- Feb 14, 2015
-
-
Andrey Ryabinin authored
Recently instrumentation of builtin functions calls was removed from GCC 5.0. To check the memory accessed by such functions, userspace asan always uses interceptors for them. So now we should do this as well. This patch declares memset/memmove/memcpy as weak symbols. In mm/kasan/kasan.c we have our own implementation of those functions which checks memory before accessing it. Default memset/memmove/memcpy now now always have aliases with '__' prefix. For files that built without kasan instrumentation (e.g. mm/slub.c) original mem* replaced (via #define) with prefixed variants, cause we don't want to check memory accesses there. Signed-off-by:
Andrey Ryabinin <a.ryabinin@samsung.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Konstantin Serebryany <kcc@google.com> Cc: Dmitry Chernenkov <dmitryc@google.com> Signed-off-by:
Andrey Konovalov <adech.fo@gmail.com> Cc: Yuri Gribov <tetra2005@gmail.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Christoph Lameter <cl@linux.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: David Rientjes <rientjes@google.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Andrey Ryabinin authored
This patch adds arch specific code for kernel address sanitizer. 16TB of virtual addressed used for shadow memory. It's located in range [ffffec0000000000 - fffffc0000000000] between vmemmap and %esp fixup stacks. At early stage we map whole shadow region with zero page. Latter, after pages mapped to direct mapping address range we unmap zero pages from corresponding shadow (see kasan_map_shadow()) and allocate and map a real shadow memory reusing vmemmap_populate() function. Also replace __pa with __pa_nodebug before shadow initialized. __pa with CONFIG_DEBUG_VIRTUAL=y make external function call (__phys_addr) __phys_addr is instrumented, so __asan_load could be called before shadow area initialized. Signed-off-by:
-
- Jan 26, 2015
-
-
Kees Cook authored
Commit e6023367 ("x86, kaslr: Prevent .bss from overlaping initrd") added Perl to the required build environment. This reimplements in shell the Perl script used to find the size of the kernel with bss and brk added. Signed-off-by:
Kees Cook <keescook@chromium.org> Reported-by:
Rob Landley <rob@landley.net> Acked-by:
-
- Jan 20, 2015
-
-
Kees Cook authored
On 64-bit, relocation is not required unless the load address gets changed. Without this, relocations do unexpected things when the kernel is above 4G. Reported-by:
Baoquan He <bhe@redhat.com> Signed-off-by:
Thomas D. <whissi@whissi.de> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Jan Beulich <JBeulich@suse.com> Cc: Junjie Mao <eternal.n08@gmail.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20150116005146.GA4212@www.outflux.net Signed-off-by:
Thomas Gleixner <tglx@linutronix.de>
-
- Nov 23, 2014
-
-
Chris Clayton authored
commit e6023367 'x86, kaslr: Prevent .bss from overlaping initrd' broke the cross compile of x86. It added a objdump invocation, which invokes the host native objdump and ignores an active cross tool chain. Use $(OBJDUMP) instead which takes the CROSS_COMPILE prefix into account. [ tglx: Massage changelog and use $(OBJDUMP) ] Fixes: e6023367 'x86, kaslr: Prevent .bss from overlaping initrd' Signed-off-by:
Chris Clayton <chris2553@googlemail.com> Acked-by:
Borislav Petkov <bp@suse.de> Cc: Junjie Mao <eternal.n08@gmail.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: H. Peter Anvin <hpa@linux.intel.com> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/54705C8E.1080400@googlemail.com Signed-off-by:
-
- Nov 11, 2014
-
-
Ard Biesheuvel authored
This reverts commit 84be8805, which itself reverted my original attempt to move x86 from #include'ing .c files from across the tree to using the EFI stub built as a static library. The issue that affected the original approach was that splitting the implementation into several .o files resulted in the variable 'efi_early' becoming a global with external linkage, which under -fPIC implies that references to it must go through the GOT. However, dealing with this additional GOT entry turned out to be troublesome on some EFI implementations. (GCC's visibility=hidden attribute is supposed to lift this requirement, but it turned out not to work on the 32-bit build.) Instead, use a pure getter function to get a reference to efi_early. This approach results in no additional GOT entries being generated, so there is no need for any changes in the early GOT handling. Tested-by:
Maarten Lankhorst <maarten.lankhorst@canonical.com> Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
Matt Fleming <matt.fleming@intel.com>
-
- Nov 04, 2014
-
-
Jan Beulich authored
This is in preparation of using RIP-relative addressing in many of the per-CPU accesses. Signed-off-by:
Jan Beulich <jbeulich@suse.com> Link: http://lkml.kernel.org/r/5458A15A0200007800044A9A@mail.emea.novell.com Signed-off-by:
-
- Nov 01, 2014
-
-
Kees Cook authored
This adds a comment detailing the various intermediate files used to build the bootable decompression image for the x86 kernel. Signed-off-by:
Josh Triplett <josh@joshtriplett.org> Cc: Matt Fleming <matt.fleming@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Junjie Mao <eternal.n08@gmail.com> Link: http://lkml.kernel.org/r/20141031162204.GA26268@www.outflux.net Signed-off-by:
-
Junjie Mao authored
