From patchwork Wed Oct 19 11:40:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 78228 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp201256qge; Wed, 19 Oct 2016 04:42:41 -0700 (PDT) X-Received: by 10.99.109.75 with SMTP id i72mr8539096pgc.151.1476877361175; Wed, 19 Oct 2016 04:42:41 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id c72si36773771pga.56.2016.10.19.04.42.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 04:42:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bwpFP-0005yQ-UU; Wed, 19 Oct 2016 11:41:27 +0000 Received: from mail-qk0-x234.google.com ([2607:f8b0:400d:c09::234]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bwpFA-0005OB-6L for linux-arm-kernel@lists.infradead.org; Wed, 19 Oct 2016 11:41:14 +0000 Received: by mail-qk0-x234.google.com with SMTP id o68so29196748qkf.3 for ; Wed, 19 Oct 2016 04:40:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+BzKQ850mpXbo8Avee+wM4e0J4l0bDCVd0sUikm28aU=; b=SUGISuPvisftHRmCHI8k8cgwttlxtN/CsVFjFt6yi1hgmY9hs86aY62Mxd7Ab7slQM FpXrcReXvYx7DQIUta5vfEd6eyua54UNsRL/WT8GsggN9Q8OPq1nHmnkxVmAoI4zDQ8Q 7+lcjxTkOyO+g+bm2iw6SBrMxxMSSKP7/irV8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+BzKQ850mpXbo8Avee+wM4e0J4l0bDCVd0sUikm28aU=; b=ZXktHZeRDzJnnshWZWv9b199uz1G4QMAsSn82hsc2RXVoZoEjhdN6yTA/xmxRw2E93 +P5WDV687OFkuM6Ojukv0+NNSm84TA1YJqqLg2lqyI48ysFC4t+uWBjk7il8GepafMqs i4Tihg1RqfDIDZZfU3bsz98Sd/0Qx363u00bvUCbJGAhtcsaJYKFwWtP3vuHKPkU5iCl tWU9CmQ+k3lMGufNRs6+88S24JAt3KpMohQdghZkaJgm7pIjYXrT4n0BDtjMG4GrcHxx neRBN4RkdJxpFfkVQZ/2Ff/uE4+5qsI6Jvj/tpMbiIvESuWMLTHT7CENFkatxDQZZu6b /xiQ== X-Gm-Message-State: AA6/9Rmov6wG9yKPtJnFTdU09wYSct5L7ntVZAJqzu8KXFCktIM3zxzTNvOHK/Y55VC6aGss X-Received: by 10.194.243.167 with SMTP id wz7mr4859476wjc.65.1476877250645; Wed, 19 Oct 2016 04:40:50 -0700 (PDT) Received: from localhost.localdomain ([196.72.78.235]) by smtp.gmail.com with ESMTPSA id w1sm17804820wje.36.2016.10.19.04.40.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 19 Oct 2016 04:40:49 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH 1/2] efi: libstub: preserve .debug sections after absolute relocation check Date: Wed, 19 Oct 2016 12:40:31 +0100 Message-Id: <1476877232-24308-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1476877232-24308-1-git-send-email-ard.biesheuvel@linaro.org> References: <1476877232-24308-1-git-send-email-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20161019_044112_441461_850FADFA X-CRM114-Status: GOOD ( 12.46 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:400d:c09:0:0:0:234 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, matt@codeblueprint.co.uk, Ard Biesheuvel , leif.lindholm@linaro.org, eugene@hp.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org The build commands for the ARM and arm64 EFI stubs strips the .debug sections and other sections that my legally contain absolute relocations, in order to inspect the remaining sections for the presence of such relocations. This leaves us without debugging symbols in the stub for no good reason, given that these sections are omitted from the kernel binary, and that these relocations are thus only interpreted by the debugger. So if the relocation check succeeds, invoke objcopy again, but this time, leave the .debug sections in place. Note that these sections may refer to ksymtab/kcrctab contents, so leave those in place as well. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/Makefile | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel Reviewed-by: Eugene Cohen diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index c06945160a41..66584f173123 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -60,7 +60,7 @@ CFLAGS_arm64-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) extra-$(CONFIG_EFI_ARMSTUB) := $(lib-y) lib-$(CONFIG_EFI_ARMSTUB) := $(patsubst %.o,%.stub.o,$(lib-y)) -STUBCOPY_FLAGS-y := -R .debug* -R *ksymtab* -R *kcrctab* +STUBCOPY_RM := -R .debug* -R *ksymtab* -R *kcrctab* STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \ --prefix-symbols=__efistub_ STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS @@ -68,11 +68,20 @@ STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,stubcopy) +# +# This calls objcopy twice: the first time it includes STUBCOPY_RM, and inspects +# the result to ensure that the actual code itself does not contain any absolute +# references. If this succeeds, the objcopy is performed a second time, but this +# time the .debug and other sections are retained, given that we know that the +# absolute relocations they may contain are harmless. +# quiet_cmd_stubcopy = STUBCPY $@ - cmd_stubcopy = if $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@; then \ - $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y) \ - && (echo >&2 "$@: absolute symbol references not allowed in the EFI stub"; \ - rm -f $@; /bin/false); else /bin/false; fi + cmd_stubcopy = if $(OBJCOPY) $(STUBCOPY_FLAGS-y) $(STUBCOPY_RM) $< $@; \ + then if $(OBJDUMP) -r $@ | grep $(STUBCOPY_RELOC-y); \ + then (echo >&2 "$@: absolute symbol references not allowed in the EFI stub"; \ + rm -f $@; /bin/false); \ + else $(OBJCOPY) $(STUBCOPY_FLAGS-y) $< $@; fi \ + else /bin/false; fi # # ARM discards the .data section because it disallows r/w data in the