Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1067540ybv; Fri, 7 Feb 2020 13:50:35 -0800 (PST) X-Google-Smtp-Source: APXvYqyOduC2LiSrNR2Yy6nXN0fePNO1YevHIjcsqdDtVw7SYYqRUH/c0ns8Mpv1QdRY4EJPbFvO X-Received: by 2002:aca:c692:: with SMTP id w140mr3591472oif.139.1581112235807; Fri, 07 Feb 2020 13:50:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581112235; cv=none; d=google.com; s=arc-20160816; b=mjbQ3rP0QHhQxL7p7WY34guEfj6IoQyV/H46Aqqpv6BoFKRSxXiRoY8AQkpjzPzhNW ST/y1SAzBz70dvG/NGDlybONchGX++0vy+aryXlOFWldJSOqRiD6EojkD95qfbpIlp2D xJW2kAC7ysYgqx1OYNW7ibVPPpEHNGHiv715GjTsouG/etHWTluZeUbKdZpn0rGtoXS+ iz2esbcvRrIt+TO+Cxv1YzkSIWzdbYqJH6vY+84DcUtE+sV10b33YvjPxo6ULE+u624z qqLQ36upTEsndFJtCz5+1jYlRiBFfC5nlx6wsMB7j2OgLtWkxV0H5pEPnYCaXb9AcL4W F2Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=9WEJk8Oy/CNYv/gkiY9D6Sj5zl9j37288c0ApTKEqrQ=; b=Ntgn8xPwBAWax1qCYZ/QIHhaLVfionoBfqWEs/uH9vdtEZzI7QXe5dBdZTlWZCJg9+ 7lUpcguQ8Zr1frFftpgPuZ3CpxfT6c+21PKhSuITiBOdgc4bv7Ghh3LAtHNrOPPGbklH 0oTf1lCE5JG9I8jCCmPYXe2qfHAJ1/77RpqMwGdI1tex3VnTQMTmB12YE7zvvqQOmiQP h1vGhP6XtLqRkietArDEUM059BfawbMtPVYnZfCH4XuWDFGNt/fp5PvTMr+pJcXfU35D R3jzS9tK6aVHeTZRyk7Jbk4rSNCI/Y2IMXNI9dUMTsayaaOZEhv+N2I48pBqLNgEcA54 gQCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g17si324255otr.261.2020.02.07.13.50.23; Fri, 07 Feb 2020 13:50:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727113AbgBGVta (ORCPT + 99 others); Fri, 7 Feb 2020 16:49:30 -0500 Received: from mail-qk1-f193.google.com ([209.85.222.193]:36347 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727031AbgBGVta (ORCPT ); Fri, 7 Feb 2020 16:49:30 -0500 Received: by mail-qk1-f193.google.com with SMTP id w25so635239qki.3 for ; Fri, 07 Feb 2020 13:49:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9WEJk8Oy/CNYv/gkiY9D6Sj5zl9j37288c0ApTKEqrQ=; b=ZQgD7a9PpghFRhZcrRPBBbxxABMkUdbR4iQUXu/SvKZBpn5MTQURAAeHS4XWTo/0jD DaCDALk1GHpeG90BVRY+tOcCc4SdKem18tS7U66lQs97RLeCfn3LlUdMzU01aMPIglZL aEH6I4WZ1irbpWhW9ndNS2dc+QdOR1//ldReGPA4EFI4SBHocoQ2nyOcvGzTSbBF5U+c OOFwx3GdYxl91fNtlIOuWYqnlnRV5rHAyx4BP0/xQLkSr8DdIIsuvwjSwt+vFenbmctx CHgY0H0TXTZiqwsKuV2K08NIPnfic+0IhbNAeGYJC6oxA9lmLcQWqC2pAauz/JN7q98n 44gQ== X-Gm-Message-State: APjAAAWicCutVE9mtf8LiK1QcyD7QDuwRyHkW2S6SbZCp0qfcYZTnkau Dqzt510GGjsUoANTF/GFwHTSUNnl0OU= X-Received: by 2002:ae9:c318:: with SMTP id n24mr1041734qkg.38.1581112167966; Fri, 07 Feb 2020 13:49:27 -0800 (PST) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id m27sm2081982qta.21.2020.02.07.13.49.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Feb 2020 13:49:27 -0800 (PST) From: Arvind Sankar To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, "H.J. Lu" Subject: [PATCH v2] x86/boot: Correct relocation destination on old linkers Date: Fri, 7 Feb 2020 16:49:26 -0500 Message-Id: <20200207214926.3564079-1-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200111190015.3257863-1-nivedita@alum.mit.edu> References: <20200111190015.3257863-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For the 32-bit kernel, as described in commit 6d92bc9d483a ("x86/build: Build compressed x86 kernels as PIE"), pre-2.26 binutils generates R_386_32 relocations in PIE mode. Since the