From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8CDE9CA0ED4
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233471AbjILJCW (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:22 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50622 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233562AbjILJBe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:34 -0400
Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com
 [IPv6:2a00:1450:4864:20::34a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D24D810DB
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:27 -0700 (PDT)
Received: by mail-wm1-x34a.google.com with SMTP id
 5b1f17b1804b1-401d9abf21cso44364805e9.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509286; x=1695114086;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=nleEiUxtWQK05LpNdDZIQqSdfG3IcCEvn9DBHrWFfWI=;
        b=saKcnHbFY9shMLG65l6MVR8jcL7FYnrbiIJ2xDQUR+msXSk3EGjcDabbucnlwtR8nX
         N/m0QWQZnukfrxl7/h9LmR30P1YYX8SblnyzuRMtcsiCqfD8H5eqP85sJEOmyO7MjYWG
         oqOADQ2T87Z5KQTRmBVIDsjRSQv3wYYrlt5+s8PQ1gFAYbjMmIbRsueS4dQ7yZ9MShWS
         bhA7lk6O1m5l0HrbEmLoXtyTbkwDNAGTwWf7DWAIJ4drR5CFLRsf37GBBKY3wvAbq3s7
         RX96wHBQeBo+cP4xdg3GyXUHq51nihyODFtTmeurKgeVoSUU/2isyIqGXn+BqVkxGdz4
         LthQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509286; x=1695114086;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=nleEiUxtWQK05LpNdDZIQqSdfG3IcCEvn9DBHrWFfWI=;
        b=oazeLtfJbB8vW3Ayg1J+avz0dna3/ijjbJ6PeHp0uf6djS8H+rb3YFz2utakJZYQvV
         B0ma2wCWswIDVzaGyciI/rHvEJKKSNFpE0Rb+YIDxnMeXQDNapzFDkCc14P/X9BCRDg8
         4W7JQrpxCQBOVBb67+D9/lvia6OCYzoDMSCXSJ+WPrshty0bN3i6jQITUSUP3dw1Fzak
         xnwCMedA17NC/NNJFKZXr2hR85rzpcFfzXAxv5qV3vcrP8qd18cSU6Xg/knUd3cRrdn8
         1mIDdNpvKWSYNgprwQtVhP2IqO2536LmdoAX+hKXbJiGY7A9phhH6Xu15RlUCiBrL7yd
         Rdfw==
X-Gm-Message-State: AOJu0YwE0lnIC/rs2PbcYBUQi2msa3nWfhUhyFYjCJm3ZDAenLHOAASb
        VVwmrHX1nrqF0n/1MnnBOim0BpfR
X-Google-Smtp-Source: 
 AGHT+IFvOelpLd+x36Cli/GAQtzEJhHtlopkn1hBzlB+JfAAdxI79BgDIoLsCn+1lAhp/JziSq19ahct
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:adf:e74c:0:b0:31d:da34:ab29 with SMTP id
 c12-20020adfe74c000000b0031dda34ab29mr126792wrn.4.1694509286433; Tue, 12 Sep
 2023 02:01:26 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:52 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1663; i=ardb@kernel.org;
 h=from:subject; bh=gNIz7ZxXkHY+pNuQ2qtskD6P4vNCT8lDOlsSsxZxFs4=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB46juNIefTPeTHzgGbf7VcjRyRvYHm+b9MWWN1mFTn
 EwmNzV1lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlIqTAyPOW9vPOO65q+vgTm
 DcuVBE+fDOE8xVp9/fW3w5de2jOt/cDwP5HxU/uPY7IzzyX1yJ2Z2JnvlFy8urro8MuAKyvmtj4
 sZgUA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-18-ardb@google.com>
Subject: [PATCH v2 01/15] x86/efi: Drop EFI stub .bss from .data section
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the EFI stub always zero inits its BSS section upon entry,
there is no longer a need to place the BSS symbols carried by the stub
into the .data section.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/compressed/vmlinux.lds.S | 1 -
 drivers/firmware/efi/libstub/Makefile  | 7 -------
 2 files changed, 8 deletions(-)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compres=
sed/vmlinux.lds.S
index b22f34b8684a..4ff6ab1b67d9 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -47,7 +47,6 @@ SECTIONS
 		_data =3D . ;
 		*(.data)
 		*(.data.*)
-		*(.bss.efistub)
 		_edata =3D . ;
 	}
 	. =3D ALIGN(L1_CACHE_BYTES);
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/l=
ibstub/Makefile
index a1157c2a7170..ef4c12f0877b 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -108,13 +108,6 @@ lib-y				:=3D $(patsubst %.o,%.stub.o,$(lib-y))
 # https://bugs.llvm.org/show_bug.cgi?id=3D46480
 STUBCOPY_FLAGS-y		+=3D --remove-section=3D.note.gnu.property
=20
-#
-# For x86, bootloaders like systemd-boot or grub-efi do not zero-initializ=
e the
-# .bss section, so the .bss section of the EFI stub needs to be included i=
n the
-# .data section of the compressed kernel to ensure initialization. Rename =
the
-# .bss section here so it's easy to pick out in the linker script.
-#
-STUBCOPY_FLAGS-$(CONFIG_X86)	+=3D --rename-section .bss=3D.bss.efistub,loa=
d,alloc
 STUBCOPY_RELOC-$(CONFIG_X86_32)	:=3D R_386_32
 STUBCOPY_RELOC-$(CONFIG_X86_64)	:=3D R_X86_64_64
=20
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BE1F8CA0EC3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233461AbjILJC0 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59468 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233569AbjILJBf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:35 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68FB910E2
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:30 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 3f1490d57ef6-d77fa2e7771so4849120276.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509289; x=1695114089;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=2tvI11no6ZvQpwOGtD7SmPhcRm3cJFuX6Xc9ZqA56hw=;
        b=x0DkT4QfoP1z0fPoCBH2KFSNVvBheW33Yju0Mz2+wy8Gdh1dEHLhFrcWHCQtCClRUb
         OK6zV3DqDX+8dWGbE1kJIZJa97oDuCeAC767M7hDEyFHeV6BOygUTW+lrBnIpNr5Y9AS
         FNo/279FW12sihan9pLiU4Achifn/Qq847JYj3NqGPwsZBcF5LltxYN6sDf2ddUX2+Da
         py9CZRxDWiQ+Gg23roewjWzciM+H5WaX9onOTRfSs9nXg2XUsK3tj0rVq0RYLCuDLiD6
         hDP1GJlHIyCa2FZVHIS1rNOgXl3Q1r5dK7HBwwrJWPIWIMVnAnlXfl5GMsjwoBZpw7rH
         7PJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509289; x=1695114089;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=2tvI11no6ZvQpwOGtD7SmPhcRm3cJFuX6Xc9ZqA56hw=;
        b=vBpCXT0ukdEGDxr8h6V6eKjqv6lfo4KpgjD1irRV/8sQBNzuATxgBHwNUr7nZmIm1Y
         hHwwxAt9XI4NHxk3cCRg/VrrG3VhHrkVXgkvOhWFBJ+m4O27Q7os7LxDEg6a7kMzaYs9
         uNFix31m/qSOenHJhMyviq0bAeLAZRJ+F1Qgy03BeWlCIKj+OkU4cy3PL6z9jn5v6Xq8
         ym4lM5y2/Z8qmS5QxO8IFaAfgR1hgxg0o3xUH6676kb/qGKoAtRdKnW+ydfTKlFwUMJs
         OVOXcwj0Y54bM98Ueji3B7MOWMROVryYkEQKSGhSUXEjvbGPT5wsg85I+qF4vmsuxYX6
         8pmQ==
X-Gm-Message-State: AOJu0YwLAX87XubkOvOdc4hdc+rE+Vs8rfYVv2+r3Iup+BEUQXX5ocAD
        iQya80beWy4MsswIR23Q4SWuIeUU
X-Google-Smtp-Source: 
 AGHT+IGFlBfEsGa7oWurzDLl/SbOLYcvdinALugrqVeiiQbXKMzAzAWym2jp1tk5FdY/S7niWkYNKUl9
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6902:1707:b0:d7b:9830:c172 with SMTP id
 by7-20020a056902170700b00d7b9830c172mr288041ybb.0.1694509289690; Tue, 12 Sep
 2023 02:01:29 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:53 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3785; i=ardb@kernel.org;
 h=from:subject; bh=nvt548TxMzPAfrcolR6Dxu6IZrj/XUbhhxX9pY3970g=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB49j5KR1frtj1n1wYllN3piW9b0/FzQSf7qBt+x9ly
 ixa9P5ERykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIdAYjw4XPli+nl82Vb1n5
 //HJSUe0l0ue+sazYl15m7Ojx56gb0wM/ytbVl75yJ9y/9vtur971Kx5c5QqAjaoVRxvMppfG2a
 gyAQA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-19-ardb@google.com>
Subject: [PATCH v2 02/15] x86/efi: Disregard setup header of loaded image
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The native EFI entrypoint does not take a struct boot_params from the
loader, but instead, it constructs one from scratch, using the setup
header data placed at the start of the image.

This setup header is placed in a way that permits legacy loaders to
manipulate the contents (i.e., to pass the kernel command line or the
address and size of an initial ramdisk), but EFI boot does not use it in
that way - it only copies the contents that were placed there at build
time, but EFI loaders will not (and should not) manipulate the setup
header to configure the boot. (Commit 63bf28ceb3ebbe76 "efi: x86: Wipe
setup_data on pure EFI boot" deals with some of the fallout of using
setup_data in a way that breaks EFI boot.)

Given that none of the non-zero values that are copied from the setup
header into the EFI stub's struct boot_params are relevant to the boot
now that the EFI stub no longer enters via the legacy decompressor, the
copy can be omitted altogether.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/x86-stub.c | 46 +++-----------------
 1 file changed, 6 insertions(+), 40 deletions(-)

diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi=
/libstub/x86-stub.c
index 2fee52ed335d..d76a9f7c35d0 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -449,9 +449,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
 efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 				   efi_system_table_t *sys_table_arg)
 {
-	struct boot_params *boot_params;
-	struct setup_header *hdr;
-	void *image_base;
+	static struct boot_params boot_params __page_aligned_bss;
+	struct setup_header *hdr =3D &boot_params.hdr;
 	efi_guid_t proto =3D LOADED_IMAGE_PROTOCOL_GUID;
 	int options_size =3D 0;
 	efi_status_t status;
@@ -469,30 +468,9 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 		efi_exit(handle, status);
 	}
=20
-	image_base =3D efi_table_attr(image, image_base);
-
-	status =3D efi_allocate_pages(sizeof(struct boot_params),
-				    (unsigned long *)&boot_params, ULONG_MAX);
-	if (status !=3D EFI_SUCCESS) {
-		efi_err("Failed to allocate lowmem for boot params\n");
-		efi_exit(handle, status);
-	}
-
-	memset(boot_params, 0x0, sizeof(struct boot_params));
-
-	hdr =3D &boot_params->hdr;
-
-	/* Copy the setup header from the second sector to boot_params */
-	memcpy(&hdr->jump, image_base + 512,
-	       sizeof(struct setup_header) - offsetof(struct setup_header, jump));
-
-	/*
-	 * Fill out some of the header fields ourselves because the
-	 * EFI firmware loader doesn't load the first sector.
-	 */
+	/* assign the setup_header fields that the kernel actually cares about */
 	hdr->root_flags	=3D 1;
 	hdr->vid_mode	=3D 0xffff;
-	hdr->boot_flag	=3D 0xAA55;
=20
 	hdr->type_of_loader =3D 0x21;
=20
@@ -501,25 +479,13 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handl=
e,
 	if (!cmdline_ptr)
 		goto fail;
=20
-	efi_set_u64_split((unsigned long)cmdline_ptr,
-			  &hdr->cmd_line_ptr, &boot_params->ext_cmd_line_ptr);
-
-	hdr->ramdisk_image =3D 0;
-	hdr->ramdisk_size =3D 0;
-
-	/*
-	 * Disregard any setup data that was provided by the bootloader:
-	 * setup_data could be pointing anywhere, and we have no way of
-	 * authenticating or validating the payload.
-	 */
-	hdr->setup_data =3D 0;
+	efi_set_u64_split((unsigned long)cmdline_ptr, &hdr->cmd_line_ptr,
+			  &boot_params.ext_cmd_line_ptr);
=20
-	efi_stub_entry(handle, sys_table_arg, boot_params);
+	efi_stub_entry(handle, sys_table_arg, &boot_params);
 	/* not reached */
=20
 fail:
-	efi_free(sizeof(struct boot_params), (unsigned long)boot_params);
-
 	efi_exit(handle, status);
 }
=20
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 277E9CA0ECA
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233404AbjILJC2 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50640 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233575AbjILJBh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:37 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77C3410E4
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:33 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 3f1490d57ef6-d801e758765so3723593276.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509292; x=1695114092;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=X4mVpRsNe9aWzvwEZ2aPnnughuGbOcmpaMee8nlOmnA=;
        b=ci2DmF61mRG/5CWESY30nW+a9651p6Dyf4WtPBLA4JTa/akx/cC9fslxnE8AOXW9M9
         YA/pTXxrP7ArTTqoSg/dXakaW0BBhpFZd5cyTsHcerrwcYvft5zecUTc2RHZVOM/2OWL
         u+5/kDXadBjp6Yoi6NC1sbzJCkTByNzhLja/1pZzIDQHe1eFFMwHYd01GhaAnsomR3BD
         lADZ3H5dhxm/uWmT9MYnyuBbQGgQeGpE3pUiwKyTs8V7TGKvLNu4PxFoYxza0ZLViusv
         kYpAmFmbe7+fryNnIvI0TgisNPkNKDlcjy4VCNCaB1FqQnG7tEV4e+s75APB1nbadTUK
         NvWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509292; x=1695114092;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=X4mVpRsNe9aWzvwEZ2aPnnughuGbOcmpaMee8nlOmnA=;
        b=FYMiDB1rqEjT7LHo/0VZwp7NR3XXsFTB1dHu7mtHimsGCl88AqjcDHyyw9RTMU0Rfc
         9gIv0Uc9dxW6mKEGsh9rJDQKY4Sfne8U1MeObV+bUtUNioabegNNprU+qccUlMSDMj/Z
         Kzr5cSFsteNrwxWyJCkvsNnBhpxKEYEZauCMRrZSb/A5J/KAY2Rv8Fr4PwjUyDzPW5bv
         62DCK28Y0D6FRlTWnNjc5qW1bgFRTV+zF1zEl2ZCNyCiLScfruabcGMM//yj702933bY
         Psfa0z9DJONaPK+L4HO2jSOHhnTmblKd80o2EsV/O0cFcDN5NSNZcGKZwDdUAWYAUZyM
         V4XQ==
X-Gm-Message-State: AOJu0YwMSvqzTlRw9te0KYH2iRRlakXK8Y/e6poFeEGSlIuKD4sy7pFN
        FyG3W426w7fw2gl+76F7HCeqNG97
X-Google-Smtp-Source: 
 AGHT+IGU1A2dC31+7FrMlSd9tXXvjyTt96UJFER92xlD1LA7ozB4sKFQYVzE4uZWk+CN1L5v9nsR4/kB
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6902:1707:b0:d7b:9830:c172 with SMTP id
 by7-20020a056902170700b00d7b9830c172mr288048ybb.0.1694509292432; Tue, 12 Sep
 2023 02:01:32 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:54 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1817; i=ardb@kernel.org;
 h=from:subject; bh=PiT71nrSXObiT6OYjT5b5wm9wzGup7NyFurX3NaL+Pk=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4/ipm95hny5ITd8V7DThWqlqs/q+1yet7j9sF7R8q
 LviVP/pjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARMR1Ghn873sQ1zP/Ew/rN
 RfHqTd+LIr2Py0Nz3nivywlVZa8Ksmf47+dzZpll4qofZxcdt5wm/FGyUpHteaL2mwNvcyZxvOR
 8wQIA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-20-ardb@google.com>
Subject: [PATCH v2 03/15] x86/efi: Drop alignment flags from PE section
 headers
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The section header flags for alignment are documented in the PE/COFF
spec as being applicable to PE object files only, not to PE executables
such as the Linux bzImage, so let's drop them from the PE header.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index b04ca8e2b213..8c8148d751c6 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -209,8 +209,7 @@ section_table:
 	.word	0				# NumberOfLineNumbers
 	.long	IMAGE_SCN_CNT_CODE		| \
 		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_EXECUTE		| \
-		IMAGE_SCN_ALIGN_16BYTES		# Characteristics
+		IMAGE_SCN_MEM_EXECUTE		# Characteristics
=20
 	#
 	# The EFI application loader requires a relocation section
@@ -230,8 +229,7 @@ section_table:
 	.word	0				# NumberOfLineNumbers
 	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
 		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_DISCARDABLE	| \
-		IMAGE_SCN_ALIGN_1BYTES		# Characteristics
+		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
=20
 #ifdef CONFIG_EFI_MIXED
 	#
@@ -249,8 +247,7 @@ section_table:
 	.word	0				# NumberOfLineNumbers
 	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
 		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_DISCARDABLE	| \
-		IMAGE_SCN_ALIGN_1BYTES		# Characteristics
+		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
 #endif
=20
 	#
@@ -271,8 +268,7 @@ section_table:
 	.word	0				# NumberOfLineNumbers
 	.long	IMAGE_SCN_CNT_CODE		| \
 		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_EXECUTE		| \
-		IMAGE_SCN_ALIGN_16BYTES		# Characteristics
+		IMAGE_SCN_MEM_EXECUTE		# Characteristics
=20
 	.set	section_count, (. - section_table) / 40
 #endif /* CONFIG_EFI_STUB */
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C4D43CA0EC3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233496AbjILJCc (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41990 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233591AbjILJBj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:39 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA48110E9
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:35 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-592210fe8easo63388997b3.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509295; x=1695114095;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=U9NX1eydLNVgshySZmGjlq5b77lgR7szWd7VFgL+D3U=;
        b=C0xPLuufuvl7kiWJRzV3g+tm2SoPvFQh/KPjCEK+pHQGsnBwa7MiOcpYAndaj6NozO
         jMzGALPMLhL6Y3t5zqj1aCnNhrh4w7QMh+Zimza6f8E5rg+IF8WOLVrxFazXT8P5YV2/
         5smX4Par+98w1Oyp90elBxJ5vYYXrBdsFtaEtTMjmPVJcZfWJnHFiYw48S6ZvynPL2Fh
         r8RtOX7Iwvr/8GU1yzsv2Bllv9pSTsJIkMqNpW6DkglK9XkZy9HDnXzWaeWsg+TehOa2
         Kn26O8/Z6pDuI8R5bf8RVfza47vqFlaHTzjUxdVAAwvFEl0YO3MydhLS0QCk8Hw4PILz
         lVAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509295; x=1695114095;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=U9NX1eydLNVgshySZmGjlq5b77lgR7szWd7VFgL+D3U=;
        b=B2mvDXN0sQziPZ/MrvnlfKfmimURKMfVberjglUS1a1Oq432GSq+KL2NWH+p9pYoHa
         60gOVrS0hEM9f2kwsaTmb0h2yA9O+JikD9/BcK+7MRWHqWKTIMuZQ6D/jwYS8uYngtsa
         2uk32i487GeIK8p0Gy6Rjs0/4Cu4qov/rtEPvXFylC0h9e2laleTmga0XmR6yiHsxVg+
         rYJRf8IO6W38tyQI2c1wZ1JW0H1SVtbOayziCbmplqIFXT4Bv94b12R7SlmScqgZDAwE
         wxaevgffpjjM9ry4BBhBcVlvlj3W8eIT3AUHS5JXc+kzjWwNYdyDF3dLlAwyVbB8f9+C
         M6ag==
X-Gm-Message-State: AOJu0YwFB0PepJx+EwsI9NlN09UOt2x8cmTGlGVXU+SNb8UYVSODApG+
        B3hZGrQ6Xbn/nJSxybE4c6QCtsAb
X-Google-Smtp-Source: 
 AGHT+IEnERJWZjy5mzckGIkwIDZUhD120pg3gqwSReHPT0G1jRnLKEsjoPrumVHoHlPZ1296s7AtPZYr
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a25:bb88:0:b0:d7b:8acc:beb8 with SMTP id
 y8-20020a25bb88000000b00d7b8accbeb8mr283729ybg.2.1694509294977; Tue, 12 Sep
 2023 02:01:34 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:55 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3047; i=ardb@kernel.org;
 h=from:subject; bh=C3Y0JXoFsDu7p0NCuFXkHN3nsg72k1sfp0MTO1muukQ=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB40ToruN3lO8c3lF80q2mY/G0N02PllxzCJiv0bv5X
 +iFLx9ed5SyMIhxMMiKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJzPFl+Gfy0+pN1D1OT3vG
 pI1rZ3gpH1fYGxL8aPp8nYvCHivOvFnH8E/9oP+PaWwn7OKPfm96br+6X4FD6Yvq1Jl6nG/nlC6
 crMwBAA==
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-21-ardb@google.com>
Subject: [PATCH v2 04/15] x86/boot: Remove the 'bugger off' message
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Ancient (pre-2003) x86 kernels could boot from a floppy disk straight from
the BIOS, using a small real mode boot stub at the start of the image
where the BIOS would expect the boot record (or boot block) to appear.

Due to its limitations (kernel size < 1 MiB, no support for IDE, USB or
El Torito floppy emulation), this support was dropped, and a Linux aware
bootloader is now always required to boot the kernel from a legacy BIOS.

To smoothen this transition, the boot stub was not removed entirely, but
replaced with one that just prints an error message telling the user to
install a bootloader.

As it is unlikely that anyone doing direct floppy boot with such an
ancient kernel is going to upgrade to v6.5+ and expect that this boot
method still works, printing this message is kind of pointless, and so
it should be possible to remove the logic that emits it.

Let's free up this space so it can be used to expand the PE header in a
subsequent patch.

