From patchwork Tue Apr 4 15:19:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200470 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1BC0DC761A6 for ; Tue, 4 Apr 2023 15:21:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=k75/nok/RL6xLuusBOZqw+Xr0zMmyTkwSaoVpOwZZ+I=; b=YCb7h8F4PzSyMb +hHRSmEnjy9ThkPqjog636FJjx1CZULcS33CJJLxwRRIP/mY/x+yLi+avtbT6cIAjfmKcVV2Qs/7J 9wo6OSEIcpe+3d7cG/lqlJ4dghXwkWMxXEHdOnMpDKc93cwWT7Ity6s75uafNqqyWgmARJmywZvxD yH2ZFtiHbH4qsrCB9wU38OmGseEi9tEtumyictpjZyNk1yWDYDWb68rsITir4RBb5g/JeJPFQCaI+ v1Eq7RlZLRk9a+Ep70LS5VrLFIKbMRRh5c7AR8AkvLlpwaPQSTcHu7o3f1PpnCcBeK/SbOSFZm2+j ZagZu+3Ldqv34BCZKQpg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSC-001xn4-0T; Tue, 04 Apr 2023 15:20:12 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiS9-001xlq-2k for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:11 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4B953635CE; Tue, 4 Apr 2023 15:20:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C191C433D2; Tue, 4 Apr 2023 15:20:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621608; bh=NN1vX7GS8UcvvMTsQiKYpCnrGd1Eg9mW+O4yymmSSt8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MeYDBCPmAPj9dc7jnexw4cX8cbFyMj1wHuEfW9YKhA3K+0McpPu32F5m5Athdpd2T aJ1ud/evrdfR1ByV9TbhOiqiQMwGrVpZ0YZ0wk3IoLpPXUcVANvBS6FTUIu69kbtN4 xlWqINE1R20TwzN229/yuxgf+4vA1aKNwKwuHI1oLNICv6BMLlm9Mj3Ey/bvf1xrQB 9XHJjxK476gK5nnvvKwSc+TlYWGUAAwr3SCEFzQb5yxgosOitXIvJTYTQkRqfUv9zy +3bVCeYOHJ2Z6WjRU2zHU5OZ2fqguMyrX8JaYBeHA1ArNhzof6P4FFiTA1IZKF8piG ULvC9hRMkeOfg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 1/6] efi/pe: Import new BTI/IBT header flags from the spec Date: Tue, 4 Apr 2023 17:19:54 +0200 Message-Id: <20230404151959.2774612-2-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1294; i=ardb@kernel.org; h=from:subject; bh=NN1vX7GS8UcvvMTsQiKYpCnrGd1Eg9mW+O4yymmSSt8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQSKJO8n9t8kkj9eO1zZcSvglbSglwHn6mf+tuBOBC S3xkuUdpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKifxkZtpenP3txLsn2T1Ko qf+d09MaDK7Jqrr5ZE2q/m4zs6r1McN/hw5zN7O2ue7F6aaXeY4H/Lv42Ow629qO02cTuSVf8J7 mAQA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082009_933893_A65BD9CB X-CRM114-Status: GOOD ( 11.51 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The latest version of your favorite fork of the PE/COFF spec includes a new type of header flag that is intended to be used in the context of EFI firmware to indicate to the image loader that the executable regions of an image can be mapped with BTI/IBT enforcement enabled. So let's import these definitions so we can use them in subsequent patches. Signed-off-by: Ard Biesheuvel --- include/linux/pe.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/pe.h b/include/linux/pe.h index 6ffabf1e6d039e67..5e1e115408702c77 100644 --- a/include/linux/pe.h +++ b/include/linux/pe.h @@ -118,6 +118,9 @@ #define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 #define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 +#define IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT 0x0001 +#define IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT 0x0040 + /* they actually defined 0x00000000 as well, but I think we'll skip that one. */ #define IMAGE_SCN_RESERVED_0 0x00000001 #define IMAGE_SCN_RESERVED_1 0x00000002 @@ -165,6 +168,7 @@ #define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */ #define IMAGE_DEBUG_TYPE_CODEVIEW 2 +#define IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS 20 #ifndef __ASSEMBLY__ From patchwork Tue Apr 4 15:19:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200472 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B6D81C761A6 for ; Tue, 4 Apr 2023 15:21:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2G+FZPmrfoDqkP8qdYHoNFVH/mi/jf+3OtpOVDiOuQg=; b=kiaFeRqA5HlKlZ GRSun2XzvoTSMMmYrMumlrqsQCFheIcQrzQEEJalAyKR0upHCHXMZSlqOZVbD8Y6diOWlsZNahTQW 0tTzQcQzgvLLGLn87G6SuI1K6+dcCzMWxf6MnmxnYHv0qKrlvJjUAV1G00llPzu2xA+O3ONs5FQco c4LGVy8BR9p2o5sXNQABzxwVFkdli3RBcyCXsVXkYlmXzOmWOz3T2GB9GDCMlxNkPv5rVoWMHpMNI uCJdqps0mh3k6roqcfm22L2nGkEdQcDte27hOgtX0tZj4wSKT2uk3CdvypjffZ9dHzLA8Sk5hf4GB LzQVWkqPgdbs7v1tZwLg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSG-001xpn-29; Tue, 04 Apr 2023 15:20:16 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSB-001xmk-24 for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:13 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3E69E635C2; Tue, 4 Apr 2023 15:20:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 236C5C433A0; Tue, 4 Apr 2023 