startup code does not perform relocation, any reloc entry with R_386_32 will remain as 0 in the executing code. Commit 974f221c84b0 ("x86/boot: Move compressed kernel to the end of the decompression buffer") added a new symbol _end but did not mark it hidden, which doesn't give the correct offset on older linkers. This causes the compressed kernel to be copied beyond the end of the decompression buffer, rather than flush against it. This region of memory may be reserved or already allocated for other purposes by the bootloader. Mark _end as hidden to fix. This changes the relocation from R_386_32 to R_386_RELATIVE even on the pre-2.26 binutils. For 64-bit, this is not strictly necessary, as the 64-bit kernel is only built as PIE if the linker supports -z noreloc-overflow, which implies binutils-2.27+, but for consistency, mark _end as hidden here too. The below illustrates the before/after impact of the patch using binutils-2.25 and gcc-4.6.4 (locally compiled from source) and QEMU. Disassembly before patch: 48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax 4e: 2d 00 00 00 00 sub $0x0,%eax 4f: R_386_32 _end Disassembly after patch: 48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax 4e: 2d 00 f0 76 00 sub $0x76f000,%eax 4f: R_386_RELATIVE *ABS* Dump from extract_kernel before patch: early console in extract_kernel input_data: 0x0207c098 <--- this is at output + init_size input_len: 0x0074fef1 output: 0x01000000 output_len: 0x00fa63d0 kernel_total_size: 0x0107c000 needed_size: 0x0107c000 Dump from extract_kernel after patch: early console in extract_kernel input_data: 0x0190d098 <--- this is at output + init_size - _end input_len: 0x0074fef1 output: 0x01000000 output_len: 0x00fa63d0 kernel_total_size: 0x0107c000 needed_size: 0x0107c000 Fixes: 974f221c84b0 ("x86/boot: Move compressed kernel to the end of the decompression buffer") Signed-off-by: Arvind Sankar --- Changes from v1: more extensive commit message illustrating the issue arch/x86/boot/compressed/head_32.S | 5 +++-- arch/x86/boot/compressed/head_64.S | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 73f17d0544dd..bf707c989236 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -49,16 +49,17 @@ * Position Independent Executable (PIE) so that linker won't optimize * R_386_GOT32X relocation to its fixed symbol address. Older * linkers generate R_386_32 relocations against locally defined symbols, - * _bss, _ebss, _got and _egot, in PIE. It isn't wrong, just less + * _bss, _ebss, _got, _egot and _end, in PIE. It isn't wrong, just less * optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle * R_386_32 relocations when relocating the kernel. To generate - * R_386_RELATIVE relocations, we mark _bss, _ebss, _got and _egot as + * R_386_RELATIVE relocations, we mark _bss, _ebss, _got, _egot and _end as * hidden: */ .hidden _bss .hidden _ebss .hidden _got .hidden _egot + .hidden _end __HEAD SYM_FUNC_START(startup_32) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 1f1f6c8139b3..949909548b86 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -42,6 +42,7 @@ .hidden _ebss .hidden _got .hidden _egot + .hidden _end __HEAD .code32 -- 2.24.1