| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260120195407.1163051-5-hpa@zytor.com>
Date: Tue, 20 Jan 2026 11:53:56 -0800
From: "H. Peter Anvin" <hpa@...or.com>
To: Thomas Gleixner <tglx@...nel.org>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Uros Bizjak <ubizjak@...il.com>, Petr Mladek <pmladek@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Nathan Chancellor <nathan@...nel.org>,
Kiryl Shutsemau <kas@...nel.org>,
Rick Edgecombe <rick.p.edgecombe@...el.com>
Cc: "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
linux-coco@...ts.linux.dev, x86@...nel.org
Subject: [PATCH v1 04/14] x86/boot: modernize the segment structure for the header and setup
Modernize the segment structure for the EFI and bzImage headers and
the 16-bit setup.
1. The ".bstext" section (EFI header) has not had code in it for a
while now. Merge it into the .header section.
2. Move the contents of the .signature section to assembly rather than
the linker script. As a side benefit, the magic number is now
private to header.S.
3. Add additional asserts to the linker script.
4. Fill gaps in code sections with int3 instead of nop.
Signed-off-by: H. Peter Anvin (Intel) <hpa@...or.com>
---
arch/x86/boot/header.S | 27 +++++++++++++++++++--------
arch/x86/boot/setup.ld | 26 ++++++++++++--------------
2 files changed, 31 insertions(+), 22 deletions(-)
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index bda20395658f..85a21d576f5b 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -40,7 +40,7 @@ SYSSEG = 0x1000 /* historical load address >> 4 */
.set falign, 0x200
.code16
- .section ".bstext", "ax"
+ .section ".header", "a"
#ifdef CONFIG_EFI_STUB
# "MZ", MS-DOS header
.word IMAGE_DOS_SIGNATURE
@@ -221,15 +221,16 @@ pecompat_fstart:
IMAGE_SCN_MEM_WRITE # Characteristics
.set section_count, (. - section_table) / 40
+
#endif /* CONFIG_EFI_STUB */
- # Kernel attributes; used by setup. This is part 1 of the
- # header, from the old boot sector.
+ # hdr should be at address 0x1f1; -2 for the sentinel
+ .org 0x1f1-2, 0xff # Fill with 0xff
- .section ".header", "a"
.globl sentinel
sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */
+ # The bzImage struct setup_header
.globl hdr
hdr:
.byte setup_sects - 1
@@ -240,15 +241,15 @@ vid_mode: .word SVGA_MODE
root_dev: .word 0 /* Default to major/minor 0/0 */
boot_flag: .word 0xAA55
- # offset 512, entry point
+ # offset 512, entry point AND struct setup_header length marker
.globl _start
_start:
# Explicitly enter this as bytes, or the assembler
- # tries to generate a 3-byte jump here, which causes
+ # might try to generate a 3-byte jump here, which causes
# everything else to push off to the wrong offset.
.byte 0xeb # short (2-byte) jump
- .byte start_of_setup-1f
+ .byte end_of_bzheader-1f
1:
# Part 2 of the header, from the old setup.S
@@ -541,9 +542,13 @@ init_size: .long INIT_SIZE # kernel initialization size
handover_offset: __handover_offset
kernel_info_offset: .long ZO_kernel_info
+ .globl end_of_bzheader
+end_of_bzheader:
+
# End of setup header #####################################################
.section ".entrytext", "ax"
+ .globl start_of_setup
start_of_setup:
# Force %es = %ds
movw %ds, %ax
@@ -585,7 +590,8 @@ start_of_setup:
6:
# Check signature at end of setup
- cmpl $0x5a5aaa55, setup_sig
+SETUP_SIGNATURE = 0x5a5aaa55
+ cmpl $SETUP_SIGNATURE, setup_sig
jne setup_bad
# Zero the bss
@@ -620,3 +626,8 @@ die:
setup_corrupt:
.byte 7
.string "No setup signature found...\n"
+
+ .section ".signature", "a"
+ .balign 4
+setup_sig:
+ .long SETUP_SIGNATURE
diff --git a/arch/x86/boot/setup.ld b/arch/x86/boot/setup.ld
index e1d594a60204..7515ab011783 100644
--- a/arch/x86/boot/setup.ld
+++ b/arch/x86/boot/setup.ld
@@ -10,19 +10,14 @@ ENTRY(_start)
SECTIONS
{
. = 0;
- .bstext : {
- *(.bstext)
- . = 495;
- } =0xffffffff
-
.header : { *(.header) }
- .entrytext : { *(.entrytext) }
- .inittext : { *(.inittext) }
+ .entrytext : { *(.entrytext) } = 0xcccccccc
+ .inittext : { *(.inittext) } = 0xcccccccc
.initdata : { *(.initdata) }
__end_init = .;
- .text : { *(.text .text.*) }
- .text32 : { *(.text32) }
+ .text : { *(.text .text.*) } = 0xcccccccc
+ .text32 : { *(.text32) } = 0xcccccccc
.pecompat : { *(.pecompat) }
PROVIDE(pecompat_fsize = setup_size - pecompat_fstart);
@@ -40,9 +35,7 @@ SECTIONS
.data : { *(.data*) }
.signature : {
- setup_sig = .;
- LONG(0x5a5aaa55)
-
+ *(.signature)
setup_size = ALIGN(ABSOLUTE(.), 4096);
setup_sects = ABSOLUTE(setup_size / 512);
ASSERT(setup_sects >= 5, "The setup must be at least 5 sectors in size");
@@ -64,11 +57,16 @@ SECTIONS
}
/*
- * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
+ * The ASSERT() sink to . is intentional. A bare ASSERT()
+ * outside of an output section is believed to have been broken
+ * in some binutils versions, although it is supposed to have
+ * been supported since binutils 2.15. Either way, it doesn't hurt,
+ * so there is no reason to drop it.
*/
. = ASSERT(_end <= 0x8000, "Setup too big!");
. = ASSERT(hdr == 0x1f1, "The setup header has the wrong offset!");
+ . = ASSERT(end_of_bzheader <= 512+2+127, "bzImage header overflow!");
+ . = ASSERT(end_of_bzheader == start_of_setup, "padding bytes between .bzheader and .entrytext!");
/* Necessary for the very-old-loader check to work... */
. = ASSERT(__end_init <= 5*512, "init sections too big!");
-
}
--
2.52.0
Powered by blists - more mailing lists