efistub/x86: Remap inittext read-execute when needed

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Recent EFI x86 systems are more strict when it comes to mapping boot
images, and require that mappings are either read-write or read-execute.

Now that the boot code is being cleaned up and refactored, most of it is
being moved into .init.text [where it arguably belongs] but that implies
that when booting on such strict EFI firmware, we need to take care to
map .init.text (and the .altinstr_aux section that follows it)
read-execute as well.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-44-ardb+git@google.com

authored by

Ard Biesheuvel and committed by

Borislav Petkov (AMD) 9 months ago e7b88bc0 7b38dec3

+10 -2

5 changed files

expand all

arch

x86

boot

compressed

Makefile

misc.c

include

asm

boot.h

kernel

vmlinux.lds.S

drivers

firmware

efi

libstub

x86-stub.c

+1 -1

arch/x86/boot/compressed/Makefile

··· 73 73 hostprogs := mkpiggy 74 74 HOST_EXTRACFLAGS += -I$(srctree)/tools/include 75 75 76 - sed-voffset := -e 's/^$[0-9a-fA-F]*$ [ABbCDGRSTtVW] $_text\|__start_rodata\|__bss_start\|_end$$$/\#define VO_\2 _AC(0x\1,UL)/p' 76 + sed-voffset := -e 's/^$[0-9a-fA-F]*$ [ABbCDGRSTtVW] $_text\|__start_rodata\|_sinittext\|__inittext_end\|__bss_start\|_end$$$/\#define VO_\2 _AC(0x\1,UL)/p' 77 77 78 78 quiet_cmd_voffset = VOFFSET $@ 79 79 cmd_voffset = $(NM) $< | sed -n $(sed-voffset) > $@

arch/x86/boot/compressed/misc.c

··· 332 332 } 333 333 334 334 const unsigned long kernel_text_size = VO___start_rodata - VO__text; 335 + const unsigned long kernel_inittext_offset = VO__sinittext - VO__text; 336 + const unsigned long kernel_inittext_size = VO___inittext_end - VO__sinittext; 335 337 const unsigned long kernel_total_size = VO__end - VO__text; 336 338 337 339 static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4);

arch/x86/include/asm/boot.h

··· 82 82 #ifndef __ASSEMBLER__ 83 83 extern unsigned int output_len; 84 84 extern const unsigned long kernel_text_size; 85 + extern const unsigned long kernel_inittext_offset; 86 + extern const unsigned long kernel_inittext_size; 85 87 extern const unsigned long kernel_total_size; 86 88 87 89 unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_addr,

arch/x86/kernel/vmlinux.lds.S

··· 227 227 */ 228 228 .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { 229 229 *(.altinstr_aux) 230 + . = ALIGN(PAGE_SIZE); 231 + __inittext_end = .; 230 232 } 231 233 232 234 INIT_DATA_SECTION(16)

+3 -1

drivers/firmware/efi/libstub/x86-stub.c

··· 788 788 789 789 *kernel_entry = addr + entry; 790 790 791 - return efi_adjust_memory_range_protection(addr, kernel_text_size); 791 + return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: 792 + efi_adjust_memory_range_protection(addr + kernel_inittext_offset, 793 + kernel_inittext_size); 792 794 } 793 795 794 796 static void __noreturn enter_kernel(unsigned long kernel_addr,

Configure Feed

Configure Feed