Acked-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S | 49 --------------------
 arch/x86/boot/setup.ld |  7 +--
 2 files changed, 4 insertions(+), 52 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 8c8148d751c6..b24fa50a9898 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -38,64 +38,15 @@ SYSSEG		=3D 0x1000		/* historical load address >> 4 */
=20
 	.code16
 	.section ".bstext", "ax"
-
-	.global bootsect_start
-bootsect_start:
 #ifdef CONFIG_EFI_STUB
 	# "MZ", MS-DOS header
 	.word	MZ_MAGIC
-#endif
-
-	# Normalize the start address
-	ljmp	$BOOTSEG, $start2
-
-start2:
-	movw	%cs, %ax
-	movw	%ax, %ds
-	movw	%ax, %es
-	movw	%ax, %ss
-	xorw	%sp, %sp
-	sti
-	cld
-
-	movw	$bugger_off_msg, %si
-
-msg_loop:
-	lodsb
-	andb	%al, %al
-	jz	bs_die
-	movb	$0xe, %ah
-	movw	$7, %bx
-	int	$0x10
-	jmp	msg_loop
-
-bs_die:
-	# Allow the user to press a key, then reboot
-	xorw	%ax, %ax
-	int	$0x16
-	int	$0x19
-
-	# int 0x19 should never return.  In case it does anyway,
-	# invoke the BIOS reset code...
-	ljmp	$0xf000,$0xfff0
-
-#ifdef CONFIG_EFI_STUB
 	.org	0x38
 	#
 	# Offset to the PE header.
 	#
 	.long	LINUX_PE_MAGIC
 	.long	pe_header
-#endif /* CONFIG_EFI_STUB */
-
-	.section ".bsdata", "a"
-bugger_off_msg:
-	.ascii	"Use a boot loader.\r\n"
-	.ascii	"\n"
-	.ascii	"Remove disk and press any key to reboot...\r\n"
-	.byte	0
-
-#ifdef CONFIG_EFI_STUB
 pe_header:
 	.long	PE_MAGIC
=20
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index 49546c247ae2..b11c45b9e51e 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -10,10 +10,11 @@ ENTRY(_start)
 SECTIONS
 {
 	. =3D 0;
-	.bstext		: { *(.bstext) }
-	.bsdata		: { *(.bsdata) }
+	.bstext	: {
+		*(.bstext)
+		. =3D 495;
+	} =3D0xffffffff
=20
-	. =3D 495;
 	.header		: { *(.header) }
 	.entrytext	: { *(.entrytext) }
 	.inittext	: { *(.inittext) }
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 319E7CA0ECE
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233505AbjILJCe (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38874 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233606AbjILJBm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:42 -0400
Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com
 [IPv6:2a00:1450:4864:20::34a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9787910EF
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:38 -0700 (PDT)
Received: by mail-wm1-x34a.google.com with SMTP id
 5b1f17b1804b1-401d9abf21cso44365825e9.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509297; x=1695114097;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=fe+/cU9QRFOgu9GR9ilVdqMZbBq1lerXnHnsmRtv0H4=;
        b=YJoGIzx2xv6fF76kQnFEf5B6eO1nIDRBvinjs+npO2z2r+8M1YLlMAQFgRTpqQtG5M
         AacTY4SiXUmoX48LTyEUzvjY3Koirci1ab5ALEvgm1JIOX++MD7T3pi/R35hLw4whhO/
         2o6I8FdViErsJa7CKVO+RNSDvKChQIKsZqYBc1SY7hJyWB447o8/joWvzzf7ZjDm0rYN
         4Lrh7RkvCJ2tQrrUKLp1BH2oMUs4TVWtTTbC0gpYBrjOK+J7KH/mSc8ANTHHXAFTTKVT
         hTDZb3eH+FE/ZVQeqvKXuAaWPUIclgPPLq6VAXS1NKl/7XLpsc8HCkgsBihVF3rHEeKJ
         sfew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509297; x=1695114097;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=fe+/cU9QRFOgu9GR9ilVdqMZbBq1lerXnHnsmRtv0H4=;
        b=fbXWQBucjk++kQc4hA1DaOB4TAeAvGQ74NBWuQbRKdMPtuCT4GtQo4VaVRvsEdgwjJ
         rqRtw3LXYhbUiUN3rmbYsESIxVU3fRe3465l+uwWiaCazly9mqJpqbVVTrsG0NyfoSjt
         VjehuAZLmy6fiukOV3FKk0kSRymihNh9elokJv2J/uz7TuTt6J+3dPPtPOeX4EvsVunq
         4ToLUZgVDsiUCFAgeP/0aAX3btmcrRm/HFEkNkXx9b3BBeI95JoeBY7sjn6fOVV7dW7X
         SFIuLrwpCI6fs1h2RD581cy4f4MStwoASoQqN6KlXL6rNQ/72kNqMt4hkb4IB8kjNTIW
         +N9Q==
X-Gm-Message-State: AOJu0YyvCvwknyY+CTqeJNAdtkapjP0zgWDVt1unvA42y2xJj6XhuCU/
        gpbjAJ7kpmdcYkaHLixtFCViD9WP
X-Google-Smtp-Source: 
 AGHT+IFU2h7tClDmAtRVWp+NUQEbamdyRXRXHAQRTZbmFrofGwJL81SORIFeYDnT+doGzNqsxYdr2YkV
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6000:180b:b0:31d:3669:1c57 with SMTP id
 m11-20020a056000180b00b0031d36691c57mr136857wrh.7.1694509297239; Tue, 12 Sep
 2023 02:01:37 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:56 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=5240; i=ardb@kernel.org;
 h=from:subject; bh=wBN5p9iqf+zXksMG8YvWV0u77eSyD0wh6+R0/IxKHqc=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4yT3BsEV2T3uV2as43gkvCqwcY+CmPKvCv15TaUtb
 +60Wfp3lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInskGJkeDgxQPP6+rfbDx88
 kqpnGlQiJ6uiGLdrkX7l/PNzO4WYvjMyzBQ8Eh5bp/5KecW+kKzti8Wn6Kuvspny6kWFVlL9nhQ
 /HgA=
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-22-ardb@google.com>
Subject: [PATCH v2 05/15] x86/boot: Omit compression buffer from PE/COFF image
 memory footprint
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the EFI stub decompresses the kernel and hands over to the
decompressed image directly, there is no longer a need to provide a
decompression buffer as part of the .BSS allocation of the PE/COFF
image. It also means the PE/COFF image can be loaded anywhere in memory,
and setting the preferred image base is unnecessary. So drop the
handling of this from the header and from the build tool.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      |  6 +--
 arch/x86/boot/tools/build.c | 50 +++-----------------
 2 files changed, 8 insertions(+), 48 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index b24fa50a9898..a87d9133384b 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -90,12 +90,10 @@ optional_header:
 #endif
=20
 extra_header_fields:
-	# PE specification requires ImageBase to be 64k aligned
-	.set	image_base, (LOAD_PHYSICAL_ADDR + 0xffff) & ~0xffff
 #ifdef CONFIG_X86_32
-	.long	image_base			# ImageBase
+	.long	0				# ImageBase
 #else
-	.quad	image_base			# ImageBase
+	.quad	0				# ImageBase
 #endif
 	.long	0x20				# SectionAlignment
 	.long	0x20				# FileAlignment
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index bd247692b701..0354c223e354 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -65,7 +65,6 @@ static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
 static unsigned long kernel_info;
 static unsigned long startup_64;
-static unsigned long _ehead;
 static unsigned long _end;
=20
 /*----------------------------------------------------------------------*/
@@ -229,27 +228,14 @@ static void update_pecoff_setup_and_reloc(unsigned in=
t size)
 #endif
 }
=20
-static void update_pecoff_text(unsigned int text_start, unsigned int file_=
sz,
-			       unsigned int init_sz)
+static void update_pecoff_text(unsigned int text_start, unsigned int file_=
sz)
 {
 	unsigned int pe_header;
 	unsigned int text_sz =3D file_sz - text_start;
-	unsigned int bss_sz =3D init_sz - file_sz;
+	unsigned int bss_sz =3D _end - text_sz;
=20
 	pe_header =3D get_unaligned_le32(&buf[0x3c]);
=20
-	/*
-	 * The PE/COFF loader may load the image at an address which is
-	 * misaligned with respect to the kernel_alignment field in the setup
-	 * header.
-	 *
-	 * In order to avoid relocating the kernel to correct the misalignment,
-	 * add slack to allow the buffer to be aligned within the declared size
-	 * of the image.
-	 */
-	bss_sz	+=3D CONFIG_PHYSICAL_ALIGN;
-	init_sz	+=3D CONFIG_PHYSICAL_ALIGN;
-
 	/*
 	 * Size of code: Subtract the size of the first sector (512 bytes)
 	 * which includes the header.
@@ -257,7 +243,7 @@ static void update_pecoff_text(unsigned int text_start,=
 unsigned int file_sz,
 	put_unaligned_le32(file_sz - 512 + bss_sz, &buf[pe_header + 0x1c]);
=20
 	/* Size of image */
-	put_unaligned_le32(init_sz, &buf[pe_header + 0x50]);
+	put_unaligned_le32(file_sz + bss_sz, &buf[pe_header + 0x50]);
=20
 	/*
 	 * Address of entry point for PE/COFF executable
@@ -308,8 +294,7 @@ static void efi_stub_entry_update(void)
=20
 static inline void update_pecoff_setup_and_reloc(unsigned int size) {}
 static inline void update_pecoff_text(unsigned int text_start,
-				      unsigned int file_sz,
-				      unsigned int init_sz) {}
+				      unsigned int file_sz) {}
 static inline void efi_stub_defaults(void) {}
 static inline void efi_stub_entry_update(void) {}
=20
@@ -360,7 +345,6 @@ static void parse_zoffset(char *fname)
 		PARSE_ZOFS(p, efi32_pe_entry);
 		PARSE_ZOFS(p, kernel_info);
 		PARSE_ZOFS(p, startup_64);
-		PARSE_ZOFS(p, _ehead);
 		PARSE_ZOFS(p, _end);
=20
 		p =3D strchr(p, '\n');
@@ -371,7 +355,7 @@ static void parse_zoffset(char *fname)
=20
 int main(int argc, char ** argv)
 {
-	unsigned int i, sz, setup_sectors, init_sz;
+	unsigned int i, sz, setup_sectors;
 	int c;
 	u32 sys_size;
 	struct stat sb;
@@ -442,31 +426,9 @@ int main(int argc, char ** argv)
 	buf[0x1f1] =3D setup_sectors-1;
 	put_unaligned_le32(sys_size, &buf[0x1f4]);
=20
-	init_sz =3D get_unaligned_le32(&buf[0x260]);
-#ifdef CONFIG_EFI_STUB
-	/*
-	 * The decompression buffer will start at ImageBase. When relocating
-	 * the compressed kernel to its end, we must ensure that the head
-	 * section does not get overwritten.  The head section occupies
-	 * [i, i + _ehead), and the destination is [init_sz - _end, init_sz).
-	 *
-	 * At present these should never overlap, because 'i' is at most 32k
-	 * because of SETUP_SECT_MAX, '_ehead' is less than 1k, and the
-	 * calculation of INIT_SIZE in boot/header.S ensures that
-	 * 'init_sz - _end' is at least 64k.
-	 *
-	 * For future-proofing, increase init_sz if necessary.
-	 */
-
-	if (init_sz - _end < i + _ehead) {
-		init_sz =3D (i + _ehead + _end + 4095) & ~4095;
-		put_unaligned_le32(init_sz, &buf[0x260]);
-	}
-#endif
-	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16), init_sz);
+	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16));
=20
 	efi_stub_entry_update();
-
 	/* Update kernel_info offset. */
 	put_unaligned_le32(kernel_info, &buf[0x268]);
=20
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BD6FECA0EC3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233513AbjILJCg (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37678 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233625AbjILJBp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:45 -0400
Received: from mail-wr1-x449.google.com (mail-wr1-x449.google.com
 [IPv6:2a00:1450:4864:20::449])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14F5BA9
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:41 -0700 (PDT)
Received: by mail-wr1-x449.google.com with SMTP id
 ffacd0b85a97d-2f2981b8364so3555178f8f.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509299; x=1695114099;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=AlDjqAuNn+SPHq8xKGkJiI8M+/8xOHIEwhHGCoqKsJ8=;
        b=kMlJmNURDQo7xhbIwQc0RneC9X1i4R3TrAWMz2IXJLGphXOIKDmLIpTVo0AVFlDMbO
         5KqG+ZW8HDUSdzG4I2Yc0hmBEJLDF2fOSLgnKrBpdMEiA6AAZTqqCmcitcC4lO7I+sRX
         ACwedzFZ3fqHq98/RURoYsTKIUhnmWxc0XO/N0WyxH7kbor3Ni3eO5GOthkvEfcgXlvZ
         bZipmYiCFtXUCTyATwUnnTgAQIisAeCyNOFBZZ2GgIZYH8O5MGb7A5to91bwHNA7yU9/
         Z1h9H7E+ZbgZ89cdszj6tiHoZVMnk8ELvMmdDi36hwiYmT1EX/MmCOWNR87qQPxgV5Hy
         BoFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509299; x=1695114099;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=AlDjqAuNn+SPHq8xKGkJiI8M+/8xOHIEwhHGCoqKsJ8=;
        b=lCbWHPilbO6H7eJexppzR2lzTC9EQcy/MhD8tUCZ0toLmTmFPKzUTvfo34o+MnPHlr
         gVlMSufKd+Img4Lfr4xinimWQ38BjzfOGb3XNrTRKpWLEcrBmWfzfc888a8YEV69XBy0
         wije+NUdvByXPP5ICrW0IWXIW9aiGN+fk9k20apHuIVKd3On6ulV2pY4L9jV4Euuj8de
         iJp3+tVfLxa9DnpWdfCVe51md8fe0bvPPXZKh1umKsOHZ+5RMfvQbXEPpNZhfY2Hjxih
         0cMB3QIaTFOPDjonuYw/srgyJSFUjYnbGW8V2B8KfinXiAIk8v5edVUJ0N8BJ4uQfnaD
         nrwQ==
X-Gm-Message-State: AOJu0YzJEg4Yml91VHRTEoJluapAp5dYrthAijxlZISgpxpX/4BVE60M
        sqI9wXsDhIWvBSyJZMjSLBe7f3MU
X-Google-Smtp-Source: 
 AGHT+IEFlFIMLNCJvhtnVvKAf+9hxBg4ZXdihbvjUd2emNqt13lwsGioEe+khkAhcvYcB47WAdv3/g67
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a5d:6ace:0:b0:313:eb28:602 with SMTP id
 u14-20020a5d6ace000000b00313eb280602mr133683wrw.13.1694509299606; Tue, 12 Sep
 2023 02:01:39 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:57 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1808; i=ardb@kernel.org;
 h=from:subject; bh=AfG+aUI7K/0L+mw64Lzpmg/Sf5R/K8tGxwHtjeLluJ0=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4/QE0Se3uP0dg7Nfrdy/Q4lfxrhW8IHbVubuDr/VW
 vFXEl90lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIlsvcvwz/LLsTYr7cDyzLIg
 0cN80ifDzpWsE96YJv9m9YRTL7Xy2xj+KSzWt4rY92el6NI5v49OUtwQsn/JjyM279tyjhjpmG+
 pZwQA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-23-ardb@google.com>
Subject: [PATCH v2 06/15] x86/boot: Drop redundant code setting the root
 device
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The root device defaults to 0,0 and is no longer configurable at build
time [0], so there is no need for the build tool to ever write to this
field.

[0] 079f85e624189292 ("x86, build: Do not set the root_dev field in bzImage=
")

This change has no impact on the resulting bzImage binary.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 2 +-
 arch/x86/boot/tools/build.c | 7 -------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index a87d9133384b..6059f87b159d 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -236,7 +236,7 @@ root_flags:	.word ROOT_RDONLY
 syssize:	.long 0			/* Filled in by build.c */
 ram_size:	.word 0			/* Obsolete */
 vid_mode:	.word SVGA_MODE
-root_dev:	.word 0			/* Filled in by build.c */
+root_dev:	.word 0			/* Default to major/minor 0/0 */
 boot_flag:	.word 0xAA55
=20
 	# offset 512, entry point
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 0354c223e354..efa4e9c7d713 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -40,10 +40,6 @@ typedef unsigned char  u8;
 typedef unsigned short u16;
 typedef unsigned int   u32;
=20
-#define DEFAULT_MAJOR_ROOT 0
-#define DEFAULT_MINOR_ROOT 0
-#define DEFAULT_ROOT_DEV (DEFAULT_MAJOR_ROOT << 8 | DEFAULT_MINOR_ROOT)
-
 /* Minimal number of setup sectors */
 #define SETUP_SECT_MIN 5
 #define SETUP_SECT_MAX 64
@@ -399,9 +395,6 @@ int main(int argc, char ** argv)
=20
 	update_pecoff_setup_and_reloc(i);
=20
-	/* Set the default root device */
-	put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]);
-
 	/* Open and stat the kernel file */
 	fd =3D open(argv[2], O_RDONLY);
 	if (fd < 0)
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B9A0ACA0ECA
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233286AbjILJCk (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50478 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233098AbjILJBr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:47 -0400
Received: from mail-wm1-x349.google.com (mail-wm1-x349.google.com
 [IPv6:2a00:1450:4864:20::349])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BD3AE7F
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:43 -0700 (PDT)
Received: by mail-wm1-x349.google.com with SMTP id
 5b1f17b1804b1-401d9abf21cso44366275e9.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509302; x=1695114102;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=I6oBjQenOtE/4uDKT9nylN/cFdaoc/Utptd3H3Y+KEA=;
        b=LuM5LjaU6eIQHDa1cz8hH91+pOQiwJcNTdXFONM91sWOZd8YDHDhO8gow6vv4e/8fY
         iVSap6//WmEXfVfwZUYppK6FJdS8f1a3vlr7uo2Os47zYwoGR2pVH3HPzUkG8yT7fLri
         pEWKA+aTJsJarAR47nR/gvkRorJ/262AyeIkXXvCszH5MG88e23yAHes0oebhN6vKoS/
         INsYdSFuoBMA3uNeaddg2G5p9iKxmW7kSqA3TL15zy1antC6j4H95r7FQSTiPmVXvrHv
         UNqiQl1F7VY/exFIUFYUkPfDCItjU6PZc2HIFfI0hTet3tQ4SyN1yzVJ6DshbHKU9162
         BA6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509302; x=1695114102;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=I6oBjQenOtE/4uDKT9nylN/cFdaoc/Utptd3H3Y+KEA=;
        b=qubZR4X0OjbFv/Jq8SZWbK/BETpa70QrAtU2OhQ5slEPrKnFHn9ONdPaszSjbizMyQ
         iTUSxji4PYkxSVmldZkOiotiJ/AYIyXKzsgVRZ7+147KSGgMVYxQ8JFbhHNmj1HbHUol
         jUhR57xA6swPBX4L2E6jArKcykXMoQ8BnJ5v/VDwpG5rUApIR+Ygp+CllaXohF/bjDkA
         RWyjU9NAlJ8BB+2rjzRrxNAyDc9Y91y4HjKlTkrbYr6YsFHNBX2vVxPiOnhFIMoL7QK0
         svlHnkgKVPC9kvgLa6i1ihKU1j+GbN2yOofa+F8o0VOZ/wBgDxWVbyi6rSdh52KtM1Uj
         tBhg==
X-Gm-Message-State: AOJu0YxRt5rmSP0cd11FcxrEp2/UL57ASG78v5u6B8YaxrnyNztw0KiJ
        oYY+mm4WUP3fQwPovMc4TTPEOGU2
X-Google-Smtp-Source: 
 AGHT+IG+dLTcwfi7cfkR1FI3dbH2GjxEs3TcnKT3XpAU3wp8qNxSrJTQ4+LlN7wV8wiWbizXHQnt5bcz
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6000:156b:b0:31f:a664:f871 with SMTP id
 11-20020a056000156b00b0031fa664f871mr73268wrz.9.1694509301896; Tue, 12 Sep
 2023 02:01:41 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:58 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2034; i=ardb@kernel.org;
 h=from:subject; bh=XzK2EkTmirgV6LOzzdRtqGuZ3TfS3i76hj8AhmTf3qw=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB48yb5+LpSi9Li6KfcjB/ubvumVnGBcEflzrr11cH6
 2zZbL2so5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwkL4bhn3LIqQgWaf4nPNma
 8tdPhvHs3nD9YHxf8pT3G1u4bom/+cLwv/SrcZ1YhcSlM2FtU6RWq/SmVErxG8461jW5Nud7qDY
 bCwA=
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-24-ardb@google.com>
Subject: [PATCH v2 07/15] x86/boot: Grab kernel_info offset from zoffset
 header directly
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of parsing zoffset.h and poking the kernel_info offset value
into the header from the build tool, just grab the value directly in the
asm file that describes this header.