15:20:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621610; bh=Ga8kRwA4cYPGJueBNhAKY9K+0CddQq8XhgGyaJTDtY4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hpVEE7lAJt9ndt27k37zxCybUY+1K6Hrpo+utt6qw/EDihTFzRkh901NOOBZ0cBu6 U6kkHyK+zG4ggTAnedmm7BNARQ0tlXywKwi4I5cgLNohLF9seuMcGXN7Pu9MyKO+Tn lDRSaTJCclkMDC1pYVlfDp3jZ3J1Vg7vUzx9aTWPiSY0ByLIllVd/ZCGSWrFYQfJCR fH7/+RY9L/dYT4T01cDj3e9aLvf844scK9W1igRwJ5Dok+8O6+lM8OAAvgUabMk3y5 1gA0C7n1lMIZ0/nUNUmfnsFpLLk+/YN2DB+FpqWjh7Cy5Wx80lr/Bob0mof83fmQE8 +G0aDVyQEKHJw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 2/6] arm64: efi: Enable BTI codegen and add PE/COFF annotation Date: Tue, 4 Apr 2023 17:19:55 +0200 Message-Id: <20230404151959.2774612-3-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4840; i=ardb@kernel.org; h=from:subject; bh=Ga8kRwA4cYPGJueBNhAKY9K+0CddQq8XhgGyaJTDtY4=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQfLYasdkze6AN91rV+VkfDv11nazUfPUr3MuZSWpZ FVO5/3RUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZy+xvDf8f4G9H7Zh2S+i5d tXHezKkPDl6ZO+OCaZjchQc3ruvcfa/J8N+Hd5Hl8olH+oR9bTxXWl2fu/Leww0OAdzCJstcg+v +CbABAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082011_755053_0B1DC9B9 X-CRM114-Status: GOOD ( 18.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org UEFI heavily relies on so-called protocols, which are essentially tables populated with pointers to executable code, and these are invoked indirectly using BR or BLR instructions. This makes the EFI execution context vulnerable to attacks on forward edge control flow, and so it would help if we could enable hardware enforcement (BTI) on CPUs that implement it. So let's no longer disable BTI codegen for the EFI stub, and set the newly introduced PE/COFF header flag when the kernel is built with BTI landing pads. Signed-off-by: Ard Biesheuvel Reviewed-by: Mark Brown --- arch/arm64/kernel/efi-header.S | 71 ++++++++++++-------- drivers/firmware/efi/libstub/Makefile | 3 +- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S index d731b4655df8eb27..11d7f7de202d0ed2 100644 --- a/arch/arm64/kernel/efi-header.S +++ b/arch/arm64/kernel/efi-header.S @@ -81,9 +81,47 @@ .quad 0 // CertificationTable .quad 0 // BaseRelocationTable -#ifdef CONFIG_DEBUG_EFI +#if defined(CONFIG_DEBUG_EFI) || defined(CONFIG_ARM64_BTI_KERNEL) .long .Lefi_debug_table - .L_head // DebugTable .long .Lefi_debug_table_size + + /* + * The debug table is referenced via its Relative Virtual Address (RVA), + * which is only defined for those parts of the image that are covered + * by a section declaration. Since this header is not covered by any + * section, the debug table must be emitted elsewhere. So stick it in + * the .init.rodata section instead. + * + * Note that the payloads themselves are permitted to have zero RVAs, + * which means we can simply put those right after the section headers. + */ + __INITRODATA + + .align 2 +.Lefi_debug_table: +#ifdef CONFIG_DEBUG_EFI + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY + .long 0 // Characteristics + .long 0 // TimeDateStamp + .short 0 // MajorVersion + .short 0 // MinorVersion + .long IMAGE_DEBUG_TYPE_CODEVIEW // Type + .long .Lefi_debug_entry_size // SizeOfData + .long 0 // RVA + .long .Lefi_debug_entry - .L_head // FileOffset +#endif +#ifdef CONFIG_ARM64_BTI_KERNEL + .long 0 // Characteristics + .long 0 // TimeDateStamp + .short 0 // MajorVersion + .short 0 // MinorVersion + .long IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS // Type + .long 4 // SizeOfData + .long 0 // RVA + .long .Lefi_dll_characteristics_ex - .L_head // FileOffset +#endif + .set .Lefi_debug_table_size, . - .Lefi_debug_table + .previous #endif // Section table @@ -119,33 +157,6 @@ .set .Lsection_count, (. - .Lsection_table) / 40 #ifdef CONFIG_DEBUG_EFI - /* - * The debug table is referenced via its Relative Virtual Address (RVA), - * which is only defined for those parts of the image that are covered - * by a section declaration. Since this header is not covered by any - * section, the debug table must be emitted elsewhere. So stick it in - * the .init.rodata section instead. - * - * Note that the EFI debug entry itself may legally have a zero RVA, - * which means we can simply put it right after the section headers. - */ - __INITRODATA - - .align 2 -.Lefi_debug_table: - // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY - .long 0 // Characteristics - .long 0 // TimeDateStamp - .short 0 // MajorVersion - .short 0 // MinorVersion - .long IMAGE_DEBUG_TYPE_CODEVIEW // Type - .long .Lefi_debug_entry_size // SizeOfData - .long 0 // RVA - .long .Lefi_debug_entry - .L_head // FileOffset - - .set .Lefi_debug_table_size, . - .Lefi_debug_table - .previous - .Lefi_debug_entry: // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY .ascii "NB10" // Signature @@ -157,6 +168,10 @@ .set .Lefi_debug_entry_size, . - .Lefi_debug_entry #endif +#ifdef CONFIG_ARM64_BTI_KERNEL +.Lefi_dll_characteristics_ex: + .long IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT +#endif .balign SEGMENT_ALIGN .Lefi_header_end: diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 80d85a5169fb2c72..3abb2b357482a416 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -23,8 +23,7 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \ # arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly # disable the stackleak plugin cflags-$(CONFIG_ARM64) += -fpie $(DISABLE_STACKLEAK_PLUGIN) \ - -fno-unwind-tables -fno-asynchronous-unwind-tables \ - $(call cc-option,-mbranch-protection=none) + -fno-unwind-tables -fno-asynchronous-unwind-tables cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \ -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \ -DEFI_HAVE_STRCMP -fno-builtin -fpic \ From patchwork Tue Apr 4 15:19:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200469 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C03D6C77B62 for ; Tue, 4 Apr 2023 15:21:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Bs6l8eZ9gpHFMsb0jiX5RA8lGLzmg09yRCnpPpRo7kQ=; b=1SMT+XWvblTq79 kRqRYrMDw0BRpzBE1xZXJKxtvrvG9zcGQZ8UElI3sy1GI9wGOvf6sVtCQejo8dDgfUhrJHugMkep1 1+R0dmNu77t4QrykGRz3/Pd9AsHnvcjAIKPLQsuKDrq8OoPLXfJ5quOSswcu50R1/DO4fFHisoNcc z4x9VwTY9durIdiLCLC/0OHHSSdnRriDLPYiALXqrG+O5wDqodZppttJe6hRi/rNANLk42v0LcssZ XE0HzWb7lXw5xCmLooVg8YjCrb0pgFUsjBhmv7eHmhJLowPgzd69CCi5078N/qRheYlyx5mQtyu/F ILGpHBS44BV6xBxyuOxg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSH-001xqd-2v; Tue, 04 Apr 2023 15:20:17 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSD-001xnz-2H for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:15 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3A4A1635C2; Tue, 4 Apr 2023 15:20:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A211C433D2; Tue, 4 Apr 2023 15:20:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621612; bh=3xyHT1OtWiQVUUMET2eYvQyZR3EWBYolFXO32v+waq8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WhJIUMo9QccUr51qalHsyQ0RRUZluG/7miU9i1tX7u7zJoBfLxESneJbDAgjmM89I zoq8W09uQwrba8X1z1GI0tySj9MzgyjRLpCkY/ANge1JvH7/QSGAigqHc3ShQ3nkDc g2DHCxnv/hCbU+91pvzmYXocGg07/+4/VjM/uZ1N++heRnnjsvaXejN8yA/gQ2Q0BQ Df6SZx6wcUMlzi1M8cdTGGZSpTeBCAUsSzRtFAyhgcnDsogkkzo39L+jqb5z6RbS3Z Y40vbVGQ9B83Gni2Z1EObqJW60tFsZqNiUXZsxgnJVu8JPb8wYhpQTcuRIYbnA/qbx s9BdPlaYAFyGw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 3/6] arm64: image: Add code size to the image header Date: Tue, 4 Apr 2023 17:19:56 +0200 Message-Id: <20230404151959.2774612-4-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3480; i=ardb@kernel.org; h=from:subject; bh=3xyHT1OtWiQVUUMET2eYvQyZR3EWBYolFXO32v+waq8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQWpDHVvme7G7Zx5EitjEWIldY5z244m/zuMJO38Er T0hnbulo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExEZh4jwxbjAx47uM7OCrFW 45+UvUDWbNnruYU3Flp+yXM7+mWfmzfDHw7rN8t/Hnq99LCFQ+NdEfW6IB5WR83zNhXCqbcD9pb bcAEA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082013_829213_1CDB84C6 X-CRM114-Status: GOOD ( 17.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In order for loaders to be able to create a preliminary mapping of the image without having to rely on mappings that have both write and execute permissions, it is necessary to expose the size of the leading part of the image consisting of .text, .rodata and .inittext. So add this information to the arm64 bare metal boot header. Signed-off-by: Ard Biesheuvel --- Documentation/arm64/booting.rst | 3 ++- arch/arm64/include/asm/image.h | 3 ++- arch/arm64/kernel/head.S | 3 ++- arch/arm64/kernel/image.h | 10 +++++++--- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Documentation/arm64/booting.rst b/Documentation/arm64/booting.rst index ffeccdd6bdac9442..4d6966833c8c7472 100644 --- a/Documentation/arm64/booting.rst +++ b/Documentation/arm64/booting.rst @@ -79,7 +79,8 @@ The decompressed kernel image contains a 64-byte header as follows:: u64 text_offset; /* Image load offset, little endian */ u64 image_size; /* Effective Image size, little endian */ u64 flags; /* kernel flags, little endian */ - u64 res2 = 0; /* reserved */ + u32 code_size; /* Image code size, little endian */ + u32 res2 = 0; /* reserved */ u64 res3 = 0; /* reserved */ u64 res4 = 0; /* reserved */ u32 magic = 0x644d5241; /* Magic number, little endian, "ARM\x64" */ diff --git a/arch/arm64/include/asm/image.h b/arch/arm64/include/asm/image.h index c2b13213c7207c02..5361694c5a7b4956 100644 --- a/arch/arm64/include/asm/image.h +++ b/arch/arm64/include/asm/image.h @@ -47,7 +47,8 @@ struct arm64_image_header { __le64 text_offset; __le64 image_size; __le64 flags; - __le64 res2; + __le32 code_size; + __le32 res2; __le64 res3; __le64 res4; __le32 magic; diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index b98970907226b36c..8f684a2e8f05ac7e 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -62,7 +62,8 @@ .quad 0 // Image load offset from start of RAM, little-endian le64sym _kernel_size_le // Effective size of kernel image, little-endian le64sym _kernel_flags_le // Informative flags, little-endian - .quad 0 // reserved + .long _kernel_codesize_le // Size of leading text/rodata/inittext region, LE + .long 0 // reserved .quad 0 // reserved .quad 0 // reserved .ascii ARM64_IMAGE_MAGIC // Magic number diff --git a/arch/arm64/kernel/image.h b/arch/arm64/kernel/image.h index 7bc3ba8979019182..4c08409b2129d510 100644 --- a/arch/arm64/kernel/image.h +++ b/arch/arm64/kernel/image.h @@ -34,6 +34,9 @@ #define DATA_LE32(data) ((data) & 0xffffffff) #endif +#define DEFINE_IMAGE_LE32(sym, data) \ + sym = DATA_LE32((data) & 0xffffffff) + #define DEFINE_IMAGE_LE64(sym, data) \ sym##_lo32 = DATA_LE32((data) & 0xffffffff); \ sym##_hi32 = DATA_LE32((data) >> 32) @@ -60,8 +63,9 @@ * regardless of the endianness of the kernel. While constant values could be * endian swapped in head.S, all are done here for consistency. */ -#define HEAD_SYMBOLS \ - DEFINE_IMAGE_LE64(_kernel_size_le, _end - _text); \ - DEFINE_IMAGE_LE64(_kernel_flags_le, __HEAD_FLAGS); +#define HEAD_SYMBOLS \ + DEFINE_IMAGE_LE64(_kernel_size_le, _end - _text); \ + DEFINE_IMAGE_LE64(_kernel_flags_le, __HEAD_FLAGS); \ + DEFINE_IMAGE_LE32(_kernel_codesize_le, __initdata_begin - _text); #endif /* __ARM64_KERNEL_IMAGE_H */ From patchwork Tue Apr 4 15:19:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200473 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DF34EC761A6 for ; Tue, 4 Apr 2023 15:21:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=N9ylF132QX8Hrv0ZzszcQS6nCubbcWGP649iRfRve7s=; b=i3hk/7d+DBSkkR cP6Qw/cdFqLbrzjV7aTVcjn1G0QKpKfphkne6I9ph44F6fG3hkyDEVIc0WdyWdhO6xzNyhpIKggv1 pJwQOy71M7UPuhgtvV7ASjT6O0bdgEHdTowA4yaGSZyxUYC4LyEBuj8AgnuJi1i8FL9pkzz+N9RkF HRe5kSnYXUekEq6VVk1HtdwP1ixFyHpIS9KCn2QTlvGLcxd7kCoaxiCwBSDvBoqut28GKBwuZxvZj oYkRU4EfKGLiRmXfVJvseV1TOva8IcDfUk4uZetjIlggfJb1HG8Mnta4tdG01LPCwOvQej8NqjBzJ 6p77UWzjQ8q/LaU+2dyw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSK-001xs0-0P; Tue, 04 Apr 2023 15:20:20 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSF-001xp9-1t for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:17 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 300C463524; Tue, 4 Apr 2023 15:20:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12C1CC433EF; Tue, 4 Apr 2023 15:20:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621614; bh=Zod0gLV50Ql+WmIuLOmGh7UoZX0DfCWPHhuwknk4N1E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SnXiglBacTaqBx4Kx+/0h00V7M+hT91ZfknYmjh2WMm9afuri6GCekKeGSnaTvM5o 55k8PDszt7f1igsa2wjSMxfDGQcK7D7j72yCx8Ro9CKJcF3/IK3DaLTv8HL3A5ZQTt jEzKrfpATFoALA5t3iQXH/vMrZaw4wN45PAtkEOn3L5gr4j4x1wOOa1ZlDXQwgSSy+ u1aS8WXrFTl8vG7fPpN7CFwrn0l71W/DcWJAG0kcpHHw6j39UGodquTdQvLe5HICOq umjWxBALq2nCXIn8anewTRG0XHSi6KLja7vMuqpSiPzF9Lbwl3QwHCo516/vzS0Sxh k+1PxA9/bjBuQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 4/6] efi/zboot: Add BSS padding before compression Date: Tue, 4 Apr 2023 17:19:57 +0200 Message-Id: <20230404151959.2774612-5-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5838; i=ardb@kernel.org; h=from:subject; bh=Zod0gLV50Ql+WmIuLOmGh7UoZX0DfCWPHhuwknk4N1E=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQZrxxmvjYq7gN4wtMaEveEsPip3WD3u2sOtx+vLvM +8mFG7pKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZZcTI8LgkSlBywpY+S0c5 o1kvLV3XHrfcNuXyhke8EmzrQ48LhDMyPForPY1n+cX/e/nsEv9rF1pdWGxvdvPJycq+bWEL/5k c4AUA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082015_705422_94E23ECA X-CRM114-Status: GOOD ( 20.31 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org We don't really care about the size of the decompressed image - what matters is how much space needs to be allocated for the image to execute, and this includes space for BSS that is not part of the loadable image and so it is not accounted for in the decompressed size. So let's add some zero padding to the end of the image: this compresses well, and it ensures that BSS is accounted for, and as a bonus, it will be zeroed before launching the image. Since all architectures that implement support for EFI zboot carry this value in the header in the same location, we can just grab it from the binary that is being compressed. