LinuxLists.cc - [PATCH] x86: Set the NX-compatibility flag in the PE header

2022-03-30 02:08:27

Subject: [PATCH] x86: Set the NX-compatibility flag in the PE header

Following Baskov Evgeniy's "Handle UEFI NX-restricted page tables"
patches, it's safe to set this compatibility flag to let loaders know
they don't need to make special accommodations for kernel to load if
pre-boot NX is enabled.

Signed-off-by: Peter Jones <[email protected]>
---
arch/x86/boot/header.S | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 6dbd7e9f74c..0352e4589ef 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -163,7 +163,11 @@ extra_header_fields:
.long 0x200 # SizeOfHeaders
.long 0 # CheckSum
.word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application)
+#ifdef CONFIG_DXE_MEM_ATTRIBUTES
+ .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics
+#else
.word 0 # DllCharacteristics
+#endif
#ifdef CONFIG_X86_32
.long 0 # SizeOfStackReserve
.long 0 # SizeOfStackCommit
--
2.35.1

2022-04-14 13:50:27

by Ard Biesheuvel

[permalink] [raw]

Subject: Re: [PATCH] x86: Set the NX-compatibility flag in the PE header

On Tue, 29 Mar 2022 at 20:47, Peter Jones <[email protected]> wrote:
>
> Following Baskov Evgeniy's "Handle UEFI NX-restricted page tables"
> patches, it's safe to set this compatibility flag to let loaders know
> they don't need to make special accommodations for kernel to load if
> pre-boot NX is enabled.
>
> Signed-off-by: Peter Jones <[email protected]>

Thanks, I've queued this up.

> ---
> arch/x86/boot/header.S | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
> index 6dbd7e9f74c..0352e4589ef 100644
> --- a/arch/x86/boot/header.S
> +++ b/arch/x86/boot/header.S
> @@ -163,7 +163,11 @@ extra_header_fields:
> .long 0x200 # SizeOfHeaders
> .long 0 # CheckSum
> .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application)
> +#ifdef CONFIG_DXE_MEM_ATTRIBUTES
> + .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics
> +#else
> .word 0 # DllCharacteristics
> +#endif
> #ifdef CONFIG_X86_32
> .long 0 # SizeOfStackReserve
> .long 0 # SizeOfStackCommit
> --
> 2.35.1
>