From nobody Sat May 18 04:30:17 2024 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEA5615E1EA for ; Wed, 24 Apr 2024 15:53:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974018; cv=none; b=Lb/Un0FI8Xpn36Wv5k6Sz9MdltHFJ1zSk4D7BA8Rum7n0GVoXbquYL2sTmGjorrL42ayBtldqeo8O4TlkayTAVll1acxVVOU+xqV8vKawvU2uOJtKG/OBCQrDjCe7RoC20G+awdpyDe1USsoww/vjifH/vQG5fl8VbL7qeYo/3k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974018; c=relaxed/simple; bh=uqgRUeoT8Dt0QTqrZ1vm+Oa6LVzoCfM28rp4ZncQSu8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Q0uzomohs5HnWN4LYr4n2+s8frblaLliILac8+ftrO7uVXzDoP7Jkc73XS9FStc6Txw2UOrrI+91q9VgCbHwAG5OOptJ9aGspSbgFjlk6VNjf+0HSbjardt7r19eqA0YtG1+WE21+UU5XEg/ODEzkAQ0M3f4Kdr6dQ5k7xrSKAw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XPguIrMb; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XPguIrMb" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-418a673c191so20435e9.0 for ; Wed, 24 Apr 2024 08:53:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974015; x=1714578815; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jlS0+cvMo5zMRt+lvNzaEDG8xl2twGLOFdcuQLafjaw=; b=XPguIrMbARamZbbQ3IV2pYwV/+0jn5h6Kxo8Rs9CdutRTErNriYsDmFjsdyyBx8tIP 54xkVDuq6AqTHz+vTLbdrH0f0b+dnqHyKgY+eORX5753cz7E85fgySISt2vyz87MRL+m mZMhZGiYHd3tFhuRH+2spEkINOUDZgfcWof2q25WxYjs8t1SlfvKnKPC+QPpbZeCzq8s 5Cj17AVir9LFuwX6ifID5Wm6BUThI1mK/zadPbOXG5wrKQLZBEOrg9awIGIepyQzfF3/ x2bTN141aWtSuCI8j2gR09Ze17AQzt744JHXJMI7kwa5by6I12kg27mORl2sBGoffbuf sjkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974015; x=1714578815; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jlS0+cvMo5zMRt+lvNzaEDG8xl2twGLOFdcuQLafjaw=; b=R3dLIuiDEVgblOG2EpqU5tdLEw+RqEbO6Y+nCxLYAZVIZ0tupRtZcMnzVBSJc+VkLW aoWf7Se5hdwxZpookzuPrDGRiCefT6F4kq4B16gtncf05Inn13BaxKiPxdisfHL42CiX IBM/NPyM4mU3LZCG/lvaktpuSHcXgPZO1t2xSxDmDgodjuBEsVuWjxs2o0JzaTrg0E4f TB+th1GqGpFAuTbxYiUVFsHfUwIWDsei4wIfcpu8Z1ZoXLEK0CWTsbXoCekAkSBu+68t CUULdByT+LOgPM6B3YTjagm9M/rfQO268qvVPytZfUumSRhFa+w4Nis9kJorOgOziNrF amJw== X-Gm-Message-State: AOJu0YxDFPq5Djbrz1lv9IB6nlOCoCkBJ2gV3Nj4ae7aUYdwC6Dwebww xxPx/xwXvQGRPFkKWN1w7r3L/XeV4mRrcHQkffuK+Nwtdnpwt3sJ58l1SPlDab0y5e8XNzkzgq7 m+enXh3tEYqu0QtnOkR5mS//3yWX6kQa9pTG7YAlJNocL6vlol5mrU8CaAdIr8ZrX85lyDCtOpH FF7O3B//XadnvOPt8mwZLuKrc4VQqxVQ== X-Google-Smtp-Source: AGHT+IGdReIKcVqTmsjuDAVslzZAccKtLHNzyXx0qgTd2rLJHThwDcZZRtw1DQYovTmom98A66XiByap X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6000:781:b0:34b:dc21:68ec with SMTP id bu1-20020a056000078100b0034bdc2168ecmr4901wrb.9.1713974015005; Wed, 24 Apr 2024 08:53:35 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:11 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1200; i=ardb@kernel.org; h=from:subject; bh=2ikJfd8f4pAURymCVR9go150qMtXp0OQeEdxwp9Wypg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T65ntYp8TdyL5pxwV/ZH44NfCqh3aAYlC7p0TOo/Zr 3Htk2XuKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNJjGD4796iLXfp1vWmuawZ nVd9znufiuq/0XBxdihjRND1SpWLhxgZLvifCrg22y3+17RYH94fXbuTQtMSwr5/F7jEnxZ9z/k aMwA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-12-ardb+git@google.com> Subject: [RFC PATCH 1/9] x86/purgatory: Drop function entry padding from purgatory From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The purgatory is a completely separate ELF executable carried inside the kernel as an opaque binary blob. This means that function entry padding and the associated ELF metadata are not exposed to the branch tracking and code patching machinery, and can there be dropped from the purgatory binary. Signed-off-by: Ard Biesheuvel --- arch/x86/purgatory/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index a18591f6e6d9..2df4a4b70ff5 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -23,6 +23,9 @@ KBUILD_CFLAGS :=3D $(filter-out -fprofile-sample-use=3D% = -fprofile-use=3D%,$(KBUILD_CF # by kexec. Remove -flto=3D* flags. KBUILD_CFLAGS :=3D $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS)) =20 +# Drop the function entry padding, which is not needed here +KBUILD_CFLAGS :=3D $(filter-out $(PADDING_CFLAGS),$(KBUILD_CFLAGS)) + # When linking purgatory.ro with -r unresolved symbols are not checked, # also link a purgatory.chk binary without -r to check for unresolved symb= ols. PURGATORY_LDFLAGS :=3D -e purgatory_start -z nodefaultlib --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB6C8161314 for ; Wed, 24 Apr 2024 15:53:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974020; cv=none; b=Dv2AOY7tb8DgeHO5BBgs2JHsOlCE/LViR3z1D/hHysBw8+Et2kgKXHmrB3om6oJKja/gttOSI5qmIyHfxQT1gJxvJ+Xp8fjgMqub6rw4A/SBIRCL8LiC6FW4PhKDiLka1Pjjnp7fjKwSZB1OW50DUW2BZoUxhfI1V5DK96HXzaY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974020; c=relaxed/simple; bh=UGJFnwz8Yivv3UDxxViYQxnCrqFztPuVzkCiJJhxZBU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=g7m+P2zPDBvhrkuoejY53RojXfOZvhykZHzqULXVCXECFkIn4bKr3qFE/HsSIxEuEOFsF1G5hVNZ0NSNbZ5mDFe+dAjdozh1iA3JDg3ZgvErmHaCBKLHO8iK20dCTt1hbnCXGyeAzjS2g7anSz0em8gjQUL/hVlGChnyz1Tsyfg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ugi2y/zj; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ugi2y/zj" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-343d02b62ddso4842983f8f.1 for ; Wed, 24 Apr 2024 08:53:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974017; x=1714578817; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sSE6Y9L7llOYPHAz3r3bPOJVA5fqH/Ut+JPxK7SpOhY=; b=ugi2y/zjJEKApwAhVVovaNId4jDQTJGq/2RNnPFcihYuqAmvl7sfvoHQDFQCzbzC1y 46KnZ+Hy+Wb/GUfrffeaX5vw0hDv5V3qzXTQggZi0xaOtsvXXjtULVlZVaf2/t820eoa 0cRFmaRptl8ibzdxOcKXia/zprGZyB94N6RezUvzkVUr9gwen4Z2PkI98WbIyTzdQ0SH al3uhu8AH7DLJQKcdClXO0QfJzVO4B9eL0rzav1fs2rJUi2pL3qKOgbV41onUuKGCgZL nv+XAl01vwsZxn5jOMTZJUM1U6dbYUjrdRWT/mAV/7ZFHn0/y+DeQX2TjJKZc2M3cGpO 3LuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974017; x=1714578817; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sSE6Y9L7llOYPHAz3r3bPOJVA5fqH/Ut+JPxK7SpOhY=; b=lWv7kLJub2Dij92mmMv1buwVKF/puK2bB762jQjSZIyq3A9QGL0bRZSXu02sQj26Rl PX5JIACOCXDXayIPNTfV1aJK7itHhHGxLAhzYoUmhpGm9I2Ov7C3xpLpYyDrzJbJBe43 z2IUDWcbP2Z9H+T3u5DENBggNTr86qoyRpado9dKaZlm3YROoEnvSqMQuCg1YysmV6TF vDKqItEQKzHZRXNSydiH7ifduK29pzGynZCAZ/mGI8D52FenlJbuf10EmPfqaeqCUdvZ I5sW/l1Ttypz52ojm1/xNMHkzzWdfYjabfyh8IIMcTrx+hd06lycgQI9BCXP/ghmpoy+ EXfg== X-Gm-Message-State: AOJu0Yydt8NEN525jBKPwGJbe+xaj5Rm2U+NyPc4crgq1O+aGT8lRA2c KosHd+hGcxfKmMW2R4TR/f7iS/bo7BAcyCI9ypo4fmxsN0WZ4L1fj6vk/Jc3iuTJvmnNNcDCLlG jHifrWdLlzIuTo3X3BX1dTwExOsVNBpXOVYK0lT3P6gEWBr3tswbqDE/XUeKf5uVOkZsiOt/boM bu+iPjf4wKMvxDOsHsAlPfAYeFjiMBNw== X-Google-Smtp-Source: AGHT+IHdgZ/1scdNqsOsUGU/8rbl3y5ChDBjzKHAuJmkQp2vLW7lbyWqrKe1MbUP5BNj2PMZ2v+By58o X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6000:120a:b0:34a:6e5b:6c37 with SMTP id e10-20020a056000120a00b0034a6e5b6c37mr7967wrx.10.1713974017351; Wed, 24 Apr 2024 08:53:37 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:12 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4653; i=ardb@kernel.org; h=from:subject; bh=UdYv+ny0ilnq/CzBfGtaYL0PFzYJ1VTxddLIDb1PfGU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T67nCweD+3Odn154LP+T386FQ3vcJEoLvuZ6H6ZVvW m2pqLmyo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExkNhvD/+izvZU7ZxwT13nN 9Nqwxme2rWdAyA7PdYXVXxWbvmYHxTAytASGi8fes/QNXDApfaVBhs3J+IcOfA+rNh7kkZr5L1K eCwA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-13-ardb+git@google.com> Subject: [RFC PATCH 2/9] x86/purgatory: Simplify stack handling From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The x86 purgatory, which does little more than verify a SHA-256 hash of the loaded segments, currently uses three different stacks: - one in .bss that is used to call the purgatory C code - one in .rodata that is only used to switch to an updated code segment descriptor in the GDT - one in .data, which allows it to be prepopulated from the kexec loader in theory, but this is not actually being taken advantage of. Simplify this, by dropping the latter two stacks, as well as the loader logic that programs RSP. Both the stacks in .bss and .data are 4k aligned, but 16 byte alignment is more than sufficient. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/kexec.h | 1 - arch/x86/kernel/kexec-bzimage64.c | 8 -------- arch/x86/purgatory/entry64.S | 8 -------- arch/x86/purgatory/setup-x86_64.S | 2 +- arch/x86/purgatory/stack.S | 18 ------------------ 5 files changed, 1 insertion(+), 36 deletions(-) diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h index 91ca9a9ee3a2..ee7b32565e5f 100644 --- a/arch/x86/include/asm/kexec.h +++ b/arch/x86/include/asm/kexec.h @@ -163,7 +163,6 @@ struct kexec_entry64_regs { uint64_t rcx; uint64_t rdx; uint64_t rbx; - uint64_t rsp; uint64_t rbp; uint64_t rsi; uint64_t rdi; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim= age64.c index cde167b0ea92..f5bf1b7d01a6 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -400,7 +400,6 @@ static void *bzImage64_load(struct kimage *image, char = *kernel, unsigned long bootparam_load_addr, kernel_load_addr, initrd_load_addr; struct bzimage64_data *ldata; struct kexec_entry64_regs regs64; - void *stack; unsigned int setup_hdr_offset =3D offsetof(struct boot_params, hdr); unsigned int efi_map_offset, efi_map_sz, efi_setup_data_offset; struct kexec_buf kbuf =3D { .image =3D image, .buf_max =3D ULONG_MAX, @@ -550,14 +549,7 @@ static void *bzImage64_load(struct kimage *image, char= *kernel, regs64.rbx =3D 0; /* Bootstrap Processor */ regs64.rsi =3D bootparam_load_addr; regs64.rip =3D kernel_load_addr + 0x200; - stack =3D kexec_purgatory_get_symbol_addr(image, "stack_end"); - if (IS_ERR(stack)) { - pr_err("Could not find address of symbol stack_end\n"); - ret =3D -EINVAL; - goto out_free_params; - } =20 - regs64.rsp =3D (unsigned long)stack; ret =3D kexec_purgatory_get_set_symbol(image, "entry64_regs", ®s64, sizeof(regs64), 0); if (ret) diff --git a/arch/x86/purgatory/entry64.S b/arch/x86/purgatory/entry64.S index 0b4390ce586b..9913877b0dbe 100644 --- a/arch/x86/purgatory/entry64.S +++ b/arch/x86/purgatory/entry64.S @@ -26,8 +26,6 @@ SYM_CODE_START(entry64) movl %eax, %fs movl %eax, %gs =20 - /* Setup new stack */ - leaq stack_init(%rip), %rsp pushq $0x10 /* CS */ leaq new_cs_exit(%rip), %rax pushq %rax @@ -41,7 +39,6 @@ new_cs_exit: movq rdx(%rip), %rdx movq rsi(%rip), %rsi movq rdi(%rip), %rdi - movq rsp(%rip), %rsp movq rbp(%rip), %rbp movq r8(%rip), %r8 movq r9(%rip), %r9 @@ -63,7 +60,6 @@ rax: .quad 0x0 rcx: .quad 0x0 rdx: .quad 0x0 rbx: .quad 0x0 -rsp: .quad 0x0 rbp: .quad 0x0 rsi: .quad 0x0 rdi: .quad 0x0 @@ -97,7 +93,3 @@ SYM_DATA_START_LOCAL(gdt) /* 0x18 4GB flat data segment */ .word 0xFFFF, 0x0000, 0x9200, 0x00CF SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) - -SYM_DATA_START_LOCAL(stack) - .quad 0, 0 -SYM_DATA_END_LABEL(stack, SYM_L_LOCAL, stack_init) diff --git a/arch/x86/purgatory/setup-x86_64.S b/arch/x86/purgatory/setup-x= 86_64.S index 89d9e9e53fcd..2d10ff88851d 100644 --- a/arch/x86/purgatory/setup-x86_64.S +++ b/arch/x86/purgatory/setup-x86_64.S @@ -53,7 +53,7 @@ SYM_DATA_START_LOCAL(gdt) SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) =20 .bss - .balign 4096 + .balign 16 SYM_DATA_START_LOCAL(lstack) .skip 4096 SYM_DATA_END_LABEL(lstack, SYM_L_LOCAL, lstack_end) diff --git a/arch/x86/purgatory/stack.S b/arch/x86/purgatory/stack.S deleted file mode 100644 index 1ef507ca50a5..000000000000 --- a/arch/x86/purgatory/stack.S +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * purgatory: stack - * - * Copyright (C) 2014 Red Hat Inc. - */ - -#include - - /* A stack for the loaded kernel. - * Separate and in the data section so it can be prepopulated. - */ - .data - .balign 4096 - -SYM_DATA_START(stack) - .skip 4096 -SYM_DATA_END_LABEL(stack, SYM_L_GLOBAL, stack_end) --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DF371635BB for ; Wed, 24 Apr 2024 15:53:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974022; cv=none; b=UhYYpUZlxKUgRDPnvx9QCmtI/LXSjRZiS86g0eGDmO20t7ZhRWCxl9mIadgp+2CrC5mmaLcMXBAxXkkNC1/Y5Ud8Z1ZLEypFW5WP19nfViCNq183RonWR+6B0OK3YhgrViI/58LCPX9O0F8oIrwm7ESmdjdPpFndcB2YVyp/+jA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974022; c=relaxed/simple; bh=fyw024FNdzCgn0OBHM3Ypj7OxQnitm+MYHa2n2pobIE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XiojHNyZ8UUZvGmpKtrXj3ySK0TrSNBuQXrGmO4ATImglPRWj/vXeE7tatuKs4PhrTNICCN5i56MxTwKvRgSqm2JQxHqhFI0WOuP+DNWCLUad4VfvslKCGjTlRwLL19G5EtIiZkCDZh7EurLEYwVuLu26PBPCAMnUHdfbEtG5o0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GpEM94zB; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GpEM94zB" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-de54be7066bso63909276.0 for ; Wed, 24 Apr 2024 08:53:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974020; x=1714578820; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ONwyVskTWQHpslgTZw8hf4C4K9cIt0E7xmJFnUiDsPw=; b=GpEM94zBJ4TiAGiELnhNronveYXwiYbUskLe0gZn8G+xa1HCkLnxVWvO+sTzLABoSd TJptsJlXFgTNzQb3F+kjxO2pHDGP/ikvQ0lzSt/v16xGo5wVvgYZ8d3wIYEJ2IInhCdg Ei+cv63B18r85Ui2QL+oQbpBoJaEXI7oBccsEgTg25P9cC8evnzF8RbXwhW2lnrPXf0q 9692K3NZyimvQQEauQaf3SVe8F5vLzTt41e0/sae9xMnvOw1Bl/QJHjCaL3EjEwPB1/F VfedCXrFyv6R8i29RpfKv+MdMTwCfeHjyDtnT1k0wVa2W+QF6EJby/oP85QZYScr8bdC PjBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974020; x=1714578820; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ONwyVskTWQHpslgTZw8hf4C4K9cIt0E7xmJFnUiDsPw=; b=W+4zuKAWOgcoONGf6SXTzVEuW9lVEK6+CAMpdXyTemh+EMhyUeAR4HyGLm/nR4kzBP BDUszknOzsMcyEomIlj6a7MjB8ZigIG4nRyG8jXwUT1HtuQvksWfFyyx1jmE/end2ZpF fVNDz1lvdtsSq1B20JNE3WKt5OnhVjBOH9bGZvU0+gyFwhH32iULB0wTYlH6lfAQ8OvX XcxtcxI214pbA0ye7In6JUftp4QyXIxTsXor7dbqULy42N4f33fk238U3pBkJjTH/2Qo aacnNIaBgTouK+TkKE/vhw/Z07aSa7mbsB+N0WgRlDdhE2vcIIXl4TdSwIJzZBxHyE4f Jg7Q== X-Gm-Message-State: AOJu0YzBlAEpO6hmNAmaHc60A+36jIvq3KQU8JotPWSowpzhhXLLdawv pmVAbBAlI92rw5uVTilHS6P8t3owv4CGJqgjr6LdWPtLsRGQh6avPPCNNodcu/pvlURYBQoSAaV uO2ZzDjVAdFJCs+f/o/0UsNFRiS3QB62kRnGX6d0vgJsVFB2u0FIWt2y+GONurES4OfbS4LArW0 l0K6Ckoas8ILFYq9Wped4MkZissdJ0nQ== X-Google-Smtp-Source: AGHT+IHX7WtsVsNqwNKvhI+To4SnGawKByTnzbSwsG/s5eCZ1zrHonsgJl1jG+GXDbRYbFRHkYOwz1DB X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:2b0a:b0:de5:319b:a226 with SMTP id fi10-20020a0569022b0a00b00de5319ba226mr985183ybb.1.1713974019817; Wed, 24 Apr 2024 08:53:39 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:13 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1684; i=ardb@kernel.org; h=from:subject; bh=KmSF5Zvyw7fE7ONhepC4hKKyoNQsKlI4bUs+BgqWQzY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T60VG8aksjVwf35OnVyknZLtwrJ/zuvg3i411QMi0z M/NWw51lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIn8aWNk2NaTLt+veqD2RfKL BpeprI7nRbYvNzii87FxgfgRvslalowMax45Sl90CNyqsOWg9boPYoyVed3yfrNkVm/f909/WoY yJwA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-14-ardb+git@google.com> Subject: [RFC PATCH 3/9] x86/purgatory: Drop pointless GDT switch From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The x86 purgatory switches to a new GDT twice, and the first time, it doesn't even bother to switch to the new code segment. Given that data segment selectors are ignored in long mode, and the fact that the GDT is reprogrammed again after returning from