Commit 34951f3c authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Ingo Molnar
Browse files

x86/boot: Split off PE/COFF .data section 



Describe the code and data of the decompressor binary using separate
.text and .data PE/COFF sections, so that we will be able to map them
using restricted permissions once we increase the section and file
alignment sufficiently. This avoids the need for memory mappings that
are writable and executable at the same time, which is something that
is best avoided for security reasons.

Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20230915171623.655440-17-ardb@google.com
parent fa575052

arch/x86/boot/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -89,7 +89,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE 


SETUP_OBJS = $(addprefix $(obj)/,$(setup-y))



sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p'

sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p'



quiet_cmd_zoffset = ZOFFSET $@

      cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@

arch/x86/boot/header.S

+15 −4
Original line number Diff line number Diff line
@@ -75,9 +75,9 @@ optional_header: 
	.byte	0x02				# MajorLinkerVersion

	.byte	0x14				# MinorLinkerVersion



	.long	setup_size + ZO__end - 0x200	# SizeOfCode

	.long	ZO__data			# SizeOfCode



	.long	0				# SizeOfInitializedData

	.long	ZO__end - ZO__data		# SizeOfInitializedData

	.long	0				# SizeOfUninitializedData



	.long	setup_size + ZO_efi_pe_entry	# AddressOfEntryPoint
@@ -178,9 +178,9 @@ section_table: 
	.byte	0

	.byte	0

	.byte	0

	.long	ZO__end

	.long	ZO__data

	.long	setup_size

	.long	ZO__edata			# Size of initialized data

	.long	ZO__data			# Size of initialized data

						# on disk

	.long	setup_size

	.long	0				# PointerToRelocations
@@ -191,6 +191,17 @@ section_table: 
		IMAGE_SCN_MEM_READ		| \

		IMAGE_SCN_MEM_EXECUTE		# Characteristics



	.ascii	".data\0\0\0"

	.long	ZO__end - ZO__data		# VirtualSize

	.long	setup_size + ZO__data		# VirtualAddress

	.long	ZO__edata - ZO__data		# SizeOfRawData

	.long	setup_size + ZO__data		# PointerToRawData



	.long	0, 0, 0

	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \

		IMAGE_SCN_MEM_READ		| \

		IMAGE_SCN_MEM_WRITE		# Characteristics



	.set	section_count, (. - section_table) / 40

#endif /* CONFIG_EFI_STUB */