* [PATCH v2 00/14] arm64+ARM: efi: PE/COFF cleanup/hardening
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
This cleans up the PE/COFF EFI header, by taking some of Mark's patches
and use them to replace open coded constants with symbolic ones, and
remove incorrect values or unused sections.
Finally, it updates the section layout so that the kernel Image can be
mapped in a way that does not require setting RWX permissions anywhere.
Note that this is currently not a huge win, given that most current UEFI
implementations map all of RAM RWX by default, but this is finally gaining
some attention, and work is underway to make the PE/COFF loader in EDK2
adhere to the section permissions, which would also allow the RAM mapping
to default to non-executable. Work in progress nonetheless...
Changes since v1:
- added missing secondary SOB on Mark's patches
- leave Image header as before, only move the PE header to a separate file
- put PE header fixes in a separate patch
- add acks from Mark and Peter (#6)
- give ARM the same treatment as arm64 (#10 - #13)
- add NB10 PE debuglink entry to ARM PE/COFF header as well (#9, #14)
Ard Biesheuvel (12):
arm64: efi: move EFI header and related data to a separate .S file
arm64: efi: clean up Image header after PE header has been split off
arm64: efi: remove forbidden values from the PE/COFF header
arm64: efi: remove pointless dummy .reloc section
arm64: efi: replace open coded constants with symbolic ones
arm64: efi: split Image code and data into separate PE/COFF sections
arm: compressed: put zImage header and EFI header in dedicated section
arm: efi: remove forbidden values from the PE/COFF header
arm: efi: remove pointless dummy .reloc section
arm: efi: replace open coded constants with symbolic ones
arm: efi: split zImage code and data into separate PE/COFF sections
arm: efi: add PE/COFF debug table to EFI header
Mark Rutland (2):
include: pe.h: allow for use in assembly
include: pe.h: add some missing definitions
arch/arm/boot/compressed/Makefile | 4 +
arch/arm/boot/compressed/efi-header.S | 253 ++++++++++++--------
arch/arm/boot/compressed/head.S | 14 +-
arch/arm/boot/compressed/vmlinux.lds.S | 32 ++-
arch/arm64/kernel/efi-header.S | 155 ++++++++++++
arch/arm64/kernel/head.S | 167 +------------
arch/arm64/kernel/vmlinux.lds.S | 5 +
include/linux/pe.h | 177 +++++++-------
8 files changed, 449 insertions(+), 358 deletions(-)
create mode 100644 arch/arm64/kernel/efi-header.S
--
2.7.4
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 00/14] arm64+ARM: efi: PE/COFF cleanup/hardening
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
This cleans up the PE/COFF EFI header, by taking some of Mark's patches
and use them to replace open coded constants with symbolic ones, and
remove incorrect values or unused sections.
Finally, it updates the section layout so that the kernel Image can be
mapped in a way that does not require setting RWX permissions anywhere.
Note that this is currently not a huge win, given that most current UEFI
implementations map all of RAM RWX by default, but this is finally gaining
some attention, and work is underway to make the PE/COFF loader in EDK2
adhere to the section permissions, which would also allow the RAM mapping
to default to non-executable. Work in progress nonetheless...
Changes since v1:
- added missing secondary SOB on Mark's patches
- leave Image header as before, only move the PE header to a separate file
- put PE header fixes in a separate patch
- add acks from Mark and Peter (#6)
- give ARM the same treatment as arm64 (#10 - #13)
- add NB10 PE debuglink entry to ARM PE/COFF header as well (#9, #14)
Ard Biesheuvel (12):
arm64: efi: move EFI header and related data to a separate .S file
arm64: efi: clean up Image header after PE header has been split off
arm64: efi: remove forbidden values from the PE/COFF header
arm64: efi: remove pointless dummy .reloc section
arm64: efi: replace open coded constants with symbolic ones
arm64: efi: split Image code and data into separate PE/COFF sections
arm: compressed: put zImage header and EFI header in dedicated section
arm: efi: remove forbidden values from the PE/COFF header
arm: efi: remove pointless dummy .reloc section
arm: efi: replace open coded constants with symbolic ones
arm: efi: split zImage code and data into separate PE/COFF sections
arm: efi: add PE/COFF debug table to EFI header
Mark Rutland (2):
include: pe.h: allow for use in assembly
include: pe.h: add some missing definitions
arch/arm/boot/compressed/Makefile | 4 +
arch/arm/boot/compressed/efi-header.S | 253 ++++++++++++--------
arch/arm/boot/compressed/head.S | 14 +-
arch/arm/boot/compressed/vmlinux.lds.S | 32 ++-
arch/arm64/kernel/efi-header.S | 155 ++++++++++++
arch/arm64/kernel/head.S | 167 +------------
arch/arm64/kernel/vmlinux.lds.S | 5 +
include/linux/pe.h | 177 +++++++-------
8 files changed, 449 insertions(+), 358 deletions(-)
create mode 100644 arch/arm64/kernel/efi-header.S
--
2.7.4
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 00/14] arm64+ARM: efi: PE/COFF cleanup/hardening
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
This cleans up the PE/COFF EFI header, by taking some of Mark's patches
and use them to replace open coded constants with symbolic ones, and
remove incorrect values or unused sections.
Finally, it updates the section layout so that the kernel Image can be
mapped in a way that does not require setting RWX permissions anywhere.
Note that this is currently not a huge win, given that most current UEFI
implementations map all of RAM RWX by default, but this is finally gaining
some attention, and work is underway to make the PE/COFF loader in EDK2
adhere to the section permissions, which would also allow the RAM mapping
to default to non-executable. Work in progress nonetheless...
Changes since v1:
- added missing secondary SOB on Mark's patches
- leave Image header as before, only move the PE header to a separate file
- put PE header fixes in a separate patch
- add acks from Mark and Peter (#6)
- give ARM the same treatment as arm64 (#10 - #13)
- add NB10 PE debuglink entry to ARM PE/COFF header as well (#9, #14)
Ard Biesheuvel (12):
arm64: efi: move EFI header and related data to a separate .S file
arm64: efi: clean up Image header after PE header has been split off
arm64: efi: remove forbidden values from the PE/COFF header
arm64: efi: remove pointless dummy .reloc section
arm64: efi: replace open coded constants with symbolic ones
arm64: efi: split Image code and data into separate PE/COFF sections
arm: compressed: put zImage header and EFI header in dedicated section
arm: efi: remove forbidden values from the PE/COFF header
arm: efi: remove pointless dummy .reloc section
arm: efi: replace open coded constants with symbolic ones
arm: efi: split zImage code and data into separate PE/COFF sections
arm: efi: add PE/COFF debug table to EFI header
Mark Rutland (2):
include: pe.h: allow for use in assembly
include: pe.h: add some missing definitions
arch/arm/boot/compressed/Makefile | 4 +
arch/arm/boot/compressed/efi-header.S | 253 ++++++++++++--------
arch/arm/boot/compressed/head.S | 14 +-
arch/arm/boot/compressed/vmlinux.lds.S | 32 ++-
arch/arm64/kernel/efi-header.S | 155 ++++++++++++
arch/arm64/kernel/head.S | 167 +------------
arch/arm64/kernel/vmlinux.lds.S | 5 +
include/linux/pe.h | 177 +++++++-------
8 files changed, 449 insertions(+), 358 deletions(-)
create mode 100644 arch/arm64/kernel/efi-header.S
--
2.7.4
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 01/14] include: pe.h: allow for use in assembly
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
From: Mark Rutland <mark.rutland@arm.com>
Some of the definitions in include/linux/pe.h would be useful for the
EFI stub headers, where values are currently open-coded. Unfortunately
they cannot be used as some structures are also defined in pe.h without
!__ASSEMBLY__ guards.
This patch moves the structure definitions into an #ifdef __ASSEMBLY__
block, so that the common value definitions can be used from assembly.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 174 ++++++++++----------
1 file changed, 89 insertions(+), 85 deletions(-)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index e170b95e763b..a8a594117df3 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -23,34 +23,6 @@
#define MZ_MAGIC 0x5a4d /* "MZ" */
-struct mz_hdr {
- uint16_t magic; /* MZ_MAGIC */
- uint16_t lbsize; /* size of last used block */
- uint16_t blocks; /* pages in file, 0x3 */
- uint16_t relocs; /* relocations */
- uint16_t hdrsize; /* header size in "paragraphs" */
- uint16_t min_extra_pps; /* .bss */
- uint16_t max_extra_pps; /* runtime limit for the arena size */
- uint16_t ss; /* relative stack segment */
- uint16_t sp; /* initial %sp register */
- uint16_t checksum; /* word checksum */
- uint16_t ip; /* initial %ip register */
- uint16_t cs; /* initial %cs relative to load segment */
- uint16_t reloc_table_offset; /* offset of the first relocation */
- uint16_t overlay_num; /* overlay number. set to 0. */
- uint16_t reserved0[4]; /* reserved */
- uint16_t oem_id; /* oem identifier */
- uint16_t oem_info; /* oem specific */
- uint16_t reserved1[10]; /* reserved */
- uint32_t peaddr; /* address of pe header */
- char message[64]; /* message to print */
-};
-
-struct mz_reloc {
- uint16_t offset;
- uint16_t segment;
-};
-
#define PE_MAGIC 0x00004550 /* "PE\0\0" */
#define PE_OPT_MAGIC_PE32 0x010b
#define PE_OPT_MAGIC_PE32_ROM 0x0107
@@ -98,17 +70,6 @@ struct mz_reloc {
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
-struct pe_hdr {
- uint32_t magic; /* PE magic */
- uint16_t machine; /* machine type */
- uint16_t sections; /* number of sections */
- uint32_t timestamp; /* time_t */
- uint32_t symbol_table; /* symbol table offset */
- uint32_t symbols; /* number of symbols */
- uint16_t opt_hdr_size; /* size of optional header */
- uint16_t flags; /* flags */
-};
-
#define IMAGE_FILE_OPT_ROM_MAGIC 0x107
#define IMAGE_FILE_OPT_PE32_MAGIC 0x10b
#define IMAGE_FILE_OPT_PE32_PLUS_MAGIC 0x20b
@@ -134,6 +95,93 @@ struct pe_hdr {
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
+/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
+#define IMAGE_SCN_RESERVED_0 0x00000001
+#define IMAGE_SCN_RESERVED_1 0x00000002
+#define IMAGE_SCN_RESERVED_2 0x00000004
+#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
+#define IMAGE_SCN_RESERVED_3 0x00000010
+#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
+#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
+#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
+#define IMAGE_SCN_RESERVED_4 0x00000400
+#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
+#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
+#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
+#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
+#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
+/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
+#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
+#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
+#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
+#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
+/* and here they just stuck a 1-byte integer in the middle of a bitfield */
+#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
+#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
+#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
+#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
+#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
+#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
+#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
+#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
+#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
+#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
+#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
+#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
+#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
+#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
+#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+
+#ifndef __ASSEMBLY__
+
+struct mz_hdr {
+ uint16_t magic; /* MZ_MAGIC */
+ uint16_t lbsize; /* size of last used block */
+ uint16_t blocks; /* pages in file, 0x3 */
+ uint16_t relocs; /* relocations */
+ uint16_t hdrsize; /* header size in "paragraphs" */
+ uint16_t min_extra_pps; /* .bss */
+ uint16_t max_extra_pps; /* runtime limit for the arena size */
+ uint16_t ss; /* relative stack segment */
+ uint16_t sp; /* initial %sp register */
+ uint16_t checksum; /* word checksum */
+ uint16_t ip; /* initial %ip register */
+ uint16_t cs; /* initial %cs relative to load segment */
+ uint16_t reloc_table_offset; /* offset of the first relocation */
+ uint16_t overlay_num; /* overlay number. set to 0. */
+ uint16_t reserved0[4]; /* reserved */
+ uint16_t oem_id; /* oem identifier */
+ uint16_t oem_info; /* oem specific */
+ uint16_t reserved1[10]; /* reserved */
+ uint32_t peaddr; /* address of pe header */
+ char message[64]; /* message to print */
+};
+
+struct mz_reloc {
+ uint16_t offset;
+ uint16_t segment;
+};
+
+struct pe_hdr {
+ uint32_t magic; /* PE magic */
+ uint16_t machine; /* machine type */
+ uint16_t sections; /* number of sections */
+ uint32_t timestamp; /* time_t */
+ uint32_t symbol_table; /* symbol table offset */
+ uint32_t symbols; /* number of symbols */
+ uint16_t opt_hdr_size; /* size of optional header */
+ uint16_t flags; /* flags */
+};
+
/* the fact that pe32 isn't padded where pe32+ is 64-bit means union won't
* work right. vomit. */
struct pe32_opt_hdr {
@@ -243,52 +291,6 @@ struct section_header {
uint32_t flags;
};
-/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
-#define IMAGE_SCN_RESERVED_0 0x00000001
-#define IMAGE_SCN_RESERVED_1 0x00000002
-#define IMAGE_SCN_RESERVED_2 0x00000004
-#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
-#define IMAGE_SCN_RESERVED_3 0x00000010
-#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
-#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
-#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
-#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
-#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
-#define IMAGE_SCN_RESERVED_4 0x00000400
-#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
-#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
-#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
-#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
-#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
-/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
-#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
-#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
-#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
-#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
-/* and here they just stuck a 1-byte integer in the middle of a bitfield */
-#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
-#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
-#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
-#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
-#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
-#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
-#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
-#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
-#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
-#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
-#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
-#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
-#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
-#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
-#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
-#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
-#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
-#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
-#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
-#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
-#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
-#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
-
enum x64_coff_reloc_type {
IMAGE_REL_AMD64_ABSOLUTE = 0,
IMAGE_REL_AMD64_ADDR64,
@@ -445,4 +447,6 @@ struct win_certificate {
uint16_t cert_type;
};
+#endif /* !__ASSEMBLY__ */
+
#endif /* __LINUX_PE_H */
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 01/14] include: pe.h: allow for use in assembly
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
From: Mark Rutland <mark.rutland@arm.com>
Some of the definitions in include/linux/pe.h would be useful for the
EFI stub headers, where values are currently open-coded. Unfortunately
they cannot be used as some structures are also defined in pe.h without
!__ASSEMBLY__ guards.
This patch moves the structure definitions into an #ifdef __ASSEMBLY__
block, so that the common value definitions can be used from assembly.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 174 ++++++++++----------
1 file changed, 89 insertions(+), 85 deletions(-)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index e170b95e763b..a8a594117df3 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -23,34 +23,6 @@
#define MZ_MAGIC 0x5a4d /* "MZ" */
-struct mz_hdr {
- uint16_t magic; /* MZ_MAGIC */
- uint16_t lbsize; /* size of last used block */
- uint16_t blocks; /* pages in file, 0x3 */
- uint16_t relocs; /* relocations */
- uint16_t hdrsize; /* header size in "paragraphs" */
- uint16_t min_extra_pps; /* .bss */
- uint16_t max_extra_pps; /* runtime limit for the arena size */
- uint16_t ss; /* relative stack segment */
- uint16_t sp; /* initial %sp register */
- uint16_t checksum; /* word checksum */
- uint16_t ip; /* initial %ip register */
- uint16_t cs; /* initial %cs relative to load segment */
- uint16_t reloc_table_offset; /* offset of the first relocation */
- uint16_t overlay_num; /* overlay number. set to 0. */
- uint16_t reserved0[4]; /* reserved */
- uint16_t oem_id; /* oem identifier */
- uint16_t oem_info; /* oem specific */
- uint16_t reserved1[10]; /* reserved */
- uint32_t peaddr; /* address of pe header */
- char message[64]; /* message to print */
-};
-
-struct mz_reloc {
- uint16_t offset;
- uint16_t segment;
-};
-
#define PE_MAGIC 0x00004550 /* "PE\0\0" */
#define PE_OPT_MAGIC_PE32 0x010b
#define PE_OPT_MAGIC_PE32_ROM 0x0107
@@ -98,17 +70,6 @@ struct mz_reloc {
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
-struct pe_hdr {
- uint32_t magic; /* PE magic */
- uint16_t machine; /* machine type */
- uint16_t sections; /* number of sections */
- uint32_t timestamp; /* time_t */
- uint32_t symbol_table; /* symbol table offset */
- uint32_t symbols; /* number of symbols */
- uint16_t opt_hdr_size; /* size of optional header */
- uint16_t flags; /* flags */
-};
-
#define IMAGE_FILE_OPT_ROM_MAGIC 0x107
#define IMAGE_FILE_OPT_PE32_MAGIC 0x10b
#define IMAGE_FILE_OPT_PE32_PLUS_MAGIC 0x20b
@@ -134,6 +95,93 @@ struct pe_hdr {
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
+/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
+#define IMAGE_SCN_RESERVED_0 0x00000001
+#define IMAGE_SCN_RESERVED_1 0x00000002
+#define IMAGE_SCN_RESERVED_2 0x00000004
+#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
+#define IMAGE_SCN_RESERVED_3 0x00000010
+#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
+#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
+#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
+#define IMAGE_SCN_RESERVED_4 0x00000400
+#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
+#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
+#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
+#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
+#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
+/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
+#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
+#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
+#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
+#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
+/* and here they just stuck a 1-byte integer in the middle of a bitfield */
+#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
+#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
+#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
+#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
+#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
+#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
+#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
+#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
+#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
+#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
+#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
+#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
+#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
+#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
+#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+
+#ifndef __ASSEMBLY__
+
+struct mz_hdr {
+ uint16_t magic; /* MZ_MAGIC */
+ uint16_t lbsize; /* size of last used block */
+ uint16_t blocks; /* pages in file, 0x3 */
+ uint16_t relocs; /* relocations */
+ uint16_t hdrsize; /* header size in "paragraphs" */
+ uint16_t min_extra_pps; /* .bss */
+ uint16_t max_extra_pps; /* runtime limit for the arena size */
+ uint16_t ss; /* relative stack segment */
+ uint16_t sp; /* initial %sp register */
+ uint16_t checksum; /* word checksum */
+ uint16_t ip; /* initial %ip register */
+ uint16_t cs; /* initial %cs relative to load segment */
+ uint16_t reloc_table_offset; /* offset of the first relocation */
+ uint16_t overlay_num; /* overlay number. set to 0. */
+ uint16_t reserved0[4]; /* reserved */
+ uint16_t oem_id; /* oem identifier */
+ uint16_t oem_info; /* oem specific */
+ uint16_t reserved1[10]; /* reserved */
+ uint32_t peaddr; /* address of pe header */
+ char message[64]; /* message to print */
+};
+
+struct mz_reloc {
+ uint16_t offset;
+ uint16_t segment;
+};
+
+struct pe_hdr {
+ uint32_t magic; /* PE magic */
+ uint16_t machine; /* machine type */
+ uint16_t sections; /* number of sections */
+ uint32_t timestamp; /* time_t */
+ uint32_t symbol_table; /* symbol table offset */
+ uint32_t symbols; /* number of symbols */
+ uint16_t opt_hdr_size; /* size of optional header */
+ uint16_t flags; /* flags */
+};
+
/* the fact that pe32 isn't padded where pe32+ is 64-bit means union won't
* work right. vomit. */
struct pe32_opt_hdr {
@@ -243,52 +291,6 @@ struct section_header {
uint32_t flags;
};
-/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
-#define IMAGE_SCN_RESERVED_0 0x00000001
-#define IMAGE_SCN_RESERVED_1 0x00000002
-#define IMAGE_SCN_RESERVED_2 0x00000004
-#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
-#define IMAGE_SCN_RESERVED_3 0x00000010
-#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
-#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
-#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
-#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
-#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
-#define IMAGE_SCN_RESERVED_4 0x00000400
-#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
-#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
-#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
-#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
-#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
-/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
-#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
-#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
-#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
-#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
-/* and here they just stuck a 1-byte integer in the middle of a bitfield */
-#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
-#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
-#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
-#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
-#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
-#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
-#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
-#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
-#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
-#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
-#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
-#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
-#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
-#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
-#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
-#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
-#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
-#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
-#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
-#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
-#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
-#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
-
enum x64_coff_reloc_type {
IMAGE_REL_AMD64_ABSOLUTE = 0,
IMAGE_REL_AMD64_ADDR64,
@@ -445,4 +447,6 @@ struct win_certificate {
uint16_t cert_type;
};
+#endif /* !__ASSEMBLY__ */
+
#endif /* __LINUX_PE_H */
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 01/14] include: pe.h: allow for use in assembly
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
From: Mark Rutland <mark.rutland@arm.com>
Some of the definitions in include/linux/pe.h would be useful for the
EFI stub headers, where values are currently open-coded. Unfortunately
they cannot be used as some structures are also defined in pe.h without
!__ASSEMBLY__ guards.
This patch moves the structure definitions into an #ifdef __ASSEMBLY__
block, so that the common value definitions can be used from assembly.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 174 ++++++++++----------
1 file changed, 89 insertions(+), 85 deletions(-)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index e170b95e763b..a8a594117df3 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -23,34 +23,6 @@
#define MZ_MAGIC 0x5a4d /* "MZ" */
-struct mz_hdr {
- uint16_t magic; /* MZ_MAGIC */
- uint16_t lbsize; /* size of last used block */
- uint16_t blocks; /* pages in file, 0x3 */
- uint16_t relocs; /* relocations */
- uint16_t hdrsize; /* header size in "paragraphs" */
- uint16_t min_extra_pps; /* .bss */
- uint16_t max_extra_pps; /* runtime limit for the arena size */
- uint16_t ss; /* relative stack segment */
- uint16_t sp; /* initial %sp register */
- uint16_t checksum; /* word checksum */
- uint16_t ip; /* initial %ip register */
- uint16_t cs; /* initial %cs relative to load segment */
- uint16_t reloc_table_offset; /* offset of the first relocation */
- uint16_t overlay_num; /* overlay number. set to 0. */
- uint16_t reserved0[4]; /* reserved */
- uint16_t oem_id; /* oem identifier */
- uint16_t oem_info; /* oem specific */
- uint16_t reserved1[10]; /* reserved */
- uint32_t peaddr; /* address of pe header */
- char message[64]; /* message to print */
-};
-
-struct mz_reloc {
- uint16_t offset;
- uint16_t segment;
-};
-
#define PE_MAGIC 0x00004550 /* "PE\0\0" */
#define PE_OPT_MAGIC_PE32 0x010b
#define PE_OPT_MAGIC_PE32_ROM 0x0107
@@ -98,17 +70,6 @@ struct mz_reloc {
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
-struct pe_hdr {
- uint32_t magic; /* PE magic */
- uint16_t machine; /* machine type */
- uint16_t sections; /* number of sections */
- uint32_t timestamp; /* time_t */
- uint32_t symbol_table; /* symbol table offset */
- uint32_t symbols; /* number of symbols */
- uint16_t opt_hdr_size; /* size of optional header */
- uint16_t flags; /* flags */
-};
-
#define IMAGE_FILE_OPT_ROM_MAGIC 0x107
#define IMAGE_FILE_OPT_PE32_MAGIC 0x10b
#define IMAGE_FILE_OPT_PE32_PLUS_MAGIC 0x20b
@@ -134,6 +95,93 @@ struct pe_hdr {
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
+/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
+#define IMAGE_SCN_RESERVED_0 0x00000001
+#define IMAGE_SCN_RESERVED_1 0x00000002
+#define IMAGE_SCN_RESERVED_2 0x00000004
+#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
+#define IMAGE_SCN_RESERVED_3 0x00000010
+#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
+#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
+#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
+#define IMAGE_SCN_RESERVED_4 0x00000400
+#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
+#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
+#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
+#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
+#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
+/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
+#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
+#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
+#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
+#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
+/* and here they just stuck a 1-byte integer in the middle of a bitfield */
+#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
+#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
+#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
+#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
+#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
+#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
+#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
+#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
+#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
+#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
+#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
+#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
+#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
+#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
+#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+
+#ifndef __ASSEMBLY__
+
+struct mz_hdr {
+ uint16_t magic; /* MZ_MAGIC */
+ uint16_t lbsize; /* size of last used block */
+ uint16_t blocks; /* pages in file, 0x3 */
+ uint16_t relocs; /* relocations */
+ uint16_t hdrsize; /* header size in "paragraphs" */
+ uint16_t min_extra_pps; /* .bss */
+ uint16_t max_extra_pps; /* runtime limit for the arena size */
+ uint16_t ss; /* relative stack segment */
+ uint16_t sp; /* initial %sp register */
+ uint16_t checksum; /* word checksum */
+ uint16_t ip; /* initial %ip register */
+ uint16_t cs; /* initial %cs relative to load segment */
+ uint16_t reloc_table_offset; /* offset of the first relocation */
+ uint16_t overlay_num; /* overlay number. set to 0. */
+ uint16_t reserved0[4]; /* reserved */
+ uint16_t oem_id; /* oem identifier */
+ uint16_t oem_info; /* oem specific */
+ uint16_t reserved1[10]; /* reserved */
+ uint32_t peaddr; /* address of pe header */
+ char message[64]; /* message to print */
+};
+
+struct mz_reloc {
+ uint16_t offset;
+ uint16_t segment;
+};
+
+struct pe_hdr {
+ uint32_t magic; /* PE magic */
+ uint16_t machine; /* machine type */
+ uint16_t sections; /* number of sections */
+ uint32_t timestamp; /* time_t */
+ uint32_t symbol_table; /* symbol table offset */
+ uint32_t symbols; /* number of symbols */
+ uint16_t opt_hdr_size; /* size of optional header */
+ uint16_t flags; /* flags */
+};
+
/* the fact that pe32 isn't padded where pe32+ is 64-bit means union won't
* work right. vomit. */
struct pe32_opt_hdr {
@@ -243,52 +291,6 @@ struct section_header {
uint32_t flags;
};
-/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
-#define IMAGE_SCN_RESERVED_0 0x00000001
-#define IMAGE_SCN_RESERVED_1 0x00000002
-#define IMAGE_SCN_RESERVED_2 0x00000004
-#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* don't pad - obsolete */
-#define IMAGE_SCN_RESERVED_3 0x00000010
-#define IMAGE_SCN_CNT_CODE 0x00000020 /* .text */
-#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
-#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
-#define IMAGE_SCN_LNK_OTHER 0x00000100 /* reserved */
-#define IMAGE_SCN_LNK_INFO 0x00000200 /* .drectve comments */
-#define IMAGE_SCN_RESERVED_4 0x00000400
-#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* .o only - scn to be rm'd*/
-#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* .o only - COMDAT data */
-#define IMAGE_SCN_RESERVED_5 0x00002000 /* spec omits this */
-#define IMAGE_SCN_RESERVED_6 0x00004000 /* spec omits this */
-#define IMAGE_SCN_GPREL 0x00008000 /* global pointer referenced data */
-/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
-#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
-#define IMAGE_SCN_16BIT 0x00020000 /* reserved for "future" use */
-#define IMAGE_SCN_LOCKED 0x00040000 /* reserved for "future" use */
-#define IMAGE_SCN_PRELOAD 0x00080000 /* reserved for "future" use */
-/* and here they just stuck a 1-byte integer in the middle of a bitfield */
-#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 /* it does what it says on the box */
-#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
-#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
-#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
-#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
-#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
-#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
-#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
-#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
-#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
-#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
-#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
-#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
-#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
-#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
-#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
-#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
-#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
-#define IMAGE_SCN_MEM_SHARED 0x10000000 /* can be shared */
-#define IMAGE_SCN_MEM_EXECUTE 0x20000000 /* can be executed as code */
-#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
-#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
-
enum x64_coff_reloc_type {
IMAGE_REL_AMD64_ABSOLUTE = 0,
IMAGE_REL_AMD64_ADDR64,
@@ -445,4 +447,6 @@ struct win_certificate {
uint16_t cert_type;
};
+#endif /* !__ASSEMBLY__ */
+
#endif /* __LINUX_PE_H */
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 02/14] include: pe.h: add some missing definitions
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
From: Mark Rutland <mark.rutland@arm.com>
Add the missing IMAGE_FILE_MACHINE_ARM64 and IMAGE_DEBUG_TYPE_CODEVIEW
definitions.
