Received: by 2002:ab2:7444:0:b0:1ef:eae8:a797 with SMTP id f4csp27847lqn; Fri, 15 Mar 2024 11:45:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXndP0Q5JUO3kQiVAocLf20m2dS7skibCcIU3yrG04rcBkopiI4w93so4LwUcGIcB/bnANPpz/cjkJ+bXgbNrlpRCRb4c0dIObCajrRYw== X-Google-Smtp-Source: AGHT+IHhCEsuudG701fBlA2vf/xWejpkUBaxgivVm3meVYfaULvuMzcizzllI+bDoSowm0nMCg6T X-Received: by 2002:a2e:890d:0:b0:2d4:2b3b:5efa with SMTP id d13-20020a2e890d000000b002d42b3b5efamr3866054lji.6.1710528309245; Fri, 15 Mar 2024 11:45:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710528309; cv=pass; d=google.com; s=arc-20160816; b=hce22glswLtWjxEY+D69H9xos2WGzbY8BEKYuGvm4AlS2IwP/uZgeLVnRuZUP2Z6tp zK7Jg2DzpULMwD8F8Fi2tIu6rd85xQmnw2kz+5ccwPO1vyAZcJ4bW6ZESCir91EJkn83 yH6uS9qGbE7jZTiMJQwiSyOg3AmCa3ctl1EM4/pYnGSqFGIaBI1cdmV+yFG4YTmWQiAO BaPvtX8ew++vJo16xwehWBvmBVZXRztwJsEF/V8POsv0jFebxN4I6TAMEOI78lmRp5wU eTYvwiGG2j8yeExzZc+0sVWF7nBvfg50M8s/IpqCSCQ8mUTYR99Nn3PnaaQGcgDbVQ4X mmyg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature; bh=kLFV+TJ5jukvAp4sklQYPMZ0aYoTsux/8WqiDKfQ8Ss=; fh=2IKjJDSoX/uwpcI1K2P2uYuWJAhsudGPB2rf3v66ZaA=; b=vN2P0AI/4FTayz/4uB/BqVjA0rbZJGfWK0F2lSsCgsjeSIwfmjNBknMCCCKz0x980g kfUe+z6O0xdLC3zH9xv3j8Xi5zIuxMU53osEE915h9q10pLCvLo7NEYwBf2onX0NktG8 KWe3lpBwGwDGe/sDUzLzwKX/EWrWGe/VY/87x/o8oNqanrr0SsD+i2CVA8K4QjPsuDkp vALA0oVPaP4N5mYOztzFft1tu3OQ3OLmFF7Jx73vQOCx2ZL5qBRkzUERyCwaG95RYY1B D3wlX266TDzYcwh1/tb6L90Xrb9Fyeh2Mn7/WJBmw1ax3MDJepRqS2muyvErnQF8NLC5 IMrg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=q4beNS4n; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-104802-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-104802-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id t19-20020aa7d713000000b0056852f8226esi1946830edq.566.2024.03.15.11.45.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Mar 2024 11:45:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-104802-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=q4beNS4n; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-104802-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-104802-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CCC361F218E2 for ; Fri, 15 Mar 2024 18:45:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 94B5E1EF01; Fri, 15 Mar 2024 18:45:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="q4beNS4n" Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A3481CD02 for ; Fri, 15 Mar 2024 18:44:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710528301; cv=none; b=HJHjrpDPOF4vRCPU7uQHp21XHEzOju1ludAppo/Uap3Y5QDaAtzh0EFPgW5t9EMxNRI/7mmj79vgqFcvS9g3ThtFO74dHPAkWBnc4VPpyOqTrR9E8JTTlxwGwcqTxcIjIZG+nsyqmKCAKd8i1XM47RbF3Kpkko0qCzwtND+g8oU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710528301; c=relaxed/simple; bh=kB/993s6zM5nsl2ZXYt8C7yUGsnhSABK4nzsJX/jlEo=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=gTEhkgo1PtLNw4jiMynurQnSi9sPcUJpK2xtfwKBasq/3qAaUvZpxSE70Ym2NCQ9mAxEXAo7ET09aouWT3YhZtH3TPMaW5FPAwFDp4+LTFCpILJqkOuqFDN8hSMmptVZAfvxcOm5lrw1DuIqKOMddEVhNJwS4BcCLIZWGLZ1rcE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=q4beNS4n; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dcbee93a3e1so4029342276.3 for ; Fri, 15 Mar 2024 11:44:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710528297; x=1711133097; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=kLFV+TJ5jukvAp4sklQYPMZ0aYoTsux/8WqiDKfQ8Ss=; b=q4beNS4nPfr6kZ2gX442erBicBd4k3sD9SzLWpTxcVFPyzz9eKoED9kiAQ1nTbvnC1 AA34WSdqGlGQhavCKV9D1um7mgUe6z9D0veZ68sX6co6YbYg44ExRTM5TbxUgm07GCFl