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/Makefile.zboot | 36 +++++++++++++++----- drivers/firmware/efi/libstub/zboot-header.S | 2 +- drivers/firmware/efi/libstub/zboot.c | 6 ++-- 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot index ccdd6a130d98618e..2d78770236049b21 100644 --- a/drivers/firmware/efi/libstub/Makefile.zboot +++ b/drivers/firmware/efi/libstub/Makefile.zboot @@ -3,6 +3,14 @@ # to be include'd by arch/$(ARCH)/boot/Makefile after setting # EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE +quiet_cmd_copy_and_pad = PAD $@ + cmd_copy_and_pad = cp $< $@ && \ + truncate -s $(shell hexdump -s16 -n4 -e '"%u"' $<) $@ + +# Pad the file to the size of the uncompressed image in memory, including BSS +$(obj)/vmlinux.bin: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE + $(call if_changed,copy_and_pad) + comp-type-$(CONFIG_KERNEL_GZIP) := gzip comp-type-$(CONFIG_KERNEL_LZ4) := lz4 comp-type-$(CONFIG_KERNEL_LZMA) := lzma @@ -10,16 +18,25 @@ comp-type-$(CONFIG_KERNEL_LZO) := lzo comp-type-$(CONFIG_KERNEL_XZ) := xzkern comp-type-$(CONFIG_KERNEL_ZSTD) := zstd22 -# Copy the SizeOfHeaders, SizeOfCode and SizeOfImage fields from the payload to -# the end of the compressed image. Note that this presupposes a PE header -# offset of 64 bytes, which is what arm64, RISC-V and LoongArch use. -quiet_cmd_compwithsize = $(quiet_cmd_$(comp-type-y)) - cmd_compwithsize = $(cmd_$(comp-type-y)) && ( \ +# in GZIP, the appended le32 carrying the uncompressed size is part of the +# format, but in other cases, we just append it at the end for convenience, +# causing the original tools to complain when checking image integrity. +# So disregard it when calculating the payload size in the zimage header. +zboot-method-y := $(comp-type-y)_with_size +zboot-size-len-y := 12 + +zboot-method-$(CONFIG_KERNEL_GZIP) := gzip +zboot-size-len-$(CONFIG_KERNEL_GZIP) := 8 + +# Copy the SizeOfHeaders and SizeOfCode fields from the payload to the end of +# the compressed image. Note that this presupposes a PE header offset of 64 +# bytes, which is what arm64, RISC-V and LoongArch use. +quiet_cmd_compwithsize = $(quiet_cmd_$(zboot-method-y)) + cmd_compwithsize = $(cmd_$(zboot-method-y)) && ( \ dd status=none if=$< bs=4 count=1 skip=37 ; \ - dd status=none if=$< bs=4 count=1 skip=23 ; \ - dd status=none if=$< bs=4 count=1 skip=36 ) >> $@ + dd status=none if=$< bs=4 count=1 skip=23 ) >> $@ -$(obj)/vmlinuz: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE +$(obj)/vmlinuz: $(obj)/vmlinux.bin FORCE $(call if_changed,compwithsize) OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \ @@ -29,6 +46,7 @@ $(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \ + -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \ -DCOMP_TYPE="\"$(comp-type-y)\"" $(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE @@ -44,4 +62,4 @@ OBJCOPYFLAGS_vmlinuz.efi := -O binary $(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.elf FORCE $(call if_changed,objcopy) -targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi +targets += zboot-header.o vmlinux.bin vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S index 445cb646eaaaf1c6..053aba073594936b 100644 --- a/drivers/firmware/efi/libstub/zboot-header.S +++ b/drivers/firmware/efi/libstub/zboot-header.S @@ -17,7 +17,7 @@ __efistub_efi_zboot_header: .long MZ_MAGIC .ascii "zimg" // image type .long __efistub__gzdata_start - .Ldoshdr // payload offset - .long __efistub__gzdata_size - 12 // payload size + .long __efistub__gzdata_size - ZBOOT_SIZE_LEN // payload size .long 0, 0 // reserved .asciz COMP_TYPE // compression type .org .Ldoshdr + 0x38 diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index 6105e5e2eda4612b..63ece480090032c1 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -91,12 +91,12 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) efi_info("Decompressing Linux Kernel...\n"); // SizeOfImage from the compressee's PE/COFF header - alloc_size = round_up(get_unaligned_le32(_gzdata_end - 4), + alloc_size = round_up(get_unaligned_le32(_gzdata_end - 12), EFI_ALLOC_ALIGN); // SizeOfHeaders and SizeOfCode from the compressee's PE/COFF header - code_size = get_unaligned_le32(_gzdata_end - 8) + - get_unaligned_le32(_gzdata_end - 12); + code_size = get_unaligned_le32(_gzdata_end - 4) + + get_unaligned_le32(_gzdata_end - 8); // If the architecture has a preferred address for the image, // try that first. From patchwork Tue Apr 4 15:19:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200471 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BE94DC77B62 for ; Tue, 4 Apr 2023 