purgatory(), the first switch is entirely pointless and can just be dropped altogether. Signed-off-by: Ard Biesheuvel --- arch/x86/purgatory/setup-x86_64.S | 29 -------------------- 1 file changed, 29 deletions(-) diff --git a/arch/x86/purgatory/setup-x86_64.S b/arch/x86/purgatory/setup-x= 86_64.S index 2d10ff88851d..f160fc729cbe 100644 --- a/arch/x86/purgatory/setup-x86_64.S +++ b/arch/x86/purgatory/setup-x86_64.S @@ -15,17 +15,6 @@ .code64 =20 SYM_CODE_START(purgatory_start) - /* Load a gdt so I know what the segment registers are */ - lgdt gdt(%rip) - - /* load the data segments */ - movl $0x18, %eax /* data segment */ - movl %eax, %ds - movl %eax, %es - movl %eax, %ss - movl %eax, %fs - movl %eax, %gs - /* Setup a stack */ leaq lstack_end(%rip), %rsp =20 @@ -34,24 +23,6 @@ SYM_CODE_START(purgatory_start) jmp entry64 SYM_CODE_END(purgatory_start) =20 - .section ".rodata" - .balign 16 -SYM_DATA_START_LOCAL(gdt) - /* 0x00 unusable segment - * 0x08 unused - * so use them as the gdt ptr - */ - .word gdt_end - gdt - 1 - .quad gdt - .word 0, 0, 0 - - /* 0x10 4GB flat code segment */ - .word 0xFFFF, 0x0000, 0x9A00, 0x00AF - - /* 0x18 4GB flat data segment */ - .word 0xFFFF, 0x0000, 0x9200, 0x00CF -SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) - .bss .balign 16 SYM_DATA_START_LOCAL(lstack) --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46AB9168AF1 for ; Wed, 24 Apr 2024 15:53:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974024; cv=none; b=uwgX+cBnfPCqRqTdprJjIKfSXcnLkcOMHuaZCDyRxPzxu5kmMYI46MKj031wOJdt8iBQUYi9+AVh14OYkhWlA0wjpVeoVAWrYfSYra3bJP8hYhrm9bLj6+XGlie5NhoSftWruWZja/sew4LC/4poP7PDU8UbOwcEJkjFIbk6c3s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974024; c=relaxed/simple; bh=9+swj6gVAPxZ4sAKUioQftvHESZtWdbvHkiKo8iymQ0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=C8+0LJaBIOYvARypqBZZ9rakMYpYFw2BsO46J1dR0mLDurtwQ2X+p7iGtrzTJ9xYiHrPJvreYVnDbGSH6MMDkmODfu5I3Gd418M5cZ8Q5AiGjljtYDU76EU/PBlJd6FrYdmcDpKY2/UusqCPuBd9yXnXt59hZgCsRjW9ZWJfYQU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HwQvhJ0F; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HwQvhJ0F" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dbf618042daso64851276.0 for ; Wed, 24 Apr 2024 08:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974022; x=1714578822; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=I1uZvGOJrDJyNyZbDNRiP2qZHG8ZyjcmYdwIIxk4UA4=; b=HwQvhJ0FaHR78G6Jbt6K/CIL9VbHYYXTkU5MnotDrw0ec4ncEmmD7mvT8LO4J+McIH pay+7sq7VwRA1e0dPXByUXSYJ8OycnQDqbavL/5dDNmLfQJ9SpmyeuoZuxSe+QcvtP18 +6jzrBqVADyzAZqJ8Jw5lXOz4YY4BigPRikyYNOxtuSrW3YosopitVSU61Xi06ZVvgC5 kY2awLOqUINZtSdJ2A0ypad0t9fPSa/WadwbUSiwiVoK98dQmhdgf880AN+Ut9mrgG0P CPG+5K/CnP1U5Ef8iTwn0Xxxnu3ScZ+jnPowg24fdtNhUb37PWpRR79/ZxE32vZC3ATk n7iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974022; x=1714578822; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=I1uZvGOJrDJyNyZbDNRiP2qZHG8ZyjcmYdwIIxk4UA4=; b=P5eYym/OeGfK/aymv92e9xWETGVRpoQOmXpyizbK7Ci+DWV1T6y/4ufmqi5aUa/vSa yBcleH525SVUauAS59/AvWPzpMmf3DhVgf7b5B/KCblDo0Ai9Xul6lownNyA/jAFUjRg HO4IfAYA319CUY9LPjpVI/cfu7OvOqSpIA7/hw9lrY89FEEujwt5eU56gOF4GMTG3C5y C686mRtK1Pt22E1CN3bdP8v1e0QBrX+Yvn3KbaXc+0kV+RJknK9lydHjvmn0fJtAnHXq 9mxDCvDdmhAwBksUwh0AjoFFmx5w8C7EbV1SBmX/clhUHRwuL+27gszXtYvGJ7amDyRv BbDA== X-Gm-Message-State: AOJu0YwzZB9Cq+1xZzXOpD5WABCyZrKAlFBbfFHS/cce6AubSCnuN8JR XCCX7XT0QqUYaX6mYDX3pLTQNNzvLV7NbODin5dtCZ1YQK2vbJYQvUm/7dtvnnMZuDWBnmgPzpp TMhiykVBaAfbG+yliYFq6ibuV7Gwa45JBYXMT/4jneBbchnPAJXdnJfhlYlAReluS4P445SRPo4 uKvzttjznFvymy/58cxZt1xCRhvro3ug== X-Google-Smtp-Source: AGHT+IFEGGFxfMnQooqXA71tEBTY29NX0MUA7pIaduK0k76YjwQ4bXrhWlZuNWvOPSLJ1YLTC5jr9V+A X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:120b:b0:de4:67d9:a2c6 with SMTP id s11-20020a056902120b00b00de467d9a2c6mr203644ybu.2.1713974022222; Wed, 24 Apr 2024 08:53:42 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:14 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1348; i=ardb@kernel.org; h=from:subject; bh=XNDtlXNqERbrKnet8kKgoeintaNkpRS0TQFFAtyMk8M=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T69WP2+KSbU965hyyfHHbMubHPOZrK1Ia1xxZZPv4e ocgr9GmjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRgzGMDDOOXfadUMz1Y5e7 1Eej2e0P/GS3/Nw2R0dVO2trpJaVz3SG//FvfZ746Kprbm2vkwqLLn3/d4XNfJnneuvDPfcZZ/1 4xAQA X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-15-ardb+git@google.com> Subject: [RFC PATCH 4/9] x86/purgatory: Avoid absolute reference to GDT From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The purgatory is almost entirely position independent, without any need for any relocation processing at load time except for the reference to the GDT in the entry code. Generate this reference at runtime instead, to remove the last R_X86_64_64 relocation from this code. While the GDT itself needs to be preserved in memory as long as it is live, the GDT descriptor that is used to program the GDT can be discarded so it can be allocated on the stack. Signed-off-by: Ard Biesheuvel --- arch/x86/purgatory/entry64.S | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/x86/purgatory/entry64.S b/arch/x86/purgatory/entry64.S index 9913877b0dbe..888661d9db9c 100644 --- a/arch/x86/purgatory/entry64.S +++ b/arch/x86/purgatory/entry64.S @@ -16,7 +16,11 @@ =20 SYM_CODE_START(entry64) /* Setup a gdt that should be preserved */ - lgdt gdt(%rip) + leaq gdt(%rip), %rax + pushq %rax + pushw $gdt_end - gdt - 1 + lgdt (%rsp) + addq $10, %rsp =20 /* load the data segments */ movl $0x18, %eax /* data segment */ @@ -83,8 +87,8 @@ SYM_DATA_START_LOCAL(gdt) * 0x08 unused * so use them as gdt ptr */ - .word gdt_end - gdt - 1 - .quad gdt + .word 0 + .quad 0 .word 0, 0, 0 =20 /* 0x10 4GB flat code segment */ --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A6BA16C437 for ; Wed, 24 Apr 2024 15:53:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974027; cv=none; b=MgmYhpHzPw5G9dWGwsIBP0DuH4g5wYYA8a782lZ0Ami4vTQnRJVDKknZT7ZziWp5n07n9QJkMoV0unov8amLwbpgaoIpoWF/ZkFm293PBZXBnW2Brrayc9XW3q35V7BE0vbClJpi8SOELW7HEUvBvSLL5VgI/HnBYpzPXwWdUJI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974027; c=relaxed/simple; bh=H2ocIIiAupI/NDpLV8KCMiyTbQqB8T6hYpeW8AU/k/8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EYC0Yf5A2fhD2+3eIL53wEBwGrN91MICYx3NYL4DGz2ALjNJ/U1a20/lrcbgF3kgYwwQ+JX1BaELCj3Gl1h2faL6aT29vVtI7Cg4mBdvRe8qFtG1CVcg2vB+GLpgzMoVsFegHpk7Kvjh0DE61Kmb+2SXzXasxr/KJ5IQQdSLxFM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=EXc+S6GX; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EXc+S6GX" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-346b8ef7e10so4478412f8f.3 for ; Wed, 24 Apr 2024 08:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974024; x=1714578824; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jjdGmdFWunSakeQxhcxmHXUAnMO8coypY8ElDRJZN3Y=; b=EXc+S6GXXm4arhpyX9iJJgrLQKnQRzBYoOj1MZyfYCa8/ORhF6/7ZdeOSqScboTQK7 y52Oes0/w5Xn5zTPThaJSL6HQBAyzZ98AvjX2CLyuEvMnZ/9rr0ClJX8c1CJIhK/5v9O zg+kDZ/94DjOM7Rdd/njit16arwt+5zwwpJoH73yeN7MBBn5E0bt5U/xLgHJGu4AW9eH F6SkkRFHYlmYQTJz4PEAQMIF0M39Bu+3mq8pbSwxFdvzInSbAIggQnqs/aoVz4NG0bTO HqA0TXAFrFiCfAGg5N5RzPVVE5DhfQjMY2RiroYecX+Abngfu6i1/2WKQgT9MW/PXu5s 0UdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974024; x=1714578824; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jjdGmdFWunSakeQxhcxmHXUAnMO8coypY8ElDRJZN3Y=; b=An4P5tPqkzLjlcbg9xL6A8UbclvFPvkH2nO+Z4eGwhSkf89jajj1p9MH/CoiQ7eKhE hFohIG9pNwXKT6ZSfe6ueZi+IYCdGXuZWkvJSb2GI0ufY2LxiXPxHj/0uZM0iE1+sItb tZFmERy1ZsbQV8bvqlUqYHJn3Bn8ohh49NLIIHXOofoVcRKFDxg2mxIheCgLmOIyL3bc 0TkEW/LH6l2EFTFWo5Pf+V5awkIUtdVvrRmIpb+cfpfC+IKqcSX9kcEI3d/liLLCiRJq