From patchwork Sun Mar 1 23:04:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB6B5C3F2CD for ; Sun, 1 Mar 2020 23:04:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8CBB5246B4 for ; Sun, 1 Mar 2020 23:04:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726448AbgCAXEw (ORCPT ); Sun, 1 Mar 2020 18:04:52 -0500 Received: from mail-qk1-f175.google.com ([209.85.222.175]:44795 "EHLO mail-qk1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726700AbgCAXEk (ORCPT ); Sun, 1 Mar 2020 18:04:40 -0500 Received: by mail-qk1-f175.google.com with SMTP id f198so707490qke.11; Sun, 01 Mar 2020 15:04:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IZ0AjbtgZYbQmgeycgx4fTf3TsbCTcfSdl6G4jmsqCg=; b=B5WwEWH9pXCrhOj4AH2H8P6LUKUBP8cC69hez9R9FvKpowmP2REUd8S8RnWoQLK9lf MNQuKxUhi5VBvFGNHFu/jWo8EAyVetr8fs/hbzaGacabLsoCdoXhzaugJLhKB4kNEyE2 vXAhxm49Qjj0/ky1d2TaZEK6b3YeoqzFYRCdiWUGOLFcxi9TS8Jx/5bpSmtMNXcofIhr fbN0j0HFTzQIKJJjrOw1mwyAO5bWxGbIEedgqa6QIhmWRJhv6fo1wgYwshfT1irpfrIw BVaBQjxvf+Xgr8iq5zgTRdxBDiYNOZ4AuMNcd+xmmXqxg5ziPjnrUoCLEpYi9xKlJRnC r9YA== X-Gm-Message-State: APjAAAXeaWIH5x0vngmNBfc3sKdeMwXxZA0L6kvYly0Y3nxpByvJ1GHE +j98nDdwmNTxwP3MJ5En/fnzsP3PljE= X-Google-Smtp-Source: APXvYqzXeQubmG7BwOy8awbJEJ0VNG5+1+QlqryjrKh3BNhzIZGYDaqv6YlqnbRWjSFpKGBVzlvzVQ== X-Received: by 2002:a37:5285:: with SMTP id g127mr13356577qkb.315.1583103879165; Sun, 01 Mar 2020 15:04:39 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id n138sm9065082qkn.33.2020.03.01.15.04.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 15:04:38 -0800 (PST) From: Arvind Sankar To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/5] efi/x86: Respect 32-bit ABI in efi32_pe_entry Date: Sun, 1 Mar 2020 18:04:33 -0500 Message-Id: <20200301230436.2246909-3-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200301230436.2246909-1-nivedita@alum.mit.edu> References: <20200301230436.2246909-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org verify_cpu clobbers BX and DI. In case we have to return error, we need to preserve them to respect 32-bit calling convention. Signed-off-by: Arvind Sankar --- arch/x86/boot/compressed/head_64.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 8105e8348607..920daf62dac2 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -660,7 +660,11 @@ SYM_DATA(efi_is64, .byte 1) SYM_FUNC_START(efi32_pe_entry) pushl %ebp + pushl %ebx + pushl %edi call verify_cpu // check for long mode support + popl %edi + popl %ebx testl %eax, %eax movl $0x80000003, %eax // EFI_UNSUPPORTED jnz 3f From patchwork Sun Mar 1 23:04:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206502 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88904C3F2D1 for ; Sun, 1 Mar 2020 23:04:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 68AC22469C for ; Sun, 1 Mar 2020 23:04:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726845AbgCAXEm (ORCPT ); Sun, 1 Mar 2020 18:04:42 -0500 Received: from mail-qt1-f193.google.com ([209.85.160.193]:38935 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726418AbgCAXEl (ORCPT ); Sun, 1 Mar 2020 18:04:41 -0500 Received: by mail-qt1-f193.google.com with SMTP id e13so2679591qts.6; Sun, 01 Mar 2020 15:04:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rmV5IqscjIZivuAGdRTQkJJYXa88r33702K1Dz7eG0U=; b=HE/+8tYwyaWyJPL3sje7YiYjE3E4TzuRDcMAqonSuz+aMEGucgWoByNQOp9qElYaLL UnFYaG3kq1s+RtF81i+6ikmbA5lotLw/GyyLcO+EqYnMtSbi0k0Jxzb65kPiuy76MA+g bMS8DHBFRcPXBzEWT9dR7PbX7h1ZVhgtSlIj5AAdXOAjTimDKwTYf9mwNbqQvLswuuGV Mj0nV9Ih4SZ2Dzby7pdb12HBRs3C6tuMNane29AysdnEpzR1c86oK3GRvJ2TUW4kZYC6 i+xS0vHtkF1Hwkyqig1sxlcRdkl9j+k+xWEPeGOGSBwKcRKBaDRGZcJRSGH896JYTs1A YbxQ== X-Gm-Message-State: APjAAAUQQvf5kIiI3ZcdmBe4aWNQtOEVV2+BXKorL+lNqT/egVFMMl4I +C3vXO84Jgj8iGYF52MlHfgOh3yBeBc= X-Google-Smtp-Source: APXvYqwrOTQTq4Ldfu4ycs185PMTamy4EcVtEkfdUsQOwCAPB6QuwGrqtdvCKbFpZijKIpFhFc4ZlQ== X-Received: by 2002:ac8:7090:: with SMTP id y16mr12998941qto.356.1583103880601; Sun, 01 Mar 2020 15:04:40 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id n138sm9065082qkn.33.2020.03.01.15.04.