Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp337124pxb; Mon, 16 Aug 2021 06:36:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyI3+sv/wxlaUTClNSdUHNraF0iLrNp3ZybJ3L4CNVfhw8Zhj5zNS0lwH8kcNjGPK/ufy+h X-Received: by 2002:a17:906:af4f:: with SMTP id ly15mr16383729ejb.175.1629121018636; Mon, 16 Aug 2021 06:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629121018; cv=none; d=google.com; s=arc-20160816; b=PEy7ku2TuDvNsvJbJX7SwSz1tgz+5RL08q6yIl4gyxstxAWgHnbZekC6awHVtizXan iG0EgW2u5rMprIMfmre3QXNK5pEk8Wp/EGd5i7FkM4i3WsLUa2p1XsJK2ZFqOprjt/Ko iyHlzKIFgEnj9YJcZa1ljA3cDHTVxdUhXlp5EF/OtQ/exITckzCWn5F621kBRDyuga1/ F1CzUgiBWaD2VWN2G60AepUhzzLjvganVShJaiiwdXulr07wdX7ouTVW/0ISNpn1jlue skx+dBWhJI13o8avTqBpy7/oBcUnTafL1Y6h6i9omQ+MHXu720z5UHuzknmpb6dlajWx pD1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dd7rhNVdyZR28R5Ffzye5tkGiE9JWXnNCeJ8OehU2kk=; b=U+4401DyHMUKIfzuNPnQQm0m6advXQ77mnyVEJIqZE2ctF+0IfleoKCjtvQ0AmO2SI dKnpA8YMCh4cYsVDQKdjxQlVVpJaKlIzgnWJ+yr4KYyzLCcOEqsn8dO71xq+Ew8VSzW1 WoOzP4+wtDK7m4lRkOvKD2ZggRSpGHM3/SWQPzD/+sJdM8g+R4qWkV4vm/U7rPFO5Pbk pCTCORyO463vmSmk85b47MCeraNltDzelc6RW1K3XyXVMnR2EWCthwVJ4fNf/QsmJfCo ghGxUAqC+elcan8SAhE/6U+cr3xXAz1W7HNu+hXefr4ukSNwrGFGzGqpgIRXoB1F2LLI bjLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ABfWbGet; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi14si9780764ejb.441.2021.08.16.06.36.34; Mon, 16 Aug 2021 06:36:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ABfWbGet; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240016AbhHPNcL (ORCPT + 99 others); Mon, 16 Aug 2021 09:32:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:44416 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240939AbhHPNUY (ORCPT ); Mon, 16 Aug 2021 09:20:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B10BA63304; Mon, 16 Aug 2021 13:15:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1629119734; bh=RpW2zC9BPsC3SH+gJglb1jVNby7j7xJJFJpo7r9P9DQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ABfWbGetGlZO/EO1i/GwpAdOPRKhssu76fiH+FELjdzn+uqfUgRZUyJCyboAy6kEZ ZezQQiuio2dLOfX/BhN8nj9paeN4UukkNqp4iSjkVJngI0a+iWxEQy4pJKvbHJLTXm wo5DjAJhPhSa9gJ2N0qB2i74o6wjwp6RAo/ByywM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Benjamin Herrenschmidt Subject: [PATCH 5.13 142/151] efi/libstub: arm64: Double check image alignment at entry Date: Mon, 16 Aug 2021 15:02:52 +0200 Message-Id: <20210816125448.749919880@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210816125444.082226187@linuxfoundation.org> References: <20210816125444.082226187@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit c32ac11da3f83bb42b986702a9b92f0a14ed4182 upstream. On arm64, the stub only moves the kernel image around in memory if needed, which is typically only for KASLR, given that relocatable kernels (which is the default) can run from any 64k aligned address, which is also the minimum alignment communicated to EFI via the PE/COFF header. Unfortunately, some loaders appear to ignore this header, and load the kernel at some arbitrary offset in memory. We can deal with this, but let's check for this condition anyway, so non-compliant code can be spotted and fixed. Cc: # v5.10+ Signed-off-by: Ard Biesheuvel Tested-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman --- drivers/firmware/efi/libstub/arm64-stub.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -119,6 +119,10 @@ efi_status_t handle_kernel_image(unsigne if (image->image_base != _text) efi_err("FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value\n"); + if (!IS_ALIGNED((u64)_text, EFI_KIMG_ALIGN)) + efi_err("FIRMWARE BUG: kernel image not aligned on %ldk boundary\n", + EFI_KIMG_ALIGN >> 10); + kernel_size = _edata - _text; kernel_memsize = kernel_size + (_end - _edata); *reserve_size = kernel_memsize;