OSXMjYEG+L11FJsiAlKHb7nDc9gAEGh0l9IdVTN+NNq34ojVX7Yoa/is2XDo6y2WqarU lk2A== X-Gm-Message-State: AOJu0YxIM9sNYyiSv8xIH0+aOaMmWPteEeCp3M+vB7+oJi0eLU2dccK7 H6/L8XYGFDu8EU5hFuDo5/9iqLoBKFhw1Sf/iyvliuKbc7uApXY5C3G/jnPnZTGJPfc6j39rY8B rf659158UFJzNoNh1c+hVB7zSDQdXYB9wtmZHh3j3p78JjMIdb6aOMNxDH9h9VaLXwYwMkQMY01 Adtu9ZdrjkytIF7LI8nEhh51y+Lc8/+w== X-Google-Smtp-Source: AGHT+IEn5r/4qBnC8xtfim3xmOpYM/A60T3wlnxZ2weMiVXGxLyNbc4Y6I4sKkBsnHH/JjZQDh3D0l4v X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a5d:50ce:0:b0:343:c41b:3e37 with SMTP id f14-20020a5d50ce000000b00343c41b3e37mr9280wrt.10.1713974024525; Wed, 24 Apr 2024 08:53:44 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:15 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1495; i=ardb@kernel.org; h=from:subject; bh=2RmgWaHe6lR2Ojq2O13NtFX0a3tx2m9Gxd1ampluXaw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T63V+yN3dj+1yefbxClw7U8dWc36DtjWPV4Vvk3hy4 rIoFtWOUhYGMQ4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJF/Hxj+J1tPOL1Z+ZCU+OHW BUX5N72YqiKDmRXT9jrfLt2yzGyvPiPDKSv2rLCc1k8cUhqBbEFmB59k3/r8QWv9dnsRi6jqRUW 8AA== X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-16-ardb+git@google.com> Subject: [RFC PATCH 5/9] x86/purgatory: Simplify GDT and drop data segment From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Data segment selectors are ignored in long mode so there is no point in programming them. So clear them instead. This only leaves the code segment entry in the GDT, which can be moved up a slot now that the second slot is no longer used as the GDT descriptor. Signed-off-by: Ard Biesheuvel --- arch/x86/purgatory/entry64.S | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/arch/x86/purgatory/entry64.S b/arch/x86/purgatory/entry64.S index 888661d9db9c..3d09781d4f9a 100644 --- a/arch/x86/purgatory/entry64.S +++ b/arch/x86/purgatory/entry64.S @@ -23,14 +23,14 @@ SYM_CODE_START(entry64) addq $10, %rsp =20 /* load the data segments */ - movl $0x18, %eax /* data segment */ + xorl %eax, %eax /* data segment */ movl %eax, %ds movl %eax, %es movl %eax, %ss movl %eax, %fs movl %eax, %gs =20 - pushq $0x10 /* CS */ + pushq $0x8 /* CS */ leaq new_cs_exit(%rip), %rax pushq %rax lretq @@ -84,16 +84,9 @@ SYM_DATA_END(entry64_regs) SYM_DATA_START_LOCAL(gdt) /* * 0x00 unusable segment - * 0x08 unused - * so use them as gdt ptr */ - .word 0 .quad 0 - .word 0, 0, 0 =20 - /* 0x10 4GB flat code segment */ + /* 0x8 4GB flat code segment */ .word 0xFFFF, 0x0000, 0x9A00, 0x00AF - - /* 0x18 4GB flat data segment */ - .word 0xFFFF, 0x0000, 0x9200, 0x00CF SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 194A316C874 for ; Wed, 24 Apr 2024 15:53:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974029; cv=none; b=V21pfgn+lQX18vlzo2W31bhXpUGNVti1c1VFBAIwCpTcAhM8ERthUVrw1VwkuK4toSMbeB8WJRs+skG8/gfx87JNKwUZKcmHis4ITgzbIxrLeuukYi/jDSK1WTWXjljJ++iIDN1efECPbIXUI2cXsrikfNSNfEy1ZbHB/rrPbQU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974029; c=relaxed/simple; bh=1+VCxIzQcdwbTGlX9e1o9EFbgAwdNaFUnQJi6aPn/k4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=UC0nhDMva21jIOR9+7NpWXQn3U3PVaaZoEEQ80evPOUB6PmBvJANdj+FFel1iutZo0B+0PkvFlP+egKnv5jANWC/gT1Hl5DRpEiAe3huTTS6tpqILxQejEYzrYn8GS8Pg6fj4w7BYnLEYatQB8SNjgqxQthlSm28Hlo14fsotzc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Rv/pDXj7; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Rv/pDXj7" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-de5823bd7eeso137744276.0 for ; Wed, 24 Apr 2024 08:53:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974027; x=1714578827; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=pEfb48Zw4FzaI31A4Yvo9b2JQcLeZ9Sid/iFgPsmsBc=; b=Rv/pDXj7oa9+h99JFEYoIkhTwaWpzk+3tbBLCUgiN73/tt+MPr3bbo8GIRt6QnuME7 /pS6UR8NBQ/wFkdIYR/4jHw4o87O/BjRHJEbMpHkCfJoAXhnP6UVgmEmlSomJSYJRoaM JwqSZtyzUEF1/TDDoHAGMsYLWiZgkknvOhHDbVOulG9eemaAiNIoCPikkQdx2CHOsqja mD6Ubaop7QynWzSNqAxw5+FD5CTOnQRWVNl5EK9eU6bwl0ry9yDPHKIb/0Iy00i5NF9k +3CbAPpSmF4L2KTv6tBaeD/tMD/wqtv6WQ9oPToh5MKvlC/afQvAxItwAI4RICY9v4iB +8iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974027; x=1714578827; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pEfb48Zw4FzaI31A4Yvo9b2JQcLeZ9Sid/iFgPsmsBc=; b=RTluq9BwvcGGtqsr5n8lkdRsFCgBoRryj6byo2SyXnOBKLvvCZCBe5f243hfIqh9Ca ZTFp6LdK19uIDNkKnmI7c8j0QROaPMGzdexpclxfh/FBuSc+rVkFgsd3/a9rsTnqMKrt E24Y8D3yw0fjg2JGkgFN4a6mpHXCul1gQS9bYXUfrOp7YjA+Hk+8c4tdVeelynYvNWL9 d9oDzhnnM7mZwrUXEmVtufkXgewQQBbfvbvF0bE7PJiL950A0UzKWkAwS8hqZ7ssYddh MCc/CraovIU7MZoFYZKWI7lXcu6bfQWie4vYiMKX7NRHFNP6+I/u3fnKfBgkXyVuaGMn +jnw== X-Gm-Message-State: AOJu0Yw5VIOFhxsc+LIbpegJH71hdDo03XOLcazAO4FBBmcKAy8p3Jn3 uB5iYfZ6b+s5cfjSM/dNactABRBl+un2vF2GvcJYlAOPxwk3iwRCasByhta7DbiYt18uv++iPdt yqgyAPhj84gpeIM2YTw4QRt8wcYC0FR5MO9UjbT69R7sMWpNRuG57hxJNhYQZ13aE3hx07JOTZD +fb8kjIMIZ9ESR9zAqXG1om3pwl+Bgkw== X-Google-Smtp-Source: AGHT+IHbg4wJywEqzUt2+8hQS3ObQVSgRyNrAL3sr6Ik+6p7Atan3Jg90qVh+XsYqwBQa0qziPF/Vb/1 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a25:c789:0:b0:dc6:b7c2:176e with SMTP id w131-20020a25c789000000b00dc6b7c2176emr4995ybe.4.1713974026968; Wed, 24 Apr 2024 08:53:46 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:16 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5039; i=ardb@kernel.org; h=from:subject; bh=KbB2fMI6RaaNb9qTs1/na+POkGeoOZURr4jcCaqB+Qw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T682aCbcVWayP97etXvKAe1Jmc/WfuFq7S1nTRTJ6I l8KH37YUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYS3sbIMD2FX52rem5U7pXq ytRHu2telH5M9vvg/i9Rb8nzrNCCIIb//kdzNfTuXL6vFdr7TXl/9bSzqhs+GpQ9eRf68MvGBJ4 +fgA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-17-ardb+git@google.com> Subject: [RFC PATCH 6/9] kexec: Add support for fully linked purgatory executables From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The purgatory ELF object is typically a partially linked object, which puts the burden on the kexec loader to lay out the executable in memory, and this involves (among other things) deciding the placement of the sections in memory, and fixing up all relocations (relative and absolute ones) All of this can be greatly simplified by using a fully linked PIE ELF executable instead, constructed in a way that removes the need for any relocation processing or layout and allocation of individual sections. By gathering all allocatable sections into a single PT_LOAD segment, and relying on RIP-relative references, all relocations will be applied by the linker, and the segment simply needs to be copied into memory. So add a linker script and some minimal handling in generic code, which can be used by architectures to opt into this approach. This will be wired up for x86 in a subsequent patch. Signed-off-by: Ard Biesheuvel --- include/asm-generic/purgatory.lds | 34 ++++++++++ kernel/kexec_file.c | 68 +++++++++++++++++++- 2 files changed, 101 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/purgatory.lds b/include/asm-generic/purgat= ory.lds new file mode 100644 index 000000000000..260c457f7608 --- /dev/null +++ b/include/asm-generic/purgatory.lds @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +PHDRS +{ + text PT_LOAD FLAGS(7) FILEHDR PHDRS; +} + +SECTIONS +{ + . =3D SIZEOF_HEADERS; + + .text : { + *(.text .rodata* .kexec-purgatory .data*) + } :text + + .bss : { + *(.bss .dynbss) + } :text + + .rela.dyn : { + *(.rela.*) + } + + .symtab 0 : { *(.symtab) } + .strtab 0 : { *(.strtab) } + .shstrtab 0 : { *(.shstrtab) } + + /DISCARD/ : { + *(.interp .modinfo .dynsym .dynstr .hash .gnu.* .dynamic .comment) + *(.got .plt .got.plt .plt.got .note.