This change has no impact on the resulting bzImage binary.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 2 +-
 arch/x86/boot/tools/build.c | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 6059f87b159d..5575d0f06bab 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -526,7 +526,7 @@ pref_address:		.quad LOAD_PHYSICAL_ADDR	# preferred loa=
d addr
=20
 init_size:		.long INIT_SIZE		# kernel initialization size
 handover_offset:	.long 0			# Filled in by build.c
-kernel_info_offset:	.long 0			# Filled in by build.c
+kernel_info_offset:	.long ZO_kernel_info
=20
 # End of setup header #####################################################
=20
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index efa4e9c7d713..660627ea6cbb 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -59,7 +59,6 @@ static unsigned long efi32_stub_entry;
 static unsigned long efi64_stub_entry;
 static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
-static unsigned long kernel_info;
 static unsigned long startup_64;
 static unsigned long _end;
=20
@@ -339,7 +338,6 @@ static void parse_zoffset(char *fname)
 		PARSE_ZOFS(p, efi64_stub_entry);
 		PARSE_ZOFS(p, efi_pe_entry);
 		PARSE_ZOFS(p, efi32_pe_entry);
-		PARSE_ZOFS(p, kernel_info);
 		PARSE_ZOFS(p, startup_64);
 		PARSE_ZOFS(p, _end);
=20
@@ -422,8 +420,6 @@ int main(int argc, char ** argv)
 	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16));
=20
 	efi_stub_entry_update();
-	/* Update kernel_info offset. */
-	put_unaligned_le32(kernel_info, &buf[0x268]);
=20
 	crc =3D partial_crc32(buf, i, crc);
 	if (fwrite(buf, 1, i, dest) !=3D i)
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7BA2ACA0EC3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233528AbjILJCn (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37768 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233162AbjILJBt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:49 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
 [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20F26E7A
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:45 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-58d9e327d3aso58771317b3.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509304; x=1695114104;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=lY845+S01nhx09ii/MIWXs1MbygWhHKQ2btv9eU9x9A=;
        b=c1fS59INzWg2q3QZsQPFV8Hfvnj8AxYIY2xfAmOW+vmjbyi8LYTEs4hV5MDILPzoqI
         XZX6Ky9yfH9elcr1PIeJiDV2gtYCIlB4abDPc1SrRUsWtVUJ39tJd6Qn6kIKpVWmF+fu
         m7+ZXzN6b4PtdA8UlDzryNga0VDwgvtZxPif0sm2btz+gz978J/F6dFpE1Esjr4QyeVI
         tTaUXVyptsqIoGOx1BaZZkP8UzefWSiYOkzA8OPpxM4AUh9pXDOObeeXVq4rWLWh4W9s
         6l4KZNGFzTHtJXeu/BjHgot8eNW48YjLK94LrPidUfgS6ItJEKZg28QC9K6+Q4FwiBg4
         NpyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509304; x=1695114104;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=lY845+S01nhx09ii/MIWXs1MbygWhHKQ2btv9eU9x9A=;
        b=MXrgaNc2Ieq3F6nf4aghIVdt5SHiecVyscEhE+9OGIW4AWnRqn7qyNDnJSavgjsH1h
         80yrAeQRv9gteNEpEG2DnaiZF1DulzlDsJ8dF3GB8y2GgCrqt3dtpKaBoMMNFhWTFeh9
         l9oAL2xbv2YYxzg61kNdWbwogs8pfUbGjsVyLLJyEyg6yGfz5AnBvmHEqy+rUnnUXNpj
         1MSo33Ujx/moc+nwvpZo8rvkVjRguIJylI5Jk4D3zk50HM7GUOnZRd6C4koZHamgceXx
         cJ0z9tDSjhZP/ka9Pc9rioISxzWiUByXd1FziMSkLep31TFA43JcKEbTZD6rFrXF0JwQ
         Y2FA==
X-Gm-Message-State: AOJu0Yy3lAc0EhBvykQxb4fib3wmWPz4adwxX60A2Bo88t+4GJjPcrl5
        QKSGOdoB0mhUuf5cI0jJN2zy+5KJ
X-Google-Smtp-Source: 
 AGHT+IEQP2h+jQPbijxzPKpITToU6a3zTKdU704KIxanL1a5X045x+7UKWz7mY6HIzA+z3zuq8BGg/7/
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a25:320e:0:b0:d79:3b84:9997 with SMTP id
 y14-20020a25320e000000b00d793b849997mr266670yby.7.1694509304400; Tue, 12 Sep
 2023 02:01:44 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:00:59 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2193; i=ardb@kernel.org;
 h=from:subject; bh=ZCOIzJuca8aCKR3/do/fxqf6xpAvtzsZS44F8RCRZaw=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4+zjkiM79G67utrwBm3s5u2eJWKkUHEiZRJTLIv0r
 m2+Yps7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwEQmMTD80+iymtmgbON3yvW/
 Ic+ZI8azVA8fiZMQ+sNeqVZzZl+lOMM/a57yBHM/PmHzBaVXZy4vjnDee+fKpaOfl6VeOLuhO+k
 /EwA=
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-25-ardb@google.com>
Subject: [PATCH v2 08/15] x86/boot: Drop references to startup_64
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The x86 boot image generation tool assign a default value to startup_64
and subsequently parses the actual value from zoffset.h but it never
actually uses the value anywhere. So remove this code.

This change has no impact on the resulting bzImage binary.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/Makefile      | 2 +-
 arch/x86/boot/tools/build.c | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index f33e45ed1437..0e98bc503699 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -89,7 +89,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE
=20
 SETUP_OBJS =3D $(addprefix $(obj)/,$(setup-y))
=20
-sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|startup_64=
\|efi32_stub_entry\|efi64_stub_entry\|efi_pe_entry\|efi32_pe_entry\|input_d=
ata\|kernel_info\|_end\|_ehead\|_text\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi32_stub=
_entry\|efi64_stub_entry\|efi_pe_entry\|efi32_pe_entry\|input_data\|kernel_=
info\|_end\|_ehead\|_text\|z_.*\)$$/\#define ZO_\2 0x\1/p'
=20
 quiet_cmd_zoffset =3D ZOFFSET $@
       cmd_zoffset =3D $(NM) $< | sed -n $(sed-zoffset) > $@
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 660627ea6cbb..14ef13fe7ab0 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -59,7 +59,6 @@ static unsigned long efi32_stub_entry;
 static unsigned long efi64_stub_entry;
 static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
-static unsigned long startup_64;
 static unsigned long _end;
=20
 /*----------------------------------------------------------------------*/
@@ -263,7 +262,6 @@ static void efi_stub_defaults(void)
 	efi_pe_entry =3D 0x10;
 #else
 	efi_pe_entry =3D 0x210;
-	startup_64 =3D 0x200;
 #endif
 }
=20
@@ -338,7 +336,6 @@ static void parse_zoffset(char *fname)
 		PARSE_ZOFS(p, efi64_stub_entry);
 		PARSE_ZOFS(p, efi_pe_entry);
 		PARSE_ZOFS(p, efi32_pe_entry);
-		PARSE_ZOFS(p, startup_64);
 		PARSE_ZOFS(p, _end);
=20
 		p =3D strchr(p, '\n');
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id ECC12CA0ECA
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233541AbjILJCt (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54212 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232245AbjILJBw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:52 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6FB5310F5
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:47 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-59b5a586da6so72361317b3.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509306; x=1695114106;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Y9nidTUp9SfmxoZ7qPUJb2CvRiTCjXhfgV4NtmpRRUQ=;
        b=uarji8ImEDmaBrRGKkhjPq3cKassS5G5uFX43YzDexl49Ry+a3QZL9MG7ThGHgWlQd
         Y0CWTkRj+MWZEOCeLe9PVNIKUBJwSb/sJLBef++A2a5cHHy0qoG3ctN532ku0/fVEi9V
         x7e+Pvv5Y/1lb8iM9KbgxTzARRZkH8IH+jGbJcwwEmeEU0Jd/OY7vzaM5Npe1d3TNcWe
         G/QEHopfmDgdtVS3e98iSVQ/82XH7iqzqhyks9gqijAMKeZuDciH+60YSUf3Qq0AO0v2
         iXahNWqYYK8lBLrwZsJytN3+a7mXXYdrv5yWNaHAvxppenamUqCvNHl2YPbVlvRFHNdj
         LYUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509306; x=1695114106;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Y9nidTUp9SfmxoZ7qPUJb2CvRiTCjXhfgV4NtmpRRUQ=;
        b=dRo0MK5YJ///RMXysnitc5cTwbP3xJYXxqhYiABdbFdYoBn6p9GOz2RBAKIppfEevr
         Kota82GGWRqRXiv+L+i2udMF41uDiQPYnM0lziSVjpsrJtTWQEsvVdf65+0nv8Rdo4Hf
         7E7870fs4J2Mx6zMgeujVmB3f1gH18RLLqGla+Mi5vjWw8fKE0OBjLTMSGgeuTlRRguP
         v2f8YRg3Gug0qEfyhfM8/GVg7BCWRhZXTdb8lbshsd55P6poAnlXJcaFFhNVlnQsNvmJ
         TzUYpIVjXlKjaxsgbWdAIU6NSgptN+zdv+DUB1B0+K+KPQ33bnluL85oHbiexQ8sgClU
         WYeA==
X-Gm-Message-State: AOJu0YyR8jcjw8B7wfatORJxuxkdSApNxYYa7GF72fBYCNO4AWH34qTJ
        tS7EBZDg9lxLp9AikX67lTI0t1Qo
X-Google-Smtp-Source: 
 AGHT+IGxmPKB/y+ySrJIyO4enhcQpXIfk+/LW2EPh/2dyfSnawxn6t+nkk06KjcANP24owupAqiZpD4B
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:690c:3109:b0:595:9e93:60c8 with SMTP id
 fb9-20020a05690c310900b005959e9360c8mr50166ywb.1.1694509306757; Tue, 12 Sep
 2023 02:01:46 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:00 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3304; i=ardb@kernel.org;
 h=from:subject; bh=+ZvWQ8j9ySgnkiTP3OG0/i2YLZe9tEVF555eZXpiERA=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB45zQcvU2RcHcHr2P36TEZvVeCnqfGa93ddvZrZbd4
 pMt7sd1lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgImUPWL4Hxtycs/T3DuCZa9D
 6rec2i5qt2rdM2NJrU2tU41aczaW2zIyrLDbcGmSeVlJ0H3vexv/2Wj8/Oa6IrPQz03x4pNDe2Z
 e5wcA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-26-ardb@google.com>
Subject: [PATCH v2 09/15] x86/boot: Set EFI handover offset directly in header
 asm
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The offsets of the EFI handover entrypoints are available to the
assembler when constructing the header, so there is no need to set them
from the build tool afterwards.