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 15:04:40 -0800 (PST) From: Arvind Sankar To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 4/5] efi/x86: Avoid using code32_start Date: Sun, 1 Mar 2020 18:04:35 -0500 Message-Id: <20200301230436.2246909-5-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200301230436.2246909-1-nivedita@alum.mit.edu> References: <20200301230436.2246909-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org code32_start is meant for 16-bit real-mode bootloaders to inform the kernel where the 32-bit protected mode code starts. Nothing in the protected mode kernel except the EFI stub uses it. efi_main currently returns boot_params, with code32_start set inside it to tell efi_stub_entry where startup_32 is located. Since it was invoked by efi_stub_entry in the first place, boot_params is already known. Return the address of startup_32 instead. This will allow a 64-bit kernel to live above 4Gb, for example, and it's cleaner. Signed-off-by: Arvind Sankar --- arch/x86/boot/compressed/head_32.S | 3 +-- arch/x86/boot/compressed/head_64.S | 4 ++-- arch/x86/kernel/asm-offsets.c | 1 - drivers/firmware/efi/libstub/x86-stub.c | 10 +++++----- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 2f8138b71ea9..e013bdc1237b 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -156,9 +156,8 @@ SYM_FUNC_END(startup_32) SYM_FUNC_START(efi32_stub_entry) SYM_FUNC_START_ALIAS(efi_stub_entry) add $0x4, %esp + movl 8(%esp), %esi /* save boot_params pointer */ call efi_main - movl %eax, %esi - movl BP_code32_start(%esi), %eax leal startup_32(%eax), %eax jmp *%eax SYM_FUNC_END(efi32_stub_entry) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index fabbd4c2e9f2..6a4ff919008c 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -472,9 +472,9 @@ SYM_CODE_END(startup_64) SYM_FUNC_START(efi64_stub_entry) SYM_FUNC_START_ALIAS(efi_stub_entry) and $~0xf, %rsp /* realign the stack */ + movq %rdx, %rbx /* save boot_params pointer */ call efi_main - movq %rax,%rsi - movl BP_code32_start(%esi), %eax + movq %rbx,%rsi leaq startup_64(%rax), %rax jmp *%rax SYM_FUNC_END(efi64_stub_entry) diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c index 5c7ee3df4d0b..3ca07ad552ae 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -88,7 +88,6 @@ static void __used common(void) OFFSET(BP_kernel_alignment, boot_params, hdr.kernel_alignment); OFFSET(BP_init_size, boot_params, hdr.init_size); OFFSET(BP_pref_address, boot_params, hdr.pref_address); - OFFSET(BP_code32_start, boot_params, hdr.code32_start); BLANK(); DEFINE(PTREGS_SIZE, sizeof(struct pt_regs)); diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 9db98839d7b4..7f3e97c2aad3 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -703,10 +703,11 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle) } /* - * On success we return a pointer to a boot_params structure, and NULL - * on failure. + * On success, we return the address of startup_32, which has potentially been + * relocated by efi_relocate_kernel. + * On failure, we exit to the firmware via efi_exit instead of returning. */ -struct boot_params *efi_main(efi_handle_t handle, +unsigned long efi_main(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { @@ -736,7 +737,6 @@ struct boot_params *efi_main(efi_handle_t handle, goto fail; } } - hdr->code32_start = (u32)bzimage_addr; /* * efi_pe_entry() may have been called before efi_main(), in which @@ -799,7 +799,7 @@ struct boot_params *efi_main(efi_handle_t handle, goto fail; } - return boot_params; + return bzimage_addr; fail: efi_printk("efi_main() failed!\n"); From patchwork Sun Mar 1 23:05:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arvind Sankar X-Patchwork-Id: 206499 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 269E1C3F2D4 for ; Sun, 1 Mar 2020 23:05:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 04B4B246B6 for ; Sun, 1 Mar 2020 23:05:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727030AbgCAXFo (ORCPT ); Sun, 1 Mar 2020 18:05:44 -0500 Received: from mail-qt1-f196.google.com ([209.85.160.196]:46332 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727005AbgCAXFn (ORCPT ); Sun, 1 Mar 2020 18:05:43 -0500 Received: by mail-qt1-f196.google.com with SMTP id i14so6212737qtv.13; Sun, 01 Mar 2020 15:05:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TmFYuzkHLJ+9f+n2eD9AkXx/hb/8ewiBrSbG+YWInKU=; b=o5futjXflWk6FYfg4ZotfR3My9uS6UWiksgyuvm3U2rN8VMoXMzHcJRmFrwl8GUsdR 3UJumQXIqn2hb4Pwt0wdZMRzHoSHW3gKI/h7qpEhLhegAC/SSlgOuAntggyGbvhC4aIp L6y/o06UZfqec1FLO2Omxwijujik1bxTUMRlXVZqYZkDP5cLM+LioojPQFquW6tLXana 7P7A4RGWAMd/VwbAG0QcnphXSJjXAwl07wYE98xH1WmOgsyQGmt2Qp2km9OQJMO1sibT eKewm1kUlM/iQoXByQEUknyxYix5ED/axD6E75zAiH82j/w8soHUqNrnPaijYRNYxLfI X30g== X-Gm-Message-State: APjAAAXG3Fv5gc+CAh/ya4G/5uiSUNq9+rBv0+mQKP+iCZKsMHASxiOR 0W9fTo2ImQVcf4dZzqLOLu8SNqNEG5I= X-Google-Smtp-Source: APXvYqz/ZnQmNXnaD3opX5tIEqGHyNHgrpjw244GOuT120Ygti5FJZKl4SumZxSBIr2iwO0v8SCeAA== X-Received: by 2002:ac8:4e91:: with SMTP id 17mr13884767qtp.133.1583103942086; Sun, 01 Mar 2020 15:05:42 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id x131sm8923906qka.1.2020.03.01.15.05.