* .eh_frame .sframe) + } +} + +ASSERT(SIZEOF(.rela.dyn) =3D=3D 0, "Absolute relocations detected"); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index bef2f6f2571b..6379f8dfc29f 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -1010,6 +1010,62 @@ static int kexec_apply_relocations(struct kimage *im= age) return 0; } =20 +/* + * kexec_load_purgatory_pie - Load the position independent purgatory obje= ct. + * @pi: Purgatory info struct. + * @kbuf: Memory parameters to use. + * + * Load a purgatory PIE executable. This is a fully linked executable + * consisting of a single PT_LOAD segment that does not require any reloca= tion + * processing. + * + * Return: 0 on success, negative errno on error. + */ +static int kexec_load_purgatory_pie(struct purgatory_info *pi, + struct kexec_buf *kbuf) +{ + const Elf_Phdr *phdr =3D (void *)pi->ehdr + pi->ehdr->e_phoff; + int ret; + + if (pi->ehdr->e_phnum !=3D 1) + return -EINVAL; + + kbuf->bufsz =3D phdr->p_filesz; + kbuf->memsz =3D phdr->p_memsz; + kbuf->buf_align =3D phdr->p_align; + + kbuf->buffer =3D vzalloc(kbuf->bufsz); + if (!kbuf->buffer) + return -ENOMEM; + + ret =3D kexec_add_buffer(kbuf); + if (ret) + goto out_free_kbuf; + + kbuf->image->start =3D kbuf->mem + pi->ehdr->e_entry; + + pi->sechdrs =3D vcalloc(pi->ehdr->e_shnum, pi->ehdr->e_shentsize); + if (!pi->sechdrs) + goto out_free_kbuf; + + pi->purgatory_buf =3D memcpy(kbuf->buffer, + (void *)pi->ehdr + phdr->p_offset, + kbuf->bufsz); + + memcpy(pi->sechdrs, (void *)pi->ehdr + pi->ehdr->e_shoff, + pi->ehdr->e_shnum * pi->ehdr->e_shentsize); + + for (int i =3D 0; i < pi->ehdr->e_shnum; i++) + if (pi->sechdrs[i].sh_flags & SHF_ALLOC) + pi->sechdrs[i].sh_addr +=3D kbuf->mem; + + return 0; + +out_free_kbuf: + vfree(kbuf->buffer); + return ret; +} + /* * kexec_load_purgatory - Load and relocate the purgatory object. * @image: Image to add the purgatory to. @@ -1031,6 +1087,9 @@ int kexec_load_purgatory(struct kimage *image, struct= kexec_buf *kbuf) =20 pi->ehdr =3D (const Elf_Ehdr *)kexec_purgatory; =20 + if (pi->ehdr->e_type !=3D ET_REL) + return kexec_load_purgatory_pie(pi, kbuf); + ret =3D kexec_purgatory_setup_kbuf(pi, kbuf); if (ret) return ret; @@ -1087,7 +1146,8 @@ static const Elf_Sym *kexec_purgatory_find_symbol(str= uct purgatory_info *pi, =20 /* Go through symbols for a match */ for (k =3D 0; k < sechdrs[i].sh_size/sizeof(Elf_Sym); k++) { - if (ELF_ST_BIND(syms[k].st_info) !=3D STB_GLOBAL) + if (pi->ehdr->e_type =3D=3D ET_REL && + ELF_ST_BIND(syms[k].st_info) !=3D STB_GLOBAL) continue; =20 if (strcmp(strtab + syms[k].st_name, name) !=3D 0) @@ -1159,6 +1219,12 @@ int kexec_purgatory_get_set_symbol(struct kimage *im= age, const char *name, =20 sym_buf =3D (char *)pi->purgatory_buf + sec->sh_offset + sym->st_value; =20 + if (pi->ehdr->e_type !=3D ET_REL) { + const Elf_Shdr *shdr =3D (void *)pi->ehdr + pi->ehdr->e_shoff; + + sym_buf -=3D shdr[sym->st_shndx].sh_addr; + } + if (get_value) memcpy((void *)buf, sym_buf, size); else --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58B2416D32E for ; Wed, 24 Apr 2024 15:53:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974033; cv=none; b=LZsAlNzmPIfe3EqFVyZbx0+mJLhQ7yUkJYLVBpVww60eySfmNXJNcKvWs8bhGMm2/31h+WgOR6FRq00kyCTYsw689YO7s2daiqJOvhNSnGVWtRz2rlDzOB5o8O35GshlWVEhlcWbmkpMjkNAqPNWl/xZXRqrlS2qWGz2ul7XElI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974033; c=relaxed/simple; bh=qbVPadcUMUngKSnbMdR5u0aZQpbUxvucEmX1GSbh/rc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=U5wDWWgYGy2Wrb+UkAmrXHByKd+KTYoRSgCjeFUFvcQssiCy9kQG0pJqt5ztfle0hIV2zbGA1hVlLSgHDsE2I5sOxJtDClMyV/MkFGhUjgZDSjC0A+MVBF7/rd1xPpI7HKC/MTlcvY9Ovah28B9ClKbZsahkk1oJppv78aUeDmc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KPm9t+k5; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KPm9t+k5" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-41a074e2d69so16376985e9.3 for ; Wed, 24 Apr 2024 08:53:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974029; x=1714578829; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Qa45zJF/AbMRvdTbOV/4UEGhBCAI225hQ2s7T3i+Ooo=; b=KPm9t+k5ky0MUnI6eZ2R/qhEISR3QhTGES+0JsafFUYgj9nz/GvbbJk4o0SYbBzHbE doyPF0OUp3R60/bc5H7CYi9EfZtQLzPOrT9sBiZzVwoD7qbQPG99FZCUuYg51jFJdIPh Yk49kINuvhDmTJ1Nyo0PJYwvgfU3RfT/C8WjfWPAKFGEGpMoxvaN/AkBqHpvTZ+H0Gn/ 5MejDYlVtlex2B/tPb5roo9qidr6BIw2cwv/nyoXd0nN+oTq4TdgwgmHvnV10B/ngQQM f6jY52ZF9bk2R58bh06al+NsLPuz2DH7layAa+YlR/aNPnWDsGHudeadllGWK3Cy95Cs DOYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974029; x=1714578829; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Qa45zJF/AbMRvdTbOV/4UEGhBCAI225hQ2s7T3i+Ooo=; b=cpZPlDGXmkfQHJBmmHkJCPW1+n4f4R3EHJ4L/2Bo4ew7vePYRjt7pP+w7PHaumqoGw 01I6TZuPEeky+aolr3ia1QpPYvj3G0uCOt2a96VvU7CPC9yk6GGYbvZUJzYV+0uWyV27 vAbQyp6kC4/PROzphn2fW9eqlnSs/l8GL5jQz6bnB9H2FUAvL7Qs5wMbmHVh12hiUreg dhp2TIVek2CTNOBy7h1Fx1gAXcJ+HJMIuJmtlhPEVNfx1vOfYdgNpQWqfk8iWWv97pwF SqaAN2tRbb5+Mg/IedYeg/smLqatgwHtWUq6h6tq3Cw7F17rCOK7tqxMAdxWIn/RlfJy dH5A== X-Gm-Message-State: AOJu0YzVFWtlHnn49P1S8gf/i+XBrzbKrOArAD+65QUydIMogkbDN4xn U6/v8vuOu5x5/QdjY1+EcdDtRx/qqdissBl+3vVlnleZDKOdpTylTch1Ze+GYYGU2QpMjjfn0eo 2a5uzgB0Nf9GEbd/Y1iZUutT4Plb7UeYHJUNkAcCs7ghaDHZRUpfk1dOTUcIMMI2X7NkMKZ19CD 8sWjLHWu2MSf3a7UfHx4WSJy0n5bURqg== X-Google-Smtp-Source: AGHT+IGPDbNhL5NFJULZL4U66kpbV99fqZ3v34KTMJNmsTCednnzv3CzTgv4ww9xbt+KXw0b9m9aqo3Y X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:adf:dd8a:0:b0:33e:75e5:693b with SMTP id x10-20020adfdd8a000000b0033e75e5693bmr8108wrl.9.1713974029215; Wed, 24 Apr 2024 08:53:49 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:17 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6976; i=ardb@kernel.org; h=from:subject; bh=Xy7s/2+HI2gRh+BhIpznzNQEEi4VjcSVENS8njd99EU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T663HrbUJ9971T9u6b+OFpYuP+EVa5DmaaBhkcJe79 Xo2LtnSUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACbiUsTIMH3l6Wvn90mZr1gt Lrvn5uqsM8sYLnx/WcRY5FS5neMlVwEjwyzJDIYTC4Ks2+67zf1ooX/kIN8M3/IQtym8aoUxxm+ 8mQA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-18-ardb+git@google.com> Subject: [RFC PATCH 7/9] x86/purgatory: Use fully linked PIE ELF executable From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Now that the generic support is in place, switch to a fully linked PIE ELF executable for the purgatory, so that it can be loaded as a single, fully relocated image. This allows a lot of ugly post-processing logic to simply be dropped. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/kexec.h | 7 -- arch/x86/kernel/machine_kexec_64.c | 127 -------------------- arch/x86/purgatory/Makefile | 14 +-- 3 files changed, 5 insertions(+), 143 deletions(-) diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h index ee7b32565e5f..c7cacc2e9dfb 100644 --- a/arch/x86/include/asm/kexec.h +++ b/arch/x86/include/asm/kexec.h @@ -191,13 +191,6 @@ void arch_kexec_unprotect_crashkres(void); #define arch_kexec_unprotect_crashkres arch_kexec_unprotect_crashkres =20 #ifdef CONFIG_KEXEC_FILE -struct purgatory_info; -int arch_kexec_apply_relocations_add(struct purgatory_info *pi, - Elf_Shdr *section, - const Elf_Shdr *relsec, - const Elf_Shdr *symtab); -#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add - int arch_kimage_file_post_load_cleanup(struct kimage *image); #define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_clea= nup #endif diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k= exec_64.c index bc0a5348b4a6..ded924423e50 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -371,133 +371,6 @@ void machine_kexec(struct kimage *image) /* arch-dependent functionality related to