This change has no impact on the resulting bzImage binary.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 18 ++++++++++++++-
 arch/x86/boot/tools/build.c | 24 --------------------
 2 files changed, 17 insertions(+), 25 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 5575d0f06bab..72744ba440f6 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -524,8 +524,24 @@ pref_address:		.quad LOAD_PHYSICAL_ADDR	# preferred lo=
ad addr
 # define INIT_SIZE VO_INIT_SIZE
 #endif
=20
+	.macro		__handover_offset
+#ifndef CONFIG_EFI_HANDOVER_PROTOCOL
+	.long		0
+#elif !defined(CONFIG_X86_64)
+	.long		ZO_efi32_stub_entry
+#else
+	/* Yes, this is really how we defined it :( */
+	.long		ZO_efi64_stub_entry - 0x200
+#ifdef CONFIG_EFI_MIXED
+	.if		ZO_efi32_stub_entry !=3D ZO_efi64_stub_entry - 0x200
+	.error		"32-bit and 64-bit EFI entry points do not match"
+	.endif
+#endif
+#endif
+	.endm
+
 init_size:		.long INIT_SIZE		# kernel initialization size
-handover_offset:	.long 0			# Filled in by build.c
+handover_offset:	__handover_offset
 kernel_info_offset:	.long ZO_kernel_info
=20
 # End of setup header #####################################################
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 14ef13fe7ab0..069497543164 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -55,8 +55,6 @@ u8 buf[SETUP_SECT_MAX*512];
 #define PECOFF_COMPAT_RESERVE 0x0
 #endif
=20
-static unsigned long efi32_stub_entry;
-static unsigned long efi64_stub_entry;
 static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
 static unsigned long _end;
@@ -265,31 +263,12 @@ static void efi_stub_defaults(void)
 #endif
 }
=20
-static void efi_stub_entry_update(void)
-{
-	unsigned long addr =3D efi32_stub_entry;
-
-#ifdef CONFIG_EFI_HANDOVER_PROTOCOL
-#ifdef CONFIG_X86_64
-	/* Yes, this is really how we defined it :( */
-	addr =3D efi64_stub_entry - 0x200;
-#endif
-
-#ifdef CONFIG_EFI_MIXED
-	if (efi32_stub_entry !=3D addr)
-		die("32-bit and 64-bit EFI entry points do not match\n");
-#endif
-#endif
-	put_unaligned_le32(addr, &buf[0x264]);
-}
-
 #else
=20
 static inline void update_pecoff_setup_and_reloc(unsigned int size) {}
 static inline void update_pecoff_text(unsigned int text_start,
 				      unsigned int file_sz) {}
 static inline void efi_stub_defaults(void) {}
-static inline void efi_stub_entry_update(void) {}
=20
 static inline int reserve_pecoff_reloc_section(int c)
 {
@@ -332,8 +311,6 @@ static void parse_zoffset(char *fname)
 	p =3D (char *)buf;
=20
 	while (p && *p) {
-		PARSE_ZOFS(p, efi32_stub_entry);
-		PARSE_ZOFS(p, efi64_stub_entry);
 		PARSE_ZOFS(p, efi_pe_entry);
 		PARSE_ZOFS(p, efi32_pe_entry);
 		PARSE_ZOFS(p, _end);
@@ -416,7 +393,6 @@ int main(int argc, char ** argv)
=20
 	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16));
=20
-	efi_stub_entry_update();
=20
 	crc =3D partial_crc32(buf, i, crc);
 	if (fwrite(buf, 1, i, dest) !=3D i)
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6DA94CA0ECE
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233557AbjILJC4 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57640 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233205AbjILJBy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:54 -0400
Received: from mail-wr1-x44a.google.com (mail-wr1-x44a.google.com
 [IPv6:2a00:1450:4864:20::44a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C425F171F
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:50 -0700 (PDT)
Received: by mail-wr1-x44a.google.com with SMTP id
 ffacd0b85a97d-31aed15ce6fso3328610f8f.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509309; x=1695114109;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=4pxvkm3fjui0uQ19XLsFsefYLwFlVrpXPWAZDN+LWTE=;
        b=gla9rwKALMpYxmJTaN2+NNQ4K8D8uIGj53cxr2zla9lxDbTvwX3m5Z3rNHYxst6p7U
         BQM13I8S18qdv62+fQ0v1Fv1+ldA/+5+hTEQQAWXjV3O4DdgdEMrAG9v8s57+u2R8g3G
         xbK7fp/C0Kj/N26VI+9mDI+ampbvpplnAPRwOFZ0loWfkzGqk4bKf7NuNF35Z/KzKVEb
         +0+1w1VHTRqQdyHceJgpuMuZNd13pxX4wr0W/B+HzxbNgmz0ArUmhbyXQNw+roNj4ItV
         PcUf4e5o1x1oG1WZzVlF8nBTfbDLIZT4tuUluVstU/xbInMLkvKp4NJ2spi0B4oqYstf
         8VUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509309; x=1695114109;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=4pxvkm3fjui0uQ19XLsFsefYLwFlVrpXPWAZDN+LWTE=;
        b=vbe+ESrmTqTZiFAJnNtYfKED1aI+DodODc7fjUYVx5BuxKB4ahlvETn+zAXQB4j5SL
         Y8JMOAU8fTVhz0KjYnC9fF8wDTge+7vrqZ/6JAMpTTsgCJHdRC9zYA+2DTNwW7Q1kEh6
         bonGvNRhQWXPIA2sfKMf5LBqU0jUkOMTvDH7ElOhttkoQU5rmyLIRtTYyzuYY/Oz6oWP
         E6U4fb66oQCfUfauO68sXz1up1USivtKCXZugzuuh2gV8hI8me1PbCeOsTA0o1NhzLV/
         kQLpR4jqXAMgKU6YOFq/cK0/v8XSZpCOdRGrZPsEwf+xu1lvqy0VyxTdP6lIeoEdkVPy
         HYYg==
X-Gm-Message-State: AOJu0YxoW4NtVK0aCJy3zkweNhd5gkMLrh/PKaHkzMeRA2vqExlBVSnN
        3p9dilhfPZDxOY5kbeLV0je0bR4k
X-Google-Smtp-Source: 
 AGHT+IFvTb/nIHB8mORKnV/nPgGPemOM7elWrN85fmi0GxRsmfTiHi50WYb/Dvn6Q3JUtwAUtdDGKvyh
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a5d:620f:0:b0:31a:d5f3:b48d with SMTP id
 y15-20020a5d620f000000b0031ad5f3b48dmr149308wru.0.1694509309175; Tue, 12 Sep
 2023 02:01:49 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:01 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3059; i=ardb@kernel.org;
 h=from:subject; bh=s5KMXji/FHZoR+ppc6zDscgQADySQW7pqkG/qO49MnA=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4/zk/+uX787+9yi5vkbbxPzqG4Y9XSnf43n+3Lhgw
 P+umulQRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIXj9Ghn9tAZZx3FZOy+w3
 vPi6sUZDypBX/cmd++LxU9kzbmZr6DEyfH5u4sGuX1fDIObcb93lM8Ugzfyed6F2woLO0h4/nTB
 eAA==
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-27-ardb@google.com>
Subject: [PATCH v2 10/15] x86/boot: Define setup size in linker script
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The setup block contains the real mode startup code that is used when
booting from a legacy BIOS, along with the boot_params/setup_data that
is used by legacy x86 bootloaders to pass the command line and initial
ramdisk parameters, among other things.

The setup block also contains the PE/COFF header of the entire combined
image, which includes the compressed kernel image, the decompressor and
the EFI stub.

This PE header describes the layout of the executable image in memory,
and currently, the fact that the setup block precedes it makes it rather
fiddly to get the right values into the right place in the final image.

Let's make things a bit easier by defining the setup_size in the linker
script so it can be referenced from the asm code directly, rather than
having to rely on the build tool to calculate it. For the time being,
add 64 bytes of fixed padding for the .reloc and .compat sections - this
will be removed in a subsequent patch after the PE/COFF header has been
reorganized.

This change has no impact on the resulting bzImage binary when
configured with CONFIG_EFI_MIXED=3Dy.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 2 +-
 arch/x86/boot/setup.ld      | 4 ++++
 arch/x86/boot/tools/build.c | 6 ------
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 72744ba440f6..06bd72a324c1 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -231,7 +231,7 @@ sentinel:	.byte 0xff, 0xff        /* Used to detect bro=
ken loaders */
=20
 	.globl	hdr
 hdr:
-setup_sects:	.byte 0			/* Filled in by build.c */
+		.byte setup_sects - 1
 root_flags:	.word ROOT_RDONLY
 syssize:	.long 0			/* Filled in by build.c */
 ram_size:	.word 0			/* Obsolete */
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index b11c45b9e51e..ae2b5046a0db 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -39,6 +39,10 @@ SECTIONS
 	.signature	: {
 		setup_sig =3D .;
 		LONG(0x5a5aaa55)
+
+		/* reserve some extra space for the reloc and compat sections */
+		setup_size =3D ABSOLUTE(ALIGN(. + 64, 512));
+		setup_sects =3D ABSOLUTE(setup_size / 512);
 	}
=20
=20
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 069497543164..745d64b6d930 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -48,12 +48,7 @@ typedef unsigned int   u32;
 u8 buf[SETUP_SECT_MAX*512];
=20
 #define PECOFF_RELOC_RESERVE 0x20
-
-#ifdef CONFIG_EFI_MIXED
 #define PECOFF_COMPAT_RESERVE 0x20
-#else
-#define PECOFF_COMPAT_RESERVE 0x0
-#endif
=20
 static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
@@ -388,7 +383,6 @@ int main(int argc, char ** argv)
 #endif
=20
 	/* Patch the setup code with the appropriate size parameters */
-	buf[0x1f1] =3D setup_sectors-1;
 	put_unaligned_le32(sys_size, &buf[0x1f4]);
=20
 	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16));
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E8F35CA0ED3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232310AbjILJC6 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:02:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50510 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233236AbjILJB5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:01:57 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 901841705
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:53 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-59b5a586da6so72362497b3.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509312; x=1695114112;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=VKh367hgmQvZD8a+n/+xOMhd8K9Jz3TJJTXcd9sGb+U=;
        b=QLswDYXtM1tNXk7dQGykZWjfatwjyasRoR+f1SQ13Xi2yJxVLrGPl2hzJt4B0N0FFQ
         gqlV2fICQg7wR7kYDkxug6laKjFUyQLuZIw+1JAqLJSRIDBymSH09YI45foxLPiRPnQ9
         jzgjQew5HJWnCDf7gjJeEuqHjvWukASQTzeL0X20OsqJx4GsJHOw11c1YvsQJAMCrF47
         HeiqS/j4ycN6oECMAUueWEXQ8xsot+V3lbDzs5htYntFN2llzx043eOYefANTlqQE86t
         7bh+1zlue39tm7y4ycQAq0+/htTn8A6D0z+mLxr3OUMrkDQBB/gDDoL1UiKN1CD6nbph
         FdTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509312; x=1695114112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=VKh367hgmQvZD8a+n/+xOMhd8K9Jz3TJJTXcd9sGb+U=;
        b=By1oFNcaaR2Ga4dwNI1h9RvFiq/5Wwa+vVHii8F0Rt/SqTc7vlILt2hHi+Uf7Lu15b
         2Fwm0iEyb+lL/TlHF8ucrN6acwdo9N84eklVyg+IO8MKpigBUDZ58fnkQtD/pszM2+HY
         5qmwXfe5vwlYTbnOMyrz2CHZi0CJ/HfotIX3kNUE/KORHWOmlPBkQ9BZMbITeGCoS557
         q8/XF6IWNnt0bPQtNiSFX3r5JjF7mg1uonSqASK0HZGJv9MjriDfUqgUo+4hGvN9LZTY
         CS7bbAkvRP8pxMrZzHTzKJzqgYs2bAf/lBEr451oY5gOB/zZbGR/xeG7E48P8duWt5Ro
         ChEg==
X-Gm-Message-State: AOJu0YwlAvrKt+3c/e8WjocT77CikEa3e1owT37O/yBfsYnFheYn39Gs
        J1Fxr99fLw7uIfEy4ELIC/iLOlcl
X-Google-Smtp-Source: 
 AGHT+IHwI0wHd6qPiDSN8OHNFljMj0VCSDsMSABYq2GJME5mvkxJkGZ0iTOYF3Z8sPZrkQJa2D9Zqzef
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a81:c40e:0:b0:58c:e8da:4d1a with SMTP id
 j14-20020a81c40e000000b0058ce8da4d1amr61791ywi.2.1694509312588; Tue, 12 Sep
 2023 02:01:52 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:02 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=5004; i=ardb@kernel.org;
 h=from:subject; bh=+O/KFdhMJMnIogIj3fdlcqOX6X2/aP+6Tar/b+0W/54=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB46KSnd5N17n3tPfuFGZf7fRs36pVBsa7Eq2S0g/P+
 CX8UUago5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzkMhsjw31Ws41CYrt4tKQu
 CtRPdEjfxbx39gx7q1VFOqk5cwwecjEynOTWYdZWnFDndK35rH7PrlXXbmoodPnF+fOzxdjxrsx
 kAgA=
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-28-ardb@google.com>
Subject: [PATCH v2 11/15] x86/boot: Derive file size from _edata symbol
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Tweak the linker script so that the value of _edata represents the
decompressor binary's file size rounded up to the appropriate alignment.
This removes the need to calculate it in the build tool, and will make
it easier to refer to the file size from the header directly in
subsequent changes to the PE header layout.

While adding _edata to the sed regex that parses the compressed
vmlinux's symbol list, tweak the regex a bit for conciseness.

