linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ardb@kernel.org>,
	linux-kernel@vger.kernel.org,
	Arvind Sankar <nivedita@alum.mit.edu>,
	Christoph Hellwig <hch@lst.de>,
	David Hildenbrand <david@redhat.com>,
	Davidlohr Bueso <dave@stgolabs.net>,
	Guenter Roeck <linux@roeck-us.net>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Jonathan Corbet <corbet@lwn.net>,
	Lukas Bulwahn <lukas.bulwahn@gmail.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Nikolai Merinov <n.merinov@inango-systems.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Vladis Dronov <vdronov@redhat.com>
Subject: [PATCH 19/28] efi/x86: Don't relocate the kernel unless necessary
Date: Sun,  8 Mar 2020 09:08:50 +0100	[thread overview]
Message-ID: <20200308080859.21568-20-ardb@kernel.org> (raw)
In-Reply-To: <20200308080859.21568-1-ardb@kernel.org>

From: Arvind Sankar <nivedita@alum.mit.edu>

Add alignment slack to the PE image size, so that we can realign the
decompression buffer within the space allocated for the image.

Only relocate the kernel if it has been loaded at an unsuitable address:
* Below LOAD_PHYSICAL_ADDR, or
* Above 64T for 64-bit and 512MiB for 32-bit

For 32-bit, the upper limit is conservative, but the exact limit can be
difficult to calculate.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Link: https://lore.kernel.org/r/20200303221205.4048668-6-nivedita@alum.mit.edu
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/tools/build.c             | 16 +++++-------
 drivers/firmware/efi/libstub/x86-stub.c | 33 ++++++++++++++++++++++---
 2 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 3d03ad753ed5..db528961c283 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -238,21 +238,17 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz,
 
 	pe_header = get_unaligned_le32(&buf[0x3c]);
 
-#ifdef CONFIG_EFI_MIXED
 	/*
-	 * In mixed mode, we will execute startup_32() at whichever offset in
-	 * memory it happened to land when the PE/COFF loader loaded the image,
-	 * which may be misaligned with respect to the kernel_alignment field
-	 * in the setup header.
+	 * The PE/COFF loader may load the image at an address which is
+	 * misaligned with respect to the kernel_alignment field in the setup
+	 * header.
 	 *
-	 * In order for startup_32 to safely execute in place at this offset,
-	 * we need to ensure that the CONFIG_PHYSICAL_ALIGN aligned allocation
-	 * it creates for the page tables does not extend beyond the declared
-	 * size of the image in the PE/COFF header. So add the required slack.
+	 * In order to avoid relocating the kernel to correct the misalignment,
+	 * add slack to allow the buffer to be aligned within the declared size
+	 * of the image.
 	 */
 	bss_sz	+= CONFIG_PHYSICAL_ALIGN;
 	init_sz	+= CONFIG_PHYSICAL_ALIGN;
-#endif
 
 	/*
 	 * Size of code: Subtract the size of the first sector (512 bytes)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index 96bc4a8733c8..064941ecc36f 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -17,6 +17,9 @@
 
 #include "efistub.h"
 
+/* Maximum physical address for 64-bit kernel with 4-level paging */
+#define MAXMEM_X86_64_4LEVEL (1ull << 46)
+
 static efi_system_table_t *sys_table;
 extern const bool efi_is64;
 extern u32 image_offset;
@@ -718,6 +721,7 @@ unsigned long efi_main(efi_handle_t handle,
 			     struct boot_params *boot_params)
 {
 	unsigned long bzimage_addr = (unsigned long)startup_32;
+	unsigned long buffer_start, buffer_end;
 	struct setup_header *hdr = &boot_params->hdr;
 	efi_status_t status;
 	unsigned long cmdline_paddr;
@@ -729,10 +733,33 @@ unsigned long efi_main(efi_handle_t handle,
 		efi_exit(handle, EFI_INVALID_PARAMETER);
 
