Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3851347ybf;
        Tue, 3 Mar 2020 14:13:06 -0800 (PST)
X-Google-Smtp-Source: ADFU+vtDoipu8wKiy35X1Lno3cSiIVPgdtZ0Im3eK7Y1uTiGJImQaWldRDdrwlRwAInL8Ap8kU/C
X-Received: by 2002:aca:4cd8:: with SMTP id z207mr455043oia.155.1583273585886;
        Tue, 03 Mar 2020 14:13:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1583273585; cv=none;
        d=google.com; s=arc-20160816;
        b=uD9n9n2xXxcnhjYYIl7lbs4zdkvfg0CrhsWMHQRB71+nMGGKkwL/sDaKvkGfH2yNq0
         TYXvFHC8EEYsQhDoGVbv9PleuvXP0CF39mLhllkz90Y2cXalTU9NQqgPcHFx/yJiQWms
         8SpDQAALNv3y2zxmIvu4tIlA0To8qBxk9sphD4WG3fUntjDnZOw2fiBWv1mqjIy8XBYm
         zudHupvv5F9iOWAOB3WKAx4I/BvYHL7cmC4HaYEpLkcaz4qoZnQkniDvbhbWMTtZkvrU
         7FT6XCQfVCh0WKq81oZn1VvGtTvRN+GII2vmEeRO4ONwdxRO2f6DOL14QvISCLE1QpTt
         p+6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=vQx7FGziZfvZ+uJJoZ5T61fhrPtNY4KnIrK1LWeACyQ=;
        b=RqB5au+FQpO88a38iGRWxitRVpROrdSKQ6zH6nGqfGioT06u+aWPHBwm2oi/dQ9J0z
         gfgJaXtMdjV5Cu+nQewhmNIGmyTnCPH3+0kHZuBJWmMrN987vFJRslm8+YwrFikUedSR
         w4BgljWgxULko5tPXZzkY67xyXv91e5KuSg61bjZ8oKVkM6bECkBjD9uQhSDn5IREEtU
         fy13ZdUyl8uKVrvH3mo0LLmIj5qya3RF84tXEdHdQjc+xjE0xq5Sq+NFOFTogf2fL/8+
         feH6+UtoorbFDMy8MIS0W+hhHJC1QpkcZmCOs8J9fsk8msBASaTcoDp7KVVDgN+87VX5
         RhkA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q9si8580669otc.86.2020.03.03.14.12.53;
        Tue, 03 Mar 2020 14:13:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727902AbgCCWMN (ORCPT <rfc822;nishadkamdar@gmail.com>
        + 99 others); Tue, 3 Mar 2020 17:12:13 -0500
Received: from mail-qt1-f195.google.com ([209.85.160.195]:35453 "EHLO
        mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727870AbgCCWMM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Mar 2020 17:12:12 -0500
Received: by mail-qt1-f195.google.com with SMTP id v15so1343497qto.2;
        Tue, 03 Mar 2020 14:12:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=vQx7FGziZfvZ+uJJoZ5T61fhrPtNY4KnIrK1LWeACyQ=;
        b=F2fHwcupiv+9VppG5BuYyxiA3sygvouUnZTyEbe4MafyardHB/vL6353Ly9WjviBRa
         eVyXoJCmpBNetNUcru9Pxkdf27DKy6P4AJG6Zy+ryl4WfzLhDLfdaImoXCpJEU2GtdxJ
         5xPHjnZCkDPjxKw/eWRpMlFouiniK55nVRSj2czKgtAXW6kL1Rwacgjy3yIKlnIILReE
         lSAjDrmhbP2K6ljafCGVvuIDnF/DYwD5ckcOQwMbbiiY3x2W2ljAf/tpTjkSxX6TBXjm
         49+h6EbTlydJR3P0tRKzqB4U5VmYvQDawxZtOuxoB/n2c4zEvxAkVg3HYs0namua0jOU
         zk2g==
X-Gm-Message-State: ANhLgQ0rhgTMWm3KZdCu73Xe4LgGl2qLwnJUZ427spMzAiSavqyQClCP
        lPXTZxXOo0bnfOiNads7U0E=
X-Received: by 2002:aed:308a:: with SMTP id 10mr6647996qtf.221.1583273529360;
        Tue, 03 Mar 2020 14:12:09 -0800 (PST)
Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f])
        by smtp.gmail.com with ESMTPSA id i91sm13267378qtd.70.2020.03.03.14.12.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 03 Mar 2020 14:12:09 -0800 (PST)
From:   Arvind Sankar <nivedita@alum.mit.edu>
To:     Ard Biesheuvel <ardb@kernel.org>
Cc:     linux-efi@vger.kernel.org, x86@kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH v2 4/5] efi/x86: Remove extra headroom for setup block
Date:   Tue,  3 Mar 2020 17:12:04 -0500
Message-Id: <20200303221205.4048668-5-nivedita@alum.mit.edu>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200303221205.4048668-1-nivedita@alum.mit.edu>
References: <20200301230537.2247550-1-nivedita@alum.mit.edu>
 <20200303221205.4048668-1-nivedita@alum.mit.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

