From patchwork Mon Aug 14 12:54:06 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 9898855
Return-Path: 
 <kernel-hardening-return-9379-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A548E602BA for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 99CB8206AC
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:21 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8E6022223E; Mon, 14 Aug 2017 12:59:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 74D46206AC
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:20 +0000 (UTC)
Received: (qmail 29751 invoked by uid 550); 14 Aug 2017 12:56:08 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 27871 invoked from network); 14 Aug 2017 12:55:58 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ptyxnlbDDBufk9vHDVdIFE4UhVb2UBcrb5MhRBqofB8=;
	b=dV6Mpv3RRaaMycxFFMcOkIPfK6IJeB9CvDRe0sjU0a0JC6K0oPJgCMQn7yVdRhJyFj
	Xi4MxWjXXoIU0ab2FmoqBg+fYf2L5hikOdfzbt6SYd2OXgzrWZeJbkzmcR+DBgJMZRNm
	yBcMNEkYXanQxL1BZ6QFAJwC9aEsznPolGXEA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ptyxnlbDDBufk9vHDVdIFE4UhVb2UBcrb5MhRBqofB8=;
	b=NCBlEl/cIIfxfVQzS451GDZeQNzXEFtmf7T5KDFTaVRwapZb+ODni8CmKO5ojvnDfE
	cwXsa06tIXvSIvMGLzPmBUbVTN/YfcxXxgHN7iSLLKokPZzfRW6JEfxaNNQcKzyNq/nb
	yzdrYIM6LBp1BXnKo1P65tExvi2iCt9CAbf/2B8nT9BugVykE9JoLGoKPWHh95MInA3R
	LIocxYOrDvrGIgonWe21gMGGcU+slweAFIMGAeoiwLDiJiUt+2pcW8WYUFKiZSjSUafT
	Gqv4fYZ09VkV+DxW0r+gxzMuTuXpWLgv8rtuOAJp3i9gQs8ZQsjoMBXV0YhxuwcY2ilQ
	zGqw==
X-Gm-Message-State: AHYfb5hHaEjgZc2Z6/qJU25vb3XVsmiceHaNU6v0TjrYJQVHcU3+H3FP
	ZXUKRkftUEWz7J6cpSUMhQ==
X-Received: by 10.223.199.7 with SMTP id k7mr5898731wrg.216.1502715347286;
	Mon, 14 Aug 2017 05:55:47 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: kernel-hardening@lists.openwall.com
Cc: linux-arm-kernel@lists.infradead.org,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Arnd Bergmann <arnd@arndb.de>, Nicolas Pitre <nico@linaro.org>,
	Russell King <linux@armlinux.org.uk>, Kees Cook <keescook@chromium.org>,
	Thomas Garnier <thgarnie@google.com>,
	Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
	Tony Lindgren <tony@atomide.com>,
	Matt Fleming <matt@codeblueprint.co.uk>,
	Dave Martin <dave.martin@arm.com>
Date: Mon, 14 Aug 2017 13:54:06 +0100
Message-Id: <20170814125411.22604-26-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170814125411.22604-1-ard.biesheuvel@linaro.org>
References: <20170814125411.22604-1-ard.biesheuvel@linaro.org>
Subject: [kernel-hardening] [PATCH 25/30] ARM: compressed: factor out zImage
	header and make it extensible
X-Virus-Scanned: ClamAV using ClamSMTP

To prepare for adding metadata to the zImage to put KASLR randomization
under the control of the bootloader, factor out the zImage header, and
make it extensible by adding two new fields: a magic number that cannot
be mistaken for a valid instruction, to prevent misidentification, and
an offset into the binary where an array of optional headers is placed.

Cc: Russell King <linux@armlinux.org.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/boot/compressed/head.S        |  7 +---
 arch/arm/boot/compressed/vmlinux.lds.S |  5 ++-
 arch/arm/include/asm/zimage.h          | 39 ++++++++++++++++++++
 3 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index 583cc6899d98..e451738d8954 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -11,6 +11,7 @@
 #include <linux/linkage.h>
 #include <asm/assembler.h>
 #include <asm/v7m.h>
+#include <asm/zimage.h>
 
 #include "efi-header.S"
 
@@ -139,11 +140,7 @@ start:
 #endif
 		W(b)	1f
 
-		.word	_magic_sig	@ Magic numbers to help the loader
-		.word	_magic_start	@ absolute load/run zImage address
-		.word	_magic_end	@ zImage end address
-		.word	0x04030201	@ endianness flag
-
+		__ZIMAGE_HEADER
 		__EFI_HEADER
 1:
  ARM_BE8(	setend	be		)	@ go BE8 if compiled for BE8
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 81c493156ce8..27696bc315d3 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -6,6 +6,8 @@
  * published by the Free Software Foundation.
  */
 
+#include <asm/zimage.h>
+
 #ifdef CONFIG_CPU_ENDIAN_BE8
 #define ZIMAGE_MAGIC(x) ( (((x) >> 24) & 0x000000ff) | \
 			  (((x) >>  8) & 0x0000ff00) | \
@@ -72,9 +74,10 @@ SECTIONS
   .pad			: { BYTE(0); . = ALIGN(8); }
   _edata = .;
 
-  _magic_sig = ZIMAGE_MAGIC(0x016f2818);
+  _magic_sig = ZIMAGE_MAGIC(ZIMAGE_HEADER_MAGIC);
   _magic_start = ZIMAGE_MAGIC(_start);
   _magic_end = ZIMAGE_MAGIC(_edata);
+  _magic_opt_sig = ZIMAGE_MAGIC(ZIMAGE_OPTIONAL_HEADER_MAGIC);
 
   . = BSS_START;
   __bss_start = .;
diff --git a/arch/arm/include/asm/zimage.h b/arch/arm/include/asm/zimage.h
new file mode 100644
index 000000000000..ff65cc3bb716
--- /dev/null
+++ b/arch/arm/include/asm/zimage.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2017 Linaro Ltd;  <ard.biesheuvel@linaro.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ */
+
+#ifndef __ASM_ZIMAGE_H
+#define __ASM_ZIMAGE_H
+
+#define ZIMAGE_HEADER_MAGIC		0x016f2818
+#define ZIMAGE_OPTIONAL_HEADER_MAGIC	0xe7fedef0
+
+#if defined(__ASSEMBLY__) && !defined(LINKER_SCRIPT)
+
+	.macro		__ZIMAGE_HEADER
+	.word		_magic_sig	@ Magic numbers to help the loader
+	.word		_magic_start	@ absolute load/run zImage address
+	.word		_magic_end	@ zImage end address
+	.word		0x04030201	@ endianness flag
+
+	/* optional headers */
+	.word		_magic_opt_sig	@ optional header magic number
+	.word		__zimage_opt_header - .
+
+	.pushsection	".rodata", "a", %progbits
+__zimage_opt_header:
+	/*
+	 * Each header starts with a u16[2] containing id and size of the
+	 * entire header, including the u16[] itself.
+	 */
+	.long		0xffffffff	@ end of optional headers
+	.popsection
+	.endm
+
+#endif
+#endif