 	/*
-	 * If the kernel isn't already loaded at the preferred load
-	 * address, relocate it.
+	 * If the kernel isn't already loaded at a suitable address,
+	 * relocate it.
+	 *
+	 * It must be loaded above LOAD_PHYSICAL_ADDR.
+	 *
+	 * The maximum address for 64-bit is 1 << 46 for 4-level paging. This
+	 * is defined as the macro MAXMEM, but unfortunately that is not a
+	 * compile-time constant if 5-level paging is configured, so we instead
+	 * define our own macro for use here.
+	 *
+	 * For 32-bit, the maximum address is complicated to figure out, for
+	 * now use KERNEL_IMAGE_SIZE, which will be 512MiB, the same as what
+	 * KASLR uses.
+	 *
+	 * Also relocate it if image_offset is zero, i.e. we weren't loaded by
+	 * LoadImage, but we are not aligned correctly.
 	 */
-	if (bzimage_addr - image_offset != hdr->pref_address) {
+
+	buffer_start = ALIGN(bzimage_addr - image_offset,
+			     hdr->kernel_alignment);
+	buffer_end = buffer_start + hdr->init_size;
+
+	if ((buffer_start < LOAD_PHYSICAL_ADDR)				     ||
+	    (IS_ENABLED(CONFIG_X86_32) && buffer_end > KERNEL_IMAGE_SIZE)    ||
+	    (IS_ENABLED(CONFIG_X86_64) && buffer_end > MAXMEM_X86_64_4LEVEL) ||
+	    (image_offset == 0 && !IS_ALIGNED(bzimage_addr,
+					      hdr->kernel_alignment))) {
 		status = efi_relocate_kernel(&bzimage_addr,
 					     hdr->init_size, hdr->init_size,
 					     hdr->pref_address,
-- 
2.17.1


  parent reply	other threads:[~2020-03-08  8:10 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-08  8:08 [GIT PULL 00/28] More EFI fixes for v5.7 Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 01/28] efi/x86: Add TPM related EFI tables to unencrypted mapping checks Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 02/28] efi/x86: Add RNG seed EFI table to unencrypted mapping check Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 03/28] efi: don't shadow i in efi_config_parse_tables() Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 04/28] efi/arm: clean EFI stub exit code from cache instead of avoiding it Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 05/28] efi/arm64: " Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 06/28] efi: mark all EFI runtime services as unsupported on non-EFI boot Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 07/28] MAINTAINERS: adjust EFI entry to removing eboot.c Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 08/28] efi/libstub: add libstub/mem.c to documentation tree Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 09/28] efi/x86: Annotate the LOADED_IMAGE_PROTOCOL_GUID with SYM_DATA Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 10/28] efi/x86: Respect 32-bit ABI in efi32_pe_entry Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 11/28] efi/x86: Make efi32_pe_entry more readable Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 12/28] efi/x86: Avoid using code32_start Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 13/28] x86/boot: Use unsigned comparison for addresses Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 14/28] efi/libstub/x86: deal with exit() boot service returning Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 15/28] x86/boot/compressed/32: Save the output address instead of recalculating it Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 16/28] efi/x86: Decompress at start of PE image load address Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 17/28] efi/x86: Add kernel preferred address to PE header Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 18/28] efi/x86: Remove extra headroom for setup block Ard Biesheuvel
2020-03-08  8:08 ` Ard Biesheuvel [this message]
2020-03-08  8:08 ` [PATCH 20/28] efi/x86: ignore memory attributes table on i386 Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 21/28] efi/x86: preserve %ebx correctly in efi_set_virtual_address_map() Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 22/28] efi/libstub: avoid linking libstub/lib-ksyms.o into vmlinux Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 23/28] efi: fix a race and a buffer overflow while reading efivars via sysfs Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 24/28] efi: add a sanity check to efivar_store_raw() Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 25/28] efi: fix a mistype in comments mentioning efivar_entry_iter_begin() Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 26/28] efi/libstub/x86: use ULONG_MAX as upper bound for all allocations Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 27/28] efi/x86: Fix cast of image argument Ard Biesheuvel
2020-03-08  8:08 ` [PATCH 28/28] partitions/efi: Fix partition name parsing in GUID partition entry Ard Biesheuvel
2020-03-08  9:00 ` [GIT PULL 00/28] More EFI fixes for v5.7 Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200308080859.21568-20-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=corbet@lwn.net \
    --cc=dave@stgolabs.net \
    --cc=david@redhat.com \
    --cc=hch@lst.de \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@roeck-us.net \
    --cc=lukas.bulwahn@gmail.com \
    --cc=masahiroy@kernel.org \
    --cc=mingo@kernel.org \
    --cc=n.merinov@inango-systems.com \
    --cc=nivedita@alum.mit.edu \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=vdronov@redhat.com \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).