This change has no impact on the resulting bzImage binary when
configured with CONFIG_EFI_STUB=3Dy.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/Makefile                 |  2 +-
 arch/x86/boot/compressed/vmlinux.lds.S |  3 ++
 arch/x86/boot/header.S                 |  2 +-
 arch/x86/boot/tools/build.c            | 30 +++++---------------
 4 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index 0e98bc503699..cc04917b1ac6 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -89,7 +89,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE
=20
 SETUP_OBJS =3D $(addprefix $(obj)/,$(setup-y))
=20
-sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi32_stub=
_entry\|efi64_stub_entry\|efi_pe_entry\|efi32_pe_entry\|input_data\|kernel_=
info\|_end\|_ehead\|_text\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub=
_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\=
|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p'
=20
 quiet_cmd_zoffset =3D ZOFFSET $@
       cmd_zoffset =3D $(NM) $< | sed -n $(sed-zoffset) > $@
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compres=
sed/vmlinux.lds.S
index 4ff6ab1b67d9..5326f3b44194 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -47,6 +47,9 @@ SECTIONS
 		_data =3D . ;
 		*(.data)
 		*(.data.*)
+
+		/* add 4 bytes of extra space for a CRC-32 checksum */
+		. =3D ALIGN(. + 4, 0x20);
 		_edata =3D . ;
 	}
 	. =3D ALIGN(L1_CACHE_BYTES);
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 06bd72a324c1..34e9b35b827c 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -233,7 +233,7 @@ sentinel:	.byte 0xff, 0xff        /* Used to detect bro=
ken loaders */
 hdr:
 		.byte setup_sects - 1
 root_flags:	.word ROOT_RDONLY
-syssize:	.long 0			/* Filled in by build.c */
+syssize:	.long ZO__edata / 16
 ram_size:	.word 0			/* Obsolete */
 vid_mode:	.word SVGA_MODE
 root_dev:	.word 0			/* Default to major/minor 0/0 */
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 745d64b6d930..e792c6c5a634 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -52,6 +52,7 @@ u8 buf[SETUP_SECT_MAX*512];
=20
 static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
+static unsigned long _edata;
 static unsigned long _end;
=20
 /*----------------------------------------------------------------------*/
@@ -308,6 +309,7 @@ static void parse_zoffset(char *fname)
 	while (p && *p) {
 		PARSE_ZOFS(p, efi_pe_entry);
 		PARSE_ZOFS(p, efi32_pe_entry);
+		PARSE_ZOFS(p, _edata);
 		PARSE_ZOFS(p, _end);
=20
 		p =3D strchr(p, '\n');
@@ -320,7 +322,6 @@ int main(int argc, char ** argv)
 {
 	unsigned int i, sz, setup_sectors;
 	int c;
-	u32 sys_size;
 	struct stat sb;
 	FILE *file, *dest;
 	int fd;
@@ -368,24 +369,14 @@ int main(int argc, char ** argv)
 		die("Unable to open `%s': %m", argv[2]);
 	if (fstat(fd, &sb))
 		die("Unable to stat `%s': %m", argv[2]);
-	sz =3D sb.st_size;
+	if (_edata !=3D sb.st_size)
+		die("Unexpected file size `%s': %u !=3D %u", argv[2], _edata,
+		    sb.st_size);
+	sz =3D _edata - 4;
 	kernel =3D mmap(NULL, sz, PROT_READ, MAP_SHARED, fd, 0);
 	if (kernel =3D=3D MAP_FAILED)
 		die("Unable to mmap '%s': %m", argv[2]);
-	/* Number of 16-byte paragraphs, including space for a 4-byte CRC */
-	sys_size =3D (sz + 15 + 4) / 16;
-#ifdef CONFIG_EFI_STUB
-	/*
-	 * COFF requires minimum 32-byte alignment of sections, and
-	 * adding a signature is problematic without that alignment.
-	 */
-	sys_size =3D (sys_size + 1) & ~1;
-#endif
-
-	/* Patch the setup code with the appropriate size parameters */
-	put_unaligned_le32(sys_size, &buf[0x1f4]);
-
-	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16));
+	update_pecoff_text(setup_sectors * 512, i + _edata);
=20
=20
 	crc =3D partial_crc32(buf, i, crc);
@@ -397,13 +388,6 @@ int main(int argc, char ** argv)
 	if (fwrite(kernel, 1, sz, dest) !=3D sz)
 		die("Writing kernel failed");
=20
-	/* Add padding leaving 4 bytes for the checksum */
-	while (sz++ < (sys_size*16) - 4) {
-		crc =3D partial_crc32_one('\0', crc);
-		if (fwrite("\0", 1, 1, dest) !=3D 1)
-			die("Writing padding failed");
-	}
-
 	/* Write the CRC */
 	put_unaligned_le32(crc, buf);
 	if (fwrite(buf, 1, 4, dest) !=3D 4)
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C1BF5CA0EC3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:02:58 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233570AbjILJDA (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:03:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59426 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233297AbjILJCA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:02:00 -0400
Received: from mail-wr1-x44a.google.com (mail-wr1-x44a.google.com
 [IPv6:2a00:1450:4864:20::44a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABB67170E
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:56 -0700 (PDT)
Received: by mail-wr1-x44a.google.com with SMTP id
 ffacd0b85a97d-31c470305cfso3577592f8f.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509315; x=1695114115;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=PtE5rJOnAPC0rkk2NBlL+eg4snrrU6qshhDNM5ERzdo=;
        b=vBLiqDaJISkPvj2XpU16QrhqSHYzJwxmryLwn6yGrJrAxjfa+uRJgnKPsbwXukkt0+
         eVcoceSbZpxXcwzJtuVZpmNt5urVqxxvIfC1iE246ExB9wLeLAMaBBhtAhlEBJ2+us9p
         dCmf5yrBq5/bTCFMrLNdLtrfaMc+wl/9Obs/twO6X77sKmgEfEatDQZ/u8fBC9NW0D1D
         BlTndLZ4E/c/Y76MRmbin2jWexM5QfgqFyNDeeYEvTC8gzD/TkGAlRs8vt2wxNh3VcUc
         cdvtOtPIokOS5tPE60OP7dJ2Hp5qwbbu1b2DKCcUhTIwU4pZEnLnFve6TVJB/DBRyHko
         OEZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509315; x=1695114115;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=PtE5rJOnAPC0rkk2NBlL+eg4snrrU6qshhDNM5ERzdo=;
        b=b0iBNRhLpHRaSF2ANemgo4uhfsO2LOEMXoWwPSLagthtKwqoM2+HWWyIlZJ2Y4EUJC
         wYCs4I4oD95g/9v7GtkztvI3hhXdEbZ5XA7c4O591Wgp8Sgl601F1xjgKwivVaJipC3k
         /ETuGTdrZ4bYEioPUaDnZ0Qan6IcGijObUZAYTqh3NgWb2MLZKpgUWDV/Rq9dMflXZsQ
         4cHTbjYPOnN3Tp+vK7lFsPtkGncEF3H58vPCv2wXTlUEYvH8moK5rMQtLRE/h+dTWNWb
         WxAJmcsz3Dzfbg4oLFdAEYWBlIhLj8K9FZBrs20YOf7jU1BwQ7DiBhWMcZ58tqiok51z
         pbZw==
X-Gm-Message-State: AOJu0YyPyWXP7/JnR+e37tVeu4eM7ObE315PLgL7eXbzDlWZFXkUDhBN
        6mMu5uj+Z9vOY4RMi1HgzFMKmoGT
X-Google-Smtp-Source: 
 AGHT+IEURST6QRBzJI9/oGDc1gCn7rnnbGe1hkTAe5fwiHeGgoO1rLaZsxQh53sDSYvjBdXxZr+xVgJe
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a5d:5a0a:0:b0:31f:888b:9a4 with SMTP id
 bq10-20020a5d5a0a000000b0031f888b09a4mr115285wrb.12.1694509315333; Tue, 12
 Sep 2023 02:01:55 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:03 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=5078; i=ardb@kernel.org;
 h=from:subject; bh=F2oADtM1aETnRbMMK7i5jv6x3L4FFvbX8aYXoDbnzJ0=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB49LhMkm7TM3czCzWv7fNJr6Zw5IQl756udUrySuqj
 k6a19s7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwEQk/jP8d30kPjf/2FPf3u5H
 kfoiG4qTlQ9ffZjZve5hm7TaFdZkO0aGfUxHmxsyS4QiovdoudXLfXn0bLlu0uR1LP8lrmVdWsv
 HBwA=
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-29-ardb@google.com>
Subject: [PATCH v2 12/15] x86/boot: Construct PE/COFF .text section from
 assembler
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the size of the setup block is visible to the assembler, it is
possible to populate the PE/COFF header fields from the asm code
directly, instead of poking the values into the binary using the build
tool. This will make it easier to reorganize the section layout without
having to tweak the build tool in lockstep.

This change has no impact on the resulting bzImage binary.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 22 +++------
 arch/x86/boot/tools/build.c | 47 --------------------
 2 files changed, 7 insertions(+), 62 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 34e9b35b827c..2b07bc596c39 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -75,14 +75,12 @@ optional_header:
 	.byte	0x02				# MajorLinkerVersion
 	.byte	0x14				# MinorLinkerVersion
=20
-	# Filled in by build.c
-	.long	0				# SizeOfCode
+	.long	setup_size + ZO__end - 0x200	# SizeOfCode
=20
 	.long	0				# SizeOfInitializedData
 	.long	0				# SizeOfUninitializedData
=20
-	# Filled in by build.c
-	.long	0x0000				# AddressOfEntryPoint
+	.long	setup_size + ZO_efi_pe_entry	# AddressOfEntryPoint
=20
 	.long	0x0200				# BaseOfCode
 #ifdef CONFIG_X86_32
@@ -105,10 +103,7 @@ extra_header_fields:
 	.word	0				# MinorSubsystemVersion
 	.long	0				# Win32VersionValue
=20
-	#
-	# The size of the bzImage is written in tools/build.c
-	#
-	.long	0				# SizeOfImage
+	.long	setup_size + ZO__end 		# SizeOfImage
=20
 	.long	0x200				# SizeOfHeaders
 	.long	0				# CheckSum
@@ -199,18 +194,15 @@ section_table:
 		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
 #endif
=20
-	#
-	# The offset & size fields are filled in by build.c.
-	#
 	.ascii	".text"
 	.byte	0
 	.byte	0
 	.byte	0
-	.long	0
-	.long	0x0				# startup_{32,64}
-	.long	0				# Size of initialized data
+	.long	ZO__end
+	.long	setup_size
+	.long	ZO__edata			# Size of initialized data
 						# on disk
-	.long	0x0				# startup_{32,64}
+	.long	setup_size
 	.long	0				# PointerToRelocations
 	.long	0				# PointerToLineNumbers
 	.word	0				# NumberOfRelocations
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index e792c6c5a634..9712f27e32c1 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -50,10 +50,8 @@ u8 buf[SETUP_SECT_MAX*512];
 #define PECOFF_RELOC_RESERVE 0x20
 #define PECOFF_COMPAT_RESERVE 0x20
=20
-static unsigned long efi_pe_entry;
 static unsigned long efi32_pe_entry;
 static unsigned long _edata;
-static unsigned long _end;
=20
 /*----------------------------------------------------------------------*/
=20
@@ -216,32 +214,6 @@ static void update_pecoff_setup_and_reloc(unsigned int=
 size)
 #endif
 }
=20
-static void update_pecoff_text(unsigned int text_start, unsigned int file_=
sz)
-{
-	unsigned int pe_header;
-	unsigned int text_sz =3D file_sz - text_start;
-	unsigned int bss_sz =3D _end - text_sz;
-
-	pe_header =3D get_unaligned_le32(&buf[0x3c]);
-
-	/*
-	 * Size of code: Subtract the size of the first sector (512 bytes)
-	 * which includes the header.
-	 */
-	put_unaligned_le32(file_sz - 512 + bss_sz, &buf[pe_header + 0x1c]);
-
-	/* Size of image */
-	put_unaligned_le32(file_sz + bss_sz, &buf[pe_header + 0x50]);
-
-	/*
-	 * Address of entry point for PE/COFF executable
-	 */
-	put_unaligned_le32(text_start + efi_pe_entry, &buf[pe_header + 0x28]);
-
-	update_pecoff_section_header_fields(".text", text_start, text_sz + bss_sz,
-					    text_sz, text_start);
-}
-
 static int reserve_pecoff_reloc_section(int c)
 {
 	/* Reserve 0x20 bytes for .reloc section */
@@ -249,22 +221,9 @@ static int reserve_pecoff_reloc_section(int c)
 	return PECOFF_RELOC_RESERVE;
 }
=20
-static void efi_stub_defaults(void)
-{
-	/* Defaults for old kernel */
-#ifdef CONFIG_X86_32
-	efi_pe_entry =3D 0x10;
-#else
-	efi_pe_entry =3D 0x210;
-#endif
-}
-
 #else
=20
 static inline void update_pecoff_setup_and_reloc(unsigned int size) {}
-static inline void update_pecoff_text(unsigned int text_start,
-				      unsigned int file_sz) {}
-static inline void efi_stub_defaults(void) {}
=20
 static inline int reserve_pecoff_reloc_section(int c)
 {
@@ -307,10 +266,8 @@ static void parse_zoffset(char *fname)
 	p =3D (char *)buf;
=20
 	while (p && *p) {
-		PARSE_ZOFS(p, efi_pe_entry);
 		PARSE_ZOFS(p, efi32_pe_entry);
 		PARSE_ZOFS(p, _edata);
-		PARSE_ZOFS(p, _end);
=20
 		p =3D strchr(p, '\n');
 		while (p && (*p =3D=3D '\r' || *p =3D=3D '\n'))
@@ -328,8 +285,6 @@ int main(int argc, char ** argv)
 	void *kernel;
 	u32 crc =3D 0xffffffffUL;
=20
-	efi_stub_defaults();
-
 	if (argc !=3D 5)
 		usage();
 	parse_zoffset(argv[3]);
@@ -376,8 +331,6 @@ int main(int argc, char ** argv)
 	kernel =3D mmap(NULL, sz, PROT_READ, MAP_SHARED, fd, 0);
 	if (kernel =3D=3D MAP_FAILED)
 		die("Unable to mmap '%s': %m", argv[2]);
-	update_pecoff_text(setup_sectors * 512, i + _edata);
-
=20
 	crc =3D partial_crc32(buf, i, crc);
 	if (fwrite(buf, 1, i, dest) !=3D i)
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 242F1CA0ECF
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:03:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233329AbjILJDJ (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:03:09 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50572 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233310AbjILJCC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:02:02 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
 [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44D1410D1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:58 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-58fc448ee4fso58828227b3.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:01:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509317; x=1695114117;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=0+YGLs65HuKDkoyCmUsNA1LK7hzYTmA6aBZzUDWZlAQ=;
        b=1ew42M7Y55Jzlomdu2tuD/2ewqPkwxAMNOoQpsOdPHJ1IAfI2IizCZ4MwNs65U0G0a
         euHdTFQVuZoknWTunmQTNqjNm1FyFzXfvq0gcCULp/KGbo5JXSTZzGLp8kimbLcPn3PO
         SdDas49TIxERE1IE+DSTBLUgJwcHvzWE9pu6XIPEGUv3CrejSVm4+/9ES+YL4YTTHynS
         oovGXadHuxb/6lEC6BRRGz9gNzWDGywPFwunNeNu1Q8r0eyCKgAB/YBpH4WZNwr+hFV4
         rF400fXCZuRF+k3cfK6kMIXuJmrvpJnwBemjrGpsLD/VeyW+lZerYcONrhaZCi+PmSOg
         F0HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509317; x=1695114117;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=0+YGLs65HuKDkoyCmUsNA1LK7hzYTmA6aBZzUDWZlAQ=;
        b=iZxX3aVGbm4MQ/oyllKCd1zKryezhvy1zQfVmn4zRay9SOuWXq/s//vrtqe/mbXhjM
         XFShY/cSmRsYCTPgBRevap9xIQfABON7dO7LAFINdqiL+CQDFVtQNt5bcP2aZb5FA9ty
         dboz6GjMd9eSSsdl3LX2dxLtZgbDiS8iAqJ++zj3AkEBeOMxfaVYBOQQH2fnNO27a4+p
         M0Jgw9tUDguQr8fqjE5bKOiti09h4MWGEGO0joUDjpl9l2EYksxbf+A9JEYkRH+v7hlh
         dXs43avfdikJWLmKkRTQy6FkI+DegavW7rT4uGvaOmIhuIbdXVZpiimykOa4Oz2rCiU9
         kQrg==
X-Gm-Message-State: AOJu0YwMrRW7OkXWIDeI7gmFOvmOMjChu7AFB13jKnGDfFR+2evlq04I
        478rksUqOatw68dACy25dO4k56pB
X-Google-Smtp-Source: 
 AGHT+IF4bojh0hjbNVDzV3nRBLrqzHwOlTccZruY0QAAQsm7RjDQhtfFTvdP590phB7L2bYQboFOgW+U
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6902:161a:b0:d74:93a1:70a2 with SMTP id
 bw26-20020a056902161a00b00d7493a170a2mr284754ybb.5.1694509317520; Tue, 12 Sep
 2023 02:01:57 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:04 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=4623; i=ardb@kernel.org;
 h=from:subject; bh=F2Ts1gQ01OlqtgoyrXYKml6Q50qRYLzdjfB2PktVYD4=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4/JMvnNrVq0+eXDr4ZcGP7fv32BjycH+2Y4jrsq0s
 D5y35SLHaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiYgyMDO+2tJknaVnHucjE
 53/Se+hczvePt1UmeUJegf8j7V4ZdYb/mVJvjgR+cpcIf9e7bu6147U+miKnXl05YLHp4rP5O2d
 mMgAA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-30-ardb@google.com>
Subject: [PATCH v2 13/15] x86/boot: Drop PE/COFF .reloc section
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Ancient buggy EFI loaders may have required a .reloc section to be
present at some point in time, but this has not been true for a long
time so the .reloc section can just be dropped.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/header.S      | 20 ------------
 arch/x86/boot/setup.ld      |  4 +--
 arch/x86/boot/tools/build.c | 34 +++-----------------
 3 files changed, 7 insertions(+), 51 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 2b07bc596c39..9e9641e220a7 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -155,26 +155,6 @@ section_table:
 		IMAGE_SCN_MEM_READ		| \
 		IMAGE_SCN_MEM_EXECUTE		# Characteristics
=20
-	#
-	# The EFI application loader requires a relocation section
-	# because EFI applications must be relocatable. The .reloc
-	# offset & size fields are filled in by build.c.
-	#
-	.ascii	".reloc"
-	.byte	0
-	.byte	0
-	.long	0
-	.long	0
-	.long	0				# SizeOfRawData
-	.long	0				# PointerToRawData
-	.long	0				# PointerToRelocations
-	.long	0				# PointerToLineNumbers
-	.word	0				# NumberOfRelocations
-	.word	0				# NumberOfLineNumbers
-	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
-		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
-
 #ifdef CONFIG_EFI_MIXED
 	#
 	# The offset & size fields are filled in by build.c.
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index ae2b5046a0db..9b551eacffa8 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -40,8 +40,8 @@ SECTIONS
 		setup_sig =3D .;
 		LONG(0x5a5aaa55)
=20
-		/* reserve some extra space for the reloc and compat sections */
-		setup_size =3D ABSOLUTE(ALIGN(. + 64, 512));
+		/* reserve some extra space for the compat section */
+		setup_size =3D ABSOLUTE(ALIGN(. + 32, 512));
 		setup_sects =3D ABSOLUTE(setup_size / 512);
 	}
=20
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 9712f27e32c1..faccff9743a3 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -47,7 +47,6 @@ typedef unsigned int   u32;
 /* This must be large enough to hold the entire setup */
 u8 buf[SETUP_SECT_MAX*512];
=20
-#define PECOFF_RELOC_RESERVE 0x20
 #define PECOFF_COMPAT_RESERVE 0x20
=20
 static unsigned long efi32_pe_entry;
@@ -180,24 +179,13 @@ static void update_pecoff_section_header(char *sectio=
n_name, u32 offset, u32 siz
 	update_pecoff_section_header_fields(section_name, offset, size, size, off=
set);
 }
=20
-static void update_pecoff_setup_and_reloc(unsigned int size)
+static void update_pecoff_setup(unsigned int size)
 {
 	u32 setup_offset =3D 0x200;
-	u32 reloc_offset =3D size - PECOFF_RELOC_RESERVE - PECOFF_COMPAT_RESERVE;
-#ifdef CONFIG_EFI_MIXED
-	u32 compat_offset =3D reloc_offset + PECOFF_RELOC_RESERVE;
-#endif
-	u32 setup_size =3D reloc_offset - setup_offset;
+	u32 compat_offset =3D size - PECOFF_COMPAT_RESERVE;
+	u32 setup_size =3D compat_offset - setup_offset;
=20
 	update_pecoff_section_header(".setup", setup_offset, setup_size);
-	update_pecoff_section_header(".reloc", reloc_offset, PECOFF_RELOC_RESERVE=
);
-
-	/*
-	 * Modify .reloc section contents with a single entry. The
-	 * relocation is applied to offset 10 of the relocation section.
-	 */
-	put_unaligned_le32(reloc_offset + 10, &buf[reloc_offset]);
-	put_unaligned_le32(10, &buf[reloc_offset + 4]);
=20
 #ifdef CONFIG_EFI_MIXED
 	update_pecoff_section_header(".compat", compat_offset, PECOFF_COMPAT_RESE=
RVE);
@@ -214,21 +202,10 @@ static void update_pecoff_setup_and_reloc(unsigned in=
t size)
 #endif
 }
=20
-static int reserve_pecoff_reloc_section(int c)
-{
-	/* Reserve 0x20 bytes for .reloc section */
-	memset(buf+c, 0, PECOFF_RELOC_RESERVE);
-	return PECOFF_RELOC_RESERVE;
-}
-
 #else
=20
-static inline void update_pecoff_setup_and_reloc(unsigned int size) {}
+static inline void update_pecoff_setup(unsigned int size) {}
=20
-static inline int reserve_pecoff_reloc_section(int c)
-{
-	return 0;
-}
 #endif /* CONFIG_EFI_STUB */
=20
 static int reserve_pecoff_compat_section(int c)
@@ -307,7 +284,6 @@ int main(int argc, char ** argv)
 	fclose(file);
=20
 	c +=3D reserve_pecoff_compat_section(c);
-	c +=3D reserve_pecoff_reloc_section(c);
=20
 	/* Pad unused space with zeros */
 	setup_sectors =3D (c + 511) / 512;
@@ -316,7 +292,7 @@ int main(int argc, char ** argv)
 	i =3D setup_sectors*512;
 	memset(buf+c, 0, i-c);
=20
-	update_pecoff_setup_and_reloc(i);
+	update_pecoff_setup(i);
=20
 	/* Open and stat the kernel file */
 	fd =3D open(argv[2], O_RDONLY);
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 243B0CA0ED3
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:03:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233582AbjILJDL (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:03:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50468 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233330AbjILJCF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:02:05 -0400
Received: from mail-wr1-x449.google.com (mail-wr1-x449.google.com
 [IPv6:2a00:1450:4864:20::449])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 610261733
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:02:01 -0700 (PDT)
Received: by mail-wr1-x449.google.com with SMTP id
 ffacd0b85a97d-31ad607d383so3333920f8f.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:02:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509320; x=1695114120;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Ssg+nLt0gRy/t2ju4EBj2ZAdGZIhbt4S+yOnwiWtmPM=;
        b=qxOYee4Gx0SmeMusekrIKEUMss0kBWI+188tJ4zEWbq1mWPRepTA32PkWPYXjTw4Lx
         NSj4K7rMa96Tl18XVJTufrtzAV/TwApOj1E8XuzB1Knabm4hDR/IbjHw3B+bpVJGOcN9
         tDxpe+Ar8hb6/GEk73TYLx0GUvtyNPelaPkz2ROC2GSPsmjssNQIfsCas8pql5Gt84AH
         QrFKAuMCgu1Thw2VdVOHYw3Mxl3MSr0I3WPgur90TK85C9FbsziAk19OS7S7FyB8eLEF
         pF5eNBWynrKLySYiB5OxjjEm9ND8ZZH4N5qcM7/IPVbWuhGz243xnJ8DtziiqArr2s3Y
         EJSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509320; x=1695114120;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Ssg+nLt0gRy/t2ju4EBj2ZAdGZIhbt4S+yOnwiWtmPM=;
        b=IoFJ4TPrIRbr/BiR9dxjVFug5hK0FMnAxZyLUxPD3gjklZlIIHinHqomAQxjfG3rDB
         Z3Xc+9h1uGO6A0qQJcujxnfrj4eosJJmWvdzLUeSCgGNOroDqNbLz42n0d/u8LqV7Wms
         sPyOdesg9YZ9oQ9ytKX+LqaEvj+GyrCoZtRL93zrx0LyGIOZwS1UHUVAE4uKbLBf2oc0
         sqrJofdRrm3DhQdkzmo8HcJS/e4yLDnplPaTPEfcokdlwTFZplHA2ornHh3UKbzKEaGv
         vAMndCZ2xwQAu7yruoSm7PcsJWZTsVV+4mpOd+8LPi0jlXYVzgq+3tQUegRCeH1NjEXy
         aaTQ==
X-Gm-Message-State: AOJu0YyddO+tKI05ktQ+R2xi5Bbr8+9zU3zZC+ILVYvQgxjJ6Recsnqt
        NOmYrh/0YrPoHEr2QqbQepBtqhIo
X-Google-Smtp-Source: 
 AGHT+IH4GZ3sSU0TTwD2SSNb1pwQsRhx+ZhfKWjpwhKk+jzbMoWP3PcT0MvX7stFZW/N5LvBBB4D9aKQ
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a05:6000:180b:b0:31d:3669:1c57 with SMTP id
 m11-20020a056000180b00b0031d36691c57mr136860wrh.7.1694509319934; Tue, 12 Sep
 2023 02:01:59 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:05 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2782; i=ardb@kernel.org;
 h=from:subject; bh=EUYFfbmK6RQsww/qm0tkKUKTK2BZhCpRAZNS6SgMkh0=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB48qXp5uPKKccNfsqwR8gz7hrUlrvGdHnKy/Hblfn5
 1p9dMvEjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjARvlqG/+Xlc5m5rmhJy3it
 kbG6sNqyZMUzj5NF70yeNS6OvrPz7FJGhlXdXuVf/FzPLLFTZwjVc/ZUfWb6+azjvLmNT/18dzo
 z8wIA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-31-ardb@google.com>
Subject: [PATCH v2 14/15] x86/boot: Split off PE/COFF .data section
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Describe the code and data of the decompressor binary using separate
.text and .data PE/COFF sections, so that we will be able to map them
using restricted permissions once we increase the section and file
alignment sufficiently. This avoids the need for memory mappings that
are writable and executable at the same time, which is something that
is best avoided for security reasons.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/Makefile |  2 +-
 arch/x86/boot/header.S | 19 +++++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index cc04917b1ac6..3cece19b7473 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -89,7 +89,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE
=20
 SETUP_OBJS =3D $(addprefix $(obj)/,$(setup-y))
=20
-sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub=
_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\=
|_edata\|z_.*\)$$/\#define ZO_\2 0x\1/p'
+sed-zoffset :=3D -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub=
_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\=
|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p'
=20
 quiet_cmd_zoffset =3D ZOFFSET $@
       cmd_zoffset =3D $(NM) $< | sed -n $(sed-zoffset) > $@
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 9e9641e220a7..a1f986105f00 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -75,9 +75,9 @@ optional_header:
 	.byte	0x02				# MajorLinkerVersion
 	.byte	0x14				# MinorLinkerVersion
=20
-	.long	setup_size + ZO__end - 0x200	# SizeOfCode
+	.long	ZO__data			# SizeOfCode
=20
-	.long	0				# SizeOfInitializedData
+	.long	ZO__end - ZO__data		# SizeOfInitializedData
 	.long	0				# SizeOfUninitializedData
=20
 	.long	setup_size + ZO_efi_pe_entry	# AddressOfEntryPoint
@@ -178,9 +178,9 @@ section_table:
 	.byte	0
 	.byte	0
 	.byte	0
-	.long	ZO__end
+	.long	ZO__data
 	.long	setup_size
-	.long	ZO__edata			# Size of initialized data
+	.long	ZO__data			# Size of initialized data
 						# on disk
 	.long	setup_size
 	.long	0				# PointerToRelocations
@@ -191,6 +191,17 @@ section_table:
 		IMAGE_SCN_MEM_READ		| \
 		IMAGE_SCN_MEM_EXECUTE		# Characteristics
=20
+	.ascii	".data\0\0\0"
+	.long	ZO__end - ZO__data		# VirtualSize
+	.long	setup_size + ZO__data		# VirtualAddress
+	.long	ZO__edata - ZO__data		# SizeOfRawData
+	.long	setup_size + ZO__data		# PointerToRawData
+
+	.long	0, 0, 0
+	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
+		IMAGE_SCN_MEM_READ		| \
+		IMAGE_SCN_MEM_WRITE		# Characteristics
+
 	.set	section_count, (. - section_table) / 40
 #endif /* CONFIG_EFI_STUB */
=20
--=20
2.42.0.283.g2d96d420d3-goog
From nobody Thu Dec 18 20:15:46 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CD191CA0ECE
	for <linux-kernel@archiver.kernel.org>; Tue, 12 Sep 2023 09:03:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233585AbjILJDN (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 12 Sep 2023 05:03:13 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50556 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233378AbjILJCG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 05:02:06 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06560173D
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:02:03 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 3f1490d57ef6-d71f505d21dso5161853276.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 02:02:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1694509322; x=1695114122;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=xEW+R9vLIfOy8Qs86KH5LMpYh7OoDGKz314Er6GdaNc=;
        b=sAYRQ+incHFE494QSEPMH8FE4aAtacx9nm9CRmCx5NMYFgsn9fl720RukJvbtbfuWE
         dBnnZo9hSK5DX/X6zUy8E16jsKLILDCDIhSw+c9nOYyQ+hk44FyUXuWnx0XqJzHQuwNQ
         ApiPwkOks3YUTLaxYs0bLpvicf9eVGRRKOJJgtgome3urxb+ltIanOBz3UHxonrZrNIj
         ZAY6JH//VReylvFlFXzIuYmJ7ga/1fBjisc2N8WHSRzi7BC6VV24LXV5OVdZkH1v7192
         CN6xvxy6x0/6IUBVp66UyLY23SOQzki1Epzx+2rUDFic0T/3/3bSW/pBp7iNlqy8uO/R
         +9Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694509322; x=1695114122;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=xEW+R9vLIfOy8Qs86KH5LMpYh7OoDGKz314Er6GdaNc=;
        b=uU/p/4E3OQuvajtTgrs3+L1WvyiQMcDXqhnFtH6uIW3vyUWTtWXPwNzN/0xtD1Xrl8
         XgM9N6Gbn48EBFISUc5GhWZ/VTPYNDKRl0YX2+WvixWQ4SMd4HMlVCRB75LVCg7zy0bg
         h4kFfSmb716M6qN2/5J366exOGt5epeCqwZ6V7BwL1zkHtWTuxw8Xjazb4c7w+vfZRLE
         ocuJJY9aVETOvk6JrSQE7I+7ar6aoUOrp0ha00AuJCcVr3bPR7g8feN4v5cbawZ2uGNy
         17RLCE7pN5zJk2R2w+CxNDGQV1WAy/G93uMiTw6kpLqF2dYWa0hMeG0Yvj9yNGwxyWYg
         JRvg==
X-Gm-Message-State: AOJu0YxfmUSGFBOs6skpiRkuYd+t3ACvqd8KjRLrPM7SDMZGdISQT74A
        Xo0V7xPjlnBVN2LY+WJzkFH9forO
X-Google-Smtp-Source: 
 AGHT+IH4JAMFWsCdp8WhgYmzWiILJamp8aExgNyqYBvnqN/zq+c6Bg7lNb+Uf2V1cTgbYjOgf5l5ppU1
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a25:ea41:0:b0:d05:98ef:c16b with SMTP id
 o1-20020a25ea41000000b00d0598efc16bmr240888ybe.5.1694509322283; Tue, 12 Sep
 2023 02:02:02 -0700 (PDT)
Date: Tue, 12 Sep 2023 09:01:06 +0000
In-Reply-To: <20230912090051.4014114-17-ardb@google.com>
Mime-Version: 1.0
References: <20230912090051.4014114-17-ardb@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=10096; i=ardb@kernel.org;
 h=from:subject; bh=eEUB5kAXRmeNSiFEyi73U861U2SHinpGxVQGzWYqgYY=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZVB4xrzQ4cKo/CIZX3fOH5UpeXNfTm99ew7i2mM/3Ysa
 iiLmqPdUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZSUM3I8G7tlw9NTlW9zV5l
 iTvufz1plhtz9NCz9OyERZxTH4U2H2X4w3fw+P86k0eHNV82sfx8MX/RV46omti1ZcfEWZ4Y551
 k5QMA
X-Mailer: git-send-email 2.42.0.283.g2d96d420d3-goog
Message-ID: <20230912090051.4014114-32-ardb@google.com>
Subject: [PATCH v2 15/15] x86/boot: Increase section and file alignment to
 4k/512
From: Ard Biesheuvel <ardb@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Jones <pjones@redhat.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        "H. Peter Anvin" <hpa@zytor.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Align x86 with other EFI architectures, and increase the section
alignment to the EFI page size (4k), so that firmware is able to honour
the section permission attributes and map code read-only and data
non-executable.

