This is a note to let you know that I've just added the patch titled
x86/boot: Split off PE/COFF .data section
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-boot-split-off-pe-coff-.data-section.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From stable+bounces-40251-greg=kroah.com@xxxxxxxxxxxxxxx Fri Apr 19 10:12:09 2024
From: Ard Biesheuvel <ardb+git@xxxxxxxxxx>
Date: Fri, 19 Apr 2024 10:11:21 +0200
Subject: x86/boot: Split off PE/COFF .data section
To: stable@xxxxxxxxxxxxxxx
Message-ID: <20240419081105.3817596-40-ardb+git@xxxxxxxxxx>
From: Ard Biesheuvel <ardb@xxxxxxxxxx>
[ Commit 34951f3c28bdf6481d949a20413b2ce7693687b2 upstream ]
Describe the code and data of the decompressor binary using separate
text and .data PE/COFF sections, so that we will be able to map them
using restricted permissions once we increase the section and file
alignment sufficiently. This avoids the need for memory mappings that
are writable and executable at the same time, which is something that
is best avoided for security reasons.
Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20230915171623.655440-17-ardb@xxxxxxxxxx
Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/boot/Makefile | 2 +-
arch/x86/boot/header.S | 19 +++++++++++++++----
2 files changed, 16 insertions(+), 5 deletions(-)
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -91,7 +91,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vm
SETUP_OBJS = $(addprefix $(obj)/,$(setup-y))
-sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p'
quiet_cmd_zoffset = ZOFFSET $@
cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -74,9 +74,9 @@ optional_header:
.byte 0x02 # MajorLinkerVersion
.byte 0x14 # MinorLinkerVersion
- .long setup_size + ZO__end - 0x200 # SizeOfCode
+ .long ZO__data # SizeOfCode
- .long 0 # SizeOfInitializedData
+ .long ZO__end - ZO__data # SizeOfInitializedData
.long 0 # SizeOfUninitializedData
.long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint
@@ -177,9 +177,9 @@ section_table:
.byte 0
.byte 0
.byte 0
- .long ZO__end
+ .long ZO__data
.long setup_size
- .long ZO__edata # Size of initialized data
+ .long ZO__data # Size of initialized data
# on disk
.long setup_size
.long 0 # PointerToRelocations
@@ -190,6 +190,17 @@ section_table:
IMAGE_SCN_MEM_READ | \
IMAGE_SCN_MEM_EXECUTE # Characteristics
+ .ascii ".data\0\0\0"
+ .long ZO__end - ZO__data # VirtualSize
+ .long setup_size + ZO__data # VirtualAddress
+ .long ZO__edata - ZO__data # SizeOfRawData
+ .long setup_size + ZO__data # PointerToRawData
+
+ .long 0, 0, 0
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE # Characteristics
+
.set section_count, (. - section_table) / 40
#endif /* CONFIG_EFI_STUB */
Patches currently in stable-queue which might be from kroah.com@xxxxxxxxxxxxxxx are
queue-6.1/x86-boot-drop-pe-coff-.reloc-section.patch
queue-6.1/x86-sme-move-early-sme-kernel-encryption-handling-into-.head.text.patch
queue-6.1/x86-boot-omit-compression-buffer-from-pe-coff-image-memory-footprint.patch
queue-6.1/x86-mm-remove-p-d_page_mask-and-p-d_page_size-macros.patch
queue-6.1/x86-efi-drop-alignment-flags-from-pe-section-headers.patch
queue-6.1/x86-boot-increase-section-and-file-alignment-to-4k-512.patch
queue-6.1/x86-head-64-add-missing-__head-annotation-to-startup_64_load_idt.patch
queue-6.1/x86-boot-define-setup-size-in-linker-script.patch
queue-6.1/x86-boot-split-off-pe-coff-.data-section.patch
queue-6.1/x86-boot-derive-file-size-from-_edata-symbol.patch
queue-6.1/x86-boot-construct-pe-coff-.text-section-from-assembler.patch
queue-6.1/x86-boot-grab-kernel_info-offset-from-zoffset-header-directly.patch
queue-6.1/x86-sev-move-early-startup-code-into-.head.text-section.patch
queue-6.1/x86-boot-remove-the-bugger-off-message.patch
queue-6.1/x86-head-64-move-the-__head-definition-to-asm-init.h.patch
queue-6.1/x86-boot-drop-references-to-startup_64.patch
queue-6.1/x86-efistub-use-1-1-file-memory-mapping-for-pe-coff-.compat-section.patch
queue-6.1/x86-efi-drop-efi-stub-.bss-from-.data-section.patch
queue-6.1/x86-efi-disregard-setup-header-of-loaded-image.patch
queue-6.1/x86-efistub-remap-kernel-text-read-only-before-dropping-nx-attribute.patch
queue-6.1/x86-efistub-reinstate-soft-limit-for-initrd-loading.patch
queue-6.1/x86-boot-set-efi-handover-offset-directly-in-header-asm.patch
queue-6.1/x86-boot-drop-redundant-code-setting-the-root-device.patch