kexec file-based syscall */ =20 #ifdef CONFIG_KEXEC_FILE -/* - * Apply purgatory relocations. - * - * @pi: Purgatory to be relocated. - * @section: Section relocations applying to. - * @relsec: Section containing RELAs. - * @symtabsec: Corresponding symtab. - * - * TODO: Some of the code belongs to generic code. Move that in kexec.c. - */ -int arch_kexec_apply_relocations_add(struct purgatory_info *pi, - Elf_Shdr *section, const Elf_Shdr *relsec, - const Elf_Shdr *symtabsec) -{ - unsigned int i; - Elf64_Rela *rel; - Elf64_Sym *sym; - void *location; - unsigned long address, sec_base, value; - const char *strtab, *name, *shstrtab; - const Elf_Shdr *sechdrs; - - /* String & section header string table */ - sechdrs =3D (void *)pi->ehdr + pi->ehdr->e_shoff; - strtab =3D (char *)pi->ehdr + sechdrs[symtabsec->sh_link].sh_offset; - shstrtab =3D (char *)pi->ehdr + sechdrs[pi->ehdr->e_shstrndx].sh_offset; - - rel =3D (void *)pi->ehdr + relsec->sh_offset; - - pr_debug("Applying relocate section %s to %u\n", - shstrtab + relsec->sh_name, relsec->sh_info); - - for (i =3D 0; i < relsec->sh_size / sizeof(*rel); i++) { - - /* - * rel[i].r_offset contains byte offset from beginning - * of section to the storage unit affected. - * - * This is location to update. This is temporary buffer - * where section is currently loaded. This will finally be - * loaded to a different address later, pointed to by - * ->sh_addr. kexec takes care of moving it - * (kexec_load_segment()). - */ - location =3D pi->purgatory_buf; - location +=3D section->sh_offset; - location +=3D rel[i].r_offset; - - /* Final address of the location */ - address =3D section->sh_addr + rel[i].r_offset; - - /* - * rel[i].r_info contains information about symbol table index - * w.r.t which relocation must be made and type of relocation - * to apply. ELF64_R_SYM() and ELF64_R_TYPE() macros get - * these respectively. - */ - sym =3D (void *)pi->ehdr + symtabsec->sh_offset; - sym +=3D ELF64_R_SYM(rel[i].r_info); - - if (sym->st_name) - name =3D strtab + sym->st_name; - else - name =3D shstrtab + sechdrs[sym->st_shndx].sh_name; - - pr_debug("Symbol: %s info: %02x shndx: %02x value=3D%llx size: %llx\n", - name, sym->st_info, sym->st_shndx, sym->st_value, - sym->st_size); - - if (sym->st_shndx =3D=3D SHN_UNDEF) { - pr_err("Undefined symbol: %s\n", name); - return -ENOEXEC; - } - - if (sym->st_shndx =3D=3D SHN_COMMON) { - pr_err("symbol '%s' in common section\n", name); - return -ENOEXEC; - } - - if (sym->st_shndx =3D=3D SHN_ABS) - sec_base =3D 0; - else if (sym->st_shndx >=3D pi->ehdr->e_shnum) { - pr_err("Invalid section %d for symbol %s\n", - sym->st_shndx, name); - return -ENOEXEC; - } else - sec_base =3D pi->sechdrs[sym->st_shndx].sh_addr; - - value =3D sym->st_value; - value +=3D sec_base; - value +=3D rel[i].r_addend; - - switch (ELF64_R_TYPE(rel[i].r_info)) { - case R_X86_64_NONE: - break; - case R_X86_64_64: - *(u64 *)location =3D value; - break; - case R_X86_64_32: - *(u32 *)location =3D value; - if (value !=3D *(u32 *)location) - goto overflow; - break; - case R_X86_64_32S: - *(s32 *)location =3D value; - if ((s64)value !=3D *(s32 *)location) - goto overflow; - break; - case R_X86_64_PC32: - case R_X86_64_PLT32: - value -=3D (u64)address; - *(u32 *)location =3D value; - break; - default: - pr_err("Unknown rela relocation: %llu\n", - ELF64_R_TYPE(rel[i].r_info)); - return -ENOEXEC; - } - } - return 0; - -overflow: - pr_err("Overflow in relocation type %d value 0x%lx\n", - (int)ELF64_R_TYPE(rel[i].r_info), value); - return -ENOEXEC; -} - int arch_kimage_file_post_load_cleanup(struct kimage *image) { vfree(image->elf_headers); diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index 2df4a4b70ff5..acc09799af2a 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -26,12 +26,11 @@ KBUILD_CFLAGS :=3D $(filter-out $(CC_FLAGS_LTO),$(KBUIL= D_CFLAGS)) # Drop the function entry padding, which is not needed here KBUILD_CFLAGS :=3D $(filter-out $(PADDING_CFLAGS),$(KBUILD_CFLAGS)) =20 -# When linking purgatory.ro with -r unresolved symbols are not checked, -# also link a purgatory.chk binary without -r to check for unresolved symb= ols. PURGATORY_LDFLAGS :=3D -e purgatory_start -z nodefaultlib -LDFLAGS_purgatory.ro :=3D -r $(PURGATORY_LDFLAGS) -LDFLAGS_purgatory.chk :=3D $(PURGATORY_LDFLAGS) -targets +=3D purgatory.ro purgatory.chk +PURGATORY_LDFLAGS +=3D -T $(srctree)/include/asm-generic/purgatory.lds -pie +PURGATORY_LDFLAGS +=3D --orphan-handling=3D$(CONFIG_LD_ORPHAN_WARN_LEVEL) +LDFLAGS_purgatory.ro :=3D $(PURGATORY_LDFLAGS) +targets +=3D purgatory.ro =20 # Sanitizer, etc. runtimes are unavailable and cannot be linked here. GCOV_PROFILE :=3D n @@ -87,9 +86,6 @@ asflags-remove-y +=3D $(foreach x, -g -gdwarf-4 -gdwarf-= 5, $(x) -Wa,$(x)) $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE $(call if_changed,ld) =20 -$(obj)/purgatory.chk: $(obj)/purgatory.ro FORCE - $(call if_changed,ld) - -$(obj)/kexec-purgatory.o: $(obj)/purgatory.ro $(obj)/purgatory.chk +$(obj)/kexec-purgatory.o: $(obj)/purgatory.ro =20 obj-y +=3D kexec-purgatory.o --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 214C916D33C for ; Wed, 24 Apr 2024 15:53:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974034; cv=none; b=nAtYIDwUtVXR0iZ4ZLX+xInoxv0toDP9XQVUcTLa4FyTYX7DjnygrMfW09qBjbK8joIs7LkRNwtx1D/GRnbdYlvaUuLZ3osjlKUTEpP4DKml7dQKBVFyzYcX/BdlLTl2ElBjZxEl30fIEcgmisrjOB9lgJF2hdtP492CdLQUVqQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974034; c=relaxed/simple; bh=HZYQYaRf1dR7DEcXcxVov+yo3FzyXQK8WUfc4ejJyH0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KsGfoIiMAckxtEuMc032h+ONx+bhYEKTmcSEFRIzCLW8F+JyOiu/e9PtpRjCoxi0QEy51rbIbRei04YLutSwlPHyxiMIxhoZWOZ9QZJD1tWzsBWPWYq3QvHdC8MIOslOHqyTa0rRPCJICzGjAutfKOujUaLsRyDHVr+Utz2KIFM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=X+NC66p2; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="X+NC66p2" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-418a673c191so21845e9.0 for ; Wed, 24 Apr 2024 08:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974031; x=1714578831; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Vceqt7TifCou1HPRPnwqXwiyHcq6CY32UQFrKskdP68=; b=X+NC66p2Srp5QzpqavJEIn+9qFvdJ4iFe10ZLzKpnJZcLxY/GRQJuuhHlzZKWOHbVc eAT4cOf6HVXuyJa2XuhICgkzsoojaF1oo/o7oUkUqn8udIjFIc8SKI64HxQyHiz2kYBc qzYJ1uRymid9O1IlvZxKphZq5VAvD7crF8nVUgNWcwvFgPeA2a0pUPWy7y3hTmQlqTBU hK0mY/hRLehPFvRkDbcheVCW7Gxe7TrUvj0vv89Vdw+OurN3jCH5HAoy4/YXl5Fy1p/Z ppfk2Uq52ve+elhNRGaCBoSVSOwCsNw4wiu41+iaJ1Rmgu7urGVxrCsBmwEUL2GJVVq6 PFrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974031; x=1714578831; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Vceqt7TifCou1HPRPnwqXwiyHcq6CY32UQFrKskdP68=; b=MqNaEQRFMWdoEoAX4mcKa0rgUs9cBbNyjX/60ZB3dKytVOm0GfYTWFGxLr8GPFZqLU Pv/nxxqJSTou0UxHaOZ3+G/I+G9IDFdgwJK+qWX1X+saH9zLgfOP94k0qWyZlLZxcE23 6okXVHtBWUVIDB0m+HqLDeW/Dkt1W4YxGzN6WyIrjzAZ852D4eogPIUH4nKqLH1jUfl8 PITknsWcFznJA4sXikg5tgyHEZLUuKcrHY03xpudBzzX5qoO8Ugac58Jtk9i9uet9pej b/79feIDmHnx6ocM5n4JEyBJclKa8ZETY7d8Mw2D1H8ZjXIyw2W0TBCcWUB/24TCjnb7 JG8w== X-Gm-Message-State: AOJu0YyOlchMy3zWH45C+jwtqlTfJxqzifpaZ8SGcx0JLjMF8udjC5ci ERK2PMBCxlsPnaZ/SeBDk5+N9daehqlJr2M8Pe2DCWru3ASohccmRy3kPe92MbpK0wsi5It/qmL ieLGQ/rBxrKxL7I2rjhQ+qLhkjF9CGrvepCQ4tta3FgwYv8mtu4b5gSJNl14CdyKGn/cSQ+NyoE twwK3s5prJeXlOvc8pfoQNHiCUrFNZiQ== X-Google-Smtp-Source: AGHT+IEgIce6FPBXR6zGeN4ZV5e/jTyyGjrZ6o4ezBolJ8kjLZr2gRR3t4yw5Tk8N83KwMIeS+t+nCjf X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:adf:fb01:0:b0:33d:5804:7f6e with SMTP id c1-20020adffb01000000b0033d58047f6emr11165wrr.4.1713974031332; Wed, 