diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2017-03-23 15:00:51 -0400 |
|---|---|---|
| committer | Catalin Marinas <catalin.marinas@arm.com> | 2017-04-04 12:50:59 -0400 |
| commit | cad27ef27ef7d897893b921c86337a8cc9d0cd0e (patch) | |
| tree | 47c3a1f4ba26c3890b3d11f16d8927c0558f0d27 | |
| parent | f1eb542f39128bdf37f4556bc1d70991b89bb03d (diff) | |
arm64: efi: split Image code and data into separate PE/COFF sections
To prevent unintended modifications to the kernel text (malicious or
otherwise) while running the EFI stub, describe the kernel image as
two separate sections: a .text section with read-execute permissions,
covering .text, .rodata and .init.text, and a .data section with
read-write permissions, covering .init.data, .data and .bss.
This relies on the firmware to actually take the section permission
flags into account, but this is something that is currently being
implemented in EDK2, which means we will likely start seeing it in
the wild between one and two years from now.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
| -rw-r--r-- | arch/arm64/kernel/efi-header.S | 23 | ||||
| -rw-r--r-- | arch/arm64/kernel/vmlinux.lds.S | 2 |
2 files changed, 20 insertions, 5 deletions
diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S index 7637226ea9ca..613fc3000677 100644 --- a/arch/arm64/kernel/efi-header.S +++ b/arch/arm64/kernel/efi-header.S | |||
| @@ -27,8 +27,8 @@ optional_header: | |||
| 27 | .short PE_OPT_MAGIC_PE32PLUS // PE32+ format | 27 | .short PE_OPT_MAGIC_PE32PLUS // PE32+ format |
| 28 | .byte 0x02 // MajorLinkerVersion | 28 | .byte 0x02 // MajorLinkerVersion |
| 29 | .byte 0x14 // MinorLinkerVersion | 29 | .byte 0x14 // MinorLinkerVersion |
| 30 | .long _end - efi_header_end // SizeOfCode | 30 | .long __initdata_begin - efi_header_end // SizeOfCode |
| 31 | .long 0 // SizeOfInitializedData | 31 | .long __pecoff_data_size // SizeOfInitializedData |
| 32 | .long 0 // SizeOfUninitializedData | 32 | .long 0 // SizeOfUninitializedData |
| 33 | .long __efistub_entry - _head // AddressOfEntryPoint | 33 | .long __efistub_entry - _head // AddressOfEntryPoint |
| 34 | .long efi_header_end - _head // BaseOfCode | 34 | .long efi_header_end - _head // BaseOfCode |
| @@ -74,9 +74,9 @@ extra_header_fields: | |||
| 74 | // Section table | 74 | // Section table |
| 75 | section_table: | 75 | section_table: |
| 76 | .ascii ".text\0\0\0" | 76 | .ascii ".text\0\0\0" |
| 77 | .long _end - efi_header_end // VirtualSize | 77 | .long __initdata_begin - efi_header_end // VirtualSize |
| 78 | .long efi_header_end - _head // VirtualAddress | 78 | .long efi_header_end - _head // VirtualAddress |
| 79 | .long _edata - efi_header_end // SizeOfRawData | 79 | .long __initdata_begin - efi_header_end // SizeOfRawData |
| 80 | .long efi_header_end - _head // PointerToRawData | 80 | .long efi_header_end - _head // PointerToRawData |
| 81 | 81 | ||
| 82 | .long 0 // PointerToRelocations | 82 | .long 0 // PointerToRelocations |
| @@ -84,7 +84,20 @@ section_table: | |||
| 84 | .short 0 // NumberOfRelocations | 84 | .short 0 // NumberOfRelocations |
| 85 | .short 0 // NumberOfLineNumbers | 85 | .short 0 // NumberOfLineNumbers |
| 86 | .long IMAGE_SCN_CNT_CODE | \ | 86 | .long IMAGE_SCN_CNT_CODE | \ |
| 87 | IMAGE_SCN_MEM_EXECUTE | \ | 87 | IMAGE_SCN_MEM_READ | \ |
| 88 | IMAGE_SCN_MEM_EXECUTE // Characteristics | ||
| 89 | |||
| 90 | .ascii ".data\0\0\0" | ||
| 91 | .long __pecoff_data_size // VirtualSize | ||
| 92 | .long __initdata_begin - _head // VirtualAddress | ||
| 93 | .long __pecoff_data_rawsize // SizeOfRawData | ||
| 94 | .long __initdata_begin - _head // PointerToRawData | ||
| 95 | |||
| 96 | .long 0 // PointerToRelocations | ||
| 97 | .long 0 // PointerToLineNumbers | ||
| 98 | .short 0 // NumberOfRelocations | ||
| 99 | .short 0 // NumberOfLineNumbers | ||
| 100 | .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ | ||
| 88 | IMAGE_SCN_MEM_READ | \ | 101 | IMAGE_SCN_MEM_READ | \ |
| 89 | IMAGE_SCN_MEM_WRITE // Characteristics | 102 | IMAGE_SCN_MEM_WRITE // Characteristics |
| 90 | 103 | ||
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 2c93d259046c..987a00ee446c 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S | |||
| @@ -213,6 +213,7 @@ SECTIONS | |||
| 213 | } | 213 | } |
| 214 | 214 | ||
| 215 | PECOFF_EDATA_PADDING | 215 | PECOFF_EDATA_PADDING |
| 216 | __pecoff_data_rawsize = ABSOLUTE(. - __initdata_begin); | ||
| 216 | _edata = .; | 217 | _edata = .; |
| 217 | 218 | ||
| 218 | BSS_SECTION(0, 0, 0) | 219 | BSS_SECTION(0, 0, 0) |
| @@ -228,6 +229,7 @@ SECTIONS | |||
| 228 | . += RESERVED_TTBR0_SIZE; | 229 | . += RESERVED_TTBR0_SIZE; |
| 229 | #endif | 230 | #endif |
| 230 | 231 | ||
| 232 | __pecoff_data_size = ABSOLUTE(. - __initdata_begin); | ||
| 231 | _end = .; | 233 | _end = .; |
| 232 | 234 | ||
| 233 | STABS_DEBUG | 235 | STABS_DEBUG |