We'll need them for the arm64 EFI stub...
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
[ardb: add IMAGE_DEBUG_TYPE_CODEVIEW as well]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index a8a594117df3..143ce75be5f0 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -34,6 +34,7 @@
#define IMAGE_FILE_MACHINE_AMD64 0x8664
#define IMAGE_FILE_MACHINE_ARM 0x01c0
#define IMAGE_FILE_MACHINE_ARMV7 0x01c4
+#define IMAGE_FILE_MACHINE_ARM64 0xaa64
#define IMAGE_FILE_MACHINE_EBC 0x0ebc
#define IMAGE_FILE_MACHINE_I386 0x014c
#define IMAGE_FILE_MACHINE_IA64 0x0200
@@ -141,6 +142,8 @@
#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+#define IMAGE_DEBUG_TYPE_CODEVIEW 2
+
#ifndef __ASSEMBLY__
struct mz_hdr {
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 02/14] include: pe.h: add some missing definitions
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
From: Mark Rutland <mark.rutland@arm.com>
Add the missing IMAGE_FILE_MACHINE_ARM64 and IMAGE_DEBUG_TYPE_CODEVIEW
definitions.
We'll need them for the arm64 EFI stub...
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
[ardb: add IMAGE_DEBUG_TYPE_CODEVIEW as well]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index a8a594117df3..143ce75be5f0 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -34,6 +34,7 @@
#define IMAGE_FILE_MACHINE_AMD64 0x8664
#define IMAGE_FILE_MACHINE_ARM 0x01c0
#define IMAGE_FILE_MACHINE_ARMV7 0x01c4
+#define IMAGE_FILE_MACHINE_ARM64 0xaa64
#define IMAGE_FILE_MACHINE_EBC 0x0ebc
#define IMAGE_FILE_MACHINE_I386 0x014c
#define IMAGE_FILE_MACHINE_IA64 0x0200
@@ -141,6 +142,8 @@
#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+#define IMAGE_DEBUG_TYPE_CODEVIEW 2
+
#ifndef __ASSEMBLY__
struct mz_hdr {
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 02/14] include: pe.h: add some missing definitions
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
From: Mark Rutland <mark.rutland@arm.com>
Add the missing IMAGE_FILE_MACHINE_ARM64 and IMAGE_DEBUG_TYPE_CODEVIEW
definitions.
We'll need them for the arm64 EFI stub...
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
[ardb: add IMAGE_DEBUG_TYPE_CODEVIEW as well]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
include/linux/pe.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/linux/pe.h b/include/linux/pe.h
index a8a594117df3..143ce75be5f0 100644
--- a/include/linux/pe.h
+++ b/include/linux/pe.h
@@ -34,6 +34,7 @@
#define IMAGE_FILE_MACHINE_AMD64 0x8664
#define IMAGE_FILE_MACHINE_ARM 0x01c0
#define IMAGE_FILE_MACHINE_ARMV7 0x01c4
+#define IMAGE_FILE_MACHINE_ARM64 0xaa64
#define IMAGE_FILE_MACHINE_EBC 0x0ebc
#define IMAGE_FILE_MACHINE_I386 0x014c
#define IMAGE_FILE_MACHINE_IA64 0x0200
@@ -141,6 +142,8 @@
#define IMAGE_SCN_MEM_READ 0x40000000 /* readable */
#define IMAGE_SCN_MEM_WRITE 0x80000000 /* writeable */
+#define IMAGE_DEBUG_TYPE_CODEVIEW 2
+
#ifndef __ASSEMBLY__
struct mz_hdr {
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
In preparation of yet another round of modifications to the PE/COFF
header, macroize it and move the definition into a separate source
file.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 158 ++++++++++++++++++++
arch/arm64/kernel/head.S | 150 +------------------
2 files changed, 161 insertions(+), 147 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
new file mode 100644
index 000000000000..9b24ce130afb
--- /dev/null
+++ b/arch/arm64/kernel/efi-header.S
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2013 - 2017 Linaro, Ltd.
+ * Copyright (C) 2013, 2014 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+ .macro __EFI_PE_HEADER
+ .ascii "PE"
+ .short 0
+coff_header:
+ .short 0xaa64 // AArch64
+ .short 2 // nr_sections
+ .long 0 // TimeDateStamp
+ .long 0 // PointerToSymbolTable
+ .long 1 // NumberOfSymbols
+ .short section_table - optional_header // SizeOfOptionalHeader
+ .short 0x206 // Characteristics.
+ // IMAGE_FILE_DEBUG_STRIPPED |
+ // IMAGE_FILE_EXECUTABLE_IMAGE |
+ // IMAGE_FILE_LINE_NUMS_STRIPPED
+optional_header:
+ .short 0x20b // PE32+ format
+ .byte 0x02 // MajorLinkerVersion
+ .byte 0x14 // MinorLinkerVersion
+ .long _end - efi_header_end // SizeOfCode
+ .long 0 // SizeOfInitializedData
+ .long 0 // SizeOfUninitializedData
+ .long __efistub_entry - _head // AddressOfEntryPoint
+ .long efi_header_end - _head // BaseOfCode
+
+extra_header_fields:
+ .quad 0 // ImageBase
+ .long 0x1000 // SectionAlignment
+ .long PECOFF_FILE_ALIGNMENT // FileAlignment
+ .short 0 // MajorOperatingSystemVersion
+ .short 0 // MinorOperatingSystemVersion
+ .short 0 // MajorImageVersion
+ .short 0 // MinorImageVersion
+ .short 0 // MajorSubsystemVersion
+ .short 0 // MinorSubsystemVersion
+ .long 0 // Win32VersionValue
+
+ .long _end - _head // SizeOfImage
+
+ // Everything before the kernel image is considered part of the header
+ .long efi_header_end - _head // SizeOfHeaders
+ .long 0 // CheckSum
+ .short 0xa // Subsystem (EFI application)
+ .short 0 // DllCharacteristics
+ .quad 0 // SizeOfStackReserve
+ .quad 0 // SizeOfStackCommit
+ .quad 0 // SizeOfHeapReserve
+ .quad 0 // SizeOfHeapCommit
+ .long 0 // LoaderFlags
+ .long (section_table - .) / 8 // NumberOfRvaAndSizes
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+
+#ifdef CONFIG_DEBUG_EFI
+ .long efi_debug_table - _head // DebugTable
+ .long efi_debug_table_size
+#endif
+
+ // Section table
+section_table:
+
+ /*
+ * The EFI application loader requires a relocation section
+ * because EFI applications must be relocatable. This is a
+ * dummy section as far as we are concerned.
+ */
+ .ascii ".reloc"
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long 0
+ .long 0
+ .long 0 // SizeOfRawData
+ .long 0 // PointerToRawData
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0x42100040 // Characteristics (section flags)
+
+
+ .ascii ".text"
+ .byte 0
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long _end - efi_header_end // VirtualSize
+ .long efi_header_end - _head // VirtualAddress
+ .long _edata - efi_header_end // SizeOfRawData
+ .long efi_header_end - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0xe0500020 // Characteristics
+
+#ifdef CONFIG_DEBUG_EFI
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ __INITRODATA
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long efi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long efi_debug_entry - _head // FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
+ /*
+ * EFI will load .text onwards at the 4k section alignment
+ * described in the PE/COFF header. To ensure that instruction
+ * sequences using an adrp and a :lo12: immediate will function
+ * correctly at this alignment, we must ensure that .text is
+ * placed at a 4k boundary in the Image to begin with.
+ */
+ .align 12
+efi_header_end:
+ .endm
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index c6cc82ec190b..f779a7483736 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -42,6 +42,8 @@
#include <asm/thread_info.h>
#include <asm/virt.h>
+#include "efi-header.S"
+
#define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
#if (TEXT_OFFSET & 0xfff) != 0
@@ -102,153 +104,7 @@ _head:
#ifdef CONFIG_EFI
.align 3
pe_header:
- .ascii "PE"
- .short 0
-coff_header:
- .short 0xaa64 // AArch64
- .short 2 // nr_sections
- .long 0 // TimeDateStamp
- .long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
- .short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
-optional_header:
- .short 0x20b // PE32+ format
- .byte 0x02 // MajorLinkerVersion
- .byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
- .long 0 // SizeOfUninitializedData
- .long __efistub_entry - _head // AddressOfEntryPoint
- .long efi_header_end - _head // BaseOfCode
-
-extra_header_fields:
- .quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
- .long PECOFF_FILE_ALIGNMENT // FileAlignment
- .short 0 // MajorOperatingSystemVersion
- .short 0 // MinorOperatingSystemVersion
- .short 0 // MajorImageVersion
- .short 0 // MinorImageVersion
- .short 0 // MajorSubsystemVersion
- .short 0 // MinorSubsystemVersion
- .long 0 // Win32VersionValue
-
- .long _end - _head // SizeOfImage
-
- // Everything before the kernel image is considered part of the header
- .long efi_header_end - _head // SizeOfHeaders
- .long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
- .short 0 // DllCharacteristics
- .quad 0 // SizeOfStackReserve
- .quad 0 // SizeOfStackCommit
- .quad 0 // SizeOfHeapReserve
- .quad 0 // SizeOfHeapCommit
- .long 0 // LoaderFlags
- .long (section_table - .) / 8 // NumberOfRvaAndSizes
-
- .quad 0 // ExportTable
- .quad 0 // ImportTable
- .quad 0 // ResourceTable
- .quad 0 // ExceptionTable
- .quad 0 // CertificationTable
- .quad 0 // BaseRelocationTable
-
-#ifdef CONFIG_DEBUG_EFI
- .long efi_debug_table - _head // DebugTable
- .long efi_debug_table_size
-#endif
-
- // Section table
-section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
-
-
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long _end - efi_header_end // VirtualSize
- .long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
- .long efi_header_end - _head // PointerToRawData
-
- .long 0 // PointerToRelocations (0 for executables)
- .long 0 // PointerToLineNumbers (0 for executables)
- .short 0 // NumberOfRelocations (0 for executables)
- .short 0 // NumberOfLineNumbers (0 for executables)
- .long 0xe0500020 // Characteristics (section flags)
-
-#ifdef CONFIG_DEBUG_EFI
- /*
- * The debug table is referenced via its Relative Virtual Address (RVA),
- * which is only defined for those parts of the image that are covered
- * by a section declaration. Since this header is not covered by any
- * section, the debug table must be emitted elsewhere. So stick it in
- * the .init.rodata section instead.
- *
- * Note that the EFI debug entry itself may legally have a zero RVA,
- * which means we can simply put it right after the section headers.
- */
- __INITRODATA
-
- .align 2
-efi_debug_table:
- // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
- .long 0 // Characteristics
- .long 0 // TimeDateStamp
- .short 0 // MajorVersion
- .short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
- .long efi_debug_entry_size // SizeOfData
- .long 0 // RVA
- .long efi_debug_entry - _head // FileOffset
-
- .set efi_debug_table_size, . - efi_debug_table
- .previous
-
-efi_debug_entry:
- // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
- .ascii "NB10" // Signature
- .long 0 // Unknown
- .long 0 // Unknown2
- .long 0 // Unknown3
-
- .asciz VMLINUX_PATH
-
- .set efi_debug_entry_size, . - efi_debug_entry
-#endif
-
- /*
- * EFI will load .text onwards at the 4k section alignment
- * described in the PE/COFF header. To ensure that instruction
- * sequences using an adrp and a :lo12: immediate will function
- * correctly at this alignment, we must ensure that .text is
- * placed at a 4k boundary in the Image to begin with.
- */
- .align 12
-efi_header_end:
+ __EFI_PE_HEADER
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
In preparation of yet another round of modifications to the PE/COFF
header, macroize it and move the definition into a separate source
file.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 158 ++++++++++++++++++++
arch/arm64/kernel/head.S | 150 +------------------
2 files changed, 161 insertions(+), 147 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
new file mode 100644
index 000000000000..9b24ce130afb
--- /dev/null
+++ b/arch/arm64/kernel/efi-header.S
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2013 - 2017 Linaro, Ltd.
+ * Copyright (C) 2013, 2014 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+ .macro __EFI_PE_HEADER
+ .ascii "PE"
+ .short 0
+coff_header:
+ .short 0xaa64 // AArch64
+ .short 2 // nr_sections
+ .long 0 // TimeDateStamp
+ .long 0 // PointerToSymbolTable
+ .long 1 // NumberOfSymbols
+ .short section_table - optional_header // SizeOfOptionalHeader
+ .short 0x206 // Characteristics.
+ // IMAGE_FILE_DEBUG_STRIPPED |
+ // IMAGE_FILE_EXECUTABLE_IMAGE |
+ // IMAGE_FILE_LINE_NUMS_STRIPPED
+optional_header:
+ .short 0x20b // PE32+ format
+ .byte 0x02 // MajorLinkerVersion
+ .byte 0x14 // MinorLinkerVersion
+ .long _end - efi_header_end // SizeOfCode
+ .long 0 // SizeOfInitializedData
+ .long 0 // SizeOfUninitializedData
+ .long __efistub_entry - _head // AddressOfEntryPoint
+ .long efi_header_end - _head // BaseOfCode
+
+extra_header_fields:
+ .quad 0 // ImageBase
+ .long 0x1000 // SectionAlignment
+ .long PECOFF_FILE_ALIGNMENT // FileAlignment
+ .short 0 // MajorOperatingSystemVersion
+ .short 0 // MinorOperatingSystemVersion
+ .short 0 // MajorImageVersion
+ .short 0 // MinorImageVersion
+ .short 0 // MajorSubsystemVersion
+ .short 0 // MinorSubsystemVersion
+ .long 0 // Win32VersionValue
+
+ .long _end - _head // SizeOfImage
+
+ // Everything before the kernel image is considered part of the header
+ .long efi_header_end - _head // SizeOfHeaders
+ .long 0 // CheckSum
+ .short 0xa // Subsystem (EFI application)
+ .short 0 // DllCharacteristics
+ .quad 0 // SizeOfStackReserve
+ .quad 0 // SizeOfStackCommit
+ .quad 0 // SizeOfHeapReserve
+ .quad 0 // SizeOfHeapCommit
+ .long 0 // LoaderFlags
+ .long (section_table - .) / 8 // NumberOfRvaAndSizes
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+
+#ifdef CONFIG_DEBUG_EFI
+ .long efi_debug_table - _head // DebugTable
+ .long efi_debug_table_size
+#endif
+
+ // Section table
+section_table:
+
+ /*
+ * The EFI application loader requires a relocation section
+ * because EFI applications must be relocatable. This is a
+ * dummy section as far as we are concerned.
+ */
+ .ascii ".reloc"
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long 0
+ .long 0
+ .long 0 // SizeOfRawData
+ .long 0 // PointerToRawData
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0x42100040 // Characteristics (section flags)
+
+
+ .ascii ".text"
+ .byte 0
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long _end - efi_header_end // VirtualSize
+ .long efi_header_end - _head // VirtualAddress
+ .long _edata - efi_header_end // SizeOfRawData
+ .long efi_header_end - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0xe0500020 // Characteristics
+
+#ifdef CONFIG_DEBUG_EFI
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ __INITRODATA
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long efi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long efi_debug_entry - _head // FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
+ /*
+ * EFI will load .text onwards at the 4k section alignment
+ * described in the PE/COFF header. To ensure that instruction
+ * sequences using an adrp and a :lo12: immediate will function
+ * correctly at this alignment, we must ensure that .text is
+ * placed at a 4k boundary in the Image to begin with.
+ */
+ .align 12
+efi_header_end:
+ .endm
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index c6cc82ec190b..f779a7483736 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -42,6 +42,8 @@
#include <asm/thread_info.h>
#include <asm/virt.h>
+#include "efi-header.S"
+
#define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
#if (TEXT_OFFSET & 0xfff) != 0
@@ -102,153 +104,7 @@ _head:
#ifdef CONFIG_EFI
.align 3
pe_header:
- .ascii "PE"
- .short 0
-coff_header:
- .short 0xaa64 // AArch64
- .short 2 // nr_sections
- .long 0 // TimeDateStamp
- .long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
- .short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
-optional_header:
- .short 0x20b // PE32+ format
- .byte 0x02 // MajorLinkerVersion
- .byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
- .long 0 // SizeOfUninitializedData
- .long __efistub_entry - _head // AddressOfEntryPoint
- .long efi_header_end - _head // BaseOfCode
-
-extra_header_fields:
- .quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
- .long PECOFF_FILE_ALIGNMENT // FileAlignment
- .short 0 // MajorOperatingSystemVersion
- .short 0 // MinorOperatingSystemVersion
- .short 0 // MajorImageVersion
- .short 0 // MinorImageVersion
- .short 0 // MajorSubsystemVersion
- .short 0 // MinorSubsystemVersion
- .long 0 // Win32VersionValue
-
- .long _end - _head // SizeOfImage
-
- // Everything before the kernel image is considered part of the header
- .long efi_header_end - _head // SizeOfHeaders
- .long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
- .short 0 // DllCharacteristics
- .quad 0 // SizeOfStackReserve
- .quad 0 // SizeOfStackCommit
- .quad 0 // SizeOfHeapReserve
- .quad 0 // SizeOfHeapCommit
- .long 0 // LoaderFlags
- .long (section_table - .) / 8 // NumberOfRvaAndSizes
-
- .quad 0 // ExportTable
- .quad 0 // ImportTable
- .quad 0 // ResourceTable
- .quad 0 // ExceptionTable
- .quad 0 // CertificationTable
- .quad 0 // BaseRelocationTable
-
-#ifdef CONFIG_DEBUG_EFI
- .long efi_debug_table - _head // DebugTable
- .long efi_debug_table_size
-#endif
-
- // Section table
-section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
-
-
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long _end - efi_header_end // VirtualSize
- .long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
- .long efi_header_end - _head // PointerToRawData
-
- .long 0 // PointerToRelocations (0 for executables)
- .long 0 // PointerToLineNumbers (0 for executables)
- .short 0 // NumberOfRelocations (0 for executables)
- .short 0 // NumberOfLineNumbers (0 for executables)
- .long 0xe0500020 // Characteristics (section flags)
-
-#ifdef CONFIG_DEBUG_EFI
- /*
- * The debug table is referenced via its Relative Virtual Address (RVA),
- * which is only defined for those parts of the image that are covered
- * by a section declaration. Since this header is not covered by any
- * section, the debug table must be emitted elsewhere. So stick it in
- * the .init.rodata section instead.
- *
- * Note that the EFI debug entry itself may legally have a zero RVA,
- * which means we can simply put it right after the section headers.
- */
- __INITRODATA
-
- .align 2
-efi_debug_table:
- // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
- .long 0 // Characteristics
- .long 0 // TimeDateStamp
- .short 0 // MajorVersion
- .short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
- .long efi_debug_entry_size // SizeOfData
- .long 0 // RVA
- .long efi_debug_entry - _head // FileOffset
-
- .set efi_debug_table_size, . - efi_debug_table
- .previous
-
-efi_debug_entry:
- // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
- .ascii "NB10" // Signature
- .long 0 // Unknown
- .long 0 // Unknown2
- .long 0 // Unknown3
-
- .asciz VMLINUX_PATH
-
- .set efi_debug_entry_size, . - efi_debug_entry
-#endif
-
- /*
- * EFI will load .text onwards at the 4k section alignment
- * described in the PE/COFF header. To ensure that instruction
- * sequences using an adrp and a :lo12: immediate will function
- * correctly at this alignment, we must ensure that .text is
- * placed at a 4k boundary in the Image to begin with.
- */
- .align 12
-efi_header_end:
+ __EFI_PE_HEADER
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
In preparation of yet another round of modifications to the PE/COFF
header, macroize it and move the definition into a separate source
file.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 158 ++++++++++++++++++++
arch/arm64/kernel/head.S | 150 +------------------
2 files changed, 161 insertions(+), 147 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
new file mode 100644
index 000000000000..9b24ce130afb
--- /dev/null
+++ b/arch/arm64/kernel/efi-header.S
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2013 - 2017 Linaro, Ltd.
+ * Copyright (C) 2013, 2014 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+ .macro __EFI_PE_HEADER
+ .ascii "PE"
+ .short 0
+coff_header:
+ .short 0xaa64 // AArch64
+ .short 2 // nr_sections
+ .long 0 // TimeDateStamp
+ .long 0 // PointerToSymbolTable
+ .long 1 // NumberOfSymbols
+ .short section_table - optional_header // SizeOfOptionalHeader
+ .short 0x206 // Characteristics.
+ // IMAGE_FILE_DEBUG_STRIPPED |
+ // IMAGE_FILE_EXECUTABLE_IMAGE |
+ // IMAGE_FILE_LINE_NUMS_STRIPPED
+optional_header:
+ .short 0x20b // PE32+ format
+ .byte 0x02 // MajorLinkerVersion
+ .byte 0x14 // MinorLinkerVersion
+ .long _end - efi_header_end // SizeOfCode
+ .long 0 // SizeOfInitializedData
+ .long 0 // SizeOfUninitializedData
+ .long __efistub_entry - _head // AddressOfEntryPoint
+ .long efi_header_end - _head // BaseOfCode
+
+extra_header_fields:
+ .quad 0 // ImageBase
+ .long 0x1000 // SectionAlignment
+ .long PECOFF_FILE_ALIGNMENT // FileAlignment
+ .short 0 // MajorOperatingSystemVersion
+ .short 0 // MinorOperatingSystemVersion
+ .short 0 // MajorImageVersion
+ .short 0 // MinorImageVersion
+ .short 0 // MajorSubsystemVersion
+ .short 0 // MinorSubsystemVersion
+ .long 0 // Win32VersionValue
+
+ .long _end - _head // SizeOfImage
+
+ // Everything before the kernel image is considered part of the header
+ .long efi_header_end - _head // SizeOfHeaders
+ .long 0 // CheckSum
+ .short 0xa // Subsystem (EFI application)
+ .short 0 // DllCharacteristics
+ .quad 0 // SizeOfStackReserve
+ .quad 0 // SizeOfStackCommit
+ .quad 0 // SizeOfHeapReserve
+ .quad 0 // SizeOfHeapCommit
+ .long 0 // LoaderFlags
+ .long (section_table - .) / 8 // NumberOfRvaAndSizes
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+
+#ifdef CONFIG_DEBUG_EFI
+ .long efi_debug_table - _head // DebugTable
+ .long efi_debug_table_size
+#endif
+
+ // Section table
+section_table:
+
+ /*
+ * The EFI application loader requires a relocation section
+ * because EFI applications must be relocatable. This is a
+ * dummy section as far as we are concerned.
+ */
+ .ascii ".reloc"
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long 0
+ .long 0
+ .long 0 // SizeOfRawData
+ .long 0 // PointerToRawData
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0x42100040 // Characteristics (section flags)
+
+
+ .ascii ".text"
+ .byte 0
+ .byte 0
+ .byte 0 // end of 0 padding of section name
+ .long _end - efi_header_end // VirtualSize
+ .long efi_header_end - _head // VirtualAddress
+ .long _edata - efi_header_end // SizeOfRawData
+ .long efi_header_end - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long 0xe0500020 // Characteristics
+
+#ifdef CONFIG_DEBUG_EFI
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ __INITRODATA
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long efi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long efi_debug_entry - _head // FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
+ /*
+ * EFI will load .text onwards at the 4k section alignment
+ * described in the PE/COFF header. To ensure that instruction
+ * sequences using an adrp and a :lo12: immediate will function
+ * correctly at this alignment, we must ensure that .text is
+ * placed at a 4k boundary in the Image to begin with.
+ */
+ .align 12
+efi_header_end:
+ .endm
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index c6cc82ec190b..f779a7483736 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -42,6 +42,8 @@
#include <asm/thread_info.h>
#include <asm/virt.h>
+#include "efi-header.S"
+
#define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
#if (TEXT_OFFSET & 0xfff) != 0
@@ -102,153 +104,7 @@ _head:
#ifdef CONFIG_EFI
.align 3
pe_header:
- .ascii "PE"
- .short 0
-coff_header:
- .short 0xaa64 // AArch64
- .short 2 // nr_sections
- .long 0 // TimeDateStamp
- .long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
- .short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
-optional_header:
- .short 0x20b // PE32+ format
- .byte 0x02 // MajorLinkerVersion
- .byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
- .long 0 // SizeOfUninitializedData
- .long __efistub_entry - _head // AddressOfEntryPoint
- .long efi_header_end - _head // BaseOfCode
-
-extra_header_fields:
- .quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
- .long PECOFF_FILE_ALIGNMENT // FileAlignment
- .short 0 // MajorOperatingSystemVersion
- .short 0 // MinorOperatingSystemVersion
- .short 0 // MajorImageVersion
- .short 0 // MinorImageVersion
- .short 0 // MajorSubsystemVersion
- .short 0 // MinorSubsystemVersion
- .long 0 // Win32VersionValue
-
- .long _end - _head // SizeOfImage
-
- // Everything before the kernel image is considered part of the header
- .long efi_header_end - _head // SizeOfHeaders
- .long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
- .short 0 // DllCharacteristics
- .quad 0 // SizeOfStackReserve
- .quad 0 // SizeOfStackCommit
- .quad 0 // SizeOfHeapReserve
- .quad 0 // SizeOfHeapCommit
- .long 0 // LoaderFlags
- .long (section_table - .) / 8 // NumberOfRvaAndSizes
-
- .quad 0 // ExportTable
- .quad 0 // ImportTable
- .quad 0 // ResourceTable
- .quad 0 // ExceptionTable
- .quad 0 // CertificationTable
- .quad 0 // BaseRelocationTable
-
-#ifdef CONFIG_DEBUG_EFI
- .long efi_debug_table - _head // DebugTable
- .long efi_debug_table_size
-#endif
-
- // Section table
-section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
-
-
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long _end - efi_header_end // VirtualSize
- .long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
- .long efi_header_end - _head // PointerToRawData
-
- .long 0 // PointerToRelocations (0 for executables)
- .long 0 // PointerToLineNumbers (0 for executables)
- .short 0 // NumberOfRelocations (0 for executables)
- .short 0 // NumberOfLineNumbers (0 for executables)
- .long 0xe0500020 // Characteristics (section flags)
-
-#ifdef CONFIG_DEBUG_EFI
- /*
- * The debug table is referenced via its Relative Virtual Address (RVA),
- * which is only defined for those parts of the image that are covered
- * by a section declaration. Since this header is not covered by any
- * section, the debug table must be emitted elsewhere. So stick it in
- * the .init.rodata section instead.
- *
- * Note that the EFI debug entry itself may legally have a zero RVA,
- * which means we can simply put it right after the section headers.
- */
- __INITRODATA
-
- .align 2
-efi_debug_table:
- // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
- .long 0 // Characteristics
- .long 0 // TimeDateStamp
- .short 0 // MajorVersion
- .short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
- .long efi_debug_entry_size // SizeOfData
- .long 0 // RVA
- .long efi_debug_entry - _head // FileOffset
-
- .set efi_debug_table_size, . - efi_debug_table
- .previous
-
-efi_debug_entry:
- // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
- .ascii "NB10" // Signature
- .long 0 // Unknown
- .long 0 // Unknown2
- .long 0 // Unknown3
-
- .asciz VMLINUX_PATH
-
- .set efi_debug_entry_size, . - efi_debug_entry
-#endif
-
- /*
- * EFI will load .text onwards at the 4k section alignment
- * described in the PE/COFF header. To ensure that instruction
- * sequences using an adrp and a :lo12: immediate will function
- * correctly at this alignment, we must ensure that .text is
- * placed at a 4k boundary in the Image to begin with.
- */
- .align 12
-efi_header_end:
+ __EFI_PE_HEADER
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
After having split off the PE header, clean up the bits that remain:
use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
fix the offset of the PE header pointer and remove the redundant .align
that follows it.
Also, since we will be eliminating all open coded constants from the
EFI header in subsequent patches, let's replace the open coded "ARM\x64"
magic number with its .ascii equivalent.
No changes to the resulting binary image are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/head.S | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index f779a7483736..aa8f6cd8c33f 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -91,20 +91,19 @@ _head:
.quad 0 // reserved
.quad 0 // reserved
.quad 0 // reserved
- .byte 0x41 // Magic number, "ARM\x64"
- .byte 0x52
- .byte 0x4d
- .byte 0x64
+ .ascii "ARM\x64" // Magic number
#ifdef CONFIG_EFI
+ /*
+ * PE/COFF requires the offset to the PE header
+ * to be stored at offset 0x3c into the file.
+ */
+ .org _head + 0x3c
.long pe_header - _head // Offset to the PE header.
-#else
- .word 0 // reserved
-#endif
-#ifdef CONFIG_EFI
- .align 3
pe_header:
__EFI_PE_HEADER
+#else
+ .long 0 // reserved
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
After having split off the PE header, clean up the bits that remain:
use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
fix the offset of the PE header pointer and remove the redundant .align
that follows it.
Also, since we will be eliminating all open coded constants from the
EFI header in subsequent patches, let's replace the open coded "ARM\x64"
magic number with its .ascii equivalent.
No changes to the resulting binary image are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/head.S | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index f779a7483736..aa8f6cd8c33f 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -91,20 +91,19 @@ _head:
.quad 0 // reserved
.quad 0 // reserved
.quad 0 // reserved
- .byte 0x41 // Magic number, "ARM\x64"
- .byte 0x52
- .byte 0x4d
- .byte 0x64
+ .ascii "ARM\x64" // Magic number
#ifdef CONFIG_EFI
+ /*
+ * PE/COFF requires the offset to the PE header
+ * to be stored at offset 0x3c into the file.
+ */
+ .org _head + 0x3c
.long pe_header - _head // Offset to the PE header.
-#else
- .word 0 // reserved
-#endif
-#ifdef CONFIG_EFI
- .align 3
pe_header:
__EFI_PE_HEADER
+#else
+ .long 0 // reserved
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
After having split off the PE header, clean up the bits that remain:
use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
fix the offset of the PE header pointer and remove the redundant .align
that follows it.
Also, since we will be eliminating all open coded constants from the
EFI header in subsequent patches, let's replace the open coded "ARM\x64"
magic number with its .ascii equivalent.
No changes to the resulting binary image are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/head.S | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index f779a7483736..aa8f6cd8c33f 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -91,20 +91,19 @@ _head:
.quad 0 // reserved
.quad 0 // reserved
.quad 0 // reserved
- .byte 0x41 // Magic number, "ARM\x64"
- .byte 0x52
- .byte 0x4d
- .byte 0x64
+ .ascii "ARM\x64" // Magic number
#ifdef CONFIG_EFI
+ /*
+ * PE/COFF requires the offset to the PE header
+ * to be stored at offset 0x3c into the file.
+ */
+ .org _head + 0x3c
.long pe_header - _head // Offset to the PE header.
-#else
- .word 0 // reserved
-#endif
-#ifdef CONFIG_EFI
- .align 3
pe_header:
__EFI_PE_HEADER
+#else
+ .long 0 // reserved
#endif
__INIT
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 9b24ce130afb..515624bbfcd0 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -15,7 +15,7 @@ coff_header:
.short 2 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
+ .long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
.short 0x206 // Characteristics.
// IMAGE_FILE_DEBUG_STRIPPED |
@@ -88,7 +88,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
+ .long 0x42000040 // Characteristics (section flags)
.ascii ".text"
@@ -104,7 +104,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0500020 // Characteristics
+ .long 0xe0000020 // Characteristics
#ifdef CONFIG_DEBUG_EFI
/*
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 9b24ce130afb..515624bbfcd0 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -15,7 +15,7 @@ coff_header:
.short 2 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
+ .long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
.short 0x206 // Characteristics.
// IMAGE_FILE_DEBUG_STRIPPED |
@@ -88,7 +88,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
+ .long 0x42000040 // Characteristics (section flags)
.ascii ".text"
@@ -104,7 +104,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0500020 // Characteristics
+ .long 0xe0000020 // Characteristics
#ifdef CONFIG_DEBUG_EFI
/*
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 9b24ce130afb..515624bbfcd0 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -15,7 +15,7 @@ coff_header:
.short 2 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
- .long 1 // NumberOfSymbols
+ .long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
.short 0x206 // Characteristics.
// IMAGE_FILE_DEBUG_STRIPPED |
@@ -88,7 +88,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0x42100040 // Characteristics (section flags)
+ .long 0x42000040 // Characteristics (section flags)
.ascii ".text"
@@ -104,7 +104,7 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0500020 // Characteristics
+ .long 0xe0000020 // Characteristics
#ifdef CONFIG_DEBUG_EFI
/*
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 06/14] arm64: efi: remove pointless dummy .reloc section
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 22 +-------------------
1 file changed, 1 insertion(+), 21 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 515624bbfcd0..8786d58af2df 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -12,7 +12,7 @@
.short 0
coff_header:
.short 0xaa64 // AArch64
- .short 2 // nr_sections
+ .short 1 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
@@ -71,26 +71,6 @@ extra_header_fields:
// Section table
section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42000040 // Characteristics (section flags)
-
-
.ascii ".text"
.byte 0
.byte 0
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 06/14] arm64: efi: remove pointless dummy .reloc section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 22 +-------------------
1 file changed, 1 insertion(+), 21 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 515624bbfcd0..8786d58af2df 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -12,7 +12,7 @@
.short 0
coff_header:
.short 0xaa64 // AArch64
- .short 2 // nr_sections
+ .short 1 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
@@ -71,26 +71,6 @@ extra_header_fields:
// Section table
section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42000040 // Characteristics (section flags)
-
-
.ascii ".text"
.byte 0
.byte 0
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 06/14] arm64: efi: remove pointless dummy .reloc section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 22 +-------------------
1 file changed, 1 insertion(+), 21 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 515624bbfcd0..8786d58af2df 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -12,7 +12,7 @@
.short 0
coff_header:
.short 0xaa64 // AArch64
- .short 2 // nr_sections
+ .short 1 // nr_sections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
@@ -71,26 +71,6 @@ extra_header_fields:
// Section table
section_table:
-
- /*
- * The EFI application loader requires a relocation section
- * because EFI applications must be relocatable. This is a
- * dummy section as far as we are concerned.
- */
- .ascii ".reloc"
- .byte 0
- .byte 0 // end of 0 padding of section name
- .long 0
- .long 0
- .long 0 // SizeOfRawData
- .long 0 // PointerToRawData
- .long 0 // PointerToRelocations
- .long 0 // PointerToLineNumbers
- .short 0 // NumberOfRelocations
- .short 0 // NumberOfLineNumbers
- .long 0x42000040 // Characteristics (section flags)
-
-
.ascii ".text"
.byte 0
.byte 0
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Replace open coded constants with symbolic ones throughout the
Image and the EFI headers. No binary level changes are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 38 +++++++++++---------
1 file changed, 21 insertions(+), 17 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 8786d58af2df..7637226ea9ca 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -7,22 +7,24 @@
* published by the Free Software Foundation.
*/
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
.macro __EFI_PE_HEADER
- .ascii "PE"
- .short 0
+ .long PE_MAGIC
coff_header:
- .short 0xaa64 // AArch64
- .short 1 // nr_sections
+ .short IMAGE_FILE_MACHINE_ARM64 // Machine
+ .short section_count // NumberOfSections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
+
optional_header:
- .short 0x20b // PE32+ format
+ .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
.long _end - efi_header_end // SizeOfCode
@@ -33,7 +35,7 @@ optional_header:
extra_header_fields:
.quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
+ .long SZ_4K // SectionAlignment
.long PECOFF_FILE_ALIGNMENT // FileAlignment
.short 0 // MajorOperatingSystemVersion
.short 0 // MinorOperatingSystemVersion
@@ -48,7 +50,7 @@ extra_header_fields:
// Everything before the kernel image is considered part of the header
.long efi_header_end - _head // SizeOfHeaders
.long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
.short 0 // DllCharacteristics
.quad 0 // SizeOfStackReserve
.quad 0 // SizeOfStackCommit
@@ -71,10 +73,7 @@ extra_header_fields:
// Section table
section_table:
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
+ .ascii ".text\0\0\0"
.long _end - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
.long _edata - efi_header_end // SizeOfRawData
@@ -84,7 +83,12 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0000020 // Characteristics
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE // Characteristics
+
+ .set section_count, (. - section_table) / 40
#ifdef CONFIG_DEBUG_EFI
/*
@@ -106,7 +110,7 @@ efi_debug_table:
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
.long efi_debug_entry_size // SizeOfData
.long 0 // RVA
.long efi_debug_entry - _head // FileOffset
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
Replace open coded constants with symbolic ones throughout the
Image and the EFI headers. No binary level changes are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 38 +++++++++++---------
1 file changed, 21 insertions(+), 17 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 8786d58af2df..7637226ea9ca 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -7,22 +7,24 @@
* published by the Free Software Foundation.
*/
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
.macro __EFI_PE_HEADER
- .ascii "PE"
- .short 0
+ .long PE_MAGIC
coff_header:
- .short 0xaa64 // AArch64
- .short 1 // nr_sections
+ .short IMAGE_FILE_MACHINE_ARM64 // Machine
+ .short section_count // NumberOfSections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
+
optional_header:
- .short 0x20b // PE32+ format
+ .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
.long _end - efi_header_end // SizeOfCode
@@ -33,7 +35,7 @@ optional_header:
extra_header_fields:
.quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
+ .long SZ_4K // SectionAlignment
.long PECOFF_FILE_ALIGNMENT // FileAlignment
.short 0 // MajorOperatingSystemVersion
.short 0 // MinorOperatingSystemVersion
@@ -48,7 +50,7 @@ extra_header_fields:
// Everything before the kernel image is considered part of the header
.long efi_header_end - _head // SizeOfHeaders
.long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
.short 0 // DllCharacteristics
.quad 0 // SizeOfStackReserve
.quad 0 // SizeOfStackCommit
@@ -71,10 +73,7 @@ extra_header_fields:
// Section table
section_table:
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
+ .ascii ".text\0\0\0"
.long _end - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
.long _edata - efi_header_end // SizeOfRawData
@@ -84,7 +83,12 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0000020 // Characteristics
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE // Characteristics
+
+ .set section_count, (. - section_table) / 40
#ifdef CONFIG_DEBUG_EFI
/*
@@ -106,7 +110,7 @@ efi_debug_table:
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
.long efi_debug_entry_size // SizeOfData
.long 0 // RVA
.long efi_debug_entry - _head // FileOffset
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Replace open coded constants with symbolic ones throughout the
Image and the EFI headers. No binary level changes are intended.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 38 +++++++++++---------
1 file changed, 21 insertions(+), 17 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 8786d58af2df..7637226ea9ca 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -7,22 +7,24 @@
* published by the Free Software Foundation.
*/
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
.macro __EFI_PE_HEADER
- .ascii "PE"
- .short 0
+ .long PE_MAGIC
coff_header:
- .short 0xaa64 // AArch64
- .short 1 // nr_sections
+ .short IMAGE_FILE_MACHINE_ARM64 // Machine
+ .short section_count // NumberOfSections
.long 0 // TimeDateStamp
.long 0 // PointerToSymbolTable
.long 0 // NumberOfSymbols
.short section_table - optional_header // SizeOfOptionalHeader
- .short 0x206 // Characteristics.
- // IMAGE_FILE_DEBUG_STRIPPED |
- // IMAGE_FILE_EXECUTABLE_IMAGE |
- // IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
+
optional_header:
- .short 0x20b // PE32+ format
+ .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
.long _end - efi_header_end // SizeOfCode
@@ -33,7 +35,7 @@ optional_header:
extra_header_fields:
.quad 0 // ImageBase
- .long 0x1000 // SectionAlignment
+ .long SZ_4K // SectionAlignment
.long PECOFF_FILE_ALIGNMENT // FileAlignment
.short 0 // MajorOperatingSystemVersion
.short 0 // MinorOperatingSystemVersion
@@ -48,7 +50,7 @@ extra_header_fields:
// Everything before the kernel image is considered part of the header
.long efi_header_end - _head // SizeOfHeaders
.long 0 // CheckSum
- .short 0xa // Subsystem (EFI application)
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
.short 0 // DllCharacteristics
.quad 0 // SizeOfStackReserve
.quad 0 // SizeOfStackCommit
@@ -71,10 +73,7 @@ extra_header_fields:
// Section table
section_table:
- .ascii ".text"
- .byte 0
- .byte 0
- .byte 0 // end of 0 padding of section name
+ .ascii ".text\0\0\0"
.long _end - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
.long _edata - efi_header_end // SizeOfRawData
@@ -84,7 +83,12 @@ section_table:
.long 0 // PointerToLineNumbers
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
- .long 0xe0000020 // Characteristics
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE // Characteristics
+
+ .set section_count, (. - section_table) / 40
#ifdef CONFIG_DEBUG_EFI
/*
@@ -106,7 +110,7 @@ efi_debug_table:
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
- .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
.long efi_debug_entry_size // SizeOfData
.long 0 // RVA
.long efi_debug_entry - _head // FileOffset
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata and .init.text, and a .data section with
read-write permissions, covering .init.data, .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 23 +++++++++++++++-----
arch/arm64/kernel/vmlinux.lds.S | 5 +++++
2 files changed, 23 insertions(+), 5 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 7637226ea9ca..5870bd611498 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -27,8 +27,8 @@ optional_header:
.short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
+ .long __pecoff_data_start - efi_header_end // SizeOfCode
+ .long __pecoff_data_size // SizeOfInitializedData
.long 0 // SizeOfUninitializedData
.long __efistub_entry - _head // AddressOfEntryPoint
.long efi_header_end - _head // BaseOfCode
@@ -74,9 +74,9 @@ extra_header_fields:
// Section table
section_table:
.ascii ".text\0\0\0"
- .long _end - efi_header_end // VirtualSize
+ .long __pecoff_data_start - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
+ .long __pecoff_data_start - efi_header_end // SizeOfRawData
.long efi_header_end - _head // PointerToRawData
.long 0 // PointerToRelocations
@@ -84,7 +84,20 @@ section_table:
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
- IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE // Characteristics
+
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size // VirtualSize
+ .long __pecoff_data_start - _head // VirtualAddress
+ .long __pecoff_data_rawsize // SizeOfRawData
+ .long __pecoff_data_start - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
IMAGE_SCN_MEM_READ | \
IMAGE_SCN_MEM_WRITE // Characteristics
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index b8deffa9e1bf..a93cc2b6f50b 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -149,6 +149,9 @@ SECTIONS
ARM_EXIT_KEEP(EXIT_TEXT)
}
+ . = ALIGN(SZ_4K);
+ __pecoff_data_start = .;
+
.init.data : {
INIT_DATA
INIT_SETUP(16)
@@ -206,6 +209,7 @@ SECTIONS
}
PECOFF_EDATA_PADDING
+ __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
_edata = .;
BSS_SECTION(0, 0, 0)
@@ -221,6 +225,7 @@ SECTIONS
. += RESERVED_TTBR0_SIZE;
#endif
+ __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
_end = .;
STABS_DEBUG
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata and .init.text, and a .data section with
read-write permissions, covering .init.data, .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 23 +++++++++++++++-----
arch/arm64/kernel/vmlinux.lds.S | 5 +++++
2 files changed, 23 insertions(+), 5 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 7637226ea9ca..5870bd611498 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -27,8 +27,8 @@ optional_header:
.short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
+ .long __pecoff_data_start - efi_header_end // SizeOfCode
+ .long __pecoff_data_size // SizeOfInitializedData
.long 0 // SizeOfUninitializedData
.long __efistub_entry - _head // AddressOfEntryPoint
.long efi_header_end - _head // BaseOfCode
@@ -74,9 +74,9 @@ extra_header_fields:
// Section table
section_table:
.ascii ".text\0\0\0"
- .long _end - efi_header_end // VirtualSize
+ .long __pecoff_data_start - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
+ .long __pecoff_data_start - efi_header_end // SizeOfRawData
.long efi_header_end - _head // PointerToRawData
.long 0 // PointerToRelocations
@@ -84,7 +84,20 @@ section_table:
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
- IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE // Characteristics
+
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size // VirtualSize
+ .long __pecoff_data_start - _head // VirtualAddress
+ .long __pecoff_data_rawsize // SizeOfRawData
+ .long __pecoff_data_start - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
IMAGE_SCN_MEM_READ | \
IMAGE_SCN_MEM_WRITE // Characteristics
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index b8deffa9e1bf..a93cc2b6f50b 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -149,6 +149,9 @@ SECTIONS
ARM_EXIT_KEEP(EXIT_TEXT)
}
+ . = ALIGN(SZ_4K);
+ __pecoff_data_start = .;
+
.init.data : {
INIT_DATA
INIT_SETUP(16)
@@ -206,6 +209,7 @@ SECTIONS
}
PECOFF_EDATA_PADDING
+ __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
_edata = .;
BSS_SECTION(0, 0, 0)
@@ -221,6 +225,7 @@ SECTIONS
. += RESERVED_TTBR0_SIZE;
#endif
+ __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
_end = .;
STABS_DEBUG
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata and .init.text, and a .data section with
read-write permissions, covering .init.data, .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 23 +++++++++++++++-----
arch/arm64/kernel/vmlinux.lds.S | 5 +++++
2 files changed, 23 insertions(+), 5 deletions(-)
--git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 7637226ea9ca..5870bd611498 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -27,8 +27,8 @@ optional_header:
.short PE_OPT_MAGIC_PE32PLUS // PE32+ format
.byte 0x02 // MajorLinkerVersion
.byte 0x14 // MinorLinkerVersion
- .long _end - efi_header_end // SizeOfCode
- .long 0 // SizeOfInitializedData
+ .long __pecoff_data_start - efi_header_end // SizeOfCode
+ .long __pecoff_data_size // SizeOfInitializedData
.long 0 // SizeOfUninitializedData
.long __efistub_entry - _head // AddressOfEntryPoint
.long efi_header_end - _head // BaseOfCode
@@ -74,9 +74,9 @@ extra_header_fields:
// Section table
section_table:
.ascii ".text\0\0\0"
- .long _end - efi_header_end // VirtualSize
+ .long __pecoff_data_start - efi_header_end // VirtualSize
.long efi_header_end - _head // VirtualAddress
- .long _edata - efi_header_end // SizeOfRawData
+ .long __pecoff_data_start - efi_header_end // SizeOfRawData
.long efi_header_end - _head // PointerToRawData
.long 0 // PointerToRelocations
@@ -84,7 +84,20 @@ section_table:
.short 0 // NumberOfRelocations
.short 0 // NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
- IMAGE_SCN_MEM_EXECUTE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE // Characteristics
+
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size // VirtualSize
+ .long __pecoff_data_start - _head // VirtualAddress
+ .long __pecoff_data_rawsize // SizeOfRawData
+ .long __pecoff_data_start - _head // PointerToRawData
+
+ .long 0 // PointerToRelocations
+ .long 0 // PointerToLineNumbers
+ .short 0 // NumberOfRelocations
+ .short 0 // NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
IMAGE_SCN_MEM_READ | \
IMAGE_SCN_MEM_WRITE // Characteristics
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index b8deffa9e1bf..a93cc2b6f50b 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -149,6 +149,9 @@ SECTIONS
ARM_EXIT_KEEP(EXIT_TEXT)
}
+ . = ALIGN(SZ_4K);
+ __pecoff_data_start = .;
+
.init.data : {
INIT_DATA
INIT_SETUP(16)
@@ -206,6 +209,7 @@ SECTIONS
}
PECOFF_EDATA_PADDING
+ __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
_edata = .;
BSS_SECTION(0, 0, 0)
@@ -221,6 +225,7 @@ SECTIONS
. += RESERVED_TTBR0_SIZE;
#endif
+ __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
_end = .;
STABS_DEBUG
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 09/14] arm: compressed: put zImage header and EFI header in dedicated section
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott,
Ard Biesheuvel, Dave Martin
To align the PE/COFF and the ELF headers of the decompressor binary, put
the zImage header and the EFI header in a separate .head.text section,
and emit it at the start of the Image. This change is necessary for UEFI
based debug tooling to be able to use the vmlinux ELF binary, since it
gets confused if the PE/COFF .text section and the ELF .text section live
at different offsets.
