From nobody Mon Feb  9 16:51:50 2026
Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F90142DFFA
	for <linux-kernel@vger.kernel.org>; Tue, 20 Jan 2026 19:55:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.137.202.136
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768938904; cv=none;
 b=lqUrY+rgfzUHgvLeZ5JJS6EoKPL0Tk2WYD6lYU2AunwDUMEuQpXN4CkzEtsmCT+ARpmx/J7KcCmQDREbkiJqRCllczLnFptpFLCHLi+Y4LQHhB8y0h7qSfjuK8wE1M9ztIG+6/aOH4tRwAZjg99LCS+tFF+cHrVNUu3wIQGAxIs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768938904; c=relaxed/simple;
	bh=MveQi5l0YQ7OLkSuW8oRirePVaw/kJlAsYs/pcnpNm0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=FkgTyfs7uMHr8lsDsSjlMv/+s7APQm6rdERxxmJ8xfjNngkgXl+sInHlDqR2XWLg6+wpPwzHV+TimoGprbgMhW4TzhCQxMnUUYTHVlq/Fb0mhLsIejOg/vwVHcvqbdYACyNE+OGElGOvJT047pJOrPNVf7QO1eoeJ3VKhNvP4eg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=zytor.com;
 spf=pass smtp.mailfrom=zytor.com;
 dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com
 header.b=DcVcbmQ+; arc=none smtp.client-ip=198.137.202.136
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=zytor.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=zytor.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com
 header.b="DcVcbmQ+"
Received: from mail.zytor.com ([IPv6:2601:646:8081:9483:12c5:bc8e:d949:3497])
	(authenticated bits=0)
	by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 60KJsD3B3899199
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Tue, 20 Jan 2026 11:54:22 -0800
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 60KJsD3B3899199
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com;
	s=2025122301; t=1768938863;
	bh=JqbF6ot1ZgQZZaR0bZSta5QNoXS+I8M4O8vH2t5f5pE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=DcVcbmQ+A9Ddrx2QIL0KnMREyFL66kVXtTojdTPj1XFieFitAjAsjTbHq2NNlVJ63
	 9cCjmbEfeuH3ndeVu5kZNxKdIvoM+sBs+avloJSM2CBjcgrAXYlOiQIOrNxoSzjE5x
	 hsXkyRtK4NLZjD1oknYtg8DwWYktmcGUXc2+MVK6NuUCdUY3H+0bW7R/SirPkDhK4x
	 6YemCXS3e5JyCzhmEc0fplzRM3/GFA6TGv3/OPZk308I/FcmESMyQfUSLi9PBOoLbk
	 En5q+KtnIE7qPyJhs29Fnd4dEWCJSB7Ht3EElLJ7H9wb4AGtx9PF1o9HTY4JCwFn3X
	 erwRQCaJ1UfOQ==
From: "H. Peter Anvin" <hpa@zytor.com>
To: Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Uros Bizjak <ubizjak@gmail.com>, Petr Mladek <pmladek@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
 Kees Cook <kees@kernel.org>,
        "Peter Zijlstra (Intel)" <peterz@infradead.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Kiryl Shutsemau <kas@kernel.org>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>, linux-kernel@vger.kernel.org,
        linux-coco@lists.linux.dev, x86@kernel.org
Subject: [PATCH v1 04/14] x86/boot: modernize the segment structure for the
 header and setup
Date: Tue, 20 Jan 2026 11:53:56 -0800
Message-ID: <20260120195407.1163051-5-hpa@zytor.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260120195407.1163051-1-hpa@zytor.com>
References: <20260119192923.651588-1-hpa@zytor.com>
 <20260120195407.1163051-1-hpa@zytor.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Modernize the segment structure for the EFI and bzImage headers and
the 16-bit setup.

1. The ".bstext" section (EFI header) has not had code in it for a
   while now. Merge it into the .header section.
2. Move the contents of the .signature section to assembly rather than
   the linker script. As a side benefit, the magic number is now
   private to header.S.
3. Add additional asserts to the linker script.
4. Fill gaps in code sections with int3 instead of nop.

Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
---
 arch/x86/boot/header.S | 27 +++++++++++++++++++--------
 arch/x86/boot/setup.ld | 26 ++++++++++++--------------
 2 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index bda20395658f..85a21d576f5b 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -40,7 +40,7 @@ SYSSEG		=3D 0x1000		/* historical load address >> 4 */
 	.set	falign, 0x200
=20
 	.code16
-	.section ".bstext", "ax"
+	.section ".header", "a"
 #ifdef CONFIG_EFI_STUB
 	# "MZ", MS-DOS header
 	.word	IMAGE_DOS_SIGNATURE
@@ -221,15 +221,16 @@ pecompat_fstart:
 		IMAGE_SCN_MEM_WRITE		# Characteristics
=20
 	.set	section_count, (. - section_table) / 40
+
 #endif /* CONFIG_EFI_STUB */
=20
-	# Kernel attributes; used by setup.  This is part 1 of the
-	# header, from the old boot sector.
