From patchwork Fri Jul 3 09:40:05 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 50617 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f199.google.com (mail-wi0-f199.google.com [209.85.212.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 8E78F214B3 for ; Fri, 3 Jul 2015 09:40:58 +0000 (UTC) Received: by wipp2 with SMTP id p2sf10361416wip.2 for ; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:reply-to:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version :content-type:content-transfer-encoding:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=zHBgEMRJVf9qI0dOcWHCx0rj091PbFclmYBU6rpv0SI=; b=JDFAF6OUxumgqD0Sk5aKJtEVqqxi1NI2EndDEK0SDHIsTjnMVKG8+ktdgTQ0Z6TDq4 L6O4oUlgPyCEHLnWLABODfcs5aCzJS3rcdTTZmTfj8L6vHGjnzyybdhzjrV6lg+yqnA5 Ub4I8xwOEhMh7JA2esXOCAtjMIpqQf/VWMwK6O8Pmdn+7hVwP26JDhBnI4i/xL80iWPd 6WZwruq5eZTmyv3DCCVfMJdF6MeqH1poSRfIBOLWNVxN+MiroHbBiJ3GHEU2tR3jduhb pGYQPxAG5VEd1z9TYI3o+KqChnLAfeSZapFyw3F/p9BkGR5Fe1sNF5cN1UWIWbHsCsYX a4HA== X-Gm-Message-State: ALoCoQmI2QMbtWaQxJfhNs4tYByN858+9JO1H6Sjt9n68suxdeeG+B7DwE/NwrMz+Z/FfDj0qfHr X-Received: by 10.152.2.196 with SMTP id 4mr22240966law.10.1435916457889; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.203.136 with SMTP id kq8ls504747lac.32.gmail; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) X-Received: by 10.112.89.201 with SMTP id bq9mr10484618lbb.39.1435916457609; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com. [209.85.215.42]) by mx.google.com with ESMTPS id qq9si6750371lbc.143.2015.07.03.02.40.57 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Jul 2015 02:40:57 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) client-ip=209.85.215.42; Received: by lagx9 with SMTP id x9so78679370lag.1 for ; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) X-Received: by 10.112.55.207 with SMTP id u15mr34906821lbp.88.1435916457240; Fri, 03 Jul 2015 02:40:57 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp1046368lbb; Fri, 3 Jul 2015 02:40:56 -0700 (PDT) X-Received: by 10.107.4.6 with SMTP id 6mr55978293ioe.49.1435916455717; Fri, 03 Jul 2015 02:40:55 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id fe15si8712955icb.16.2015.07.03.02.40.55 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 03 Jul 2015 02:40:55 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZAxSg-0000Jh-A0; Fri, 03 Jul 2015 09:40:46 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZAxSe-0000JN-Ut for edk2-devel@lists.sourceforge.net; Fri, 03 Jul 2015 09:40:44 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of linaro.org designates 74.125.82.44 as permitted sender) client-ip=74.125.82.44; envelope-from=ard.biesheuvel@linaro.org; helo=mail-wg0-f44.google.com; Received: from mail-wg0-f44.google.com ([74.125.82.44]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1ZAxSd-0003QM-S4 for edk2-devel@lists.sourceforge.net; Fri, 03 Jul 2015 09:40:44 +0000 Received: by wgck11 with SMTP id k11so83857409wgc.0 for ; Fri, 03 Jul 2015 02:40:37 -0700 (PDT) X-Received: by 10.194.76.132 with SMTP id k4mr65392827wjw.77.1435916437790; Fri, 03 Jul 2015 02:40:37 -0700 (PDT) Received: from localhost.localdomain ([185.13.106.72]) by mx.google.com with ESMTPSA id fa8sm12986803wib.14.2015.07.03.02.40.31 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 03 Jul 2015 02:40:36 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.sourceforge.net, michael.d.kinney@intel.com, Jiewen.Yao@intel.com, liming.gao@intel.com, jordan.l.justen@intel.com Date: Fri, 3 Jul 2015 11:40:05 +0200 Message-Id: <1435916407-29683-5-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1435916407-29683-1-git-send-email-ard.biesheuvel@linaro.org> References: <1435916407-29683-1-git-send-email-ard.biesheuvel@linaro.org> X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1ZAxSd-0003QM-S4 Subject: [edk2] [PATCH 4/6] MdePkg/BasePeCoffLib: fix handling of high/low relocation pairs X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 PeCoffLoaderRelocateImageForRuntime () reapplies relocations to prepare PE/COFF images for being invoked via a runtime virtual mapping. Since the image has already been executed at this point, it takes care to only update pointers that hold the same