This requires a tweak of the initial jump, because (b)adr does not reach
across a section boundary. Other than that, and a few bytes of padding at
the beginning of .start, this change does not affect the binary image.
Cc: Dave Martin <dave.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 2 --
arch/arm/boot/compressed/head.S | 14 +++++++++-----
arch/arm/boot/compressed/vmlinux.lds.S | 5 ++++-
3 files changed, 13 insertions(+), 8 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 9d5dc4fda3c1..1d26a9d0a9e8 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -23,8 +23,6 @@
.macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- b __efi_start
-
.set start_offset, __efi_start - start
.org start + 0x3c
@
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index fc6d541549a2..42ba2f557791 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -114,7 +114,7 @@
#endif
.endm
- .section ".start", #alloc, #execinstr
+ .section ".head.text", #alloc, #execinstr
/*
* sort out different calling conventions
*/
@@ -132,17 +132,21 @@ start:
.endr
ARM( mov r0, r0 )
ARM( b 1f )
- THUMB( badr r12, 1f )
- THUMB( bx r12 )
+AR_CLASS(THUMB( sub pc, pc, #3 )) @ A/R: switch to Thumb2 mode
+ M_CLASS( nop.w ) @ M: already in Thumb2 mode
+ THUMB( .thumb )
+ THUMB( b.w 1f )
.word _magic_sig @ Magic numbers to help the loader
.word _magic_start @ absolute load/run zImage address
.word _magic_end @ zImage end address
.word 0x04030201 @ endianness flag
- THUMB( .thumb )
-1: __EFI_HEADER
+ __EFI_HEADER
+ .section ".start", #alloc, #execinstr
+ .align
+1:
ARM_BE8( setend be ) @ go BE8 if compiled for BE8
AR_CLASS( mrs r9, cpsr )
#ifdef CONFIG_ARM_VIRT_EXT
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 81c493156ce8..5d50daea466a 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -34,8 +34,11 @@ SECTIONS
. = TEXT_START;
_text = .;
- .text : {
+ .head.text : {
_start = .;
+ *(.head.text)
+ }
+ .text : {
*(.start)
*(.text)
*(.text.*)
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 09/14] arm: compressed: put zImage header and EFI header in dedicated section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
To align the PE/COFF and the ELF headers of the decompressor binary, put
the zImage header and the EFI header in a separate .head.text section,
and emit it at the start of the Image. This change is necessary for UEFI
based debug tooling to be able to use the vmlinux ELF binary, since it
gets confused if the PE/COFF .text section and the ELF .text section live
at different offsets.
This requires a tweak of the initial jump, because (b)adr does not reach
across a section boundary. Other than that, and a few bytes of padding at
the beginning of .start, this change does not affect the binary image.
Cc: Dave Martin <dave.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 2 --
arch/arm/boot/compressed/head.S | 14 +++++++++-----
arch/arm/boot/compressed/vmlinux.lds.S | 5 ++++-
3 files changed, 13 insertions(+), 8 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 9d5dc4fda3c1..1d26a9d0a9e8 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -23,8 +23,6 @@
.macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- b __efi_start
-
.set start_offset, __efi_start - start
.org start + 0x3c
@
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index fc6d541549a2..42ba2f557791 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -114,7 +114,7 @@
#endif
.endm
- .section ".start", #alloc, #execinstr
+ .section ".head.text", #alloc, #execinstr
/*
* sort out different calling conventions
*/
@@ -132,17 +132,21 @@ start:
.endr
ARM( mov r0, r0 )
ARM( b 1f )
- THUMB( badr r12, 1f )
- THUMB( bx r12 )
+AR_CLASS(THUMB( sub pc, pc, #3 )) @ A/R: switch to Thumb2 mode
+ M_CLASS( nop.w ) @ M: already in Thumb2 mode
+ THUMB( .thumb )
+ THUMB( b.w 1f )
.word _magic_sig @ Magic numbers to help the loader
.word _magic_start @ absolute load/run zImage address
.word _magic_end @ zImage end address
.word 0x04030201 @ endianness flag
- THUMB( .thumb )
-1: __EFI_HEADER
+ __EFI_HEADER
+ .section ".start", #alloc, #execinstr
+ .align
+1:
ARM_BE8( setend be ) @ go BE8 if compiled for BE8
AR_CLASS( mrs r9, cpsr )
#ifdef CONFIG_ARM_VIRT_EXT
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 81c493156ce8..5d50daea466a 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -34,8 +34,11 @@ SECTIONS
. = TEXT_START;
_text = .;
- .text : {
+ .head.text : {
_start = .;
+ *(.head.text)
+ }
+ .text : {
*(.start)
*(.text)
*(.text.*)
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 09/14] arm: compressed: put zImage header and EFI header in dedicated section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott,
Ard Biesheuvel, Dave Martin
To align the PE/COFF and the ELF headers of the decompressor binary, put
the zImage header and the EFI header in a separate .head.text section,
and emit it at the start of the Image. This change is necessary for UEFI
based debug tooling to be able to use the vmlinux ELF binary, since it
gets confused if the PE/COFF .text section and the ELF .text section live
at different offsets.
This requires a tweak of the initial jump, because (b)adr does not reach
across a section boundary. Other than that, and a few bytes of padding at
the beginning of .start, this change does not affect the binary image.
Cc: Dave Martin <dave.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 2 --
arch/arm/boot/compressed/head.S | 14 +++++++++-----
arch/arm/boot/compressed/vmlinux.lds.S | 5 ++++-
3 files changed, 13 insertions(+), 8 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 9d5dc4fda3c1..1d26a9d0a9e8 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -23,8 +23,6 @@
.macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- b __efi_start
-
.set start_offset, __efi_start - start
.org start + 0x3c
@
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index fc6d541549a2..42ba2f557791 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -114,7 +114,7 @@
#endif
.endm
- .section ".start", #alloc, #execinstr
+ .section ".head.text", #alloc, #execinstr
/*
* sort out different calling conventions
*/
@@ -132,17 +132,21 @@ start:
.endr
ARM( mov r0, r0 )
ARM( b 1f )
- THUMB( badr r12, 1f )
- THUMB( bx r12 )
+AR_CLASS(THUMB( sub pc, pc, #3 )) @ A/R: switch to Thumb2 mode
+ M_CLASS( nop.w ) @ M: already in Thumb2 mode
+ THUMB( .thumb )
+ THUMB( b.w 1f )
.word _magic_sig @ Magic numbers to help the loader
.word _magic_start @ absolute load/run zImage address
.word _magic_end @ zImage end address
.word 0x04030201 @ endianness flag
- THUMB( .thumb )
-1: __EFI_HEADER
+ __EFI_HEADER
+ .section ".start", #alloc, #execinstr
+ .align
+1:
ARM_BE8( setend be ) @ go BE8 if compiled for BE8
AR_CLASS( mrs r9, cpsr )
#ifdef CONFIG_ARM_VIRT_EXT
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 81c493156ce8..5d50daea466a 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -34,8 +34,11 @@ SECTIONS
. = TEXT_START;
_text = .;
- .text : {
+ .head.text : {
_start = .;
+ *(.head.text)
+ }
+ .text : {
*(.start)
*(.text)
*(.text.*)
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 10/14] arm: efi: remove forbidden values from the PE/COFF header
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 1d26a9d0a9e8..50eff3bbc57c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -43,7 +43,7 @@ coff_header:
.short 2 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
- .long 1 @ NumberOfSymbols
+ .long 0 @ NumberOfSymbols
.short section_table - optional_header
@ SizeOfOptionalHeader
.short 0x306 @ Characteristics.
@@ -109,7 +109,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0x42100040 @ Characteristics
+ .long 0x42000040 @ Characteristics
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
@@ -120,7 +120,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0xe0500020 @ Characteristics
+ .long 0xe0000020 @ Characteristics
.align 9
__efi_start:
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 10/14] arm: efi: remove forbidden values from the PE/COFF header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 1d26a9d0a9e8..50eff3bbc57c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -43,7 +43,7 @@ coff_header:
.short 2 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
- .long 1 @ NumberOfSymbols
+ .long 0 @ NumberOfSymbols
.short section_table - optional_header
@ SizeOfOptionalHeader
.short 0x306 @ Characteristics.
@@ -109,7 +109,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0x42100040 @ Characteristics
+ .long 0x42000040 @ Characteristics
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
@@ -120,7 +120,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0xe0500020 @ Characteristics
+ .long 0xe0000020 @ Characteristics
.align 9
__efi_start:
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 10/14] arm: efi: remove forbidden values from the PE/COFF header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Bring the PE/COFF header in line with the PE/COFF spec, by setting
NumberOfSymbols to 0, and removing the section alignment flags.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 1d26a9d0a9e8..50eff3bbc57c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -43,7 +43,7 @@ coff_header:
.short 2 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
- .long 1 @ NumberOfSymbols
+ .long 0 @ NumberOfSymbols
.short section_table - optional_header
@ SizeOfOptionalHeader
.short 0x306 @ Characteristics.
@@ -109,7 +109,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0x42100040 @ Characteristics
+ .long 0x42000040 @ Characteristics
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
@@ -120,7 +120,7 @@ section_table:
.long 0 @ PointerToLineNumbers
.short 0 @ NumberOfRelocations
.short 0 @ NumberOfLineNumbers
- .long 0xe0500020 @ Characteristics
+ .long 0xe0000020 @ Characteristics
.align 9
__efi_start:
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 11/14] arm: efi: remove pointless dummy .reloc section
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 50eff3bbc57c..5873fc2b5f9a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -40,7 +40,7 @@ pe_header:
coff_header:
.short 0x01c2 @ ARM or Thumb
- .short 2 @ nr_sections
+ .short 1 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
.long 0 @ NumberOfSymbols
@@ -95,22 +95,6 @@ extra_header_fields:
.quad 0 @ BaseRelocationTable
section_table:
- @
- @ The EFI application loader requires a relocation section
- @ because EFI applications must be relocatable. This is a
- @ dummy section as far as we are concerned.
- @
- .ascii ".reloc\0\0"
- .long 0 @ VirtualSize
- .long 0 @ VirtualAddress
- .long 0 @ SizeOfRawData
- .long 0 @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0x42000040 @ Characteristics
-
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 11/14] arm: efi: remove pointless dummy .reloc section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 50eff3bbc57c..5873fc2b5f9a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -40,7 +40,7 @@ pe_header:
coff_header:
.short 0x01c2 @ ARM or Thumb
- .short 2 @ nr_sections
+ .short 1 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
.long 0 @ NumberOfSymbols
@@ -95,22 +95,6 @@ extra_header_fields:
.quad 0 @ BaseRelocationTable
section_table:
- @
- @ The EFI application loader requires a relocation section
- @ because EFI applications must be relocatable. This is a
- @ dummy section as far as we are concerned.
- @
- .ascii ".reloc\0\0"
- .long 0 @ VirtualSize
- .long 0 @ VirtualAddress
- .long 0 @ SizeOfRawData
- .long 0 @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0x42000040 @ Characteristics
-
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 11/14] arm: efi: remove pointless dummy .reloc section
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
The kernel's EFI PE/COFF header contains a dummy .reloc section, and
an explanatory comment that claims that this is required for the EFI
application loader to accept the Image as a relocatable image (i.e.,
one that can be loaded at any offset and fixed up in place)
This was inherited from the x86 implementation, which has elaborate host
tooling to mangle the PE/COFF header post-link time, and which populates
the .reloc section with a single dummy base relocation. On ARM, no such
tooling exists, and the .reloc section remains empty, and is never even
exposed via the BaseRelocationTable directory entry, which is where the
PE/COFF loader looks for it.
The PE/COFF spec is unclear about relocatable images that do not require
any fixups, but the EDK2 implementation, which is the de facto reference
for PE/COFF in the UEFI space, clearly does not care, and explicitly
mentions (in a comment) that relocatable images with no base relocations
are perfectly fine, as long as they don't have the RELOCS_STRIPPED
attribute set (which is not the case for our PE/COFF image)
So simply remove the .reloc section altogether.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 50eff3bbc57c..5873fc2b5f9a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -40,7 +40,7 @@ pe_header:
coff_header:
.short 0x01c2 @ ARM or Thumb
- .short 2 @ nr_sections
+ .short 1 @ nr_sections
.long 0 @ TimeDateStamp
.long 0 @ PointerToSymbolTable
.long 0 @ NumberOfSymbols
@@ -95,22 +95,6 @@ extra_header_fields:
.quad 0 @ BaseRelocationTable
section_table:
- @
- @ The EFI application loader requires a relocation section
- @ because EFI applications must be relocatable. This is a
- @ dummy section as far as we are concerned.
- @
- .ascii ".reloc\0\0"
- .long 0 @ VirtualSize
- .long 0 @ VirtualAddress
- .long 0 @ SizeOfRawData
- .long 0 @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0x42000040 @ Characteristics
-
.ascii ".text\0\0\0"
.long _end - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 12/14] arm: efi: replace open coded constants with symbolic ones
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Replace the various open coded constants in the EFI PE/COFF header with
definitions from pe.h, or expressions based on local symbols.
Note that this patch also changes the indentation to make room for the
symbolic constant names.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 172 ++++++++++----------
1 file changed, 89 insertions(+), 83 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 5873fc2b5f9a..7ff2b2f05e4c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2015 Linaro Ltd
+ * Copyright (C) 2013-2017 Linaro Ltd
* Authors: Roy Franz <roy.franz@linaro.org>
* Ard Biesheuvel <ard.biesheuvel@linaro.org>
*
@@ -8,105 +8,111 @@
* published by the Free Software Foundation.
*/
- .macro __nop
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
+ .macro __nop
#ifdef CONFIG_EFI_STUB
- @ This is almost but not quite a NOP, since it does clobber the
- @ condition flags. But it is the best we can do for EFI, since
- @ PE/COFF expects the magic string "MZ" at offset 0, while the
- @ ARM/Linux boot protocol expects an executable instruction
- @ there.
- .inst 'M' | ('Z' << 8) | (0x1310 << 16) @ tstne r0, #0x4d000
+ @ This is almost but not quite a NOP, since it does clobber the
+ @ condition flags. But it is the best we can do for EFI, since
+ @ PE/COFF expects the magic string "MZ" at offset 0, while the
+ @ ARM/Linux boot protocol expects an executable instruction
+ @ there.
+ .inst MZ_MAGIC | (0x1310 << 16) @ tstne r0, #0x4d000
#else
- mov r0, r0
+ mov r0, r0
#endif
- .endm
+ .endm
- .macro __EFI_HEADER
+ .macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- .set start_offset, __efi_start - start
- .org start + 0x3c
- @
- @ The PE header can be anywhere in the file, but for
- @ simplicity we keep it together with the MSDOS header
- @ The offset to the PE/COFF header needs to be at offset
- @ 0x3C in the MSDOS header.
- @ The only 2 fields of the MSDOS header that are used are this
- @ PE/COFF offset, and the "MZ" bytes at offset 0x0.
- @
- .long pe_header - start @ Offset to the PE header.
+ .set start_offset, __efi_start - start
+ .org start + 0x3c
+ @
+ @ The PE header can be anywhere in the file, but for
+ @ simplicity we keep it together with the MSDOS header
+ @ The offset to the PE/COFF header needs to be at offset
+ @ 0x3C in the MSDOS header.
+ @ The only 2 fields of the MSDOS header that are used are this
+ @ PE/COFF offset, and the "MZ" bytes at offset 0x0.
+ @
+ .long pe_header - start @ Offset to the PE header.
pe_header:
- .ascii "PE\0\0"
+ .long PE_MAGIC
coff_header:
- .short 0x01c2 @ ARM or Thumb
- .short 1 @ nr_sections
- .long 0 @ TimeDateStamp
- .long 0 @ PointerToSymbolTable
- .long 0 @ NumberOfSymbols
- .short section_table - optional_header
- @ SizeOfOptionalHeader
- .short 0x306 @ Characteristics.
- @ IMAGE_FILE_32BIT_MACHINE |
- @ IMAGE_FILE_DEBUG_STRIPPED |
- @ IMAGE_FILE_EXECUTABLE_IMAGE |
- @ IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_MACHINE_THUMB @ Machine
+ .short section_count @ NumberOfSections
+ .long 0 @ TimeDateStamp
+ .long 0 @ PointerToSymbolTable
+ .long 0 @ NumberOfSymbols
+ .short section_table - optional_header @ SizeOfOptionalHeader
+ .short IMAGE_FILE_32BIT_MACHINE | \
+ IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED @ Characteristics
optional_header:
- .short 0x10b @ PE32 format
- .byte 0x02 @ MajorLinkerVersion
- .byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
- .long 0 @ SizeOfUninitializedData
- .long efi_stub_entry - start @ AddressOfEntryPoint
- .long start_offset @ BaseOfCode
- .long 0 @ data
+ .short PE_OPT_MAGIC_PE32 @ PE32 format
+ .byte 0x02 @ MajorLinkerVersion
+ .byte 0x14 @ MinorLinkerVersion
+ .long _end - __efi_start @ SizeOfCode
+ .long 0 @ SizeOfInitializedData
+ .long 0 @ SizeOfUninitializedData
+ .long efi_stub_entry - start @ AddressOfEntryPoint
+ .long start_offset @ BaseOfCode
+ .long 0 @ BaseOfData
extra_header_fields:
- .long 0 @ ImageBase
- .long 0x200 @ SectionAlignment
- .long 0x200 @ FileAlignment
- .short 0 @ MajorOperatingSystemVersion
- .short 0 @ MinorOperatingSystemVersion
- .short 0 @ MajorImageVersion
- .short 0 @ MinorImageVersion
- .short 0 @ MajorSubsystemVersion
- .short 0 @ MinorSubsystemVersion
- .long 0 @ Win32VersionValue
+ .long 0 @ ImageBase
+ .long SZ_512 @ SectionAlignment
+ .long SZ_512 @ FileAlignment
+ .short 0 @ MajorOsVersion
+ .short 0 @ MinorOsVersion
+ .short 0 @ MajorImageVersion
+ .short 0 @ MinorImageVersion
+ .short 0 @ MajorSubsystemVersion
+ .short 0 @ MinorSubsystemVersion
+ .long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
- .long start_offset @ SizeOfHeaders
- .long 0 @ CheckSum
- .short 0xa @ Subsystem (EFI application)
- .short 0 @ DllCharacteristics
- .long 0 @ SizeOfStackReserve
- .long 0 @ SizeOfStackCommit
- .long 0 @ SizeOfHeapReserve
- .long 0 @ SizeOfHeapCommit
- .long 0 @ LoaderFlags
- .long 0x6 @ NumberOfRvaAndSizes
+ .long _end - start @ SizeOfImage
+ .long start_offset @ SizeOfHeaders
+ .long 0 @ CheckSum
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
+ .short 0 @ DllCharacteristics
+ .long 0 @ SizeOfStackReserve
+ .long 0 @ SizeOfStackCommit
+ .long 0 @ SizeOfHeapReserve
+ .long 0 @ SizeOfHeapCommit
+ .long 0 @ LoaderFlags
+ .long (section_table - .) / 8 @ NumberOfRvaAndSizes
- .quad 0 @ ExportTable
- .quad 0 @ ImportTable
- .quad 0 @ ResourceTable
- .quad 0 @ ExceptionTable
- .quad 0 @ CertificationTable
- .quad 0 @ BaseRelocationTable
+ .quad 0 @ ExportTable
+ .quad 0 @ ImportTable
+ .quad 0 @ ResourceTable
+ .quad 0 @ ExceptionTable
+ .quad 0 @ CertificationTable
+ .quad 0 @ BaseRelocationTable
section_table:
- .ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
- .long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
- .long __efi_start @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0xe0000020 @ Characteristics
+ .ascii ".text\0\0\0"
+ .long _end - __efi_start @ VirtualSize
+ .long __efi_start @ VirtualAddress
+ .long _edata - __efi_start @ SizeOfRawData
+ .long __efi_start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE | \
+ IMAGE_SCN_MEM_EXECUTE @ Characteristics
+
+ .set section_count, (. - section_table) / 40
- .align 9
+ .align 9
__efi_start:
#endif
- .endm
+ .endm
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 12/14] arm: efi: replace open coded constants with symbolic ones
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
Replace the various open coded constants in the EFI PE/COFF header with
definitions from pe.h, or expressions based on local symbols.
Note that this patch also changes the indentation to make room for the
symbolic constant names.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 172 ++++++++++----------
1 file changed, 89 insertions(+), 83 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 5873fc2b5f9a..7ff2b2f05e4c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2015 Linaro Ltd
+ * Copyright (C) 2013-2017 Linaro Ltd
* Authors: Roy Franz <roy.franz@linaro.org>
* Ard Biesheuvel <ard.biesheuvel@linaro.org>
*
@@ -8,105 +8,111 @@
* published by the Free Software Foundation.
*/
- .macro __nop
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
+ .macro __nop
#ifdef CONFIG_EFI_STUB
- @ This is almost but not quite a NOP, since it does clobber the
- @ condition flags. But it is the best we can do for EFI, since
- @ PE/COFF expects the magic string "MZ" at offset 0, while the
- @ ARM/Linux boot protocol expects an executable instruction
- @ there.
- .inst 'M' | ('Z' << 8) | (0x1310 << 16) @ tstne r0, #0x4d000
+ @ This is almost but not quite a NOP, since it does clobber the
+ @ condition flags. But it is the best we can do for EFI, since
+ @ PE/COFF expects the magic string "MZ" at offset 0, while the
+ @ ARM/Linux boot protocol expects an executable instruction
+ @ there.
+ .inst MZ_MAGIC | (0x1310 << 16) @ tstne r0, #0x4d000
#else
- mov r0, r0
+ mov r0, r0
#endif
- .endm
+ .endm
- .macro __EFI_HEADER
+ .macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- .set start_offset, __efi_start - start
- .org start + 0x3c
- @
- @ The PE header can be anywhere in the file, but for
- @ simplicity we keep it together with the MSDOS header
- @ The offset to the PE/COFF header needs to be at offset
- @ 0x3C in the MSDOS header.
- @ The only 2 fields of the MSDOS header that are used are this
- @ PE/COFF offset, and the "MZ" bytes at offset 0x0.
- @
- .long pe_header - start @ Offset to the PE header.
+ .set start_offset, __efi_start - start
+ .org start + 0x3c
+ @
+ @ The PE header can be anywhere in the file, but for
+ @ simplicity we keep it together with the MSDOS header
+ @ The offset to the PE/COFF header needs to be at offset
+ @ 0x3C in the MSDOS header.
+ @ The only 2 fields of the MSDOS header that are used are this
+ @ PE/COFF offset, and the "MZ" bytes@offset 0x0.
+ @
+ .long pe_header - start @ Offset to the PE header.
pe_header:
- .ascii "PE\0\0"
+ .long PE_MAGIC
coff_header:
- .short 0x01c2 @ ARM or Thumb
- .short 1 @ nr_sections
- .long 0 @ TimeDateStamp
- .long 0 @ PointerToSymbolTable
- .long 0 @ NumberOfSymbols
- .short section_table - optional_header
- @ SizeOfOptionalHeader
- .short 0x306 @ Characteristics.
- @ IMAGE_FILE_32BIT_MACHINE |
- @ IMAGE_FILE_DEBUG_STRIPPED |
- @ IMAGE_FILE_EXECUTABLE_IMAGE |
- @ IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_MACHINE_THUMB @ Machine
+ .short section_count @ NumberOfSections
+ .long 0 @ TimeDateStamp
+ .long 0 @ PointerToSymbolTable
+ .long 0 @ NumberOfSymbols
+ .short section_table - optional_header @ SizeOfOptionalHeader
+ .short IMAGE_FILE_32BIT_MACHINE | \
+ IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED @ Characteristics
optional_header:
- .short 0x10b @ PE32 format
- .byte 0x02 @ MajorLinkerVersion
- .byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
- .long 0 @ SizeOfUninitializedData
- .long efi_stub_entry - start @ AddressOfEntryPoint
- .long start_offset @ BaseOfCode
- .long 0 @ data
+ .short PE_OPT_MAGIC_PE32 @ PE32 format
+ .byte 0x02 @ MajorLinkerVersion
+ .byte 0x14 @ MinorLinkerVersion
+ .long _end - __efi_start @ SizeOfCode
+ .long 0 @ SizeOfInitializedData
+ .long 0 @ SizeOfUninitializedData
+ .long efi_stub_entry - start @ AddressOfEntryPoint
+ .long start_offset @ BaseOfCode
+ .long 0 @ BaseOfData
extra_header_fields:
- .long 0 @ ImageBase
- .long 0x200 @ SectionAlignment
- .long 0x200 @ FileAlignment
- .short 0 @ MajorOperatingSystemVersion
- .short 0 @ MinorOperatingSystemVersion
- .short 0 @ MajorImageVersion
- .short 0 @ MinorImageVersion
- .short 0 @ MajorSubsystemVersion
- .short 0 @ MinorSubsystemVersion
- .long 0 @ Win32VersionValue
+ .long 0 @ ImageBase
+ .long SZ_512 @ SectionAlignment
+ .long SZ_512 @ FileAlignment
+ .short 0 @ MajorOsVersion
+ .short 0 @ MinorOsVersion
+ .short 0 @ MajorImageVersion
+ .short 0 @ MinorImageVersion
+ .short 0 @ MajorSubsystemVersion
+ .short 0 @ MinorSubsystemVersion
+ .long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
- .long start_offset @ SizeOfHeaders
- .long 0 @ CheckSum
- .short 0xa @ Subsystem (EFI application)
- .short 0 @ DllCharacteristics
- .long 0 @ SizeOfStackReserve
- .long 0 @ SizeOfStackCommit
- .long 0 @ SizeOfHeapReserve
- .long 0 @ SizeOfHeapCommit
- .long 0 @ LoaderFlags
- .long 0x6 @ NumberOfRvaAndSizes
+ .long _end - start @ SizeOfImage
+ .long start_offset @ SizeOfHeaders
+ .long 0 @ CheckSum
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
+ .short 0 @ DllCharacteristics
+ .long 0 @ SizeOfStackReserve
+ .long 0 @ SizeOfStackCommit
+ .long 0 @ SizeOfHeapReserve
+ .long 0 @ SizeOfHeapCommit
+ .long 0 @ LoaderFlags
+ .long (section_table - .) / 8 @ NumberOfRvaAndSizes
- .quad 0 @ ExportTable
- .quad 0 @ ImportTable
- .quad 0 @ ResourceTable
- .quad 0 @ ExceptionTable
- .quad 0 @ CertificationTable
- .quad 0 @ BaseRelocationTable
+ .quad 0 @ ExportTable
+ .quad 0 @ ImportTable
+ .quad 0 @ ResourceTable
+ .quad 0 @ ExceptionTable
+ .quad 0 @ CertificationTable
+ .quad 0 @ BaseRelocationTable
section_table:
- .ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
- .long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
- .long __efi_start @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0xe0000020 @ Characteristics
+ .ascii ".text\0\0\0"
+ .long _end - __efi_start @ VirtualSize
+ .long __efi_start @ VirtualAddress
+ .long _edata - __efi_start @ SizeOfRawData
+ .long __efi_start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE | \
+ IMAGE_SCN_MEM_EXECUTE @ Characteristics
+
+ .set section_count, (. - section_table) / 40
- .align 9
+ .align 9
__efi_start:
#endif
- .endm
+ .endm
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 12/14] arm: efi: replace open coded constants with symbolic ones
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
Replace the various open coded constants in the EFI PE/COFF header with
definitions from pe.h, or expressions based on local symbols.
Note that this patch also changes the indentation to make room for the
symbolic constant names.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 172 ++++++++++----------
1 file changed, 89 insertions(+), 83 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 5873fc2b5f9a..7ff2b2f05e4c 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2015 Linaro Ltd
+ * Copyright (C) 2013-2017 Linaro Ltd
* Authors: Roy Franz <roy.franz@linaro.org>
* Ard Biesheuvel <ard.biesheuvel@linaro.org>
*
@@ -8,105 +8,111 @@
* published by the Free Software Foundation.
*/
- .macro __nop
+#include <linux/pe.h>
+#include <linux/sizes.h>
+
+ .macro __nop
#ifdef CONFIG_EFI_STUB
- @ This is almost but not quite a NOP, since it does clobber the
- @ condition flags. But it is the best we can do for EFI, since
- @ PE/COFF expects the magic string "MZ" at offset 0, while the
- @ ARM/Linux boot protocol expects an executable instruction
- @ there.
- .inst 'M' | ('Z' << 8) | (0x1310 << 16) @ tstne r0, #0x4d000
+ @ This is almost but not quite a NOP, since it does clobber the
+ @ condition flags. But it is the best we can do for EFI, since
+ @ PE/COFF expects the magic string "MZ" at offset 0, while the
+ @ ARM/Linux boot protocol expects an executable instruction
+ @ there.
+ .inst MZ_MAGIC | (0x1310 << 16) @ tstne r0, #0x4d000
#else
- mov r0, r0
+ mov r0, r0
#endif
- .endm
+ .endm
- .macro __EFI_HEADER
+ .macro __EFI_HEADER
#ifdef CONFIG_EFI_STUB
- .set start_offset, __efi_start - start
- .org start + 0x3c
- @
- @ The PE header can be anywhere in the file, but for
- @ simplicity we keep it together with the MSDOS header
- @ The offset to the PE/COFF header needs to be at offset
- @ 0x3C in the MSDOS header.
- @ The only 2 fields of the MSDOS header that are used are this
- @ PE/COFF offset, and the "MZ" bytes at offset 0x0.
- @
- .long pe_header - start @ Offset to the PE header.
+ .set start_offset, __efi_start - start
+ .org start + 0x3c
+ @
+ @ The PE header can be anywhere in the file, but for
+ @ simplicity we keep it together with the MSDOS header
+ @ The offset to the PE/COFF header needs to be at offset
+ @ 0x3C in the MSDOS header.
+ @ The only 2 fields of the MSDOS header that are used are this
+ @ PE/COFF offset, and the "MZ" bytes at offset 0x0.
+ @
+ .long pe_header - start @ Offset to the PE header.
pe_header:
- .ascii "PE\0\0"
+ .long PE_MAGIC
coff_header:
- .short 0x01c2 @ ARM or Thumb
- .short 1 @ nr_sections
- .long 0 @ TimeDateStamp
- .long 0 @ PointerToSymbolTable
- .long 0 @ NumberOfSymbols
- .short section_table - optional_header
- @ SizeOfOptionalHeader
- .short 0x306 @ Characteristics.
- @ IMAGE_FILE_32BIT_MACHINE |
- @ IMAGE_FILE_DEBUG_STRIPPED |
- @ IMAGE_FILE_EXECUTABLE_IMAGE |
- @ IMAGE_FILE_LINE_NUMS_STRIPPED
+ .short IMAGE_FILE_MACHINE_THUMB @ Machine
+ .short section_count @ NumberOfSections
+ .long 0 @ TimeDateStamp
+ .long 0 @ PointerToSymbolTable
+ .long 0 @ NumberOfSymbols
+ .short section_table - optional_header @ SizeOfOptionalHeader
+ .short IMAGE_FILE_32BIT_MACHINE | \
+ IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED @ Characteristics
optional_header:
- .short 0x10b @ PE32 format
- .byte 0x02 @ MajorLinkerVersion
- .byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
- .long 0 @ SizeOfUninitializedData
- .long efi_stub_entry - start @ AddressOfEntryPoint
- .long start_offset @ BaseOfCode
- .long 0 @ data
+ .short PE_OPT_MAGIC_PE32 @ PE32 format
+ .byte 0x02 @ MajorLinkerVersion
+ .byte 0x14 @ MinorLinkerVersion
+ .long _end - __efi_start @ SizeOfCode
+ .long 0 @ SizeOfInitializedData
+ .long 0 @ SizeOfUninitializedData
+ .long efi_stub_entry - start @ AddressOfEntryPoint
+ .long start_offset @ BaseOfCode
+ .long 0 @ BaseOfData
extra_header_fields:
- .long 0 @ ImageBase
- .long 0x200 @ SectionAlignment
- .long 0x200 @ FileAlignment
- .short 0 @ MajorOperatingSystemVersion
- .short 0 @ MinorOperatingSystemVersion
- .short 0 @ MajorImageVersion
- .short 0 @ MinorImageVersion
- .short 0 @ MajorSubsystemVersion
- .short 0 @ MinorSubsystemVersion
- .long 0 @ Win32VersionValue
+ .long 0 @ ImageBase
+ .long SZ_512 @ SectionAlignment
+ .long SZ_512 @ FileAlignment
+ .short 0 @ MajorOsVersion
+ .short 0 @ MinorOsVersion
+ .short 0 @ MajorImageVersion
+ .short 0 @ MinorImageVersion
+ .short 0 @ MajorSubsystemVersion
+ .short 0 @ MinorSubsystemVersion
+ .long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
- .long start_offset @ SizeOfHeaders
- .long 0 @ CheckSum
- .short 0xa @ Subsystem (EFI application)
- .short 0 @ DllCharacteristics
- .long 0 @ SizeOfStackReserve
- .long 0 @ SizeOfStackCommit
- .long 0 @ SizeOfHeapReserve
- .long 0 @ SizeOfHeapCommit
- .long 0 @ LoaderFlags
- .long 0x6 @ NumberOfRvaAndSizes
+ .long _end - start @ SizeOfImage
+ .long start_offset @ SizeOfHeaders
+ .long 0 @ CheckSum
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
+ .short 0 @ DllCharacteristics
+ .long 0 @ SizeOfStackReserve
+ .long 0 @ SizeOfStackCommit
+ .long 0 @ SizeOfHeapReserve
+ .long 0 @ SizeOfHeapCommit
+ .long 0 @ LoaderFlags
+ .long (section_table - .) / 8 @ NumberOfRvaAndSizes
- .quad 0 @ ExportTable
- .quad 0 @ ImportTable
- .quad 0 @ ResourceTable
- .quad 0 @ ExceptionTable
- .quad 0 @ CertificationTable
- .quad 0 @ BaseRelocationTable
+ .quad 0 @ ExportTable
+ .quad 0 @ ImportTable
+ .quad 0 @ ResourceTable
+ .quad 0 @ ExceptionTable
+ .quad 0 @ CertificationTable
+ .quad 0 @ BaseRelocationTable
section_table:
- .ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
- .long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
- .long __efi_start @ PointerToRawData
- .long 0 @ PointerToRelocations
- .long 0 @ PointerToLineNumbers
- .short 0 @ NumberOfRelocations
- .short 0 @ NumberOfLineNumbers
- .long 0xe0000020 @ Characteristics
+ .ascii ".text\0\0\0"
+ .long _end - __efi_start @ VirtualSize
+ .long __efi_start @ VirtualAddress
+ .long _edata - __efi_start @ SizeOfRawData
+ .long __efi_start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE | \
+ IMAGE_SCN_MEM_EXECUTE @ Characteristics
+
+ .set section_count, (. - section_table) / 40
- .align 9
+ .align 9
__efi_start:
#endif
- .endm
+ .endm
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 13/14] arm: efi: split zImage code and data into separate PE/COFF sections
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata, .piggytext and the GOT sections (which the
stub does not care about anyway), and a .data section with read-write
permissions, covering .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 30 ++++++++++++++------
arch/arm/boot/compressed/vmlinux.lds.S | 27 +++++++++++++-----
2 files changed, 41 insertions(+), 16 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 7ff2b2f05e4c..3cf09f7efced 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -57,16 +57,16 @@ optional_header:
.short PE_OPT_MAGIC_PE32 @ PE32 format
.byte 0x02 @ MajorLinkerVersion
.byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
+ .long __pecoff_data_start - __efi_start @ SizeOfCode
+ .long __pecoff_data_size @ SizeOfInitializedData
.long 0 @ SizeOfUninitializedData
.long efi_stub_entry - start @ AddressOfEntryPoint
.long start_offset @ BaseOfCode
- .long 0 @ BaseOfData
+ .long __pecoff_data_start - start @ BaseOfData
extra_header_fields:
.long 0 @ ImageBase
- .long SZ_512 @ SectionAlignment
+ .long SZ_4K @ SectionAlignment
.long SZ_512 @ FileAlignment
.short 0 @ MajorOsVersion
.short 0 @ MinorOsVersion
@@ -76,7 +76,7 @@ extra_header_fields:
.short 0 @ MinorSubsystemVersion
.long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
+ .long __pecoff_end - start @ SizeOfImage
.long start_offset @ SizeOfHeaders
.long 0 @ CheckSum
.short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
@@ -97,9 +97,9 @@ extra_header_fields:
section_table:
.ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
+ .long __pecoff_data_start - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
+ .long __pecoff_data_start - __efi_start @ SizeOfRawData
.long __efi_start @ PointerToRawData
.long 0 @ PointerToRelocations
.long 0 @ PointerToLineNumbers
@@ -107,12 +107,24 @@ section_table:
.short 0 @ NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
IMAGE_SCN_MEM_READ | \
- IMAGE_SCN_MEM_WRITE | \
IMAGE_SCN_MEM_EXECUTE @ Characteristics
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size @ VirtualSize
+ .long __pecoff_data_start - start @ VirtualAddress
+ .long __pecoff_data_rawsize @ SizeOfRawData
+ .long __pecoff_data_start - start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE @ Characteristics
+
.set section_count, (. - section_table) / 40
- .align 9
+ .align 12
__efi_start:
#endif
.endm
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 5d50daea466a..144e2f408292 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -51,13 +51,6 @@ SECTIONS
*(.rodata)
*(.rodata.*)
}
- .data : {
- /*
- * The EFI stub always executes from RAM, and runs strictly before the
- * decompressor, so we can make an exception for its r/w data, and keep it
- */
- *(.data.efistub)
- }
.piggydata : {
*(.piggydata)
}
@@ -73,6 +66,23 @@ SECTIONS
/* ensure the zImage file size is always a multiple of 64 bits */
/* (without a dummy byte, ld just ignores the empty section) */
.pad : { BYTE(0); . = ALIGN(8); }
+
+#ifdef CONFIG_EFI_STUB
+ .data : ALIGN(4096) {
+ __pecoff_data_start = .;
+ /*
+ * The EFI stub always executes from RAM, and runs strictly before the
+ * decompressor, so we can make an exception for its r/w data, and keep it
+ */
+ *(.data.efistub)
+ __pecoff_data_end = .;
+
+ . = ALIGN(512);
+ }
+ __pecoff_data_rawsize = . - ADDR(.data);
+ . = __pecoff_data_end;
+#endif
+
_edata = .;
_magic_sig = ZIMAGE_MAGIC(0x016f2818);
@@ -87,6 +97,9 @@ SECTIONS
. = ALIGN(8); /* the stack must be 64-bit aligned */
.stack : { *(.stack) }
+ PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
+ PROVIDE(__pecoff_end = ALIGN(512));
+
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 13/14] arm: efi: split zImage code and data into separate PE/COFF sections
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata, .piggytext and the GOT sections (which the
stub does not care about anyway), and a .data section with read-write
permissions, covering .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 30 ++++++++++++++------
arch/arm/boot/compressed/vmlinux.lds.S | 27 +++++++++++++-----
2 files changed, 41 insertions(+), 16 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 7ff2b2f05e4c..3cf09f7efced 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -57,16 +57,16 @@ optional_header:
.short PE_OPT_MAGIC_PE32 @ PE32 format
.byte 0x02 @ MajorLinkerVersion
.byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
+ .long __pecoff_data_start - __efi_start @ SizeOfCode
+ .long __pecoff_data_size @ SizeOfInitializedData
.long 0 @ SizeOfUninitializedData
.long efi_stub_entry - start @ AddressOfEntryPoint
.long start_offset @ BaseOfCode
- .long 0 @ BaseOfData
+ .long __pecoff_data_start - start @ BaseOfData
extra_header_fields:
.long 0 @ ImageBase
- .long SZ_512 @ SectionAlignment
+ .long SZ_4K @ SectionAlignment
.long SZ_512 @ FileAlignment
.short 0 @ MajorOsVersion
.short 0 @ MinorOsVersion
@@ -76,7 +76,7 @@ extra_header_fields:
.short 0 @ MinorSubsystemVersion
.long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
+ .long __pecoff_end - start @ SizeOfImage
.long start_offset @ SizeOfHeaders
.long 0 @ CheckSum
.short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
@@ -97,9 +97,9 @@ extra_header_fields:
section_table:
.ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
+ .long __pecoff_data_start - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
+ .long __pecoff_data_start - __efi_start @ SizeOfRawData
.long __efi_start @ PointerToRawData
.long 0 @ PointerToRelocations
.long 0 @ PointerToLineNumbers
@@ -107,12 +107,24 @@ section_table:
.short 0 @ NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
IMAGE_SCN_MEM_READ | \
- IMAGE_SCN_MEM_WRITE | \
IMAGE_SCN_MEM_EXECUTE @ Characteristics
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size @ VirtualSize
+ .long __pecoff_data_start - start @ VirtualAddress
+ .long __pecoff_data_rawsize @ SizeOfRawData
+ .long __pecoff_data_start - start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE @ Characteristics
+
.set section_count, (. - section_table) / 40
- .align 9
+ .align 12
__efi_start:
#endif
.endm
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 5d50daea466a..144e2f408292 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -51,13 +51,6 @@ SECTIONS
*(.rodata)
*(.rodata.*)
}
- .data : {
- /*
- * The EFI stub always executes from RAM, and runs strictly before the
- * decompressor, so we can make an exception for its r/w data, and keep it
- */
- *(.data.efistub)
- }
.piggydata : {
*(.piggydata)
}
@@ -73,6 +66,23 @@ SECTIONS
/* ensure the zImage file size is always a multiple of 64 bits */
/* (without a dummy byte, ld just ignores the empty section) */
.pad : { BYTE(0); . = ALIGN(8); }
+
+#ifdef CONFIG_EFI_STUB
+ .data : ALIGN(4096) {
+ __pecoff_data_start = .;
+ /*
+ * The EFI stub always executes from RAM, and runs strictly before the
+ * decompressor, so we can make an exception for its r/w data, and keep it
+ */
+ *(.data.efistub)
+ __pecoff_data_end = .;
+
+ . = ALIGN(512);
+ }
+ __pecoff_data_rawsize = . - ADDR(.data);
+ . = __pecoff_data_end;
+#endif
+
_edata = .;
_magic_sig = ZIMAGE_MAGIC(0x016f2818);
@@ -87,6 +97,9 @@ SECTIONS
. = ALIGN(8); /* the stack must be 64-bit aligned */
.stack : { *(.stack) }
+ PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
+ PROVIDE(__pecoff_end = ALIGN(512));
+
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 13/14] arm: efi: split zImage code and data into separate PE/COFF sections
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata, .piggytext and the GOT sections (which the
stub does not care about anyway), and a .data section with read-write
permissions, covering .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
| 30 ++++++++++++++------
arch/arm/boot/compressed/vmlinux.lds.S | 27 +++++++++++++-----
2 files changed, 41 insertions(+), 16 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 7ff2b2f05e4c..3cf09f7efced 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -57,16 +57,16 @@ optional_header:
.short PE_OPT_MAGIC_PE32 @ PE32 format
.byte 0x02 @ MajorLinkerVersion
.byte 0x14 @ MinorLinkerVersion
- .long _end - __efi_start @ SizeOfCode
- .long 0 @ SizeOfInitializedData
+ .long __pecoff_data_start - __efi_start @ SizeOfCode
+ .long __pecoff_data_size @ SizeOfInitializedData
.long 0 @ SizeOfUninitializedData
.long efi_stub_entry - start @ AddressOfEntryPoint
.long start_offset @ BaseOfCode
- .long 0 @ BaseOfData
+ .long __pecoff_data_start - start @ BaseOfData
extra_header_fields:
.long 0 @ ImageBase
- .long SZ_512 @ SectionAlignment
+ .long SZ_4K @ SectionAlignment
.long SZ_512 @ FileAlignment
.short 0 @ MajorOsVersion
.short 0 @ MinorOsVersion
@@ -76,7 +76,7 @@ extra_header_fields:
.short 0 @ MinorSubsystemVersion
.long 0 @ Win32VersionValue
- .long _end - start @ SizeOfImage
+ .long __pecoff_end - start @ SizeOfImage
.long start_offset @ SizeOfHeaders
.long 0 @ CheckSum
.short IMAGE_SUBSYSTEM_EFI_APPLICATION @ Subsystem
@@ -97,9 +97,9 @@ extra_header_fields:
section_table:
.ascii ".text\0\0\0"
- .long _end - __efi_start @ VirtualSize
+ .long __pecoff_data_start - __efi_start @ VirtualSize
.long __efi_start @ VirtualAddress
- .long _edata - __efi_start @ SizeOfRawData
+ .long __pecoff_data_start - __efi_start @ SizeOfRawData
.long __efi_start @ PointerToRawData
.long 0 @ PointerToRelocations
.long 0 @ PointerToLineNumbers
@@ -107,12 +107,24 @@ section_table:
.short 0 @ NumberOfLineNumbers
.long IMAGE_SCN_CNT_CODE | \
IMAGE_SCN_MEM_READ | \
- IMAGE_SCN_MEM_WRITE | \
IMAGE_SCN_MEM_EXECUTE @ Characteristics
+ .ascii ".data\0\0\0"
+ .long __pecoff_data_size @ VirtualSize
+ .long __pecoff_data_start - start @ VirtualAddress
+ .long __pecoff_data_rawsize @ SizeOfRawData
+ .long __pecoff_data_start - start @ PointerToRawData
+ .long 0 @ PointerToRelocations
+ .long 0 @ PointerToLineNumbers
+ .short 0 @ NumberOfRelocations
+ .short 0 @ NumberOfLineNumbers
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE @ Characteristics
+
.set section_count, (. - section_table) / 40
- .align 9
+ .align 12
__efi_start:
#endif
.endm
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 5d50daea466a..144e2f408292 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -51,13 +51,6 @@ SECTIONS
*(.rodata)
*(.rodata.*)
}
- .data : {
- /*
- * The EFI stub always executes from RAM, and runs strictly before the
- * decompressor, so we can make an exception for its r/w data, and keep it
- */
- *(.data.efistub)
- }
.piggydata : {
*(.piggydata)
}
@@ -73,6 +66,23 @@ SECTIONS
/* ensure the zImage file size is always a multiple of 64 bits */
/* (without a dummy byte, ld just ignores the empty section) */
.pad : { BYTE(0); . = ALIGN(8); }
+
+#ifdef CONFIG_EFI_STUB
+ .data : ALIGN(4096) {
+ __pecoff_data_start = .;
+ /*
+ * The EFI stub always executes from RAM, and runs strictly before the
+ * decompressor, so we can make an exception for its r/w data, and keep it
+ */
+ *(.data.efistub)
+ __pecoff_data_end = .;
+
+ . = ALIGN(512);
+ }
+ __pecoff_data_rawsize = . - ADDR(.data);
+ . = __pecoff_data_end;
+#endif
+
_edata = .;
_magic_sig = ZIMAGE_MAGIC(0x016f2818);
@@ -87,6 +97,9 @@ SECTIONS
. = ALIGN(8); /* the stack must be 64-bit aligned */
.stack : { *(.stack) }
+ PROVIDE(__pecoff_data_size = ALIGN(512) - ADDR(.data));
+ PROVIDE(__pecoff_end = ALIGN(512));
+
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 14/14] arm: efi: add PE/COFF debug table to EFI header
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-08 11:55 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
This updates the PE/COFF header to emit the absolute path to the
decompressor vmlinux ELF file into a so-called NB10 Codeview entry.
This is hugely helpful when debugging the firmware->stub handover.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/boot/compressed/Makefile | 4 ++
| 45 ++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index d50430c40045..6b978bdbac3e 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -196,3 +196,7 @@ AFLAGS_hyp-stub.o := -Wa,-march=armv7-a
$(obj)/hyp-stub.S: $(srctree)/arch/$(SRCARCH)/kernel/hyp-stub.S
$(call cmd,shipped)
+
+ifeq ($(CONFIG_EFI)$(CONFIG_DEBUG_INFO),yy)
+AFLAGS_head.o += -DVMLINUX_PATH="\"$(realpath $(obj)/vmlinux)\""
+endif
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 3cf09f7efced..dff3c72c7c5a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -95,6 +95,11 @@ extra_header_fields:
.quad 0 @ CertificationTable
.quad 0 @ BaseRelocationTable
+#ifdef CONFIG_DEBUG_INFO
+ .long efi_debug_table - start @ DebugTable
+ .long efi_debug_table_size
+#endif
+
section_table:
.ascii ".text\0\0\0"
.long __pecoff_data_start - __efi_start @ VirtualSize
@@ -124,6 +129,46 @@ section_table:
.set section_count, (. - section_table) / 40
+#ifdef CONFIG_DEBUG_INFO
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ .section ".rodata", #alloc
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 @ Characteristics
+ .long 0 @ TimeDateStamp
+ .short 0 @ MajorVersion
+ .short 0 @ MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW @ Type
+ .long efi_debug_entry_size @ SizeOfData
+ .long 0 @ RVA
+ .long efi_debug_entry - start @ FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" @ Signature
+ .long 0 @ Unknown
+ .long 0 @ Unknown2
+ .long 0 @ Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
.align 12
__efi_start:
#endif
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [PATCH v2 14/14] arm: efi: add PE/COFF debug table to EFI header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-arm-kernel
This updates the PE/COFF header to emit the absolute path to the
decompressor vmlinux ELF file into a so-called NB10 Codeview entry.
