On Mon, Jan 2, 2017 at 2:24 AM, Lukas Wunner <lukas@xxxxxxxxx> wrote: > When disassembling the EFI stub I noticed that GUIDs and efi_char16_t > strings are not placed in rodata but generated on the stack at runtime. > GUIDs occupy up to 80 bytes of text instead of just 16 bytes rodata > which annoyed me enough to go down the rabbit hole of fixing it. > This series constifies all GUIDs and EFI-related strings I could find. > > The most important patch is [10/10] to constify the EFI_GUID() macro. > This has to be at the end of the series to avoid compiler warnings. > Reviewers may want to read its commit message first as it contains > background information. In particular it explains why this series > only fixes the kernel side of things. Additional work is necessary > on the compiler side to actually have all the GUIDs and strings in > rodata. At the moment both gcc and clang achieve that only partially. > > Ard Biesheuvel expressed an interest in these patches in November but > stressed the importance that arguments to EFI boot/runtime/protocol > services may only be declared const if the spec marks them "IN": > https://lkml.org/lkml/2016/11/21/459 > > Hence I've split the series by boot/runtime/protocol services to allow > for easy verification of this fact. Constification of GetVariable() / > SetVariable() is further split in one patch for the function signatures > and another for the actual arguments because changing the function > signatures is quite involved in this case. > > efi.git/next needs to be rebased on v4.10-rc1 before this series can be > applied because it requires commits f6697df36bdf ("x86/efi: Prevent mixed > mode boot corruption with CONFIG_VMAP_STACK=y") and 2fbadc3002c5 > ("arm/arm64: xen: Move shared architecture headers to include/xen/arm"). > > Unfortunately I was not able to compile-test on ia64, there's no cross- > compiler package available on Debian. :-( I did not receive complaints > from 0-day, so I'm cautiously optimistic that I didn't cause breakage > there. > > I've pushed the patches to GitHub to ease reviewing/fetching: > https://github.com/l1k/linux/commits/efi_const_v1 > > Thanks, > > Lukas > > > Ard Biesheuvel (1): > efi: use typed function pointers for runtime services table > > Lukas Wunner (9): > efi: Constify GetVariable() / SetVariable() signatures > efi: Constify GetVariable() / SetVariable() arguments > efi: Constify HandleProtocol() / LocateHandle() / LocateProtocol() > efi: Constify InstallConfigurationTable() > efi: Constify EFI_FILE_PROTOCOL.GetInfo() > efi: Constify EFI_RNG_PROTOCOL.GetRNG() > efi: Constify EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.OutputString() > efi: Constify efi_guidcmp() arguments > uuid: Constify UUID compound literals Cool! Thanks for doing this! Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Nexus Security -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