24 Apr 2024 08:53:51 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:18 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2357; i=ardb@kernel.org; h=from:subject; bh=oIYWiPazWt0a3ZXKk6EjdN5wcBfWVZ3Z+EicqDLij6o=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T651wYZulH1f2qRa5GSoKb76+01Bdt6Vp4d3Zn+a3e suc8HLvKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABO5fIyR4Wli15yznFPOrDh7 WuK76io2sVyftOqDHJVuKmpSQuwT0xkZXs8/diLx6dm55mrHZe6/zJixP2mzo7iHFvchmVUzvhd sYAMA X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-19-ardb+git@google.com> Subject: [RFC PATCH 8/9] x86/purgatory: Simplify references to regs array From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Use a single symbol reference and offset addressing to load the contents of the register file from memory, instead of using a symbol reference for each, which results in larger code and more ELF overhead. While at it, rename the individual labels with an .L prefix so they are omitted from the ELF symbol table. Signed-off-by: Ard Biesheuvel --- arch/x86/purgatory/entry64.S | 67 ++++++++++---------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/arch/x86/purgatory/entry64.S b/arch/x86/purgatory/entry64.S index 3d09781d4f9a..56487fb7fa1d 100644 --- a/arch/x86/purgatory/entry64.S +++ b/arch/x86/purgatory/entry64.S @@ -37,45 +37,46 @@ SYM_CODE_START(entry64) new_cs_exit: =20 /* Load the registers */ - movq rax(%rip), %rax - movq rbx(%rip), %rbx - movq rcx(%rip), %rcx - movq rdx(%rip), %rdx - movq rsi(%rip), %rsi - movq rdi(%rip), %rdi - movq rbp(%rip), %rbp - movq r8(%rip), %r8 - movq r9(%rip), %r9 - movq r10(%rip), %r10 - movq r11(%rip), %r11 - movq r12(%rip), %r12 - movq r13(%rip), %r13 - movq r14(%rip), %r14 - movq r15(%rip), %r15 + leaq entry64_regs(%rip), %r15 + movq 0x00(%r15), %rax + movq 0x08(%r15), %rcx + movq 0x10(%r15), %rdx + movq 0x18(%r15), %rbx + movq 0x20(%r15), %rbp + movq 0x28(%r15), %rsi + movq 0x30(%r15), %rdi + movq 0x38(%r15), %r8 + movq 0x40(%r15), %r9 + movq 0x48(%r15), %r10 + movq 0x50(%r15), %r11 + movq 0x58(%r15), %r12 + movq 0x60(%r15), %r13 + movq 0x68(%r15), %r14 + movq 0x70(%r15), %r15 =20 /* Jump to the new code... */ - jmpq *rip(%rip) + jmpq *.Lrip(%rip) SYM_CODE_END(entry64) =20 .section ".rodata" - .balign 4 + .balign 8 SYM_DATA_START(entry64_regs) -rax: .quad 0x0 -rcx: .quad 0x0 -rdx: .quad 0x0 -rbx: .quad 0x0 -rbp: .quad 0x0 -rsi: .quad 0x0 -rdi: .quad 0x0 -r8: .quad 0x0 -r9: .quad 0x0 -r10: .quad 0x0 -r11: .quad 0x0 -r12: .quad 0x0 -r13: .quad 0x0 -r14: .quad 0x0 -r15: .quad 0x0 -rip: .quad 0x0 +.Lrax: .quad 0x0 +.Lrcx: .quad 0x0 +.Lrdx: .quad 0x0 +.Lrbx: .quad 0x0 +.Lrbp: .quad 0x0 +.Lrsi: .quad 0x0 +.Lrdi: .quad 0x0 +.Lr8: .quad 0x0 +.Lr9: .quad 0x0 +.Lr10: .quad 0x0 +.Lr11: .quad 0x0 +.Lr12: .quad 0x0 +.Lr13: .quad 0x0 +.Lr14: .quad 0x0 +.Lr15: .quad 0x0 +.Lrip: .quad 0x0 SYM_DATA_END(entry64_regs) =20 /* GDT */ --=20 2.44.0.769.g3c40516874-goog From nobody Sat May 18 04:30:17 2024 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 206AC16D4D5 for ; Wed, 24 Apr 2024 15:53:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974036; cv=none; b=UGjnvDaI94EF/1gLF3XbKIK10TGYhsCDKZcflONGhSLz9E48+Sl8ycveFwa6lDN3KuoIhAtNIZ6RhkXFOFlxZeSU9SPo0KhDYSZnMdjGtf9x2r9l7ypLmZU6jLb4WIivtCAOowvtQHHW7ZQs+Of2lOM4aySYljQwgwekRnxJ3GM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713974036; c=relaxed/simple; bh=E7w2+sQV7AyKgxRHGNpgYBKYXPsPeIQ50+znt3iuNFU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pZNfJ/lJjPRrBYrywF3z51jSVNEkEOzFVoOnMQ1gCb6lDR7kdlOAxeZ1PLdd0rCmK0H1fAGIohKTER8hEayAZsdztpYVHNvRkTQYOQK1E7mtAyoctp5+77eHT/Hpq8A31Uf9aRO+jv18JIfyldL4iuOdSfBRB2uWxsO0tKBKats= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=w7+erSLg; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="w7+erSLg" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-349fbb7ab16so4788778f8f.1 for ; Wed, 24 Apr 2024 08:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713974033; x=1714578833; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=vx6XnSqF1Kz2IsX9yxzKAYxIyEUUs8kiNXLrQoQM9lM=; b=w7+erSLgBXKGs8nPCP8NbszmweW/pvuHyKDITZbw4Opzh2TAVQgpJ+YvkQMlWhroye I7HJUwKqXWP3bIqLvW5mSYhPZOW32s0fVNI/YRfQ/MaRLuELjCDoEqVJVu78kvFcK9kQ FmwFQP18i/8g693tfxtQ9llLJATTVic/qGZa7JLiRH+mhT9hKn3mJw/qzpSQH09IvlIX 98sXfYba1/IFSoJUk3Fwp7H+i3BcYMYK5rT5gzkJGaO+75/ECoMkRG3PxXW5sEVl7YHx vOJdEnaUZGH2/lIFW5LIJFeMNTwq9kkFzEM4shHr4QFHqnhrrKU5LPraqwA8JGZYZVVL DT7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713974033; x=1714578833; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vx6XnSqF1Kz2IsX9yxzKAYxIyEUUs8kiNXLrQoQM9lM=; b=LKNZFcbeo83x0UH54IyBaffSarxF+WkaU3eaDoiAPLu2Cb6wGC28og1Yz6L7nQwiSe D2roJrLT6k1MpDeHzBQAj/kOIe+/OFwG+GtbaiyIFKfYDs3bdhMdgYRfeo4mPD2X+K/J Gs6d9F30OWVDMKegpiR28n/353VyXKBPYMg8xnJVZyUpQYNaMEVsfJ2vPsjEoshnOD8Z 4TuGW9loi4WnugDZkxR+xRsojbyCjN6VdZwWsMuQNCxU3CRjedXwCyoIpdwu3p8Q8n6R 3hegmSGgAOCMQNIUgGMVd4qiI9Gdw2MVRX5nhU3lyL2Hlm9HMyuLRSLZ31+vvQebIDFr xicg== X-Gm-Message-State: AOJu0YxotXnzAaEIogW8ix3YConQ5UTqd91xpFfhz5t7wCMW0dYkov0u A5kObpoH+qlnp/eaQw7B5UXohw3uPWtiq/A3E3M/vlsjzcqnuf8gyy4v/hzQ1ZsvboUHf3nXjXl NE+6pzPQkZmcsavFHMLRQmCnnHVJ82Eb09XaEPFMs0DCDuCi/btEk1gA6dEvTa7Gpe5cawxbRT7 stq5eEkp4NwQ3j1enNDct2NIvmFECiwg== X-Google-Smtp-Source: AGHT+IEAw+x687kZdSsqQxNNZ4oSNk26SZm4X/GaIroPEpe6v9Zhf+oDF0wkctwNqpKcENKbKDTRHVrO X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a5d:44c8:0:b0:346:aee6:d2a6 with SMTP id z8-20020a5d44c8000000b00346aee6d2a6mr9419wrr.12.1713974033489; Wed, 24 Apr 2024 08:53:53 -0700 (PDT) Date: Wed, 24 Apr 2024 17:53:19 +0200 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240424155309.1719454-11-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=9229; i=ardb@kernel.org; h=from:subject; bh=wGoJfBQak6AeMag7lP1HCofCwaJfihP0rQ/I/VLLrnA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIU1T6/3kbMFIkdytJRcLLnhwKgmJRLhvjv6xOEXKvPFu7 m5H1p8dpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCL9qQz/fdY6Xk4zZ8s+E5Gv uZIpRtH/uO/cxuP8y56UiHZFhsw7xchwSnCKeMZt8XMRBhKenxY+nleZP6Vl31HVuZF/Tky6v9m HGQA= X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240424155309.1719454-20-ardb+git@google.com> Subject: [RFC PATCH 9/9] kexec: Drop support for partially linked purgatory executables From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , Eric Biederman , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Remove the handling of purgatories that are allocated, loaded and relocated as individual ELF sections, which requires a lot of post-processing on the part of the kexec loader. This has been superseded by the use of fully linked PIE executables, which do not require such post-processing. Signed-off-by: Ard Biesheuvel --- kernel/kexec_file.c | 271 +------------------- 1 file changed, 14 insertions(+), 257 deletions(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 6379f8dfc29f..782a1247558c 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -808,228 +808,31 @@ static int kexec_calculate_store_digests(struct kima= ge *image) =20 #ifdef CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY /* - * kexec_purgatory_setup_kbuf - prepare buffer to load purgatory. - * @pi: Purgatory to be loaded. - * @kbuf: Buffer to setup. - * - * Allocates the memory needed for the buffer. Caller is responsible to fr= ee - * the memory after use. - * - * Return: 0 on success, negative errno on error. - */ -static int kexec_purgatory_setup_kbuf(struct purgatory_info *pi, - struct kexec_buf *kbuf) -{ - const Elf_Shdr *sechdrs; - unsigned long bss_align; - unsigned long bss_sz; - unsigned long align; - int i, ret; - - sechdrs =3D (void *)pi->ehdr + pi->ehdr->e_shoff; - kbuf->buf_align =3D bss_align =3D 1; - kbuf->bufsz =3D bss_sz =3D 0; - - for (i =3D 0; i < pi->ehdr->e_shnum; i++) { - if (!