This is hugely helpful when debugging the firmware->stub handover.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/boot/compressed/Makefile | 4 ++
| 45 ++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index d50430c40045..6b978bdbac3e 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -196,3 +196,7 @@ AFLAGS_hyp-stub.o := -Wa,-march=armv7-a
$(obj)/hyp-stub.S: $(srctree)/arch/$(SRCARCH)/kernel/hyp-stub.S
$(call cmd,shipped)
+
+ifeq ($(CONFIG_EFI)$(CONFIG_DEBUG_INFO),yy)
+AFLAGS_head.o += -DVMLINUX_PATH="\"$(realpath $(obj)/vmlinux)\""
+endif
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 3cf09f7efced..dff3c72c7c5a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -95,6 +95,11 @@ extra_header_fields:
.quad 0 @ CertificationTable
.quad 0 @ BaseRelocationTable
+#ifdef CONFIG_DEBUG_INFO
+ .long efi_debug_table - start @ DebugTable
+ .long efi_debug_table_size
+#endif
+
section_table:
.ascii ".text\0\0\0"
.long __pecoff_data_start - __efi_start @ VirtualSize
@@ -124,6 +129,46 @@ section_table:
.set section_count, (. - section_table) / 40
+#ifdef CONFIG_DEBUG_INFO
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ .section ".rodata", #alloc
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 @ Characteristics
+ .long 0 @ TimeDateStamp
+ .short 0 @ MajorVersion
+ .short 0 @ MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW @ Type
+ .long efi_debug_entry_size @ SizeOfData
+ .long 0 @ RVA
+ .long efi_debug_entry - start @ FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" @ Signature
+ .long 0 @ Unknown
+ .long 0 @ Unknown2
+ .long 0 @ Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
.align 12
__efi_start:
#endif
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* [kernel-hardening] [PATCH v2 14/14] arm: efi: add PE/COFF debug table to EFI header
@ 2017-02-08 11:55 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-08 11:55 UTC (permalink / raw)
To: linux-efi, linux-arm-kernel, mark.rutland, leif.lindholm
Cc: catalin.marinas, linux, kernel-hardening, labbott, Ard Biesheuvel
This updates the PE/COFF header to emit the absolute path to the
decompressor vmlinux ELF file into a so-called NB10 Codeview entry.
This is hugely helpful when debugging the firmware->stub handover.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/boot/compressed/Makefile | 4 ++
| 45 ++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index d50430c40045..6b978bdbac3e 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -196,3 +196,7 @@ AFLAGS_hyp-stub.o := -Wa,-march=armv7-a
$(obj)/hyp-stub.S: $(srctree)/arch/$(SRCARCH)/kernel/hyp-stub.S
$(call cmd,shipped)
+
+ifeq ($(CONFIG_EFI)$(CONFIG_DEBUG_INFO),yy)
+AFLAGS_head.o += -DVMLINUX_PATH="\"$(realpath $(obj)/vmlinux)\""
+endif
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index 3cf09f7efced..dff3c72c7c5a 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -95,6 +95,11 @@ extra_header_fields:
.quad 0 @ CertificationTable
.quad 0 @ BaseRelocationTable
+#ifdef CONFIG_DEBUG_INFO
+ .long efi_debug_table - start @ DebugTable
+ .long efi_debug_table_size
+#endif
+
section_table:
.ascii ".text\0\0\0"
.long __pecoff_data_start - __efi_start @ VirtualSize
@@ -124,6 +129,46 @@ section_table:
.set section_count, (. - section_table) / 40
+#ifdef CONFIG_DEBUG_INFO
+ /*
+ * The debug table is referenced via its Relative Virtual Address (RVA),
+ * which is only defined for those parts of the image that are covered
+ * by a section declaration. Since this header is not covered by any
+ * section, the debug table must be emitted elsewhere. So stick it in
+ * the .init.rodata section instead.
+ *
+ * Note that the EFI debug entry itself may legally have a zero RVA,
+ * which means we can simply put it right after the section headers.
+ */
+ .section ".rodata", #alloc
+
+ .align 2
+efi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 @ Characteristics
+ .long 0 @ TimeDateStamp
+ .short 0 @ MajorVersion
+ .short 0 @ MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW @ Type
+ .long efi_debug_entry_size @ SizeOfData
+ .long 0 @ RVA
+ .long efi_debug_entry - start @ FileOffset
+
+ .set efi_debug_table_size, . - efi_debug_table
+ .previous
+
+efi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" @ Signature
+ .long 0 @ Unknown
+ .long 0 @ Unknown2
+ .long 0 @ Unknown3
+
+ .asciz VMLINUX_PATH
+
+ .set efi_debug_entry_size, . - efi_debug_entry
+#endif
+
.align 12
__efi_start:
#endif
--
2.7.4
^ permalink raw reply related [flat|nested] 69+ messages in thread
* Re: [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-10 10:10 ` Mark Rutland
-1 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:10 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:36AM +0000, Ard Biesheuvel wrote:
> In preparation of yet another round of modifications to the PE/COFF
> header, macroize it and move the definition into a separate source
> file.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 158 ++++++++++++++++++++
> arch/arm64/kernel/head.S | 150 +------------------
> 2 files changed, 161 insertions(+), 147 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> new file mode 100644
> index 000000000000..9b24ce130afb
> --- /dev/null
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -0,0 +1,158 @@
> +/*
> + * Copyright (C) 2013 - 2017 Linaro, Ltd.
> + * Copyright (C) 2013, 2014 Red Hat, Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> + .macro __EFI_PE_HEADER
> + .ascii "PE"
> + .short 0
> +coff_header:
> + .short 0xaa64 // AArch64
> + .short 2 // nr_sections
> + .long 0 // TimeDateStamp
> + .long 0 // PointerToSymbolTable
> + .long 1 // NumberOfSymbols
> + .short section_table - optional_header // SizeOfOptionalHeader
> + .short 0x206 // Characteristics.
> + // IMAGE_FILE_DEBUG_STRIPPED |
> + // IMAGE_FILE_EXECUTABLE_IMAGE |
> + // IMAGE_FILE_LINE_NUMS_STRIPPED
> +optional_header:
> + .short 0x20b // PE32+ format
> + .byte 0x02 // MajorLinkerVersion
> + .byte 0x14 // MinorLinkerVersion
> + .long _end - efi_header_end // SizeOfCode
> + .long 0 // SizeOfInitializedData
> + .long 0 // SizeOfUninitializedData
> + .long __efistub_entry - _head // AddressOfEntryPoint
> + .long efi_header_end - _head // BaseOfCode
> +
> +extra_header_fields:
> + .quad 0 // ImageBase
> + .long 0x1000 // SectionAlignment
> + .long PECOFF_FILE_ALIGNMENT // FileAlignment
> + .short 0 // MajorOperatingSystemVersion
> + .short 0 // MinorOperatingSystemVersion
> + .short 0 // MajorImageVersion
> + .short 0 // MinorImageVersion
> + .short 0 // MajorSubsystemVersion
> + .short 0 // MinorSubsystemVersion
> + .long 0 // Win32VersionValue
> +
> + .long _end - _head // SizeOfImage
> +
> + // Everything before the kernel image is considered part of the header
> + .long efi_header_end - _head // SizeOfHeaders
> + .long 0 // CheckSum
> + .short 0xa // Subsystem (EFI application)
> + .short 0 // DllCharacteristics
> + .quad 0 // SizeOfStackReserve
> + .quad 0 // SizeOfStackCommit
> + .quad 0 // SizeOfHeapReserve
> + .quad 0 // SizeOfHeapCommit
> + .long 0 // LoaderFlags
> + .long (section_table - .) / 8 // NumberOfRvaAndSizes
> +
> + .quad 0 // ExportTable
> + .quad 0 // ImportTable
> + .quad 0 // ResourceTable
> + .quad 0 // ExceptionTable
> + .quad 0 // CertificationTable
> + .quad 0 // BaseRelocationTable
> +
> +#ifdef CONFIG_DEBUG_EFI
> + .long efi_debug_table - _head // DebugTable
> + .long efi_debug_table_size
> +#endif
> +
> + // Section table
> +section_table:
> +
> + /*
> + * The EFI application loader requires a relocation section
> + * because EFI applications must be relocatable. This is a
> + * dummy section as far as we are concerned.
> + */
> + .ascii ".reloc"
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long 0
> + .long 0
> + .long 0 // SizeOfRawData
> + .long 0 // PointerToRawData
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0x42100040 // Characteristics (section flags)
> +
> +
> + .ascii ".text"
> + .byte 0
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long _end - efi_header_end // VirtualSize
> + .long efi_header_end - _head // VirtualAddress
> + .long _edata - efi_header_end // SizeOfRawData
> + .long efi_header_end - _head // PointerToRawData
> +
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0xe0500020 // Characteristics
> +
> +#ifdef CONFIG_DEBUG_EFI
> + /*
> + * The debug table is referenced via its Relative Virtual Address (RVA),
> + * which is only defined for those parts of the image that are covered
> + * by a section declaration. Since this header is not covered by any
> + * section, the debug table must be emitted elsewhere. So stick it in
> + * the .init.rodata section instead.
> + *
> + * Note that the EFI debug entry itself may legally have a zero RVA,
> + * which means we can simply put it right after the section headers.
> + */
> + __INITRODATA
> +
> + .align 2
> +efi_debug_table:
> + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> + .long 0 // Characteristics
> + .long 0 // TimeDateStamp
> + .short 0 // MajorVersion
> + .short 0 // MinorVersion
> + .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long efi_debug_entry_size // SizeOfData
> + .long 0 // RVA
> + .long efi_debug_entry - _head // FileOffset
> +
> + .set efi_debug_table_size, . - efi_debug_table
> + .previous
> +
> +efi_debug_entry:
> + // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> + .ascii "NB10" // Signature
> + .long 0 // Unknown
> + .long 0 // Unknown2
> + .long 0 // Unknown3
> +
> + .asciz VMLINUX_PATH
> +
> + .set efi_debug_entry_size, . - efi_debug_entry
> +#endif
> +
> + /*
> + * EFI will load .text onwards at the 4k section alignment
> + * described in the PE/COFF header. To ensure that instruction
> + * sequences using an adrp and a :lo12: immediate will function
> + * correctly at this alignment, we must ensure that .text is
> + * placed at a 4k boundary in the Image to begin with.
> + */
> + .align 12
> +efi_header_end:
> + .endm
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index c6cc82ec190b..f779a7483736 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -42,6 +42,8 @@
> #include <asm/thread_info.h>
> #include <asm/virt.h>
>
> +#include "efi-header.S"
> +
> #define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
>
> #if (TEXT_OFFSET & 0xfff) != 0
> @@ -102,153 +104,7 @@ _head:
> #ifdef CONFIG_EFI
> .align 3
> pe_header:
> - .ascii "PE"
> - .short 0
> -coff_header:
> - .short 0xaa64 // AArch64
> - .short 2 // nr_sections
> - .long 0 // TimeDateStamp
> - .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> - .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> -optional_header:
> - .short 0x20b // PE32+ format
> - .byte 0x02 // MajorLinkerVersion
> - .byte 0x14 // MinorLinkerVersion
> - .long _end - efi_header_end // SizeOfCode
> - .long 0 // SizeOfInitializedData
> - .long 0 // SizeOfUninitializedData
> - .long __efistub_entry - _head // AddressOfEntryPoint
> - .long efi_header_end - _head // BaseOfCode
> -
> -extra_header_fields:
> - .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> - .long PECOFF_FILE_ALIGNMENT // FileAlignment
> - .short 0 // MajorOperatingSystemVersion
> - .short 0 // MinorOperatingSystemVersion
> - .short 0 // MajorImageVersion
> - .short 0 // MinorImageVersion
> - .short 0 // MajorSubsystemVersion
> - .short 0 // MinorSubsystemVersion
> - .long 0 // Win32VersionValue
> -
> - .long _end - _head // SizeOfImage
> -
> - // Everything before the kernel image is considered part of the header
> - .long efi_header_end - _head // SizeOfHeaders
> - .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> - .short 0 // DllCharacteristics
> - .quad 0 // SizeOfStackReserve
> - .quad 0 // SizeOfStackCommit
> - .quad 0 // SizeOfHeapReserve
> - .quad 0 // SizeOfHeapCommit
> - .long 0 // LoaderFlags
> - .long (section_table - .) / 8 // NumberOfRvaAndSizes
> -
> - .quad 0 // ExportTable
> - .quad 0 // ImportTable
> - .quad 0 // ResourceTable
> - .quad 0 // ExceptionTable
> - .quad 0 // CertificationTable
> - .quad 0 // BaseRelocationTable
> -
> -#ifdef CONFIG_DEBUG_EFI
> - .long efi_debug_table - _head // DebugTable
> - .long efi_debug_table_size
> -#endif
> -
> - // Section table
> -section_table:
> -
> - /*
> - * The EFI application loader requires a relocation section
> - * because EFI applications must be relocatable. This is a
> - * dummy section as far as we are concerned.
> - */
> - .ascii ".reloc"
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long 0
> - .long 0
> - .long 0 // SizeOfRawData
> - .long 0 // PointerToRawData
> - .long 0 // PointerToRelocations
> - .long 0 // PointerToLineNumbers
> - .short 0 // NumberOfRelocations
> - .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> -
> -
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long _end - efi_header_end // VirtualSize
> - .long efi_header_end - _head // VirtualAddress
> - .long _edata - efi_header_end // SizeOfRawData
> - .long efi_header_end - _head // PointerToRawData
> -
> - .long 0 // PointerToRelocations (0 for executables)
> - .long 0 // PointerToLineNumbers (0 for executables)
> - .short 0 // NumberOfRelocations (0 for executables)
> - .short 0 // NumberOfLineNumbers (0 for executables)
> - .long 0xe0500020 // Characteristics (section flags)
> -
> -#ifdef CONFIG_DEBUG_EFI
> - /*
> - * The debug table is referenced via its Relative Virtual Address (RVA),
> - * which is only defined for those parts of the image that are covered
> - * by a section declaration. Since this header is not covered by any
> - * section, the debug table must be emitted elsewhere. So stick it in
> - * the .init.rodata section instead.
> - *
> - * Note that the EFI debug entry itself may legally have a zero RVA,
> - * which means we can simply put it right after the section headers.
> - */
> - __INITRODATA
> -
> - .align 2
> -efi_debug_table:
> - // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> - .long 0 // Characteristics
> - .long 0 // TimeDateStamp
> - .short 0 // MajorVersion
> - .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> - .long efi_debug_entry_size // SizeOfData
> - .long 0 // RVA
> - .long efi_debug_entry - _head // FileOffset
> -
> - .set efi_debug_table_size, . - efi_debug_table
> - .previous
> -
> -efi_debug_entry:
> - // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> - .ascii "NB10" // Signature
> - .long 0 // Unknown
> - .long 0 // Unknown2
> - .long 0 // Unknown3
> -
> - .asciz VMLINUX_PATH
> -
> - .set efi_debug_entry_size, . - efi_debug_entry
> -#endif
> -
> - /*
> - * EFI will load .text onwards at the 4k section alignment
> - * described in the PE/COFF header. To ensure that instruction
> - * sequences using an adrp and a :lo12: immediate will function
> - * correctly at this alignment, we must ensure that .text is
> - * placed at a 4k boundary in the Image to begin with.
> - */
> - .align 12
> -efi_header_end:
> + __EFI_PE_HEADER
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
@ 2017-02-10 10:10 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:10 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Feb 08, 2017 at 11:55:36AM +0000, Ard Biesheuvel wrote:
> In preparation of yet another round of modifications to the PE/COFF
> header, macroize it and move the definition into a separate source
> file.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 158 ++++++++++++++++++++
> arch/arm64/kernel/head.S | 150 +------------------
> 2 files changed, 161 insertions(+), 147 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> new file mode 100644
> index 000000000000..9b24ce130afb
> --- /dev/null
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -0,0 +1,158 @@
> +/*
> + * Copyright (C) 2013 - 2017 Linaro, Ltd.
> + * Copyright (C) 2013, 2014 Red Hat, Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> + .macro __EFI_PE_HEADER
> + .ascii "PE"
> + .short 0
> +coff_header:
> + .short 0xaa64 // AArch64
> + .short 2 // nr_sections
> + .long 0 // TimeDateStamp
> + .long 0 // PointerToSymbolTable
> + .long 1 // NumberOfSymbols
> + .short section_table - optional_header // SizeOfOptionalHeader
> + .short 0x206 // Characteristics.
> + // IMAGE_FILE_DEBUG_STRIPPED |
> + // IMAGE_FILE_EXECUTABLE_IMAGE |
> + // IMAGE_FILE_LINE_NUMS_STRIPPED
> +optional_header:
> + .short 0x20b // PE32+ format
> + .byte 0x02 // MajorLinkerVersion
> + .byte 0x14 // MinorLinkerVersion
> + .long _end - efi_header_end // SizeOfCode
> + .long 0 // SizeOfInitializedData
> + .long 0 // SizeOfUninitializedData
> + .long __efistub_entry - _head // AddressOfEntryPoint
> + .long efi_header_end - _head // BaseOfCode
> +
> +extra_header_fields:
> + .quad 0 // ImageBase
> + .long 0x1000 // SectionAlignment
> + .long PECOFF_FILE_ALIGNMENT // FileAlignment
> + .short 0 // MajorOperatingSystemVersion
> + .short 0 // MinorOperatingSystemVersion
> + .short 0 // MajorImageVersion
> + .short 0 // MinorImageVersion
> + .short 0 // MajorSubsystemVersion
> + .short 0 // MinorSubsystemVersion
> + .long 0 // Win32VersionValue
> +
> + .long _end - _head // SizeOfImage
> +
> + // Everything before the kernel image is considered part of the header
> + .long efi_header_end - _head // SizeOfHeaders
> + .long 0 // CheckSum
> + .short 0xa // Subsystem (EFI application)
> + .short 0 // DllCharacteristics
> + .quad 0 // SizeOfStackReserve
> + .quad 0 // SizeOfStackCommit
> + .quad 0 // SizeOfHeapReserve
> + .quad 0 // SizeOfHeapCommit
> + .long 0 // LoaderFlags
> + .long (section_table - .) / 8 // NumberOfRvaAndSizes
> +
> + .quad 0 // ExportTable
> + .quad 0 // ImportTable
> + .quad 0 // ResourceTable
> + .quad 0 // ExceptionTable
> + .quad 0 // CertificationTable
> + .quad 0 // BaseRelocationTable
> +
> +#ifdef CONFIG_DEBUG_EFI
> + .long efi_debug_table - _head // DebugTable
> + .long efi_debug_table_size
> +#endif
> +
> + // Section table
> +section_table:
> +
> + /*
> + * The EFI application loader requires a relocation section
> + * because EFI applications must be relocatable. This is a
> + * dummy section as far as we are concerned.
> + */
> + .ascii ".reloc"
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long 0
> + .long 0
> + .long 0 // SizeOfRawData
> + .long 0 // PointerToRawData
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0x42100040 // Characteristics (section flags)
> +
> +
> + .ascii ".text"
> + .byte 0
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long _end - efi_header_end // VirtualSize
> + .long efi_header_end - _head // VirtualAddress
> + .long _edata - efi_header_end // SizeOfRawData
> + .long efi_header_end - _head // PointerToRawData
> +
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0xe0500020 // Characteristics
> +
> +#ifdef CONFIG_DEBUG_EFI
> + /*
> + * The debug table is referenced via its Relative Virtual Address (RVA),
> + * which is only defined for those parts of the image that are covered
> + * by a section declaration. Since this header is not covered by any
> + * section, the debug table must be emitted elsewhere. So stick it in
> + * the .init.rodata section instead.
> + *
> + * Note that the EFI debug entry itself may legally have a zero RVA,
> + * which means we can simply put it right after the section headers.
> + */
> + __INITRODATA
> +
> + .align 2
> +efi_debug_table:
> + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> + .long 0 // Characteristics
> + .long 0 // TimeDateStamp
> + .short 0 // MajorVersion
> + .short 0 // MinorVersion
> + .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long efi_debug_entry_size // SizeOfData
> + .long 0 // RVA
> + .long efi_debug_entry - _head // FileOffset
> +
> + .set efi_debug_table_size, . - efi_debug_table
> + .previous
> +
> +efi_debug_entry:
> + // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> + .ascii "NB10" // Signature
> + .long 0 // Unknown
> + .long 0 // Unknown2
> + .long 0 // Unknown3
> +
> + .asciz VMLINUX_PATH
> +
> + .set efi_debug_entry_size, . - efi_debug_entry
> +#endif
> +
> + /*
> + * EFI will load .text onwards at the 4k section alignment
> + * described in the PE/COFF header. To ensure that instruction
> + * sequences using an adrp and a :lo12: immediate will function
> + * correctly at this alignment, we must ensure that .text is
> + * placed at a 4k boundary in the Image to begin with.
> + */
> + .align 12
> +efi_header_end:
> + .endm
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index c6cc82ec190b..f779a7483736 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -42,6 +42,8 @@
> #include <asm/thread_info.h>
> #include <asm/virt.h>
>
> +#include "efi-header.S"
> +
> #define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
>
> #if (TEXT_OFFSET & 0xfff) != 0
> @@ -102,153 +104,7 @@ _head:
> #ifdef CONFIG_EFI
> .align 3
> pe_header:
> - .ascii "PE"
> - .short 0
> -coff_header:
> - .short 0xaa64 // AArch64
> - .short 2 // nr_sections
> - .long 0 // TimeDateStamp
> - .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> - .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> -optional_header:
> - .short 0x20b // PE32+ format
> - .byte 0x02 // MajorLinkerVersion
> - .byte 0x14 // MinorLinkerVersion
> - .long _end - efi_header_end // SizeOfCode
> - .long 0 // SizeOfInitializedData
> - .long 0 // SizeOfUninitializedData
> - .long __efistub_entry - _head // AddressOfEntryPoint
> - .long efi_header_end - _head // BaseOfCode
> -
> -extra_header_fields:
> - .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> - .long PECOFF_FILE_ALIGNMENT // FileAlignment
> - .short 0 // MajorOperatingSystemVersion
> - .short 0 // MinorOperatingSystemVersion
> - .short 0 // MajorImageVersion
> - .short 0 // MinorImageVersion
> - .short 0 // MajorSubsystemVersion
> - .short 0 // MinorSubsystemVersion
> - .long 0 // Win32VersionValue
> -
> - .long _end - _head // SizeOfImage
> -
> - // Everything before the kernel image is considered part of the header
> - .long efi_header_end - _head // SizeOfHeaders
> - .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> - .short 0 // DllCharacteristics
> - .quad 0 // SizeOfStackReserve
> - .quad 0 // SizeOfStackCommit
> - .quad 0 // SizeOfHeapReserve
> - .quad 0 // SizeOfHeapCommit
> - .long 0 // LoaderFlags
> - .long (section_table - .) / 8 // NumberOfRvaAndSizes
> -
> - .quad 0 // ExportTable
> - .quad 0 // ImportTable
> - .quad 0 // ResourceTable
> - .quad 0 // ExceptionTable
> - .quad 0 // CertificationTable
> - .quad 0 // BaseRelocationTable
> -
> -#ifdef CONFIG_DEBUG_EFI
> - .long efi_debug_table - _head // DebugTable
> - .long efi_debug_table_size
> -#endif
> -
> - // Section table
> -section_table:
> -
> - /*
> - * The EFI application loader requires a relocation section
> - * because EFI applications must be relocatable. This is a
> - * dummy section as far as we are concerned.
> - */
> - .ascii ".reloc"
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long 0
> - .long 0
> - .long 0 // SizeOfRawData
> - .long 0 // PointerToRawData
> - .long 0 // PointerToRelocations
> - .long 0 // PointerToLineNumbers
> - .short 0 // NumberOfRelocations
> - .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> -
> -
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long _end - efi_header_end // VirtualSize
> - .long efi_header_end - _head // VirtualAddress
> - .long _edata - efi_header_end // SizeOfRawData
> - .long efi_header_end - _head // PointerToRawData
> -
> - .long 0 // PointerToRelocations (0 for executables)
> - .long 0 // PointerToLineNumbers (0 for executables)
> - .short 0 // NumberOfRelocations (0 for executables)
> - .short 0 // NumberOfLineNumbers (0 for executables)
> - .long 0xe0500020 // Characteristics (section flags)
> -
> -#ifdef CONFIG_DEBUG_EFI
> - /*
> - * The debug table is referenced via its Relative Virtual Address (RVA),
> - * which is only defined for those parts of the image that are covered
> - * by a section declaration. Since this header is not covered by any
> - * section, the debug table must be emitted elsewhere. So stick it in
> - * the .init.rodata section instead.