15:21:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=rdzEycrCx2fRP03SAoI6u0sIKtg67AfatZ6v1lWqml8=; b=iyv9l7JRAGmDHs eP0MbDk+ONNGyqo2AeuMr8fnmhbPeKblviWVSfw+ydtwD/x4CPoTYDLqPZLBRpfemjwvW6kKm4XlY ncf/YJI7F3sm/tf6XSYLrTWeeeqT+wYkhgnvE/QlnmUsB9LvSP51BWHrHWw7bgFtNRAWyO/CAuP2S F6eOnLY5n3OH9LbhtRVI4V8NbYJa/g0kzH6lihU+qnFjUyAokPEYvzTZ3VA+P2y3mtYBdT0dF12qA hBKNPYDokAVjhQxg0iPWs3l1AHp8lnm7xNrjPDzZJq7dqR2a3QHgccgmsLI1taAxPAlAhz9QaRIu2 gO5o7AXZnKlJPOLOArDQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSL-001xsZ-0z; Tue, 04 Apr 2023 15:20:21 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSH-001xqM-1x for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:19 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 21EBA635F0; Tue, 4 Apr 2023 15:20:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08C9CC433A1; Tue, 4 Apr 2023 15:20:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621616; bh=KEpiu1LcP6rVmgIdzG1zgBZc7tX1RDFS8L/IT9RtaMU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Xxmr4l6OYLunrzZ3S37PnCmrHd+VuWn+1PmbhumzsoAXfTINYhdvyQYZl38XqIaNR dLKN7ha+Am/gKipxF9hmUO6iOZKHF3Zuc0jp6h5W396k0gK6OQePb7QBsimdm23qWZ 22GgPz7x3dOGZr+XVT9Cb/7OMJCyOD4WDMujP2p3tRJR8AvtKraMU/yO4g6RxqAk8n X/lF07aMzF/DSvlAXltpTnE2XDo1Qcs+/r3AOjGcNPIlJhn8ehmvC75FNBfhUzGTC4 svOeYExdWeqUXQe9ALuZ6PLZ3iBcIBFe6LcKKHPygBtDoMZUvfsqufdmgGiKRoZWTc SMdln7MOJVE4g== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 5/6] efi/zboot: Set forward edge CFI compat header flag if supported Date: Tue, 4 Apr 2023 17:19:58 +0200 Message-Id: <20230404151959.2774612-6-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4652; i=ardb@kernel.org; h=from:subject; bh=KEpiu1LcP6rVmgIdzG1zgBZc7tX1RDFS8L/IT9RtaMU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQfbdzPInZjNOvn/CscysNcNpq0zQ05O7pvAZ82bdv z5ty8r1HaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiL88x/DPcK6T/qWd5Pct6 CZvz39Y0rworXTqnPub25jfcEtVbt0QyMiz5l7g6K1Op78Zz1edK36ZWz3Hfc+Sj05mylb0PPNc Im3AAAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082017_750647_849DB436 X-CRM114-Status: GOOD ( 12.43 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add some plumbing to the zboot EFI header generation to set the newly introduced DllCharacteristicsEx flag associated with forward edge CFI enforcement instructions (BTI on arm64, IBT on x86) x86 does not currently uses the zboot infrastructure, so let's wire it up only for arm64. Signed-off-by: Ard Biesheuvel --- arch/arm64/boot/Makefile | 1 + drivers/firmware/efi/libstub/Makefile.zboot | 9 +++- drivers/firmware/efi/libstub/zboot-header.S | 49 +++++++++++++------- 3 files changed, 40 insertions(+), 19 deletions(-) diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile index c65aee0884103c6f..ae645fda90bca574 100644 --- a/arch/arm64/boot/Makefile +++ b/arch/arm64/boot/Makefile @@ -42,5 +42,6 @@ $(obj)/Image.zst: $(obj)/Image FORCE EFI_ZBOOT_PAYLOAD := Image EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64 EFI_ZBOOT_MACH_TYPE := ARM64 +EFI_ZBOOT_FORWARD_CFI := $(CONFIG_ARM64_BTI_KERNEL) include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot index 2d78770236049b21..0a9dcc2b13736519 100644 --- a/drivers/firmware/efi/libstub/Makefile.zboot +++ b/drivers/firmware/efi/libstub/Makefile.zboot @@ -1,7 +1,8 @@ # SPDX-License-Identifier: GPL-2.0 # to be include'd by arch/$(ARCH)/boot/Makefile after setting -# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE +# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET, EFI_ZBOOT_MACH_TYPE and +# EFI_ZBOOT_FORWARD_CFI quiet_cmd_copy_and_pad = PAD $@ cmd_copy_and_pad = cp $< $@ && \ @@ -44,10 +45,14 @@ OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \ $(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE $(call if_changed,objcopy) +aflags-zboot-header-$(EFI_ZBOOT_FORWARD_CFI) := \ + -DPE_DLL_CHAR_EX=IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT + AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \ -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \ - -DCOMP_TYPE="\"$(comp-type-y)\"" + -DCOMP_TYPE="\"$(comp-type-y)\"" \ + $(aflags-zboot-header-y) $(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE $(call if_changed_rule,as_o_S) diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S index 053aba073594936b..fb676ded47fa4341 100644 --- a/drivers/firmware/efi/libstub/zboot-header.S +++ b/drivers/firmware/efi/libstub/zboot-header.S @@ -78,9 +78,36 @@ __efistub_efi_zboot_header: .quad 0 // ExceptionTable .quad 0 // CertificationTable .quad 0 // BaseRelocationTable -#ifdef CONFIG_DEBUG_EFI +#if defined(PE_DLL_CHAR_EX) || defined(CONFIG_DEBUG_EFI) .long .Lefi_debug_table - .Ldoshdr // DebugTable .long .Lefi_debug_table_size + + .section ".rodata", "a" + .p2align 2 +.Lefi_debug_table: + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY[] +#ifdef PE_DLL_CHAR_EX + .long 0 // Characteristics + .long 0 // TimeDateStamp + .short 0 // MajorVersion + .short 0 // MinorVersion + .long IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS // Type + .long 4 // SizeOfData + .long 0 // RVA + .long .Lefi_dll_characteristics_ex - .Ldoshdr // FileOffset +#endif +#ifdef CONFIG_DEBUG_EFI + .long 0 // Characteristics + .long 0 // TimeDateStamp + .short 0 // MajorVersion + .short 0 // MinorVersion + .long IMAGE_DEBUG_TYPE_CODEVIEW // Type + .long .Lefi_debug_entry_size // SizeOfData + .long 0 // RVA + .long .Lefi_debug_entry - .Ldoshdr // FileOffset +#endif + .set .Lefi_debug_table_size, . - .Lefi_debug_table + .previous #endif .Lsection_table: @@ -110,23 +137,11 @@ __efistub_efi_zboot_header: .set .Lsection_count, (. - .Lsection_table) / 40 +#ifdef PE_DLL_CHAR_EX +.Lefi_dll_characteristics_ex: + .long PE_DLL_CHAR_EX +#endif #ifdef CONFIG_DEBUG_EFI - .section ".rodata", "a" - .align 2 -.Lefi_debug_table: - // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY - .long 0 // Characteristics - .long 0 // TimeDateStamp - .short 0 // MajorVersion - .short 0 // MinorVersion - .long IMAGE_DEBUG_TYPE_CODEVIEW // Type - .long .Lefi_debug_entry_size // SizeOfData - .long 0 // RVA - .long .Lefi_debug_entry - .Ldoshdr // FileOffset - - .set .Lefi_debug_table_size, . - .Lefi_debug_table - .previous - .Lefi_debug_entry: // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY .ascii "NB10" // Signature From patchwork Tue Apr 4 15:19:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200474 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 04EA7C77B6C for ; Tue, 4 Apr 2023 15:21:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=WsYMOwuqa1oY8uGBXhhPx9HqOmrsOUZ2AiA1ucjfI/o=; b=OglYbMbBHoId9h ZsNG0lRiXYdOrz0dF22vc99rviADz4ON140FkGKzqh9blVHu2/KmB/8d3D7LVD1J0KN8FSgvhVuTM z4ccgI8mkHSGlyty8y4/wuMek+NvzZ0VFLL0fIGUkHqQt633+2SryrDmTIdOoG14tRX7Sojx6qs+M D7cpeq39x30E8vzoa255ObRQpPqiMKpIMx2ksEpVrBAlrCZlbvwOVa/gygDpqOe9JfKRKSdAWuxuK isDDSy34vfgd5OLPWgBmxDBcNlV6PzOYQc7RlwEqLgoghq7hnm65sbxKo3t6p9CP+umBKJpw76Z9+ 8cUKwqaecofcFtj5ifWQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSO-001xuV-0s; Tue, 04 Apr 2023 15:20:24 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSJ-001xrV-1Y for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:21 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 19075635CB; Tue, 4 Apr 2023 15:20:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2F81C433D2; Tue, 4 Apr 2023 15:20:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621618; bh=PqNN9wmJiT9ZL5kLFa8MWQjFDkv3SZEgmXqyyYrLaPQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XtOOlZhna3zYMqfwrQlih6+UqBE2HXGuxqTMu28hHEKg9jVPiEobBhVL9cyM0oD91 McebX/pw0YtjpE4aIVjyXdYICsYYA0LcR2mSi4JphyAJ/njrNehYFzie8UaugmxPDk YlhUujiq10K1PYlPLqx94e4AjGNXbxlLQ6nMw+qjLqhAXO0OdAMz8bYF7ij9X48uGJ yLzX9E3qUx1Ar2yZIkIqGWBP9WDxpjmWn5zCIex0U7yOFKwQ8biqG9yQR6vLGFwSis 0Z3AolfjEqoB82aS4+waMv01tZ0C7npHp9IpLuAWUNMcD5bYv79d9vCSyVlDx4/Q8P Z9xo0tF6ymeiw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 6/6] efi/zboot: arm64: Grab code size from image header Date: Tue, 4 Apr 2023 17:19:59 +0200 Message-Id: <20230404151959.2774612-7-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404151959.2774612-1-ardb@kernel.org> References: <20230404151959.2774612-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6189; i=ardb@kernel.org; h=from:subject; bh=PqNN9wmJiT9ZL5kLFa8MWQjFDkv3SZEgmXqyyYrLaPQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQe7SGucuz+n8+v/OubU4bFLQ7PMsfHk8h6U1suJAi KuawNuOUhYGMQ4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMBG/54wMX+wDns1yWJp4u/cB 8xStlisP0xx3FwTv7rw+6fLpLecnz2VkOPpt244Zty5Pjn5QEMljNuV9nFvvyu6cjIfJm07PcS7 KZwcA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082019_603309_6F63CAF4 X-CRM114-Status: GOOD ( 19.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Instead of relying on a dodgy dd hack to copy the image code size from the uncompressed image's PE header to the end of the compressed image, let's grab the code size from the arm64 image header after decompression, which we can do now that we have added this information to this header. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/Makefile.zboot | 14 +++----------- drivers/firmware/efi/libstub/arm64.c | 18 ++++++++++++------ drivers/firmware/efi/libstub/efistub.h | 3 +-- drivers/firmware/efi/libstub/zboot.c | 15 ++++----------- 4 files changed, 20 insertions(+), 30 deletions(-) diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot index 0a9dcc2b13736519..d34d4f0ed33349d5 100644 --- a/drivers/firmware/efi/libstub/Makefile.zboot +++ b/drivers/firmware/efi/libstub/Makefile.zboot @@ -24,21 +24,13 @@ comp-type-$(CONFIG_KERNEL_ZSTD) := zstd22 # causing the original tools to complain when checking image integrity. # So disregard it when calculating the payload size in the zimage header. zboot-method-y := $(comp-type-y)_with_size -zboot-size-len-y := 12 +zboot-size-len-y := 4 zboot-method-$(CONFIG_KERNEL_GZIP) := gzip -zboot-size-len-$(CONFIG_KERNEL_GZIP) := 8 - -# Copy the SizeOfHeaders and SizeOfCode fields from the payload to the end of -# the compressed image. Note that this presupposes a PE header offset of 64 -# bytes, which is what arm64, RISC-V and LoongArch use. -quiet_cmd_compwithsize = $(quiet_cmd_$(zboot-method-y)) - cmd_compwithsize = $(cmd_$(zboot-method-y)) && ( \ - dd status=none if=$< bs=4 count=1 skip=37 ; \ - dd status=none if=$< bs=4 count=1 skip=23 ) >> $@ +zboot-size-len-$(CONFIG_KERNEL_GZIP) := 0 $(obj)/vmlinuz: $(obj)/vmlinux.bin FORCE - $(call if_changed,compwithsize) + $(call if_changed,$(zboot-method-y)) OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \ --rename-section .data=.gzdata,load,alloc,readonly,contents diff --git a/drivers/firmware/efi/libstub/arm64.c b/drivers/firmware/efi/libstub/arm64.c index 8aad8c49d43f18e0..b65bf5371d3d4700 100644 --- a/drivers/firmware/efi/libstub/arm64.c +++ b/drivers/firmware/efi/libstub/arm64.c @@ -9,6 +9,7 @@ #include #include +#include #include #include @@ -89,25 +90,30 @@ efi_status_t check_platform_features(void) #endif void efi_cache_sync_image(unsigned long image_base, - unsigned long alloc_size, - unsigned long code_size) + unsigned long alloc_size) { + const struct arm64_image_header *header = (void *)image_base; u32 ctr = read_cpuid_effective_cachetype(); u64 lsize = 4 << cpuid_feature_extract_unsigned_field(ctr, CTR_EL0_DminLine_SHIFT); /* only perform the cache maintenance if needed for I/D coherency */ if (!(ctr & BIT(CTR_EL0_IDC_SHIFT))) { + unsigned long base = image_base; + unsigned long size = le32_to_cpu(header->code_size); + do { - asm("dc " DCTYPE ", %0" :: "r"(image_base)); - image_base += lsize; - code_size -= lsize; - } while (code_size >= lsize); + asm("dc " DCTYPE ", %0" :: "r"(base)); + base += lsize; + size -= lsize; + } while (size >= lsize); } asm("ic ialluis"); dsb(ish); isb(); + + efi_remap_image(image_base, alloc_size, le32_to_cpu(header->code_size)); } unsigned long __weak primary_entry_offset(void) diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 148013bcb5f89fdd..67d5a20802e0b7c6 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -1066,8 +1066,7 @@ struct screen_info *__alloc_screen_info(void); void free_screen_info(struct screen_info *si); void efi_cache_sync_image(unsigned long image_base, - unsigned long alloc_size, - unsigned long code_size); + unsigned long alloc_size); struct efi_smbios_record { u8 type; diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index 63ece480090032c1..e5d7fa1f1d8fd160 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -50,8 +50,7 @@ static unsigned long alloc_preferred_address(unsigned long alloc_size) } void __weak efi_cache_sync_image(unsigned long image_base, - unsigned long alloc_size, - unsigned long code_size) + unsigned long alloc_size) { // Provided by the arch to perform the cache maintenance necessary for // executable code loaded into memory to be safe for execution. @@ -66,7 +65,7 @@ asmlinkage efi_status_t __efiapi efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) { unsigned long compressed_size = _gzdata_end - _gzdata_start; - unsigned long image_base, alloc_size, code_size; + unsigned long image_base, alloc_size; efi_loaded_image_t *image; efi_status_t status; char *cmdline_ptr; @@ -91,13 +90,9 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) efi_info("Decompressing Linux Kernel...\n"); // SizeOfImage from the compressee's PE/COFF header - alloc_size = round_up(get_unaligned_le32(_gzdata_end - 12), + alloc_size = round_up(get_unaligned_le32(_gzdata_end - 4), EFI_ALLOC_ALIGN); - // SizeOfHeaders and SizeOfCode from the compressee's PE/COFF header - code_size = get_unaligned_le32(_gzdata_end - 4) + - get_unaligned_le32(_gzdata_end - 8); - // If the architecture has a preferred address for the image, // try that first. image_base = alloc_preferred_address(alloc_size); @@ -140,9 +135,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) goto free_image; } - efi_cache_sync_image(image_base, alloc_size, code_size); - - efi_remap_image(image_base, alloc_size, code_size); + efi_cache_sync_image(image_base, alloc_size); status = efi_stub_common(handle, image, image_base, cmdline_ptr);