r5w8xOEZLAkJlPnjklHm5K9F86OKD+O/fSJiDVle3t0X+m0IyajCnh1N7TYnqYCxSgAu vbl0Y5TmuLaWoXx6zONoUfJWUkPYxixThDK0BnZM1emSqdskxUfJYJ6WKh+V/TUMdc2s jGCZiBTNxEM9XrT1lfB78elrRGmtSKQ/GlJXSTTTC8VEWrGHt2/YxbYfd+kiWmCS23sN E6xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710528297; x=1711133097; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=kLFV+TJ5jukvAp4sklQYPMZ0aYoTsux/8WqiDKfQ8Ss=; b=j0yBWL6pZcS3nph7QjrFfqKKwpgEahzVh73z0WEHNIxsVSEFaRUGa0tRixdxNg1dyi P7lpBCdC4rpDXHx0+hDeJaoWcyOsCvfJCQ3fg1qCT4+HuuduUdCixnXjFWEfs9X/pxTz vPBFBc6tl0jS7ZmRM/gWYc9kH72aFJgGP24ZngdINvKSn4ValQpuzctBoFpjIe7N6LGO vm84YhTdH/BH/GcFR5ZDvKoL8aKxM7/9sA/IJBR64AfyDoq2caI8KCpXEyiWTUaKXrKw i1otGXFZnXHdxW5fkRu+GF7NhvUb+nU4sg88AaFmJYiA6G9GPPIhKcNZopoPS3fi4z9X GppA== X-Gm-Message-State: AOJu0YwRaIDahFOPf2fVhQQtGOBfwld8WsbE//7qh49nPvVJ/B193aPA dBrB5BC+nj9WYR5otOYJuuJdxYQAxQyZ9EXim0ulpoXDRwhIJWltkofS8v/CqPogaQk4Yw== X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:1004:b0:dc6:44d4:bee0 with SMTP id w4-20020a056902100400b00dc644d4bee0mr194914ybt.7.1710528297666; Fri, 15 Mar 2024 11:44:57 -0700 (PDT) Date: Fri, 15 Mar 2024 19:44:39 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2144; i=ardb@kernel.org; h=from:subject; bh=hNdFm9ohkKR/E9QgoVEO6nYJkzQJEo9BU623OWEdpzw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXLdHET9Xz3fZEnrzz7IPH087OFqreSJ3xNn1uZo31H4 dqBxEXaHaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAis44yMnQ2b9dO+Fl7N/Sq M//K6Yt/BCU0c9hOKVzEOM/+eIThjWOMDK1th5f/erunuG3BgaPHWS/zmfo4XzDb88alMvlBh4Z ZBxcA X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Message-ID: <20240315184438.3609735-2-ardb+git@google.com> Subject: [PATCH] x86/efistub: Clear decompressor BSS in native EFI entrypoint From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , stable@kernel.org, Radek Podgorny Content-Type: text/plain; charset="UTF-8" From: Ard Biesheuvel The EFI decompressor no longer invokes the decompressor as a subsequent boot stage, but calls into the decompression code directly. This means that when using the native EFI entrypoint (as opposed to the EFI handover protocol, which clears BSS explicitly), we are relying on the firmware PE image loader to ensure that BSS is zeroed before the EFI stub is called by the firmware. As Radek's report proves, this is a bad idea. Not all loaders do this correctly, which means some global variables that should default to 0x0 may have junk in them. So clear BSS explicitly when entering via efi_pe_entry(). Note that zeroing BSS from C code is not generally safe, but in this case, the following assignment and dereference of a global pointer variable ensures that the memset() cannot be reordered. Cc: # v6.1+ Reported-by: Radek Podgorny Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 35413c8dfc25..2096ae09438e 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -21,6 +21,8 @@ #include "efistub.h" #include "x86-stub.h" +extern char _bss[], _ebss[]; + const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; static efi_loaded_image_t *image = NULL; @@ -474,6 +476,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, efi_status_t status; char *cmdline_ptr; + memset(_bss, 0, _ebss - _bss); + efi_system_table = sys_table_arg; /* Check if we were booted by the EFI firmware */ @@ -967,8 +971,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle, void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { - extern char _bss[], _ebss[]; - memset(_bss, 0, _ebss - _bss); efi_stub_entry(handle, sys_table_arg, boot_params); } -- 2.44.0.291.gc1ea87d7ee-goog