> - *
> - * Note that the EFI debug entry itself may legally have a zero RVA,
> - * which means we can simply put it right after the section headers.
> - */
> - __INITRODATA
> -
> - .align 2
> -efi_debug_table:
> - // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> - .long 0 // Characteristics
> - .long 0 // TimeDateStamp
> - .short 0 // MajorVersion
> - .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> - .long efi_debug_entry_size // SizeOfData
> - .long 0 // RVA
> - .long efi_debug_entry - _head // FileOffset
> -
> - .set efi_debug_table_size, . - efi_debug_table
> - .previous
> -
> -efi_debug_entry:
> - // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> - .ascii "NB10" // Signature
> - .long 0 // Unknown
> - .long 0 // Unknown2
> - .long 0 // Unknown3
> -
> - .asciz VMLINUX_PATH
> -
> - .set efi_debug_entry_size, . - efi_debug_entry
> -#endif
> -
> - /*
> - * EFI will load .text onwards at the 4k section alignment
> - * described in the PE/COFF header. To ensure that instruction
> - * sequences using an adrp and a :lo12: immediate will function
> - * correctly at this alignment, we must ensure that .text is
> - * placed at a 4k boundary in the Image to begin with.
> - */
> - .align 12
> -efi_header_end:
> + __EFI_PE_HEADER
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file
@ 2017-02-10 10:10 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:10 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:36AM +0000, Ard Biesheuvel wrote:
> In preparation of yet another round of modifications to the PE/COFF
> header, macroize it and move the definition into a separate source
> file.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 158 ++++++++++++++++++++
> arch/arm64/kernel/head.S | 150 +------------------
> 2 files changed, 161 insertions(+), 147 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> new file mode 100644
> index 000000000000..9b24ce130afb
> --- /dev/null
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -0,0 +1,158 @@
> +/*
> + * Copyright (C) 2013 - 2017 Linaro, Ltd.
> + * Copyright (C) 2013, 2014 Red Hat, Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> + .macro __EFI_PE_HEADER
> + .ascii "PE"
> + .short 0
> +coff_header:
> + .short 0xaa64 // AArch64
> + .short 2 // nr_sections
> + .long 0 // TimeDateStamp
> + .long 0 // PointerToSymbolTable
> + .long 1 // NumberOfSymbols
> + .short section_table - optional_header // SizeOfOptionalHeader
> + .short 0x206 // Characteristics.
> + // IMAGE_FILE_DEBUG_STRIPPED |
> + // IMAGE_FILE_EXECUTABLE_IMAGE |
> + // IMAGE_FILE_LINE_NUMS_STRIPPED
> +optional_header:
> + .short 0x20b // PE32+ format
> + .byte 0x02 // MajorLinkerVersion
> + .byte 0x14 // MinorLinkerVersion
> + .long _end - efi_header_end // SizeOfCode
> + .long 0 // SizeOfInitializedData
> + .long 0 // SizeOfUninitializedData
> + .long __efistub_entry - _head // AddressOfEntryPoint
> + .long efi_header_end - _head // BaseOfCode
> +
> +extra_header_fields:
> + .quad 0 // ImageBase
> + .long 0x1000 // SectionAlignment
> + .long PECOFF_FILE_ALIGNMENT // FileAlignment
> + .short 0 // MajorOperatingSystemVersion
> + .short 0 // MinorOperatingSystemVersion
> + .short 0 // MajorImageVersion
> + .short 0 // MinorImageVersion
> + .short 0 // MajorSubsystemVersion
> + .short 0 // MinorSubsystemVersion
> + .long 0 // Win32VersionValue
> +
> + .long _end - _head // SizeOfImage
> +
> + // Everything before the kernel image is considered part of the header
> + .long efi_header_end - _head // SizeOfHeaders
> + .long 0 // CheckSum
> + .short 0xa // Subsystem (EFI application)
> + .short 0 // DllCharacteristics
> + .quad 0 // SizeOfStackReserve
> + .quad 0 // SizeOfStackCommit
> + .quad 0 // SizeOfHeapReserve
> + .quad 0 // SizeOfHeapCommit
> + .long 0 // LoaderFlags
> + .long (section_table - .) / 8 // NumberOfRvaAndSizes
> +
> + .quad 0 // ExportTable
> + .quad 0 // ImportTable
> + .quad 0 // ResourceTable
> + .quad 0 // ExceptionTable
> + .quad 0 // CertificationTable
> + .quad 0 // BaseRelocationTable
> +
> +#ifdef CONFIG_DEBUG_EFI
> + .long efi_debug_table - _head // DebugTable
> + .long efi_debug_table_size
> +#endif
> +
> + // Section table
> +section_table:
> +
> + /*
> + * The EFI application loader requires a relocation section
> + * because EFI applications must be relocatable. This is a
> + * dummy section as far as we are concerned.
> + */
> + .ascii ".reloc"
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long 0
> + .long 0
> + .long 0 // SizeOfRawData
> + .long 0 // PointerToRawData
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0x42100040 // Characteristics (section flags)
> +
> +
> + .ascii ".text"
> + .byte 0
> + .byte 0
> + .byte 0 // end of 0 padding of section name
> + .long _end - efi_header_end // VirtualSize
> + .long efi_header_end - _head // VirtualAddress
> + .long _edata - efi_header_end // SizeOfRawData
> + .long efi_header_end - _head // PointerToRawData
> +
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long 0xe0500020 // Characteristics
> +
> +#ifdef CONFIG_DEBUG_EFI
> + /*
> + * The debug table is referenced via its Relative Virtual Address (RVA),
> + * which is only defined for those parts of the image that are covered
> + * by a section declaration. Since this header is not covered by any
> + * section, the debug table must be emitted elsewhere. So stick it in
> + * the .init.rodata section instead.
> + *
> + * Note that the EFI debug entry itself may legally have a zero RVA,
> + * which means we can simply put it right after the section headers.
> + */
> + __INITRODATA
> +
> + .align 2
> +efi_debug_table:
> + // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> + .long 0 // Characteristics
> + .long 0 // TimeDateStamp
> + .short 0 // MajorVersion
> + .short 0 // MinorVersion
> + .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long efi_debug_entry_size // SizeOfData
> + .long 0 // RVA
> + .long efi_debug_entry - _head // FileOffset
> +
> + .set efi_debug_table_size, . - efi_debug_table
> + .previous
> +
> +efi_debug_entry:
> + // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> + .ascii "NB10" // Signature
> + .long 0 // Unknown
> + .long 0 // Unknown2
> + .long 0 // Unknown3
> +
> + .asciz VMLINUX_PATH
> +
> + .set efi_debug_entry_size, . - efi_debug_entry
> +#endif
> +
> + /*
> + * EFI will load .text onwards at the 4k section alignment
> + * described in the PE/COFF header. To ensure that instruction
> + * sequences using an adrp and a :lo12: immediate will function
> + * correctly at this alignment, we must ensure that .text is
> + * placed at a 4k boundary in the Image to begin with.
> + */
> + .align 12
> +efi_header_end:
> + .endm
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index c6cc82ec190b..f779a7483736 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -42,6 +42,8 @@
> #include <asm/thread_info.h>
> #include <asm/virt.h>
>
> +#include "efi-header.S"
> +
> #define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
>
> #if (TEXT_OFFSET & 0xfff) != 0
> @@ -102,153 +104,7 @@ _head:
> #ifdef CONFIG_EFI
> .align 3
> pe_header:
> - .ascii "PE"
> - .short 0
> -coff_header:
> - .short 0xaa64 // AArch64
> - .short 2 // nr_sections
> - .long 0 // TimeDateStamp
> - .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> - .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> -optional_header:
> - .short 0x20b // PE32+ format
> - .byte 0x02 // MajorLinkerVersion
> - .byte 0x14 // MinorLinkerVersion
> - .long _end - efi_header_end // SizeOfCode
> - .long 0 // SizeOfInitializedData
> - .long 0 // SizeOfUninitializedData
> - .long __efistub_entry - _head // AddressOfEntryPoint
> - .long efi_header_end - _head // BaseOfCode
> -
> -extra_header_fields:
> - .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> - .long PECOFF_FILE_ALIGNMENT // FileAlignment
> - .short 0 // MajorOperatingSystemVersion
> - .short 0 // MinorOperatingSystemVersion
> - .short 0 // MajorImageVersion
> - .short 0 // MinorImageVersion
> - .short 0 // MajorSubsystemVersion
> - .short 0 // MinorSubsystemVersion
> - .long 0 // Win32VersionValue
> -
> - .long _end - _head // SizeOfImage
> -
> - // Everything before the kernel image is considered part of the header
> - .long efi_header_end - _head // SizeOfHeaders
> - .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> - .short 0 // DllCharacteristics
> - .quad 0 // SizeOfStackReserve
> - .quad 0 // SizeOfStackCommit
> - .quad 0 // SizeOfHeapReserve
> - .quad 0 // SizeOfHeapCommit
> - .long 0 // LoaderFlags
> - .long (section_table - .) / 8 // NumberOfRvaAndSizes
> -
> - .quad 0 // ExportTable
> - .quad 0 // ImportTable
> - .quad 0 // ResourceTable
> - .quad 0 // ExceptionTable
> - .quad 0 // CertificationTable
> - .quad 0 // BaseRelocationTable
> -
> -#ifdef CONFIG_DEBUG_EFI
> - .long efi_debug_table - _head // DebugTable
> - .long efi_debug_table_size
> -#endif
> -
> - // Section table
> -section_table:
> -
> - /*
> - * The EFI application loader requires a relocation section
> - * because EFI applications must be relocatable. This is a
> - * dummy section as far as we are concerned.
> - */
> - .ascii ".reloc"
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long 0
> - .long 0
> - .long 0 // SizeOfRawData
> - .long 0 // PointerToRawData
> - .long 0 // PointerToRelocations
> - .long 0 // PointerToLineNumbers
> - .short 0 // NumberOfRelocations
> - .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> -
> -
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> - .long _end - efi_header_end // VirtualSize
> - .long efi_header_end - _head // VirtualAddress
> - .long _edata - efi_header_end // SizeOfRawData
> - .long efi_header_end - _head // PointerToRawData
> -
> - .long 0 // PointerToRelocations (0 for executables)
> - .long 0 // PointerToLineNumbers (0 for executables)
> - .short 0 // NumberOfRelocations (0 for executables)
> - .short 0 // NumberOfLineNumbers (0 for executables)
> - .long 0xe0500020 // Characteristics (section flags)
> -
> -#ifdef CONFIG_DEBUG_EFI
> - /*
> - * The debug table is referenced via its Relative Virtual Address (RVA),
> - * which is only defined for those parts of the image that are covered
> - * by a section declaration. Since this header is not covered by any
> - * section, the debug table must be emitted elsewhere. So stick it in
> - * the .init.rodata section instead.
> - *
> - * Note that the EFI debug entry itself may legally have a zero RVA,
> - * which means we can simply put it right after the section headers.
> - */
> - __INITRODATA
> -
> - .align 2
> -efi_debug_table:
> - // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
> - .long 0 // Characteristics
> - .long 0 // TimeDateStamp
> - .short 0 // MajorVersion
> - .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> - .long efi_debug_entry_size // SizeOfData
> - .long 0 // RVA
> - .long efi_debug_entry - _head // FileOffset
> -
> - .set efi_debug_table_size, . - efi_debug_table
> - .previous
> -
> -efi_debug_entry:
> - // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
> - .ascii "NB10" // Signature
> - .long 0 // Unknown
> - .long 0 // Unknown2
> - .long 0 // Unknown3
> -
> - .asciz VMLINUX_PATH
> -
> - .set efi_debug_entry_size, . - efi_debug_entry
> -#endif
> -
> - /*
> - * EFI will load .text onwards at the 4k section alignment
> - * described in the PE/COFF header. To ensure that instruction
> - * sequences using an adrp and a :lo12: immediate will function
> - * correctly at this alignment, we must ensure that .text is
> - * placed at a 4k boundary in the Image to begin with.
> - */
> - .align 12
> -efi_header_end:
> + __EFI_PE_HEADER
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-10 10:11 ` Mark Rutland
-1 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:11 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
> After having split off the PE header, clean up the bits that remain:
> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
> fix the offset of the PE header pointer and remove the redundant .align
> that follows it.
>
> Also, since we will be eliminating all open coded constants from the
> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
> magic number with its .ascii equivalent.
>
> No changes to the resulting binary image are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm64/kernel/head.S | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index f779a7483736..aa8f6cd8c33f 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -91,20 +91,19 @@ _head:
> .quad 0 // reserved
> .quad 0 // reserved
> .quad 0 // reserved
> - .byte 0x41 // Magic number, "ARM\x64"
> - .byte 0x52
> - .byte 0x4d
> - .byte 0x64
> + .ascii "ARM\x64" // Magic number
> #ifdef CONFIG_EFI
> + /*
> + * PE/COFF requires the offset to the PE header
> + * to be stored at offset 0x3c into the file.
> + */
> + .org _head + 0x3c
> .long pe_header - _head // Offset to the PE header.
Do we really need the .org? We expect all the other fields to stay in
place without one, and it seems odd to special-case the PE header.
Otherwise, this looks good to me.
Thanks,
Mark.
> -#else
> - .word 0 // reserved
> -#endif
>
> -#ifdef CONFIG_EFI
> - .align 3
> pe_header:
> __EFI_PE_HEADER
> +#else
> + .long 0 // reserved
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-10 10:11 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:11 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
> After having split off the PE header, clean up the bits that remain:
> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
> fix the offset of the PE header pointer and remove the redundant .align
> that follows it.
>
> Also, since we will be eliminating all open coded constants from the
> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
> magic number with its .ascii equivalent.
>
> No changes to the resulting binary image are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm64/kernel/head.S | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index f779a7483736..aa8f6cd8c33f 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -91,20 +91,19 @@ _head:
> .quad 0 // reserved
> .quad 0 // reserved
> .quad 0 // reserved
> - .byte 0x41 // Magic number, "ARM\x64"
> - .byte 0x52
> - .byte 0x4d
> - .byte 0x64
> + .ascii "ARM\x64" // Magic number
> #ifdef CONFIG_EFI
> + /*
> + * PE/COFF requires the offset to the PE header
> + * to be stored at offset 0x3c into the file.
> + */
> + .org _head + 0x3c
> .long pe_header - _head // Offset to the PE header.
Do we really need the .org? We expect all the other fields to stay in
place without one, and it seems odd to special-case the PE header.
Otherwise, this looks good to me.
Thanks,
Mark.
> -#else
> - .word 0 // reserved
> -#endif
>
> -#ifdef CONFIG_EFI
> - .align 3
> pe_header:
> __EFI_PE_HEADER
> +#else
> + .long 0 // reserved
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-10 10:11 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:11 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
> After having split off the PE header, clean up the bits that remain:
> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
> fix the offset of the PE header pointer and remove the redundant .align
> that follows it.
>
> Also, since we will be eliminating all open coded constants from the
> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
> magic number with its .ascii equivalent.
>
> No changes to the resulting binary image are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm64/kernel/head.S | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> index f779a7483736..aa8f6cd8c33f 100644
> --- a/arch/arm64/kernel/head.S
> +++ b/arch/arm64/kernel/head.S
> @@ -91,20 +91,19 @@ _head:
> .quad 0 // reserved
> .quad 0 // reserved
> .quad 0 // reserved
> - .byte 0x41 // Magic number, "ARM\x64"
> - .byte 0x52
> - .byte 0x4d
> - .byte 0x64
> + .ascii "ARM\x64" // Magic number
> #ifdef CONFIG_EFI
> + /*
> + * PE/COFF requires the offset to the PE header
> + * to be stored at offset 0x3c into the file.
> + */
> + .org _head + 0x3c
> .long pe_header - _head // Offset to the PE header.
Do we really need the .org? We expect all the other fields to stay in
place without one, and it seems odd to special-case the PE header.
Otherwise, this looks good to me.
Thanks,
Mark.
> -#else
> - .word 0 // reserved
> -#endif
>
> -#ifdef CONFIG_EFI
> - .align 3
> pe_header:
> __EFI_PE_HEADER
> +#else
> + .long 0 // reserved
> #endif
>
> __INIT
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-10 10:13 ` Mark Rutland
-1 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:13 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
> Bring the PE/COFF header in line with the PE/COFF spec, by setting
> NumberOfSymbols to 0, and removing the section alignment flags.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
I take it that in practice EFI implementations don't care about these?
Assuming so:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Otherwise, we might want to fix this first, so that we can easily
backport it.
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 9b24ce130afb..515624bbfcd0 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -15,7 +15,7 @@ coff_header:
> .short 2 // nr_sections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> + .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> .short 0x206 // Characteristics.
> // IMAGE_FILE_DEBUG_STRIPPED |
> @@ -88,7 +88,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> + .long 0x42000040 // Characteristics (section flags)
>
>
> .ascii ".text"
> @@ -104,7 +104,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0500020 // Characteristics
> + .long 0xe0000020 // Characteristics
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-10 10:13 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:13 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
> Bring the PE/COFF header in line with the PE/COFF spec, by setting
> NumberOfSymbols to 0, and removing the section alignment flags.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
I take it that in practice EFI implementations don't care about these?
Assuming so:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Otherwise, we might want to fix this first, so that we can easily
backport it.
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 9b24ce130afb..515624bbfcd0 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -15,7 +15,7 @@ coff_header:
> .short 2 // nr_sections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> + .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> .short 0x206 // Characteristics.
> // IMAGE_FILE_DEBUG_STRIPPED |
> @@ -88,7 +88,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> + .long 0x42000040 // Characteristics (section flags)
>
>
> .ascii ".text"
> @@ -104,7 +104,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0500020 // Characteristics
> + .long 0xe0000020 // Characteristics
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-10 10:13 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:13 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
> Bring the PE/COFF header in line with the PE/COFF spec, by setting
> NumberOfSymbols to 0, and removing the section alignment flags.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
I take it that in practice EFI implementations don't care about these?
Assuming so:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Otherwise, we might want to fix this first, so that we can easily
backport it.
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 9b24ce130afb..515624bbfcd0 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -15,7 +15,7 @@ coff_header:
> .short 2 // nr_sections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> - .long 1 // NumberOfSymbols
> + .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> .short 0x206 // Characteristics.
> // IMAGE_FILE_DEBUG_STRIPPED |
> @@ -88,7 +88,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0x42100040 // Characteristics (section flags)
> + .long 0x42000040 // Characteristics (section flags)
>
>
> .ascii ".text"
> @@ -104,7 +104,7 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0500020 // Characteristics
> + .long 0xe0000020 // Characteristics
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-10 10:19 ` Mark Rutland
-1 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:19 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, kernel-hardening, catalin.marinas, linux,
leif.lindholm, linux-arm-kernel, labbott
On Wed, Feb 08, 2017 at 11:55:40AM +0000, Ard Biesheuvel wrote:
> Replace open coded constants with symbolic ones throughout the
> Image and the EFI headers. No binary level changes are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 38 +++++++++++---------
> 1 file changed, 21 insertions(+), 17 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 8786d58af2df..7637226ea9ca 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -7,22 +7,24 @@
> * published by the Free Software Foundation.
> */
>
> +#include <linux/pe.h>
> +#include <linux/sizes.h>
> +
> .macro __EFI_PE_HEADER
> - .ascii "PE"
> - .short 0
> + .long PE_MAGIC
> coff_header:
> - .short 0xaa64 // AArch64
> - .short 1 // nr_sections
> + .short IMAGE_FILE_MACHINE_ARM64 // Machine
> + .short section_count // NumberOfSections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> + .short IMAGE_FILE_DEBUG_STRIPPED | \
> + IMAGE_FILE_EXECUTABLE_IMAGE | \
> + IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
> +
> optional_header:
> - .short 0x20b // PE32+ format
> + .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
> .byte 0x02 // MajorLinkerVersion
> .byte 0x14 // MinorLinkerVersion
> .long _end - efi_header_end // SizeOfCode
> @@ -33,7 +35,7 @@ optional_header:
>
> extra_header_fields:
> .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> + .long SZ_4K // SectionAlignment
> .long PECOFF_FILE_ALIGNMENT // FileAlignment
> .short 0 // MajorOperatingSystemVersion
> .short 0 // MinorOperatingSystemVersion
> @@ -48,7 +50,7 @@ extra_header_fields:
> // Everything before the kernel image is considered part of the header
> .long efi_header_end - _head // SizeOfHeaders
> .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> + .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
> .short 0 // DllCharacteristics
> .quad 0 // SizeOfStackReserve
> .quad 0 // SizeOfStackCommit
> @@ -71,10 +73,7 @@ extra_header_fields:
>
> // Section table
> section_table:
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> + .ascii ".text\0\0\0"
> .long _end - efi_header_end // VirtualSize
> .long efi_header_end - _head // VirtualAddress
> .long _edata - efi_header_end // SizeOfRawData
> @@ -84,7 +83,12 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0000020 // Characteristics
> + .long IMAGE_SCN_CNT_CODE | \
> + IMAGE_SCN_MEM_EXECUTE | \
> + IMAGE_SCN_MEM_READ | \
> + IMAGE_SCN_MEM_WRITE // Characteristics
> +
> + .set section_count, (. - section_table) / 40
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> @@ -106,7 +110,7 @@ efi_debug_table:
> .long 0 // TimeDateStamp
> .short 0 // MajorVersion
> .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
> .long efi_debug_entry_size // SizeOfData
> .long 0 // RVA
> .long efi_debug_entry - _head // FileOffset
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
@ 2017-02-10 10:19 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:19 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Feb 08, 2017 at 11:55:40AM +0000, Ard Biesheuvel wrote:
> Replace open coded constants with symbolic ones throughout the
> Image and the EFI headers. No binary level changes are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 38 +++++++++++---------
> 1 file changed, 21 insertions(+), 17 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 8786d58af2df..7637226ea9ca 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -7,22 +7,24 @@
> * published by the Free Software Foundation.
> */
>
> +#include <linux/pe.h>
> +#include <linux/sizes.h>
> +
> .macro __EFI_PE_HEADER
> - .ascii "PE"
> - .short 0
> + .long PE_MAGIC
> coff_header:
> - .short 0xaa64 // AArch64
> - .short 1 // nr_sections
> + .short IMAGE_FILE_MACHINE_ARM64 // Machine
> + .short section_count // NumberOfSections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> + .short IMAGE_FILE_DEBUG_STRIPPED | \
> + IMAGE_FILE_EXECUTABLE_IMAGE | \
> + IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
> +
> optional_header:
> - .short 0x20b // PE32+ format
> + .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
> .byte 0x02 // MajorLinkerVersion
> .byte 0x14 // MinorLinkerVersion
> .long _end - efi_header_end // SizeOfCode
> @@ -33,7 +35,7 @@ optional_header:
>
> extra_header_fields:
> .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> + .long SZ_4K // SectionAlignment
> .long PECOFF_FILE_ALIGNMENT // FileAlignment
> .short 0 // MajorOperatingSystemVersion
> .short 0 // MinorOperatingSystemVersion
> @@ -48,7 +50,7 @@ extra_header_fields:
> // Everything before the kernel image is considered part of the header
> .long efi_header_end - _head // SizeOfHeaders
> .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> + .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
> .short 0 // DllCharacteristics
> .quad 0 // SizeOfStackReserve
> .quad 0 // SizeOfStackCommit
> @@ -71,10 +73,7 @@ extra_header_fields:
>
> // Section table
> section_table:
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> + .ascii ".text\0\0\0"
> .long _end - efi_header_end // VirtualSize
> .long efi_header_end - _head // VirtualAddress
> .long _edata - efi_header_end // SizeOfRawData
> @@ -84,7 +83,12 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0000020 // Characteristics
> + .long IMAGE_SCN_CNT_CODE | \
> + IMAGE_SCN_MEM_EXECUTE | \
> + IMAGE_SCN_MEM_READ | \
> + IMAGE_SCN_MEM_WRITE // Characteristics
> +
> + .set section_count, (. - section_table) / 40
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> @@ -106,7 +110,7 @@ efi_debug_table:
> .long 0 // TimeDateStamp
> .short 0 // MajorVersion
> .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
> .long efi_debug_entry_size // SizeOfData
> .long 0 // RVA
> .long efi_debug_entry - _head // FileOffset
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones
@ 2017-02-10 10:19 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:19 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:40AM +0000, Ard Biesheuvel wrote:
> Replace open coded constants with symbolic ones throughout the
> Image and the EFI headers. No binary level changes are intended.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 38 +++++++++++---------
> 1 file changed, 21 insertions(+), 17 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 8786d58af2df..7637226ea9ca 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -7,22 +7,24 @@
> * published by the Free Software Foundation.