(sechdrs[i].sh_flags & SHF_ALLOC)) - continue; - - align =3D sechdrs[i].sh_addralign; - if (sechdrs[i].sh_type !=3D SHT_NOBITS) { - if (kbuf->buf_align < align) - kbuf->buf_align =3D align; - kbuf->bufsz =3D ALIGN(kbuf->bufsz, align); - kbuf->bufsz +=3D sechdrs[i].sh_size; - } else { - if (bss_align < align) - bss_align =3D align; - bss_sz =3D ALIGN(bss_sz, align); - bss_sz +=3D sechdrs[i].sh_size; - } - } - kbuf->bufsz =3D ALIGN(kbuf->bufsz, bss_align); - kbuf->memsz =3D kbuf->bufsz + bss_sz; - if (kbuf->buf_align < bss_align) - kbuf->buf_align =3D bss_align; - - kbuf->buffer =3D vzalloc(kbuf->bufsz); - if (!kbuf->buffer) - return -ENOMEM; - pi->purgatory_buf =3D kbuf->buffer; - - ret =3D kexec_add_buffer(kbuf); - if (ret) - goto out; - - return 0; -out: - vfree(pi->purgatory_buf); - pi->purgatory_buf =3D NULL; - return ret; -} - -/* - * kexec_purgatory_setup_sechdrs - prepares the pi->sechdrs buffer. - * @pi: Purgatory to be loaded. - * @kbuf: Buffer prepared to store purgatory. - * - * Allocates the memory needed for the buffer. Caller is responsible to fr= ee - * the memory after use. - * - * Return: 0 on success, negative errno on error. - */ -static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi, - struct kexec_buf *kbuf) -{ - unsigned long bss_addr; - unsigned long offset; - size_t sechdrs_size; - Elf_Shdr *sechdrs; - int i; - - /* - * The section headers in kexec_purgatory are read-only. In order to - * have them modifiable make a temporary copy. - */ - sechdrs_size =3D array_size(sizeof(Elf_Shdr), pi->ehdr->e_shnum); - sechdrs =3D vzalloc(sechdrs_size); - if (!sechdrs) - return -ENOMEM; - memcpy(sechdrs, (void *)pi->ehdr + pi->ehdr->e_shoff, sechdrs_size); - pi->sechdrs =3D sechdrs; - - offset =3D 0; - bss_addr =3D kbuf->mem + kbuf->bufsz; - kbuf->image->start =3D pi->ehdr->e_entry; - - for (i =3D 0; i < pi->ehdr->e_shnum; i++) { - unsigned long align; - void *src, *dst; - - if (!(sechdrs[i].sh_flags & SHF_ALLOC)) - continue; - - align =3D sechdrs[i].sh_addralign; - if (sechdrs[i].sh_type =3D=3D SHT_NOBITS) { - bss_addr =3D ALIGN(bss_addr, align); - sechdrs[i].sh_addr =3D bss_addr; - bss_addr +=3D sechdrs[i].sh_size; - continue; - } - - offset =3D ALIGN(offset, align); - - /* - * Check if the segment contains the entry point, if so, - * calculate the value of image->start based on it. - * If the compiler has produced more than one .text section - * (Eg: .text.hot), they are generally after the main .text - * section, and they shall not be used to calculate - * image->start. So do not re-calculate image->start if it - * is not set to the initial value, and warn the user so they - * have a chance to fix their purgatory's linker script. - */ - if (sechdrs[i].sh_flags & SHF_EXECINSTR && - pi->ehdr->e_entry >=3D sechdrs[i].sh_addr && - pi->ehdr->e_entry < (sechdrs[i].sh_addr - + sechdrs[i].sh_size) && - !WARN_ON(kbuf->image->start !=3D pi->ehdr->e_entry)) { - kbuf->image->start -=3D sechdrs[i].sh_addr; - kbuf->image->start +=3D kbuf->mem + offset; - } - - src =3D (void *)pi->ehdr + sechdrs[i].sh_offset; - dst =3D pi->purgatory_buf + offset; - memcpy(dst, src, sechdrs[i].sh_size); - - sechdrs[i].sh_addr =3D kbuf->mem + offset; - sechdrs[i].sh_offset =3D offset; - offset +=3D sechdrs[i].sh_size; - } - - return 0; -} - -static int kexec_apply_relocations(struct kimage *image) -{ - int i, ret; - struct purgatory_info *pi =3D &image->purgatory_info; - const Elf_Shdr *sechdrs; - - sechdrs =3D (void *)pi->ehdr + pi->ehdr->e_shoff; - - for (i =3D 0; i < pi->ehdr->e_shnum; i++) { - const Elf_Shdr *relsec; - const Elf_Shdr *symtab; - Elf_Shdr *section; - - relsec =3D sechdrs + i; - - if (relsec->sh_type !=3D SHT_RELA && - relsec->sh_type !=3D SHT_REL) - continue; - - /* - * For section of type SHT_RELA/SHT_REL, - * ->sh_link contains section header index of associated - * symbol table. And ->sh_info contains section header - * index of section to which relocations apply. - */ - if (relsec->sh_info >=3D pi->ehdr->e_shnum || - relsec->sh_link >=3D pi->ehdr->e_shnum) - return -ENOEXEC; - - section =3D pi->sechdrs + relsec->sh_info; - symtab =3D sechdrs + relsec->sh_link; - - if (!(section->sh_flags & SHF_ALLOC)) - continue; - - /* - * symtab->sh_link contain section header index of associated - * string table. - */ - if (symtab->sh_link >=3D pi->ehdr->e_shnum) - /* Invalid section number? */ - continue; - - /* - * Respective architecture needs to provide support for applying - * relocations of type SHT_RELA/SHT_REL. - */ - if (relsec->sh_type =3D=3D SHT_RELA) - ret =3D arch_kexec_apply_relocations_add(pi, section, - relsec, symtab); - else if (relsec->sh_type =3D=3D SHT_REL) - ret =3D arch_kexec_apply_relocations(pi, section, - relsec, symtab); - if (ret) - return ret; - } - - return 0; -} - -/* - * kexec_load_purgatory_pie - Load the position independent purgatory obje= ct. - * @pi: Purgatory info struct. + * kexec_load_purgatory - Load and relocate the purgatory object. + * @image: Image to add the purgatory to. * @kbuf: Memory parameters to use. * - * Load a purgatory PIE executable. This is a fully linked executable - * consisting of a single PT_LOAD segment that does not require any reloca= tion - * processing. + * Allocates the memory needed for image->purgatory_info.sechdrs and + * image->purgatory_info.purgatory_buf/kbuf->buffer. Caller is responsible + * to free the memory after use. * * Return: 0 on success, negative errno on error. */ -static int kexec_load_purgatory_pie(struct purgatory_info *pi, - struct kexec_buf *kbuf) +int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf) { - const Elf_Phdr *phdr =3D (void *)pi->ehdr + pi->ehdr->e_phoff; + struct purgatory_info *pi =3D &image->purgatory_info; + const Elf_Phdr *phdr; int ret; =20 + if (kexec_purgatory_size <=3D 0) + return -EINVAL; + + pi->ehdr =3D (const Elf_Ehdr *)kexec_purgatory; if (pi->ehdr->e_phnum !=3D 1) return -EINVAL; =20 + phdr =3D (void *)pi->ehdr + pi->ehdr->e_phoff; + kbuf->bufsz =3D phdr->p_filesz; kbuf->memsz =3D phdr->p_memsz; kbuf->buf_align =3D phdr->p_align; @@ -1066,52 +869,6 @@ static int kexec_load_purgatory_pie(struct purgatory_= info *pi, return ret; } =20 -/* - * kexec_load_purgatory - Load and relocate the purgatory object. - * @image: Image to add the purgatory to. - * @kbuf: Memory parameters to use. - * - * Allocates the memory needed for image->purgatory_info.sechdrs and - * image->purgatory_info.purgatory_buf/kbuf->buffer. Caller is responsible - * to free the memory after use. - * - * Return: 0 on success, negative errno on error. - */ -int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf) -{ - struct purgatory_info *pi =3D &image->purgatory_info; - int ret; - - if (kexec_purgatory_size <=3D 0) - return -EINVAL; - - pi->ehdr =3D (const Elf_Ehdr *)kexec_purgatory; - - if (pi->ehdr->e_type !=3D ET_REL) - return kexec_load_purgatory_pie(pi, kbuf); - - ret =3D kexec_purgatory_setup_kbuf(pi, kbuf); - if (ret) - return ret; - - ret =3D kexec_purgatory_setup_sechdrs(pi, kbuf); - if (ret) - goto out_free_kbuf; - - ret =3D kexec_apply_relocations(image); - if (ret) - goto out; - - return 0; -out: - vfree(pi->sechdrs); - pi->sechdrs =3D NULL; -out_free_kbuf: - vfree(pi->purgatory_buf); - pi->purgatory_buf =3D NULL; - return ret; -} - /* * kexec_purgatory_find_symbol - find a symbol in the purgatory * @pi: Purgatory to search in. --=20 2.44.0.769.g3c40516874-goog