lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Tue, 10 Aug 2021 08:30:56 -0000
From:   "tip-bot2 for Ard Biesheuvel" <>
Cc:     <>, Ard Biesheuvel <>,
        Benjamin Herrenschmidt <>,,
Subject: [tip: efi/urgent] efi/libstub: arm64: Double check image alignment at entry

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     c32ac11da3f83bb42b986702a9b92f0a14ed4182
Author:        Ard Biesheuvel <>
AuthorDate:    Mon, 26 Jul 2021 16:31:44 +02:00
Committer:     Ard Biesheuvel <>
CommitterDate: Tue, 03 Aug 2021 07:43:13 +02:00

efi/libstub: arm64: Double check image alignment at entry

On arm64, the stub only moves the kernel image around in memory if
needed, which is typically only for KASLR, given that relocatable
kernels (which is the default) can run from any 64k aligned address,
which is also the minimum alignment communicated to EFI via the PE/COFF

Unfortunately, some loaders appear to ignore this header, and load the
kernel at some arbitrary offset in memory. We can deal with this, but
let's check for this condition anyway, so non-compliant code can be
spotted and fixed.

Cc: <> # v5.10+
Signed-off-by: Ard Biesheuvel <>
Tested-by: Benjamin Herrenschmidt <>
 drivers/firmware/efi/libstub/arm64-stub.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 010564f..2363fee 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -119,6 +119,10 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 	if (image->image_base != _text)
 		efi_err("FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value\n");
+	if (!IS_ALIGNED((u64)_text, EFI_KIMG_ALIGN))
+		efi_err("FIRMWARE BUG: kernel image not aligned on %ldk boundary\n",
+			EFI_KIMG_ALIGN >> 10);
 	kernel_size = _edata - _text;
 	kernel_memsize = kernel_size + (_end - _edata);
 	*reserve_size = kernel_memsize;

Powered by blists - more mailing lists