8SabJL5gy8aZrL24S6bkM6HR4JaimLz DKUbtcZB1bTVN4bRAAv94iGPx4MzN3Do8ix7lKTwBln5t7xyGUH7JnVQqBOUKcX0hF3c 2CDMhEFAmI6Q6Dr1bpw9Dgxwb3H/MMGX/TBiuMfv/ErjxJkhfCr4bUsda6cbZC6BOnKx pp8w== X-Gm-Message-State: AGi0PubV6xmcjt7stxRfzq1jQHiXgPTK9/CvQfAR8mhzElAHo7ybK6PA /NWhoTcQH/LX9oAfk8n+dek= X-Google-Smtp-Source: APiQypL+3Bxma6w8vttK2a2cMb2AyT1VBao4IUEBYSF9XsXFaqUg93j4LKjmJf0fyJxTOhIxxv+jTg== X-Received: by 2002:ac8:2afc:: with SMTP id c57mr17402778qta.324.1586988926023; Wed, 15 Apr 2020 15:15:26 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id i20sm13264340qkl.135.2020.04.15.15.15.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2020 15:15:25 -0700 (PDT) From: Arvind Sankar To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org Subject: [PATCH 5/5] efi/x86: Check for bad relocations Date: Wed, 15 Apr 2020 18:15:20 -0400 Message-Id: <20200415221520.2692512-6-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200415221520.2692512-1-nivedita@alum.mit.edu> References: <20200415221520.2692512-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Add relocation checking for x86 as well to catch non-PC-relative relocations that require runtime processing, since the EFI stub does not do any runtime relocation processing. This will catch, for example, data relocations created by static initializers of pointers. Signed-off-by: Arvind Sankar --- drivers/firmware/efi/libstub/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 0bb2916eb12b..2aff59812a54 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -96,6 +96,8 @@ STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS # .bss section here so it's easy to pick out in the linker script. # STUBCOPY_FLAGS-$(CONFIG_X86) += --rename-section .bss=.bss.efistub,load,alloc +STUBCOPY_RELOC-$(CONFIG_X86_32) := 'R_X86_32_(8|16|32)' +STUBCOPY_RELOC-$(CONFIG_X86_64) := 'R_X86_64_(8|16|32|32S|64)' $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,stubcopy) @@ -107,16 +109,14 @@ $(obj)/%.stub.o: $(obj)/%.o FORCE # this time, use objcopy and leave all sections in place. # -cmd_stubrelocs_check-y = /bin/true - -cmd_stubrelocs_check-$(CONFIG_EFI_ARMSTUB) = \ +cmd_stubrelocs_check = \ $(STRIP) --strip-debug -o $@ $<; \ - if $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y); then \ + if $(OBJDUMP) -r $@ | grep -E $(STUBCOPY_RELOC-y); then \ echo "$@: absolute symbol references not allowed in the EFI stub" >&2; \ /bin/false; \ fi quiet_cmd_stubcopy = STUBCPY $@ cmd_stubcopy = \ - $(cmd_stubrelocs_check-y); \ + $(cmd_stubrelocs_check); \ $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@