value they held at image load time. However, this check is incorrect for pairs of EFI_IMAGE_REL_BASED_HIGH and EFI_IMAGE_REL_BASED_LOW relocations, since the check does not take into account that the update may have affected only the other half of the 32-bit word the pair refers to. For instance, if the load time value and the current value are different in absolute value but equal modulo 64 KB, the EFI_IMAGE_REL_BASED_LOW will be reapplied inadvertently. So record the entire 32-bit value in the fixup data for each of the relocations, and compare the entire 32-bit value before applying either of the them. To handle false negatives in the comparisons that occur when the other relocation of a pair has been handled already, keep a per-page record of which 32-bit words have been partially relocated. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 47 ++++++++++++++++---- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c index 28c84062d125..23cb691ad729 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -1106,17 +1106,20 @@ PeCoffLoaderRelocateImage ( Fixup32 = (UINT32 *) (Fixup16 - 1); *Fixup16 = (UINT16) ((*Fixup32 + (UINT32) Adjust) >> 16); if (FixupData != NULL) { - *(UINT16 *) FixupData = *Fixup16; - FixupData = FixupData + sizeof (UINT16); + FixupData = ALIGN_POINTER (FixupData, sizeof (UINT32)); + *(UINT32 *) FixupData = *Fixup32 + (UINT32) Adjust; + FixupData = FixupData + sizeof (UINT32); } break; case EFI_IMAGE_REL_BASED_LOW: Fixup16 = (UINT16 *) Fixup; - *Fixup16 = (UINT16) (*Fixup16 + (UINT16) Adjust); + Fixup32 = (UINT32 *) Fixup16; + *Fixup16 = (UINT16) ((*Fixup32 + (UINT32) Adjust) & 0xffff); if (FixupData != NULL) { - *(UINT16 *) FixupData = *Fixup16; - FixupData = FixupData + sizeof (UINT16); + FixupData = ALIGN_POINTER (FixupData, sizeof (UINT32)); + *(UINT32 *) FixupData = *Fixup32 + (UINT32) Adjust; + FixupData = FixupData + sizeof (UINT32); } break; @@ -1725,6 +1728,8 @@ PeCoffLoaderRelocateImageForRuntime ( UINTN Adjust; RETURN_STATUS Status; UINT16 Magic; + UINT8 HighLowMask [SIZE_4KB / (8 * sizeof(UINT32))]; + UINTN HighLowMaskIndex; OldBase = (CHAR8 *)((UINTN)ImageBase); NewBase = (CHAR8 *)((UINTN)VirtImageBase); @@ -1816,6 +1821,8 @@ PeCoffLoaderRelocateImageForRuntime ( RelocEnd = (UINT16 *) ((UINT8 *) RelocBase + RelocBase->SizeOfBlock); FixupBase = (CHAR8 *) ((UINTN)ImageBase) + RelocBase->VirtualAddress; + ZeroMem (HighLowMask, sizeof (HighLowMask)); + // // Run this relocation record // @@ -1830,20 +1837,42 @@ PeCoffLoaderRelocateImageForRuntime ( case EFI_IMAGE_REL_BASED_HIGH: Fixup16 = (UINT16 *) Fixup; Fixup32 = (UINT32 *) (Fixup16 - 1); - if (*(UINT16 *) FixupData == *Fixup16) { + HighLowMaskIndex = ((UINTN) Fixup32 & SIZE_4KB) >> 2; + FixupData = ALIGN_POINTER (FixupData, sizeof (UINT32)); + if (*(UINT32 *) FixupData == *Fixup32 || + (HighLowMask [HighLowMaskIndex >> 3] & (1 << (HighLowMaskIndex & 7))) != 0) { + *Fixup16 = (UINT16) ((*Fixup32 + (UINT32) Adjust) >> 16); + + // + // Mark this location in the page as requiring the low relocation to + // be reapplied as well. This is necessary since the *Fixup comparison + // with its FixupData will fail now that we have updated the high word. + // + HighLowMask [HighLowMaskIndex >> 3] |= (1 << (HighLowMaskIndex & 7)); } - FixupData = FixupData + sizeof (UINT16); + FixupData = FixupData + sizeof (UINT32); break; case EFI_IMAGE_REL_BASED_LOW: Fixup16 = (UINT16 *) Fixup; - if (*(UINT16 *) FixupData == *Fixup16) { + HighLowMaskIndex = ((UINTN) Fixup16 & SIZE_4KB) >> 2; + FixupData = ALIGN_POINTER (FixupData, sizeof (UINT32)); + if (*(UINT32 *) FixupData == *(UINT32 *)Fixup || + (HighLowMask [HighLowMaskIndex >> 3] & (1 << (HighLowMaskIndex & 7))) != 0) { + *Fixup16 = (UINT16) (*Fixup16 + ((UINT16) Adjust & 0xffff)); + + // + // Mark this location in the page as requiring the high relocation to + // be reapplied as well. This is necessary since the *Fixup comparison + // with its FixupData will fail now that we have updated the low word. + // + HighLowMask [HighLowMaskIndex >> 3] |= (1 << (HighLowMaskIndex & 7)); } - FixupData = FixupData + sizeof (UINT16); + FixupData = FixupData + sizeof (UINT32); break; case EFI_IMAGE_REL_BASED_HIGHLOW: