From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 8/8] arm64: efi: split Image code and data into separate PE/COFF sections
Date: Thu, 30 Mar 2017 19:29:43 +0100 [thread overview]
Message-ID: <20170330182943.GD8062@leverpostej> (raw)
In-Reply-To: <20170323190051.14882-9-ard.biesheuvel@linaro.org>
On Thu, Mar 23, 2017 at 07:00:51PM +0000, Ard Biesheuvel wrote:
> To prevent unintended modifications to the kernel text (malicious or
> otherwise) while running the EFI stub, describe the kernel image as
> two separate sections: a .text section with read-execute permissions,
> covering .text, .rodata and .init.text, and a .data section with
> read-write permissions, covering .init.data, .data and .bss.
>
> This relies on the firmware to actually take the section permission
> flags into account, but this is something that is currently being
> implemented in EDK2, which means we will likely start seeing it in
> the wild between one and two years from now.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm64/kernel/efi-header.S | 23 +++++++++++++++-----
> arch/arm64/kernel/vmlinux.lds.S | 2 ++
> 2 files changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
> index 7637226ea9ca..613fc3000677 100644
> --- a/arch/arm64/kernel/efi-header.S
> +++ b/arch/arm64/kernel/efi-header.S
> @@ -27,8 +27,8 @@ optional_header:
> .short PE_OPT_MAGIC_PE32PLUS // PE32+ format
> .byte 0x02 // MajorLinkerVersion
> .byte 0x14 // MinorLinkerVersion
> - .long _end - efi_header_end // SizeOfCode
> - .long 0 // SizeOfInitializedData
> + .long __initdata_begin - efi_header_end // SizeOfCode
> + .long __pecoff_data_size // SizeOfInitializedData
> .long 0 // SizeOfUninitializedData
> .long __efistub_entry - _head // AddressOfEntryPoint
> .long efi_header_end - _head // BaseOfCode
> @@ -74,9 +74,9 @@ extra_header_fields:
> // Section table
> section_table:
> .ascii ".text\0\0\0"
> - .long _end - efi_header_end // VirtualSize
> + .long __initdata_begin - efi_header_end // VirtualSize
> .long efi_header_end - _head // VirtualAddress
> - .long _edata - efi_header_end // SizeOfRawData
> + .long __initdata_begin - efi_header_end // SizeOfRawData
> .long efi_header_end - _head // PointerToRawData
>
> .long 0 // PointerToRelocations
> @@ -84,7 +84,20 @@ section_table:
> .short 0 // NumberOfRelocations
> .short 0 // NumberOfLineNumbers
> .long IMAGE_SCN_CNT_CODE | \
> - IMAGE_SCN_MEM_EXECUTE | \
> + IMAGE_SCN_MEM_READ | \
> + IMAGE_SCN_MEM_EXECUTE // Characteristics
> +
> + .ascii ".data\0\0\0"
> + .long __pecoff_data_size // VirtualSize
> + .long __initdata_begin - _head // VirtualAddress
> + .long __pecoff_data_rawsize // SizeOfRawData
> + .long __initdata_begin - _head // PointerToRawData
> +
> + .long 0 // PointerToRelocations
> + .long 0 // PointerToLineNumbers
> + .short 0 // NumberOfRelocations
> + .short 0 // NumberOfLineNumbers
> + .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
> IMAGE_SCN_MEM_READ | \
> IMAGE_SCN_MEM_WRITE // Characteristics
>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index 2c93d259046c..987a00ee446c 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -213,6 +213,7 @@ SECTIONS
> }
>
> PECOFF_EDATA_PADDING
> + __pecoff_data_rawsize = ABSOLUTE(. - __initdata_begin);
> _edata = .;
>
> BSS_SECTION(0, 0, 0)
> @@ -228,6 +229,7 @@ SECTIONS
> . += RESERVED_TTBR0_SIZE;
> #endif
>
> + __pecoff_data_size = ABSOLUTE(. - __initdata_begin);
> _end = .;
>
> STABS_DEBUG
> --
> 2.9.3
>
next prev parent reply other threads:[~2017-03-30 18:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-23 19:00 [PATCH v3 0/8] arm64: efi: PE/COFF cleanup/hardening Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 1/8] include: pe.h: allow for use in assembly Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 2/8] include: pe.h: add some missing definitions Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 3/8] arm64: efi: move EFI header and related data to a separate .S file Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 4/8] arm64: efi: clean up Image header after PE header has been split off Ard Biesheuvel
2017-03-30 18:26 ` Will Deacon
2017-03-30 18:26 ` Mark Rutland
2017-03-23 19:00 ` [PATCH v3 5/8] arm64: efi: remove forbidden values from the PE/COFF header Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 6/8] arm64: efi: remove pointless dummy .reloc section Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 7/8] arm64: efi: replace open coded constants with symbolic ones Ard Biesheuvel
2017-03-23 19:00 ` [PATCH v3 8/8] arm64: efi: split Image code and data into separate PE/COFF sections Ard Biesheuvel
2017-03-30 18:29 ` Mark Rutland [this message]
2017-04-04 15:33 ` [PATCH v3 0/8] arm64: efi: PE/COFF cleanup/hardening Ard Biesheuvel
2017-04-04 16:57 ` Catalin Marinas
2017-04-04 17:02 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170330182943.GD8062@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox