Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp3470379ybk; Tue, 19 May 2020 05:37:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyg/1z/cGFcakMPta09pk2l9ZAcbHDr5gueTaI1X9issV5YypT7WGE7V2K2KC8bR5krdH7m X-Received: by 2002:a17:906:8694:: with SMTP id g20mr19351794ejx.75.1589891856826; Tue, 19 May 2020 05:37:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589891856; cv=none; d=google.com; s=arc-20160816; b=N0OZ9Zl/zYauxDbPKWrXV8FE5Lb8FR8k3C+WTevJ7+HWh6ZFE8SuPxTUfUkJ8rGIgH C+WJglieJzXS+BbxpiN7M/460ib4HzBIzcpAW5IA0ELjEZheCecyjjQHkMzeJdm60iAv yM3z81AHTf7QmN/oWfs637lGsLv8YVCEJ3dZZftWhvwqn/eEXQyhanczMAB4JNVPKBIg crvO9lxTnDbpD1AHCZlsdtYmkBMNhuyRQqnCjxanxR9ltR2u+A9me4SL8hBxnuY7cLVv qmL5zYj0x0em5eBOncC5+MFo7sIoNrgrhS2+BwDfWPOsyQpE6QkmDPdg+6yU3ihijsXr xrOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=RrqtK+nyiuhbfhClB3Adm81o4d5fNzXw5kCrvwGg9v0=; b=Flwrj5bJUM/OC12R1U8IKJBisHU7ZH3uuMVDtKfi0JvaUUzDdWNzKrb65w5ymkFakK ZFh3GFhZokULy0F2ual9BXmjkvQiAFiX5T2DeaG4ebDU4nIc/K+YuZfqv/Ck+Ubg4OqA /yD87957LdQ3lnpCkpYjeCUDBCltJiFGs6VAVPj2tpJsD/gs4fkRg/joX+7cub/Uj7tc TS4yQM6as21BhyN4K5FhqVYbw04lXS7dTAlJWhxEaVxWgwZF3BD6nBTCtmipWMK9vOkU XJs9gXaaXRjdGzf6o+Xby9JokkHz7ye9kDKl0XV9szU0zE3LnEBaonJPNuEcbNMI1/yl 5c2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c22si9013864edx.33.2020.05.19.05.37.11; Tue, 19 May 2020 05:37:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727074AbgESMfs (ORCPT + 99 others); Tue, 19 May 2020 08:35:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726196AbgESMfs (ORCPT ); Tue, 19 May 2020 08:35:48 -0400 Received: from Galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8746C08C5C0; Tue, 19 May 2020 05:35:47 -0700 (PDT) Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jb1TC-000059-FP; Tue, 19 May 2020 14:35:42 +0200 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 117451C0178; Tue, 19 May 2020 14:35:42 +0200 (CEST) Date: Tue, 19 May 2020 12:35:41 -0000 From: "tip-bot2 for Arvind Sankar" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/boot] x86/boot: Correct relocation destination on old linkers Cc: Arvind Sankar , Borislav Petkov , x86 , LKML In-Reply-To: <20200207214926.3564079-1-nivedita@alum.mit.edu> References: <20200207214926.3564079-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Message-ID: <158989174193.17951.2884071095602421323.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/boot branch of tip: Commit-ID: 5214028dd89e49ba27007c3ee475279e584261f0 Gitweb: https://git.kernel.org/tip/5214028dd89e49ba27007c3ee475279e584261f0 Author: Arvind Sankar AuthorDate: Fri, 07 Feb 2020 16:49:26 -05:00 Committer: Borislav Petkov CommitterDate: Tue, 19 May 2020 14:11:22 +02:00 x86/boot: Correct relocation destination on old linkers For the 32-bit kernel, as described in 6d92bc9d483a ("x86/build: Build compressed x86 kernels as PIE"), pre-2.26 binutils generates R_386_32 relocations in PIE mode. Since the startup code does not perform relocation, any reloc entry with R_386_32 will remain as 0 in the executing code. Commit 974f221c84b0 ("x86/boot: Move compressed kernel to the end of the decompression buffer") added a new symbol _end but did not mark it hidden, which doesn't give the correct offset on older linkers. This causes the compressed kernel to be copied beyond the end of the decompression buffer, rather than flush against it. This region of memory may be reserved or already allocated for other purposes by the bootloader. Mark _end as hidden to fix. This changes the relocation from R_386_32 to R_386_RELATIVE even on the pre-2.26 binutils. For 64-bit, this is not strictly necessary, as the 64-bit kernel is only built as PIE if the linker supports -z noreloc-overflow, which implies binutils-2.27+, but for consistency, mark _end as hidden here too. The below illustrates the before/after impact of the patch using binutils-2.25 and gcc-4.6.4 (locally compiled from source) and QEMU. Disassembly before patch: 48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax 4e: 2d 00 00 00 00 sub $0x0,%eax 4f: R_386_32 _end Disassembly after patch: 48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax 4e: 2d 00 f0 76 00 sub $0x76f000,%eax 4f: R_386_RELATIVE *ABS* Dump from extract_kernel before patch: early console in extract_kernel input_data: 0x0207c098 <--- this is at output + init_size input_len: 0x0074fef1 output: 0x01000000 output_len: 0x00fa63d0 kernel_total_size: 0x0107c000 needed_size: 0x0107c000 Dump from extract_kernel after patch: early console in extract_kernel input_data: 0x0190d098 <--- this is at output + init_size - _end input_len: 0x0074fef1 output: 0x01000000 output_len: 0x00fa63d0 kernel_total_size: 0x0107c000 needed_size: 0x0107c000 Fixes: 974f221c84b0 ("x86/boot: Move compressed kernel to the end of the decompression buffer") Signed-off-by: Arvind Sankar Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/20200207214926.3564079-1-nivedita@alum.mit.edu --- arch/x86/boot/compressed/head_32.S | 5 +++-- arch/x86/boot/compressed/head_64.S | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index ab33070..03557f2 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -49,16 +49,17 @@ * Position Independent Executable (PIE) so that linker won't optimize * R_386_GOT32X relocation to its fixed symbol address. Older * linkers generate R_386_32 relocations against locally defined symbols, - * _bss, _ebss, _got and _egot, in PIE. It isn't wrong, just less + * _bss, _ebss, _got, _egot and _end, in PIE. It isn't wrong, just less * optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle * R_386_32 relocations when relocating the kernel. To generate - * R_386_RELATIVE relocations, we mark _bss, _ebss, _got and _egot as + * R_386_RELATIVE relocations, we mark _bss, _ebss, _got, _egot and _end as * hidden: */ .hidden _bss .hidden _ebss .hidden _got .hidden _egot + .hidden _end __HEAD SYM_FUNC_START(startup_32) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 6b11060..e821a7d 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -42,6 +42,7 @@ .hidden _ebss .hidden _got .hidden _egot + .hidden _end __HEAD .code32