+	# hdr should be at address 0x1f1; -2 for the sentinel
+	.org	0x1f1-2, 0xff			# Fill with 0xff
=20
-	.section ".header", "a"
 	.globl	sentinel
 sentinel:	.byte 0xff, 0xff        /* Used to detect broken loaders */
=20
+	# The bzImage struct setup_header
 	.globl	hdr
 hdr:
 		.byte setup_sects - 1
@@ -240,15 +241,15 @@ vid_mode:	.word SVGA_MODE
 root_dev:	.word 0			/* Default to major/minor 0/0 */
 boot_flag:	.word 0xAA55
=20
-	# offset 512, entry point
+	# offset 512, entry point AND struct setup_header length marker
=20
 	.globl	_start
 _start:
 		# Explicitly enter this as bytes, or the assembler
-		# tries to generate a 3-byte jump here, which causes
+		# might try to generate a 3-byte jump here, which causes
 		# everything else to push off to the wrong offset.
 		.byte	0xeb		# short (2-byte) jump
-		.byte	start_of_setup-1f
+		.byte	end_of_bzheader-1f
 1:
=20
 	# Part 2 of the header, from the old setup.S
@@ -541,9 +542,13 @@ init_size:		.long INIT_SIZE		# kernel initialization s=
ize
 handover_offset:	__handover_offset
 kernel_info_offset:	.long ZO_kernel_info
=20
+	.globl end_of_bzheader
+end_of_bzheader:
+
 # End of setup header #####################################################
=20
 	.section ".entrytext", "ax"
+	.globl start_of_setup
 start_of_setup:
 # Force %es =3D %ds
 	movw	%ds, %ax
@@ -585,7 +590,8 @@ start_of_setup:
 6:
=20
 # Check signature at end of setup
-	cmpl	$0x5a5aaa55, setup_sig
+SETUP_SIGNATURE =3D 0x5a5aaa55
+	cmpl	$SETUP_SIGNATURE, setup_sig
 	jne	setup_bad
=20
 # Zero the bss
@@ -620,3 +626,8 @@ die:
 setup_corrupt:
 	.byte	7
 	.string	"No setup signature found...\n"
+
+	.section ".signature", "a"
+	.balign 4
+setup_sig:
+	.long SETUP_SIGNATURE
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index e1d594a60204..7515ab011783 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -10,19 +10,14 @@ ENTRY(_start)
 SECTIONS
 {
 	. =3D 0;
-	.bstext	: {
-		*(.bstext)
-		. =3D 495;
-	} =3D0xffffffff
-
 	.header		: { *(.header) }
-	.entrytext	: { *(.entrytext) }
-	.inittext	: { *(.inittext) }
+	.entrytext	: { *(.entrytext) }	=3D 0xcccccccc
+	.inittext	: { *(.inittext) }	=3D 0xcccccccc
 	.initdata	: { *(.initdata) }
 	__end_init =3D .;
=20
-	.text		: { *(.text .text.*) }
-	.text32		: { *(.text32) }
+	.text		: { *(.text .text.*) }	=3D 0xcccccccc
+	.text32		: { *(.text32) }	=3D 0xcccccccc
=20
 	.pecompat	: { *(.pecompat) }
 	PROVIDE(pecompat_fsize =3D setup_size - pecompat_fstart);
@@ -40,9 +35,7 @@ SECTIONS
 	.data		: { *(.data*) }
=20
 	.signature	: {
-		setup_sig =3D .;
-		LONG(0x5a5aaa55)
-
+		*(.signature)
 		setup_size =3D ALIGN(ABSOLUTE(.), 4096);
 		setup_sects =3D ABSOLUTE(setup_size / 512);
 		ASSERT(setup_sects >=3D 5, "The setup must be at least 5 sectors in size=
");
@@ -64,11 +57,16 @@ SECTIONS
 	}
=20
 	/*
-	 * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
+	 * The ASSERT() sink to . is intentional. A bare ASSERT()
+	 * outside of an output section is believed to have been broken
+	 * in some binutils versions, although it is supposed to have
+	 * been supported since binutils 2.15. Either way, it doesn't hurt,
+	 * so there is no reason to drop it.
 	 */
 	. =3D ASSERT(_end <=3D 0x8000, "Setup too big!");
 	. =3D ASSERT(hdr =3D=3D 0x1f1, "The setup header has the wrong offset!");
+	. =3D ASSERT(end_of_bzheader <=3D 512+2+127, "bzImage header overflow!");
+	. =3D ASSERT(end_of_bzheader =3D=3D start_of_setup, "padding bytes betwee=
n .bzheader and .entrytext!");
 	/* Necessary for the very-old-loader check to work... */
 	. =3D ASSERT(__end_init <=3D 5*512, "init sections too big!");
-
 }
--=20
2.52.0