From patchwork Wed Feb 8 11:55:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9562357 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BB3436047A for ; Wed, 8 Feb 2017 11:57:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE263284C9 for ; Wed, 8 Feb 2017 11:57:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A2E34284CF; Wed, 8 Feb 2017 11:57:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id A0032284C9 for ; Wed, 8 Feb 2017 11:57:23 +0000 (UTC) Received: (qmail 11664 invoked by uid 550); 8 Feb 2017 11:56:42 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11327 invoked from network); 8 Feb 2017 11:56:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=h01jl4h5+6rqqV1YOcmGNstoQ+p0VtSbBR0atMg53sw=; b=KbPtpOwoURsZRX0WSI3CkDOkfeus0ptp0SHjlfGSRXizo+S1xAJJIsxD5tdVKTt/tA 6KTf5laCUchkhuPOUF/H6AB12kCbpJOtEjurj1oa8QOcOSGpexmHjaoh89R2sPOPgvmx bniJGBztsnds/CRsIX0ekOdke+TQCBgcAE43c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=h01jl4h5+6rqqV1YOcmGNstoQ+p0VtSbBR0atMg53sw=; b=FTVVv6tpotnjEf0rpG6DqCS6HtkJhPf8u0urDh4KxFxSXN69e2xjtnDAux5G/2kItZ zvwG31BvnwK9JEGf4UsV2gVTWLcfHwR0MyM0SWp9LdFDqcOb1ATJhiBY44DsopG7V/tS qkWu7nTkuGh9s6snYdBfp4VvfxolF2MyNmSxxon12xXu7bl1G9nKYmg2y6XZGRbya4h+ NzofwJPvzKOZ8zt08mcvvtCsBAamqbIBLp+54nZy/Kz8dA2JygNloqZhpypD/Wp447hb cOqi5SxeS5A7ImuR9amWUnmQi8ubQt3rxL3B+8l1ApeLeFcyAFSGpcZ7j1ewcJd6ooP5 PLHA== X-Gm-Message-State: AMke39kkzhufCe76EKV6GzXO+gb0LxCgrQ8h7U9iN6nVahQEB4i1XZrEH0mBZGgA4FmZwmgs X-Received: by 10.223.130.170 with SMTP id 39mr4529784wrc.34.1486554985864; Wed, 08 Feb 2017 03:56:25 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, leif.lindholm@linaro.org Cc: catalin.marinas@arm.com, linux@armlinux.org.uk, kernel-hardening@lists.openwall.com, labbott@fedoraproject.org, Ard Biesheuvel , Dave Martin Date: Wed, 8 Feb 2017 11:55:42 +0000 Message-Id: <1486554947-3964-10-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486554947-3964-1-git-send-email-ard.biesheuvel@linaro.org> References: <1486554947-3964-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v2 09/14] arm: compressed: put zImage header and EFI header in dedicated section X-Virus-Scanned: ClamAV using ClamSMTP To align the PE/COFF and the ELF headers of the decompressor binary, put the zImage header and the EFI header in a separate .head.text section, and emit it at the start of the Image. This change is necessary for UEFI based debug tooling to be able to use the vmlinux ELF binary, since it gets confused if the PE/COFF .text section and the ELF .text section live at different offsets. This requires a tweak of the initial jump, because (b)adr does not reach across a section boundary. Other than that, and a few bytes of padding at the beginning of .start, this change does not affect the binary image. Cc: Dave Martin Signed-off-by: Ard Biesheuvel --- arch/arm/boot/compressed/efi-header.S | 2 -- arch/arm/boot/compressed/head.S | 14 +++++++++----- arch/arm/boot/compressed/vmlinux.lds.S | 5 ++++- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S index 9d5dc4fda3c1..1d26a9d0a9e8 100644 --- a/arch/arm/boot/compressed/efi-header.S +++ b/arch/arm/boot/compressed/efi-header.S @@ -23,8 +23,6 @@ .macro __EFI_HEADER #ifdef CONFIG_EFI_STUB - b __efi_start - .set start_offset, __efi_start - start .org start + 0x3c @ diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S index fc6d541549a2..42ba2f557791 100644 --- a/arch/arm/boot/compressed/head.S +++ b/arch/arm/boot/compressed/head.S @@ -114,7 +114,7 @@ #endif .endm - .section ".start", #alloc, #execinstr + .section ".head.text", #alloc, #execinstr /* * sort out different calling conventions */ @@ -132,17 +132,21 @@ start: .endr ARM( mov r0, r0 ) ARM( b 1f ) - THUMB( badr r12, 1f ) - THUMB( bx r12 ) +AR_CLASS(THUMB( sub pc, pc, #3 )) @ A/R: switch to Thumb2 mode + M_CLASS( nop.w ) @ M: already in Thumb2 mode + THUMB( .thumb ) + THUMB( b.w 1f ) .word _magic_sig @ Magic numbers to help the loader .word _magic_start @ absolute load/run zImage address .word _magic_end @ zImage end address .word 0x04030201 @ endianness flag - THUMB( .thumb ) -1: __EFI_HEADER + __EFI_HEADER + .section ".start", #alloc, #execinstr + .align +1: ARM_BE8( setend be ) @ go BE8 if compiled for BE8 AR_CLASS( mrs r9, cpsr ) #ifdef CONFIG_ARM_VIRT_EXT diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S index 81c493156ce8..5d50daea466a 100644 --- a/arch/arm/boot/compressed/vmlinux.lds.S +++ b/arch/arm/boot/compressed/vmlinux.lds.S @@ -34,8 +34,11 @@ SECTIONS . = TEXT_START; _text = .; - .text : { + .head.text : { _start = .; + *(.head.text) + } + .text : { *(.start) *(.text) *(.text.*)