There are a number of requirements that have to be taken into account:
- the sign tools get cranky when there are gaps between sections in the
  file view of the image
- the virtual offset of each section must be aligned to the image's
  section alignment
- the file offset *and size* of each section must be aligned to the
  image's file alignment
- the image size must be aligned to the section alignment
- each section's virtual offset must be greater than or equal to the
  size of the headers.

In order to meet all these requirements, while avoiding the need for
lots of padding to accommodate the .compat section, the latter is placed
at an arbitrary offset towards the end of the image, but aligned to the
minimum file alignment (512 bytes). The space before the .text section
is therefore distributed between the PE header, the .setup section and
the .compat section, leaving no gaps in the file coverage, making the
signing tools happy.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/boot/compressed/vmlinux.lds.S |  4 +-
 arch/x86/boot/header.S                 | 75 +++++++++-------
 arch/x86/boot/setup.ld                 |  7 +-
 arch/x86/boot/tools/build.c            | 90 +-------------------
 4 files changed, 51 insertions(+), 125 deletions(-)

diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compres=
sed/vmlinux.lds.S
index 5326f3b44194..3df57cdf5003 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -43,13 +43,13 @@ SECTIONS
 		*(.rodata.*)
 		_erodata =3D . ;
 	}
-	.data :	{
+	.data :	ALIGN(0x1000) {
 		_data =3D . ;
 		*(.data)
 		*(.data.*)
=20
 		/* add 4 bytes of extra space for a CRC-32 checksum */
-		. =3D ALIGN(. + 4, 0x20);
+		. =3D ALIGN(. + 4, 0x200);
 		_edata =3D . ;
 	}
 	. =3D ALIGN(L1_CACHE_BYTES);
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index a1f986105f00..597b1ef745db 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -36,6 +36,9 @@ SYSSEG		=3D 0x1000		/* historical load address >> 4 */
 #define ROOT_RDONLY 1
 #endif
=20
+	.set	salign, 0x1000
+	.set	falign, 0x200
+
 	.code16
 	.section ".bstext", "ax"
 #ifdef CONFIG_EFI_STUB
@@ -82,7 +85,7 @@ optional_header:
=20
 	.long	setup_size + ZO_efi_pe_entry	# AddressOfEntryPoint
=20
-	.long	0x0200				# BaseOfCode
+	.long	setup_size			# BaseOfCode
 #ifdef CONFIG_X86_32
 	.long	0				# data
 #endif
@@ -93,8 +96,8 @@ extra_header_fields:
 #else
 	.quad	0				# ImageBase
 #endif
-	.long	0x20				# SectionAlignment
-	.long	0x20				# FileAlignment
+	.long	salign				# SectionAlignment
+	.long	falign				# FileAlignment
 	.word	0				# MajorOperatingSystemVersion
 	.word	0				# MinorOperatingSystemVersion
 	.word	LINUX_EFISTUB_MAJOR_VERSION	# MajorImageVersion
@@ -103,9 +106,10 @@ extra_header_fields:
 	.word	0				# MinorSubsystemVersion
 	.long	0				# Win32VersionValue
=20
-	.long	setup_size + ZO__end 		# SizeOfImage
+	.long	setup_size + ZO__end + pecompat_vsize
+						# SizeOfImage
=20
-	.long	0x200				# SizeOfHeaders
+	.long	salign				# SizeOfHeaders
 	.long	0				# CheckSum
 	.word	IMAGE_SUBSYSTEM_EFI_APPLICATION	# Subsystem (EFI application)
 #ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES
@@ -136,44 +140,51 @@ extra_header_fields:
=20
 	# Section table
 section_table:
-	#
-	# The offset & size fields are filled in by build.c.
-	#
 	.ascii	".setup"
 	.byte	0
 	.byte	0
-	.long	0
-	.long	0x0				# startup_{32,64}
-	.long	0				# Size of initialized data
-						# on disk
-	.long	0x0				# startup_{32,64}
-	.long	0				# PointerToRelocations
-	.long	0				# PointerToLineNumbers
-	.word	0				# NumberOfRelocations
-	.word	0				# NumberOfLineNumbers
-	.long	IMAGE_SCN_CNT_CODE		| \
+	.long	setup_size - salign 		# VirtualSize
+	.long	salign				# VirtualAddress
+	.long	pecompat_fstart - salign	# SizeOfRawData
+	.long	salign				# PointerToRawData
+
+	.long	0, 0, 0
+	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
 		IMAGE_SCN_MEM_READ		| \
-		IMAGE_SCN_MEM_EXECUTE		# Characteristics
+		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
=20
 #ifdef CONFIG_EFI_MIXED
-	#
-	# The offset & size fields are filled in by build.c.
-	#
 	.asciz	".compat"
-	.long	0
-	.long	0x0
-	.long	0				# Size of initialized data
-						# on disk
-	.long	0x0
-	.long	0				# PointerToRelocations
-	.long	0				# PointerToLineNumbers
-	.word	0				# NumberOfRelocations
-	.word	0				# NumberOfLineNumbers
+
+	.long	8				# VirtualSize
+	.long	setup_size + ZO__end		# VirtualAddress
+	.long	pecompat_fsize			# SizeOfRawData
+	.long	pecompat_fstart			# PointerToRawData
+
+	.long	0, 0, 0
 	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
 		IMAGE_SCN_MEM_READ		| \
 		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
-#endif
=20
+	/*
+	 * Put the IA-32 machine type and the associated entry point address in
+	 * the .compat section, so loaders can figure out which other execution
+	 * modes this image supports.
+	 */
+	.pushsection ".pecompat", "a", @progbits
+	.balign	falign
+	.set	pecompat_vsize, salign
+	.globl	pecompat_fstart
+pecompat_fstart:
+	.byte	0x1				# version
+	.byte	8				# size
+	.word	IMAGE_FILE_MACHINE_I386		# PE machine type
+	.long	setup_size + ZO_efi32_pe_entry	# entrypoint
+	.popsection
+#else
+	.set	pecompat_vsize, 0
+	.set	pecompat_fstart, setup_size
+#endif
 	.ascii	".text"
 	.byte	0
 	.byte	0
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index 9b551eacffa8..02e2c0b8c094 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -36,16 +36,17 @@ SECTIONS
 	. =3D ALIGN(16);
 	.data		: { *(.data*) }
=20
+	.pecompat	: { *(.pecompat) }
+	PROVIDE(pecompat_fsize =3D setup_size - pecompat_fstart);
+
 	.signature	: {
 		setup_sig =3D .;
 		LONG(0x5a5aaa55)
=20
-		/* reserve some extra space for the compat section */
-		setup_size =3D ABSOLUTE(ALIGN(. + 32, 512));
+		setup_size =3D ABSOLUTE(ALIGN(4096));
 		setup_sects =3D ABSOLUTE(setup_size / 512);
 	}
=20
-
 	. =3D ALIGN(16);
 	.bss		:
 	{
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index faccff9743a3..10311d77c67f 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -47,9 +47,6 @@ typedef unsigned int   u32;
 /* This must be large enough to hold the entire setup */
 u8 buf[SETUP_SECT_MAX*512];
=20
-#define PECOFF_COMPAT_RESERVE 0x20
-
-static unsigned long efi32_pe_entry;
 static unsigned long _edata;
=20
 /*----------------------------------------------------------------------*/
@@ -136,85 +133,6 @@ static void usage(void)
 	die("Usage: build setup system zoffset.h image");
 }
=20
-#ifdef CONFIG_EFI_STUB
-
-static void update_pecoff_section_header_fields(char *section_name, u32 vm=
a, u32 size, u32 datasz, u32 offset)
-{
-	unsigned int pe_header;
-	unsigned short num_sections;
-	u8 *section;
-
-	pe_header =3D get_unaligned_le32(&buf[0x3c]);
-	num_sections =3D get_unaligned_le16(&buf[pe_header + 6]);
-
-#ifdef CONFIG_X86_32
-	section =3D &buf[pe_header + 0xa8];
-#else
-	section =3D &buf[pe_header + 0xb8];
-#endif
-
-	while (num_sections > 0) {
-		if (strncmp((char*)section, section_name, 8) =3D=3D 0) {
-			/* section header size field */
-			put_unaligned_le32(size, section + 0x8);
-
-			/* section header vma field */
-			put_unaligned_le32(vma, section + 0xc);
-
-			/* section header 'size of initialised data' field */
-			put_unaligned_le32(datasz, section + 0x10);
-
-			/* section header 'file offset' field */
-			put_unaligned_le32(offset, section + 0x14);
-
-			break;
-		}
-		section +=3D 0x28;
-		num_sections--;
-	}
-}
-
-static void update_pecoff_section_header(char *section_name, u32 offset, u=
32 size)
-{
-	update_pecoff_section_header_fields(section_name, offset, size, size, off=
set);
-}
-
-static void update_pecoff_setup(unsigned int size)
-{
-	u32 setup_offset =3D 0x200;
-	u32 compat_offset =3D size - PECOFF_COMPAT_RESERVE;
-	u32 setup_size =3D compat_offset - setup_offset;
-
-	update_pecoff_section_header(".setup", setup_offset, setup_size);
-
-#ifdef CONFIG_EFI_MIXED
-	update_pecoff_section_header(".compat", compat_offset, PECOFF_COMPAT_RESE=
RVE);
-
-	/*
-	 * Put the IA-32 machine type (0x14c) and the associated entry point
-	 * address in the .compat section, so loaders can figure out which other
-	 * execution modes this image supports.
-	 */
-	buf[compat_offset] =3D 0x1;
-	buf[compat_offset + 1] =3D 0x8;
-	put_unaligned_le16(0x14c, &buf[compat_offset + 2]);
-	put_unaligned_le32(efi32_pe_entry + size, &buf[compat_offset + 4]);
-#endif
-}
-
-#else
-
-static inline void update_pecoff_setup(unsigned int size) {}
-
-#endif /* CONFIG_EFI_STUB */
-
-static int reserve_pecoff_compat_section(int c)
-{
-	/* Reserve 0x20 bytes for .compat section */
-	memset(buf+c, 0, PECOFF_COMPAT_RESERVE);
-	return PECOFF_COMPAT_RESERVE;
-}
-
 /*
  * Parse zoffset.h and find the entry points. We could just #include zoffs=
et.h
  * but that would mean tools/build would have to be rebuilt every time. It=
's
@@ -243,7 +161,6 @@ static void parse_zoffset(char *fname)
 	p =3D (char *)buf;
=20
 	while (p && *p) {
-		PARSE_ZOFS(p, efi32_pe_entry);
 		PARSE_ZOFS(p, _edata);
=20
 		p =3D strchr(p, '\n');
@@ -283,17 +200,14 @@ int main(int argc, char ** argv)
 		die("Boot block hasn't got boot flag (0xAA55)");
 	fclose(file);
=20
-	c +=3D reserve_pecoff_compat_section(c);
-
 	/* Pad unused space with zeros */
-	setup_sectors =3D (c + 511) / 512;
+	setup_sectors =3D (c + 4095) / 4096;
+	setup_sectors *=3D 8;
 	if (setup_sectors < SETUP_SECT_MIN)
 		setup_sectors =3D SETUP_SECT_MIN;
 	i =3D setup_sectors*512;
 	memset(buf+c, 0, i-c);
=20
-	update_pecoff_setup(i);
-
 	/* Open and stat the kernel file */
 	fd =3D open(argv[2], O_RDONLY);
 	if (fd < 0)
--=20
2.42.0.283.g2d96d420d3-goog