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 15:05:41 -0800 (PST) From: Arvind Sankar To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 5/5] efi/x86: Don't relocate the kernel unless necessary Date: Sun, 1 Mar 2020 18:05:37 -0500 Message-Id: <20200301230537.2247550-6-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200301230537.2247550-1-nivedita@alum.mit.edu> References: <20200301230537.2247550-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Add alignment slack to the PE image size, so that we can realign the decompression buffer within the space allocated for the image. Only relocate the kernel if it has been loaded at an unsuitable address: * Below LOAD_PHYSICAL_ADDR, or * Above 64T for 64-bit and 512MiB for 32-bit For 32-bit, the upper limit is conservative, but the exact limit can be difficult to calculate. Signed-off-by: Arvind Sankar --- arch/x86/boot/tools/build.c | 16 ++++++---------- drivers/firmware/efi/libstub/x86-stub.c | 22 +++++++++++++++++++--- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c index 3d03ad753ed5..db528961c283 100644 --- a/arch/x86/boot/tools/build.c +++ b/arch/x86/boot/tools/build.c @@ -238,21 +238,17 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz, pe_header = get_unaligned_le32(&buf[0x3c]); -#ifdef CONFIG_EFI_MIXED /* - * In mixed mode, we will execute startup_32() at whichever offset in - * memory it happened to land when the PE/COFF loader loaded the image, - * which may be misaligned with respect to the kernel_alignment field - * in the setup header. + * The PE/COFF loader may load the image at an address which is + * misaligned with respect to the kernel_alignment field in the setup + * header. * - * In order for startup_32 to safely execute in place at this offset, - * we need to ensure that the CONFIG_PHYSICAL_ALIGN aligned allocation - * it creates for the page tables does not extend beyond the declared - * size of the image in the PE/COFF header. So add the required slack. + * In order to avoid relocating the kernel to correct the misalignment, + * add slack to allow the buffer to be aligned within the declared size + * of the image. */ bss_sz += CONFIG_PHYSICAL_ALIGN; init_sz += CONFIG_PHYSICAL_ALIGN; -#endif /* * Size of code: Subtract the size of the first sector (512 bytes) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 0c4a6352cfd3..957feeacdd8f 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -717,6 +717,7 @@ unsigned long efi_main(efi_handle_t handle, struct boot_params *boot_params) { unsigned long bzimage_addr = (unsigned long)startup_32; + unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; efi_status_t status; unsigned long cmdline_paddr; @@ -728,10 +729,25 @@ unsigned long efi_main(efi_handle_t handle, efi_exit(handle, EFI_INVALID_PARAMETER); /* - * If the kernel isn't already loaded at the preferred load - * address, relocate it. + * If the kernel isn't already loaded at a suitable address, + * relocate it. + * It must be loaded above LOAD_PHYSICAL_ADDR. + * The maximum address for 64-bit is 1 << 46 for 4-level paging. + * For 32-bit, the maximum address is complicated to figure out, for + * now use KERNEL_IMAGE_SIZE, which will be 512MiB, the same as what + * KASLR uses. + * Also relocate it if image_offset is zero, i.e. we weren't loaded by + * LoadImage, but we are not aligned correctly. */ - if (bzimage_addr - image_offset != hdr->pref_address) { + buffer_start = ALIGN(bzimage_addr - image_offset, + hdr->kernel_alignment); + buffer_end = buffer_start + hdr->init_size; + + if (buffer_start < LOAD_PHYSICAL_ADDR + || IS_ENABLED(CONFIG_X86_32) && buffer_end > KERNEL_IMAGE_SIZE + || IS_ENABLED(CONFIG_X86_64) && buffer_end > 1ull << 46 + || image_offset == 0 && !IS_ALIGNED(bzimage_addr, + hdr->kernel_alignment)) { status = efi_relocate_kernel(&bzimage_addr, hdr->init_size, hdr->init_size, hdr->pref_address,