> */
>
> +#include <linux/pe.h>
> +#include <linux/sizes.h>
> +
> .macro __EFI_PE_HEADER
> - .ascii "PE"
> - .short 0
> + .long PE_MAGIC
> coff_header:
> - .short 0xaa64 // AArch64
> - .short 1 // nr_sections
> + .short IMAGE_FILE_MACHINE_ARM64 // Machine
> + .short section_count // NumberOfSections
> .long 0 // TimeDateStamp
> .long 0 // PointerToSymbolTable
> .long 0 // NumberOfSymbols
> .short section_table - optional_header // SizeOfOptionalHeader
> - .short 0x206 // Characteristics.
> - // IMAGE_FILE_DEBUG_STRIPPED |
> - // IMAGE_FILE_EXECUTABLE_IMAGE |
> - // IMAGE_FILE_LINE_NUMS_STRIPPED
> + .short IMAGE_FILE_DEBUG_STRIPPED | \
> + IMAGE_FILE_EXECUTABLE_IMAGE | \
> + IMAGE_FILE_LINE_NUMS_STRIPPED // Characteristics
> +
> optional_header:
> - .short 0x20b // PE32+ format
> + .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
> .byte 0x02 // MajorLinkerVersion
> .byte 0x14 // MinorLinkerVersion
> .long _end - efi_header_end // SizeOfCode
> @@ -33,7 +35,7 @@ optional_header:
>
> extra_header_fields:
> .quad 0 // ImageBase
> - .long 0x1000 // SectionAlignment
> + .long SZ_4K // SectionAlignment
> .long PECOFF_FILE_ALIGNMENT // FileAlignment
> .short 0 // MajorOperatingSystemVersion
> .short 0 // MinorOperatingSystemVersion
> @@ -48,7 +50,7 @@ extra_header_fields:
> // Everything before the kernel image is considered part of the header
> .long efi_header_end - _head // SizeOfHeaders
> .long 0 // CheckSum
> - .short 0xa // Subsystem (EFI application)
> + .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem
> .short 0 // DllCharacteristics
> .quad 0 // SizeOfStackReserve
> .quad 0 // SizeOfStackCommit
> @@ -71,10 +73,7 @@ extra_header_fields:
>
> // Section table
> section_table:
> - .ascii ".text"
> - .byte 0
> - .byte 0
> - .byte 0 // end of 0 padding of section name
> + .ascii ".text\0\0\0"
> .long _end - efi_header_end // VirtualSize
> .long efi_header_end - _head // VirtualAddress
> .long _edata - efi_header_end // SizeOfRawData
> @@ -84,7 +83,12 @@ section_table:
> .long 0 // PointerToLineNumbers
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> - .long 0xe0000020 // Characteristics
> + .long IMAGE_SCN_CNT_CODE | \
> + IMAGE_SCN_MEM_EXECUTE | \
> + IMAGE_SCN_MEM_READ | \
> + IMAGE_SCN_MEM_WRITE // Characteristics
> +
> + .set section_count, (. - section_table) / 40
>
> #ifdef CONFIG_DEBUG_EFI
> /*
> @@ -106,7 +110,7 @@ efi_debug_table:
> .long 0 // TimeDateStamp
> .short 0 // MajorVersion
> .short 0 // MinorVersion
> - .long 2 // Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW
> + .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
> .long efi_debug_entry_size // SizeOfData
> .long 0 // RVA
> .long efi_debug_entry - _head // FileOffset
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
2017-02-08 11:55 ` Ard Biesheuvel
(?)
@ 2017-02-10 10:49 ` Mark Rutland
-1 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:49 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r,
leif.lindholm-QSEj5FYQhm4dnm+yROfE0A,
catalin.marinas-5wv7dgnIgG8, linux-I+IVW8TIWO2tmTQ+vhA3Yw,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8,
labbott-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy
On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
> To prevent unintended modifications to the kernel text (malicious or
> otherwise) while running the EFI stub, describe the kernel image as
> two separate sections: a .text section with read-execute permissions,
> covering .text, .rodata and .init.text, and a .data section with
> read-write permissions, covering .init.data, .data and .bss.
>
> This relies on the firmware to actually take the section permission
> flags into account, but this is something that is currently being
> implemented in EDK2, which means we will likely start seeing it in
> the wild between one and two years from now.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index b8deffa9e1bf..a93cc2b6f50b 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -149,6 +149,9 @@ SECTIONS
> ARM_EXIT_KEEP(EXIT_TEXT)
> }
>
> + . = ALIGN(SZ_4K);
> + __pecoff_data_start = .;
> +
I understand that the stub needs to split the init text/data since
unlike the kernel it'll map those with separate permissions, but it
feels odd to do this specifically for the EFI stub.
Yould it perhaps make more sense to always use separate segments for
init/exit text/data, and also apply the permission split in the kernel?
With that, I don't think we'd need additional stub-specific linker
script changes.
Thanks,
Mark.
> .init.data : {
> INIT_DATA
> INIT_SETUP(16)
> @@ -206,6 +209,7 @@ SECTIONS
> }
>
> PECOFF_EDATA_PADDING
> + __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
> _edata = .;
>
> BSS_SECTION(0, 0, 0)
> @@ -221,6 +225,7 @@ SECTIONS
> . += RESERVED_TTBR0_SIZE;
> #endif
>
> + __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
> _end = .;
>
> STABS_DEBUG
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-10 10:49 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:49 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
> To prevent unintended modifications to the kernel text (malicious or
> otherwise) while running the EFI stub, describe the kernel image as
> two separate sections: a .text section with read-execute permissions,
> covering .text, .rodata and .init.text, and a .data section with
> read-write permissions, covering .init.data, .data and .bss.
>
> This relies on the firmware to actually take the section permission
> flags into account, but this is something that is currently being
> implemented in EDK2, which means we will likely start seeing it in
> the wild between one and two years from now.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index b8deffa9e1bf..a93cc2b6f50b 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -149,6 +149,9 @@ SECTIONS
> ARM_EXIT_KEEP(EXIT_TEXT)
> }
>
> + . = ALIGN(SZ_4K);
> + __pecoff_data_start = .;
> +
I understand that the stub needs to split the init text/data since
unlike the kernel it'll map those with separate permissions, but it
feels odd to do this specifically for the EFI stub.
Yould it perhaps make more sense to always use separate segments for
init/exit text/data, and also apply the permission split in the kernel?
With that, I don't think we'd need additional stub-specific linker
script changes.
Thanks,
Mark.
> .init.data : {
> INIT_DATA
> INIT_SETUP(16)
> @@ -206,6 +209,7 @@ SECTIONS
> }
>
> PECOFF_EDATA_PADDING
> + __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
> _edata = .;
>
> BSS_SECTION(0, 0, 0)
> @@ -221,6 +225,7 @@ SECTIONS
> . += RESERVED_TTBR0_SIZE;
> #endif
>
> + __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
> _end = .;
>
> STABS_DEBUG
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-10 10:49 ` Mark Rutland
0 siblings, 0 replies; 69+ messages in thread
From: Mark Rutland @ 2017-02-10 10:49 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, leif.lindholm, catalin.marinas,
linux, kernel-hardening, labbott
On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
> To prevent unintended modifications to the kernel text (malicious or
> otherwise) while running the EFI stub, describe the kernel image as
> two separate sections: a .text section with read-execute permissions,
> covering .text, .rodata and .init.text, and a .data section with
> read-write permissions, covering .init.data, .data and .bss.
>
> This relies on the firmware to actually take the section permission
> flags into account, but this is something that is currently being
> implemented in EDK2, which means we will likely start seeing it in
> the wild between one and two years from now.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index b8deffa9e1bf..a93cc2b6f50b 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -149,6 +149,9 @@ SECTIONS
> ARM_EXIT_KEEP(EXIT_TEXT)
> }
>
> + . = ALIGN(SZ_4K);
> + __pecoff_data_start = .;
> +
I understand that the stub needs to split the init text/data since
unlike the kernel it'll map those with separate permissions, but it
feels odd to do this specifically for the EFI stub.
Yould it perhaps make more sense to always use separate segments for
init/exit text/data, and also apply the permission split in the kernel?
With that, I don't think we'd need additional stub-specific linker
script changes.
Thanks,
Mark.
> .init.data : {
> INIT_DATA
> INIT_SETUP(16)
> @@ -206,6 +209,7 @@ SECTIONS
> }
>
> PECOFF_EDATA_PADDING
> + __pecoff_data_rawsize = ABSOLUTE(. - __pecoff_data_start);
> _edata = .;
>
> BSS_SECTION(0, 0, 0)
> @@ -221,6 +225,7 @@ SECTIONS
> . += RESERVED_TTBR0_SIZE;
> #endif
>
> + __pecoff_data_size = ABSOLUTE(. - __pecoff_data_start);
> _end = .;
>
> STABS_DEBUG
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
2017-02-10 10:49 ` Mark Rutland
(?)
@ 2017-02-10 14:28 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:28 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi, linux-arm-kernel, Leif Lindholm, Catalin Marinas,
Russell King, kernel-hardening, Laura Abbott
On 10 February 2017 at 10:49, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
>> To prevent unintended modifications to the kernel text (malicious or
>> otherwise) while running the EFI stub, describe the kernel image as
>> two separate sections: a .text section with read-execute permissions,
>> covering .text, .rodata and .init.text, and a .data section with
>> read-write permissions, covering .init.data, .data and .bss.
>>
>> This relies on the firmware to actually take the section permission
>> flags into account, but this is something that is currently being
>> implemented in EDK2, which means we will likely start seeing it in
>> the wild between one and two years from now.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
>> index b8deffa9e1bf..a93cc2b6f50b 100644
>> --- a/arch/arm64/kernel/vmlinux.lds.S
>> +++ b/arch/arm64/kernel/vmlinux.lds.S
>> @@ -149,6 +149,9 @@ SECTIONS
>> ARM_EXIT_KEEP(EXIT_TEXT)
>> }
>>
>> + . = ALIGN(SZ_4K);
>> + __pecoff_data_start = .;
>> +
>
> I understand that the stub needs to split the init text/data since
> unlike the kernel it'll map those with separate permissions, but it
> feels odd to do this specifically for the EFI stub.
>
While the init code executes in a *much* more controlled environment
than the stub (which invokes various UEFI boot services to load
initrds/dtb from block storage, and may do god knows what during
ExitBootServices()), I think it is not unreasonable to split the init
mapping into rx/rw segments, given that it is the only place where we
have a good chunk of memory that is both writable and executable.
> Yould it perhaps make more sense to always use separate segments for
> init/exit text/data, and also apply the permission split in the kernel?
>
> With that, I don't think we'd need additional stub-specific linker
> script changes.
>
I will prototype this
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-10 14:28 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:28 UTC (permalink / raw)
To: linux-arm-kernel
On 10 February 2017 at 10:49, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
>> To prevent unintended modifications to the kernel text (malicious or
>> otherwise) while running the EFI stub, describe the kernel image as
>> two separate sections: a .text section with read-execute permissions,
>> covering .text, .rodata and .init.text, and a .data section with
>> read-write permissions, covering .init.data, .data and .bss.
>>
>> This relies on the firmware to actually take the section permission
>> flags into account, but this is something that is currently being
>> implemented in EDK2, which means we will likely start seeing it in
>> the wild between one and two years from now.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
>> index b8deffa9e1bf..a93cc2b6f50b 100644
>> --- a/arch/arm64/kernel/vmlinux.lds.S
>> +++ b/arch/arm64/kernel/vmlinux.lds.S
>> @@ -149,6 +149,9 @@ SECTIONS
>> ARM_EXIT_KEEP(EXIT_TEXT)
>> }
>>
>> + . = ALIGN(SZ_4K);
>> + __pecoff_data_start = .;
>> +
>
> I understand that the stub needs to split the init text/data since
> unlike the kernel it'll map those with separate permissions, but it
> feels odd to do this specifically for the EFI stub.
>
While the init code executes in a *much* more controlled environment
than the stub (which invokes various UEFI boot services to load
initrds/dtb from block storage, and may do god knows what during
ExitBootServices()), I think it is not unreasonable to split the init
mapping into rx/rw segments, given that it is the only place where we
have a good chunk of memory that is both writable and executable.
> Yould it perhaps make more sense to always use separate segments for
> init/exit text/data, and also apply the permission split in the kernel?
>
> With that, I don't think we'd need additional stub-specific linker
> script changes.
>
I will prototype this
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections
@ 2017-02-10 14:28 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:28 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi, linux-arm-kernel, Leif Lindholm, Catalin Marinas,
Russell King, kernel-hardening, Laura Abbott
On 10 February 2017 at 10:49, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:41AM +0000, Ard Biesheuvel wrote:
>> To prevent unintended modifications to the kernel text (malicious or
>> otherwise) while running the EFI stub, describe the kernel image as
>> two separate sections: a .text section with read-execute permissions,
>> covering .text, .rodata and .init.text, and a .data section with
>> read-write permissions, covering .init.data, .data and .bss.
>>
>> This relies on the firmware to actually take the section permission
>> flags into account, but this is something that is currently being
>> implemented in EDK2, which means we will likely start seeing it in
>> the wild between one and two years from now.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
>> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
>> index b8deffa9e1bf..a93cc2b6f50b 100644
>> --- a/arch/arm64/kernel/vmlinux.lds.S
>> +++ b/arch/arm64/kernel/vmlinux.lds.S
>> @@ -149,6 +149,9 @@ SECTIONS
>> ARM_EXIT_KEEP(EXIT_TEXT)
>> }
>>
>> + . = ALIGN(SZ_4K);
>> + __pecoff_data_start = .;
>> +
>
> I understand that the stub needs to split the init text/data since
> unlike the kernel it'll map those with separate permissions, but it
> feels odd to do this specifically for the EFI stub.
>
While the init code executes in a *much* more controlled environment
than the stub (which invokes various UEFI boot services to load
initrds/dtb from block storage, and may do god knows what during
ExitBootServices()), I think it is not unreasonable to split the init
mapping into rx/rw segments, given that it is the only place where we
have a good chunk of memory that is both writable and executable.
> Yould it perhaps make more sense to always use separate segments for
> init/exit text/data, and also apply the permission split in the kernel?
>
> With that, I don't think we'd need additional stub-specific linker
> script changes.
>
I will prototype this
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
2017-02-10 10:11 ` Mark Rutland
(?)
@ 2017-02-10 14:30 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:30 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi, linux-arm-kernel, Leif Lindholm, Catalin Marinas,
Russell King, kernel-hardening, Laura Abbott
On 10 February 2017 at 10:11, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
>> After having split off the PE header, clean up the bits that remain:
>> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
>> fix the offset of the PE header pointer and remove the redundant .align
>> that follows it.
>>
>> Also, since we will be eliminating all open coded constants from the
>> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
>> magic number with its .ascii equivalent.
>>
>> No changes to the resulting binary image are intended.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>> arch/arm64/kernel/head.S | 17 ++++++++---------
>> 1 file changed, 8 insertions(+), 9 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
>> index f779a7483736..aa8f6cd8c33f 100644
>> --- a/arch/arm64/kernel/head.S
>> +++ b/arch/arm64/kernel/head.S
>> @@ -91,20 +91,19 @@ _head:
>> .quad 0 // reserved
>> .quad 0 // reserved
>> .quad 0 // reserved
>> - .byte 0x41 // Magic number, "ARM\x64"
>> - .byte 0x52
>> - .byte 0x4d
>> - .byte 0x64
>> + .ascii "ARM\x64" // Magic number
>> #ifdef CONFIG_EFI
>> + /*
>> + * PE/COFF requires the offset to the PE header
>> + * to be stored at offset 0x3c into the file.
>> + */
>> + .org _head + 0x3c
>> .long pe_header - _head // Offset to the PE header.
>
>
> Do we really need the .org? We expect all the other fields to stay in
> place without one, and it seems odd to special-case the PE header.
>
No, we don't. But the PE header offset is the only header field that
covered by a requirement that goes beyond what we stipulate ourselves,
so it makes sense to make that explicit imo. However, I'm happy to
drop it if people disagree.
> Otherwise, this looks good to me.
>
Cheers,
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-10 14:30 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:30 UTC (permalink / raw)
To: linux-arm-kernel
On 10 February 2017 at 10:11, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
>> After having split off the PE header, clean up the bits that remain:
>> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
>> fix the offset of the PE header pointer and remove the redundant .align
>> that follows it.
>>
>> Also, since we will be eliminating all open coded constants from the
>> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
>> magic number with its .ascii equivalent.
>>
>> No changes to the resulting binary image are intended.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>> arch/arm64/kernel/head.S | 17 ++++++++---------
>> 1 file changed, 8 insertions(+), 9 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
>> index f779a7483736..aa8f6cd8c33f 100644
>> --- a/arch/arm64/kernel/head.S
>> +++ b/arch/arm64/kernel/head.S
>> @@ -91,20 +91,19 @@ _head:
>> .quad 0 // reserved
>> .quad 0 // reserved
>> .quad 0 // reserved
>> - .byte 0x41 // Magic number, "ARM\x64"
>> - .byte 0x52
>> - .byte 0x4d
>> - .byte 0x64
>> + .ascii "ARM\x64" // Magic number
>> #ifdef CONFIG_EFI
>> + /*
>> + * PE/COFF requires the offset to the PE header
>> + * to be stored at offset 0x3c into the file.
>> + */
>> + .org _head + 0x3c
>> .long pe_header - _head // Offset to the PE header.
>
>
> Do we really need the .org? We expect all the other fields to stay in
> place without one, and it seems odd to special-case the PE header.
>
No, we don't. But the PE header offset is the only header field that
covered by a requirement that goes beyond what we stipulate ourselves,
so it makes sense to make that explicit imo. However, I'm happy to
drop it if people disagree.
> Otherwise, this looks good to me.
>
Cheers,
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off
@ 2017-02-10 14:30 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:30 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi, linux-arm-kernel, Leif Lindholm, Catalin Marinas,
Russell King, kernel-hardening, Laura Abbott
On 10 February 2017 at 10:11, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:37AM +0000, Ard Biesheuvel wrote:
>> After having split off the PE header, clean up the bits that remain:
>> use .long consistently, merge two adjacent #ifdef CONFIG_EFI blocks,
>> fix the offset of the PE header pointer and remove the redundant .align
>> that follows it.
>>
>> Also, since we will be eliminating all open coded constants from the
>> EFI header in subsequent patches, let's replace the open coded "ARM\x64"
>> magic number with its .ascii equivalent.
>>
>> No changes to the resulting binary image are intended.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>> arch/arm64/kernel/head.S | 17 ++++++++---------
>> 1 file changed, 8 insertions(+), 9 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
>> index f779a7483736..aa8f6cd8c33f 100644
>> --- a/arch/arm64/kernel/head.S
>> +++ b/arch/arm64/kernel/head.S
>> @@ -91,20 +91,19 @@ _head:
>> .quad 0 // reserved
>> .quad 0 // reserved
>> .quad 0 // reserved
>> - .byte 0x41 // Magic number, "ARM\x64"
>> - .byte 0x52
>> - .byte 0x4d
>> - .byte 0x64
>> + .ascii "ARM\x64" // Magic number
>> #ifdef CONFIG_EFI
>> + /*
>> + * PE/COFF requires the offset to the PE header
>> + * to be stored at offset 0x3c into the file.
>> + */
>> + .org _head + 0x3c
>> .long pe_header - _head // Offset to the PE header.
>
>
> Do we really need the .org? We expect all the other fields to stay in
> place without one, and it seems odd to special-case the PE header.
>
No, we don't. But the PE header offset is the only header field that
covered by a requirement that goes beyond what we stipulate ourselves,
so it makes sense to make that explicit imo. However, I'm happy to
drop it if people disagree.
> Otherwise, this looks good to me.
>
Cheers,
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
2017-02-10 10:13 ` Mark Rutland
(?)
@ 2017-02-10 14:31 ` Ard Biesheuvel
-1 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:31 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r, Leif Lindholm,
Catalin Marinas, Russell King,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8, Laura Abbott
On 10 February 2017 at 10:13, Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org> wrote:
> On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
>> Bring the PE/COFF header in line with the PE/COFF spec, by setting
>> NumberOfSymbols to 0, and removing the section alignment flags.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
>
> I take it that in practice EFI implementations don't care about these?
Not at all. I just spotted it when I was cleaning up the header.
> Assuming so:
>
> Acked-by: Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>
>
> Otherwise, we might want to fix this first, so that we can easily
> backport it.
>
I wouldn't bother
^ permalink raw reply [flat|nested] 69+ messages in thread
* [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-10 14:31 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:31 UTC (permalink / raw)
To: linux-arm-kernel
On 10 February 2017 at 10:13, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
>> Bring the PE/COFF header in line with the PE/COFF spec, by setting
>> NumberOfSymbols to 0, and removing the section alignment flags.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> I take it that in practice EFI implementations don't care about these?
Not at all. I just spotted it when I was cleaning up the header.
> Assuming so:
>
> Acked-by: Mark Rutland <mark.rutland@arm.com>
>
> Otherwise, we might want to fix this first, so that we can easily
> backport it.
>
I wouldn't bother
^ permalink raw reply [flat|nested] 69+ messages in thread
* [kernel-hardening] Re: [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header
@ 2017-02-10 14:31 ` Ard Biesheuvel
0 siblings, 0 replies; 69+ messages in thread
From: Ard Biesheuvel @ 2017-02-10 14:31 UTC (permalink / raw)
To: Mark Rutland
Cc: linux-efi, linux-arm-kernel, Leif Lindholm, Catalin Marinas,
Russell King, kernel-hardening, Laura Abbott
On 10 February 2017 at 10:13, Mark Rutland <mark.rutland@arm.com> wrote:
> On Wed, Feb 08, 2017 at 11:55:38AM +0000, Ard Biesheuvel wrote:
>> Bring the PE/COFF header in line with the PE/COFF spec, by setting
>> NumberOfSymbols to 0, and removing the section alignment flags.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> I take it that in practice EFI implementations don't care about these?
Not at all. I just spotted it when I was cleaning up the header.
> Assuming so:
>
> Acked-by: Mark Rutland <mark.rutland@arm.com>
>
> Otherwise, we might want to fix this first, so that we can easily
> backport it.
>
I wouldn't bother
^ permalink raw reply [flat|nested] 69+ messages in thread
end of thread, other threads:[~2017-02-10 14:31 UTC | newest]
Thread overview: 69+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-08 11:55 [PATCH v2 00/14] arm64+ARM: efi: PE/COFF cleanup/hardening Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 01/14] include: pe.h: allow for use in assembly Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 02/14] include: pe.h: add some missing definitions Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 03/14] arm64: efi: move EFI header and related data to a separate .S file Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-10 10:10 ` Mark Rutland
2017-02-10 10:10 ` [kernel-hardening] " Mark Rutland
2017-02-10 10:10 ` Mark Rutland
2017-02-08 11:55 ` [PATCH v2 04/14] arm64: efi: clean up Image header after PE header has been split off Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-10 10:11 ` Mark Rutland
2017-02-10 10:11 ` [kernel-hardening] " Mark Rutland
2017-02-10 10:11 ` Mark Rutland
2017-02-10 14:30 ` Ard Biesheuvel
2017-02-10 14:30 ` [kernel-hardening] " Ard Biesheuvel
2017-02-10 14:30 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 05/14] arm64: efi: remove forbidden values from the PE/COFF header Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-10 10:13 ` Mark Rutland
2017-02-10 10:13 ` [kernel-hardening] " Mark Rutland
2017-02-10 10:13 ` Mark Rutland
2017-02-10 14:31 ` Ard Biesheuvel
2017-02-10 14:31 ` [kernel-hardening] " Ard Biesheuvel
2017-02-10 14:31 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 06/14] arm64: efi: remove pointless dummy .reloc section Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 07/14] arm64: efi: replace open coded constants with symbolic ones Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-10 10:19 ` Mark Rutland
2017-02-10 10:19 ` [kernel-hardening] " Mark Rutland
2017-02-10 10:19 ` Mark Rutland
2017-02-08 11:55 ` [PATCH v2 08/14] arm64: efi: split Image code and data into separate PE/COFF sections Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
[not found] ` <1486554947-3964-9-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2017-02-10 10:49 ` Mark Rutland
2017-02-10 10:49 ` [kernel-hardening] " Mark Rutland
2017-02-10 10:49 ` Mark Rutland
2017-02-10 14:28 ` Ard Biesheuvel
2017-02-10 14:28 ` [kernel-hardening] " Ard Biesheuvel
2017-02-10 14:28 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 09/14] arm: compressed: put zImage header and EFI header in dedicated section Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 10/14] arm: efi: remove forbidden values from the PE/COFF header Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 11/14] arm: efi: remove pointless dummy .reloc section Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 12/14] arm: efi: replace open coded constants with symbolic ones Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 13/14] arm: efi: split zImage code and data into separate PE/COFF sections Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
2017-02-08 11:55 ` [PATCH v2 14/14] arm: efi: add PE/COFF debug table to EFI header Ard Biesheuvel
2017-02-08 11:55 ` [kernel-hardening] " Ard Biesheuvel
2017-02-08 11:55 ` Ard Biesheuvel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.