From patchwork Wed Feb 8 11:55:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9562369 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 95AF66047A for ; Wed, 8 Feb 2017 11:58:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85CF3284C9 for ; Wed, 8 Feb 2017 11:58:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7A8EF284CF; Wed, 8 Feb 2017 11:58:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id A8D9F284C9 for ; Wed, 8 Feb 2017 11:58:07 +0000 (UTC) Received: (qmail 13443 invoked by uid 550); 8 Feb 2017 11:56:55 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 12042 invoked from network); 8 Feb 2017 11:56:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VcjIRD+xVA6HQExNHmIkYbEp2LMFJF8VPZKdYKkEofA=; b=fWMO7WvosqT24PcdLfCxVkzEDSvcbPfNdJ3tIZ/0nyFPr/X87UPzzxY2nh4MbKkt7D /sYvZpGRGGN8fVEpnyf4xSPL/5FkCaonqTyUDqKV5Hre4zGdf8DgxnrQ4IuTZSjrzTzT 5q5+BC8ApF5B3rIuGoflyhVjw/s2k0beU7lhw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VcjIRD+xVA6HQExNHmIkYbEp2LMFJF8VPZKdYKkEofA=; b=V/veVlI1XmPgrP66e6fznCm0C1SImbmoSc/hrIda5J1lKbCCP/GzHVQokaTbtu26F3 n3Pb6UHP1UTpkkT5Mhfac992nbBR3DmikaTjKPmwr6UW9WbBRLtt3LO1jZ1eIdTjshvv sPRMfBaE2IhyOsPBvEzRUZ9IPmUBQ9Ek5jOaxB0qkxJCVWn+8q+172vBq+vtwvXeLXrf IVKKk9Wjc8DzEt0NzL625fElm1eqdrD9HUH3ZWjre80BTzueB2uF5huKzSqjRHO2/f5O NymikkwfQGyBa6DNgFxv2+OZPUeUmhyJlaJUF/sEbW/t1ylcWt2/pZa/ojZfeQyLRV7u VCFA== X-Gm-Message-State: AMke39mMASlXEF8LKnaU0z3J0pSPhA72uSYOEdqByeqTvZGZQmBajChxfPvEaY+7DYCrxGvi X-Received: by 10.28.1.216 with SMTP id 207mr18541148wmb.7.1486554999749; Wed, 08 Feb 2017 03:56:39 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, leif.lindholm@linaro.org Cc: catalin.marinas@arm.com, linux@armlinux.org.uk, kernel-hardening@lists.openwall.com, labbott@fedoraproject.org, Ard Biesheuvel Date: Wed, 8 Feb 2017 11:55:47 +0000 Message-Id: <1486554947-3964-15-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486554947-3964-1-git-send-email-ard.biesheuvel@linaro.org> References: <1486554947-3964-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v2 14/14] arm: efi: add PE/COFF debug table to EFI header X-Virus-Scanned: ClamAV using ClamSMTP This updates the PE/COFF header to emit the absolute path to the decompressor vmlinux ELF file into a so-called NB10 Codeview entry. This is hugely helpful when debugging the firmware->stub handover. Signed-off-by: Ard Biesheuvel --- arch/arm/boot/compressed/Makefile | 4 ++ arch/arm/boot/compressed/efi-header.S | 45 ++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index d50430c40045..6b978bdbac3e 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -196,3 +196,7 @@ AFLAGS_hyp-stub.o := -Wa,-march=armv7-a $(obj)/hyp-stub.S: $(srctree)/arch/$(SRCARCH)/kernel/hyp-stub.S $(call cmd,shipped) + +ifeq ($(CONFIG_EFI)$(CONFIG_DEBUG_INFO),yy) +AFLAGS_head.o += -DVMLINUX_PATH="\"$(realpath $(obj)/vmlinux)\"" +endif diff --git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S index 3cf09f7efced..dff3c72c7c5a 100644 --- a/arch/arm/boot/compressed/efi-header.S +++ b/arch/arm/boot/compressed/efi-header.S @@ -95,6 +95,11 @@ extra_header_fields: .quad 0 @ CertificationTable .quad 0 @ BaseRelocationTable +#ifdef CONFIG_DEBUG_INFO + .long efi_debug_table - start @ DebugTable + .long efi_debug_table_size +#endif + section_table: .ascii ".text\0\0\0" .long __pecoff_data_start - __efi_start @ VirtualSize @@ -124,6 +129,46 @@ section_table: .set section_count, (. - section_table) / 40 +#ifdef CONFIG_DEBUG_INFO + /* + * The debug table is referenced via its Relative Virtual Address (RVA), + * which is only defined for those parts of the image that are covered + * by a section declaration. Since this header is not covered by any + * section, the debug table must be emitted elsewhere. So stick it in + * the .init.rodata section instead. + * + * Note that the EFI debug entry itself may legally have a zero RVA, + * which means we can simply put it right after the section headers. + */ + .section ".rodata", #alloc + + .align 2 +efi_debug_table: + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY + .long 0 @ Characteristics + .long 0 @ TimeDateStamp + .short 0 @ MajorVersion + .short 0 @ MinorVersion + .long IMAGE_DEBUG_TYPE_CODEVIEW @ Type + .long efi_debug_entry_size @ SizeOfData + .long 0 @ RVA + .long efi_debug_entry - start @ FileOffset + + .set efi_debug_table_size, . - efi_debug_table + .previous + +efi_debug_entry: + // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY + .ascii "NB10" @ Signature + .long 0 @ Unknown + .long 0 @ Unknown2 + .long 0 @ Unknown3 + + .asciz VMLINUX_PATH + + .set efi_debug_entry_size, . - efi_debug_entry +#endif + .align 12 __efi_start: #endif