commit 223e3ee56f77 ("efi/x86: add headroom to decompressor BSS to
account for setup block") added headroom to the PE image to account for
the setup block, which wasn't used for the decompression buffer.

Now that the decompression buffer is located at the start of the image,
and includes the setup block, this is no longer required.

Add a check to make sure that the head section of the compressed kernel
won't overwrite itself while relocating. This is only for
future-proofing as with current limits on the setup and the actual size
of the head section, this can never happen.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
---
 arch/x86/boot/tools/build.c | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c
index 90d403dfec80..3d03ad753ed5 100644
--- a/arch/x86/boot/tools/build.c
+++ b/arch/x86/boot/tools/build.c
@@ -65,6 +65,8 @@ unsigned long efi_pe_entry;
 unsigned long efi32_pe_entry;
 unsigned long kernel_info;
 unsigned long startup_64;
+unsigned long _ehead;
+unsigned long _end;
 
 /*----------------------------------------------------------------------*/
 
@@ -232,7 +234,7 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz,
 {
 	unsigned int pe_header;
 	unsigned int text_sz = file_sz - text_start;
-	unsigned int bss_sz = init_sz + text_start - file_sz;
+	unsigned int bss_sz = init_sz - file_sz;
 
 	pe_header = get_unaligned_le32(&buf[0x3c]);
 
@@ -259,7 +261,7 @@ static void update_pecoff_text(unsigned int text_start, unsigned int file_sz,
 	put_unaligned_le32(file_sz - 512 + bss_sz, &buf[pe_header + 0x1c]);
 
 	/* Size of image */
-	put_unaligned_le32(init_sz + text_start, &buf[pe_header + 0x50]);
+	put_unaligned_le32(init_sz, &buf[pe_header + 0x50]);
 
 	/*
 	 * Address of entry point for PE/COFF executable
@@ -360,6 +362,8 @@ static void parse_zoffset(char *fname)
 		PARSE_ZOFS(p, efi32_pe_entry);
 		PARSE_ZOFS(p, kernel_info);
 		PARSE_ZOFS(p, startup_64);
+		PARSE_ZOFS(p, _ehead);
+		PARSE_ZOFS(p, _end);
 
 		p = strchr(p, '\n');
 		while (p && (*p == '\r' || *p == '\n'))
@@ -444,6 +448,26 @@ int main(int argc, char ** argv)
 	put_unaligned_le32(sys_size, &buf[0x1f4]);
 
 	init_sz = get_unaligned_le32(&buf[0x260]);
+#ifdef CONFIG_EFI_STUB
+	/*
+	 * The decompression buffer will start at ImageBase. When relocating
+	 * the compressed kernel to its end, we must ensure that the head
+	 * section does not get overwritten.  The head section occupies
+	 * [i, i + _ehead), and the destination is [init_sz - _end, init_sz).
+	 *
+	 * At present these should never overlap, because i is at most 32k
+	 * because of SETUP_SECT_MAX, _ehead is less than 1k, and the
+	 * calculation of INIT_SIZE in boot/header.S ensures that
+	 * init_sz - _end is at least 64k.
+	 *
+	 * For future-proofing, increase init_sz if necessary.
+	 */
+
+	if (init_sz - _end < i + _ehead) {
+		init_sz = (i + _ehead + _end + 4095) & ~4095;
+		put_unaligned_le32(init_sz, &buf[0x260]);
+	}
+#endif
 	update_pecoff_text(setup_sectors * 512, i + (sys_size * 16), init_sz);
 
 	efi_stub_entry_update();
-- 
2.24.1