When choosing a random address, the current implementation does not take into account the reversed space for .bss and .brk sections. Thus the relocated kernel may overlap other components in memory. Here is an example of the overlap from a x86_64 kernel in qemu (the ranges of physical addresses are presented): Physical Address 0x0fe00000 --+--------------------+ <-- randomized base / | relocated kernel | vmlinux.bin | (from vmlinux.bin) | 0x1336d000 (an ELF file) +--------------------+-- \ | | \ 0x1376d870 --+--------------------+ | | relocs table | | 0x13c1c2a8 +--------------------+ .bss and .brk | | | 0x13ce6000 +--------------------+ | | | / 0x13f77000 | initrd |-- | | 0x13fef374 +--------------------+ The initrd image will then be overwritten by the memset during early initialization: [ 1.655204] Unpacking initramfs... [ 1.662831] Initramfs unpacking failed: junk in compressed archive This patch prevents the above situation by requiring a larger space when looking for a random kernel base, so that existing logic can effectively avoids the overlap. [kees: switched to perl to avoid hex translation pain in mawk vs gawk] [kees: calculated overlap without relocs table] Fixes: 82fa9637 ("x86, kaslr: Select random position from e820 maps") Reported-by:Fengguang Wu <fengguang.wu@intel.com> Signed-off-by:
Junjie Mao <eternal.n08@gmail.com> Signed-off-by:
-
- Oct 03, 2014
-
-
Andre Müller authored
All other calls to allocate memory seem to make some noise already, with the exception of two calls (for gop, uga) in the setup_graphics path. The purpose is to be noisy on worrysome errors immediately. commit fb86b244 ("x86/efi: Add better error logging to EFI boot stub") introduces printing false alarms for lots of hardware. Rather than playing Whack a Mole with non-fatal exit conditions, try the other way round. This is per Matt Fleming's suggestion: > Where I think we could improve things > is by adding efi_printk() message in certain error paths. Clearly, not > all error paths need such messages, e.g. the EFI_INVALID_PARAMETER path > you highlighted above, but it makes sense for memory allocation and PCI > read failures. Link: http://article.gmane.org/gmane.linux.kernel.efi/4628 Signed-off-by:
Andre Müller <andre.muller@web.de> Cc: Ulf Winkelvos <ulf@winkelvos.de> Signed-off-by:
-
Matt Fleming authored
We need a way to customize the behaviour of the EFI boot stub, in particular, we need a way to disable the "chunking" workaround, used when reading files from the EFI System Partition. One of my machines doesn't cope well when reading files in 1MB chunks to a buffer above the 4GB mark - it appears that the "chunking" bug workaround triggers another firmware bug. This was only discovered with commit 4bf7111f ("x86/efi: Support initrd loaded above 4G"), and that commit is perfectly valid. The symptom I observed was a corrupt initrd rather than any kind of crash. efi= is now used to specify EFI parameters in two very different execution environments, the EFI boot stub and during kernel boot. There is also a slight performance optimization by enabling efi=nochunk, but that's offset by the fact that you're more likely to run into firmware issues, at least on x86. This is the rationale behind leaving the workaround enabled by default. Also provide some documentation for EFI_READ_CHUNK_SIZE and why we're using the current value of 1MB. Tested-by:
-
- Oct 01, 2014
-
-
Kees Cook authored
Building 32-bit threw a warning on kASLR enabled builds: arch/x86/boot/compressed/aslr.c: In function ‘mem_avoid_overlap’: arch/x86/boot/compressed/aslr.c:198:17: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] avoid.start = (u64)ptr; ^ This fixes the warning; unsigned long should have been used here. Signed-off-by:H. Peter Anvin <hpa@linux.intel.com>
-
- Sep 24, 2014
-
-
Matt Fleming authored
If we're executing the 32-bit efi_char16_printk() code path (i.e. running on top of 32-bit firmware) we know that efi_early->text_output will be a 32-bit value, even though ->text_output has type u64. Unfortunately, we currently pass ->text_output directly to efi_early->call() so for CONFIG_X86_32 the compiler will push a 64-bit value onto the stack, causing the other parameters to be misaligned. The way we handle this in the rest of the EFI boot stub is to pass pointers as arguments to efi_early->call(), which automatically do the right thing (pointers are 32-bit on CONFIG_X86_32, and we simply ignore the upper 32-bits of the argument register if running in 64-bit mode with 32-bit firmware). This fixes a corruption bug when printing strings from the 32-bit EFI boot stub. Link: https://bugzilla.kernel.org/show_bug.cgi?id=84241 Signed-off-by:
-
Matt Fleming authored
A number of people are reporting seeing the "setup_efi_pci() failed!" error message in what used to be a quiet boot, https://bugzilla.kernel.org/show_bug.cgi?id=81891 The message isn't all that helpful because setup_efi_pci() can return a non-success error code for a variety of reasons, not all of them fatal. Let's drop the return code from setup_efi_pci*() altogether, since there's no way to process it in any meaningful way outside of the inner __setup_efi_pci*() functions. Reported-by:
Darren Hart <dvhart@linux.intel.com> Reported-by:
Josh Boyer <jwboyer@fedoraproject.org> Cc: Ulf Winkelvos <ulf@winkelvos.de> Cc: Andre Müller <andre.muller@web.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
- Sep 23, 2014
-
-
Matt Fleming authored
This reverts commit f23cf8bd ("efi/x86: efistub: Move shared dependencies to <asm/efi.h>") as well as the x86 parts of commit f4f75ad5 ("efi: efistub: Convert into static library"). The road leading to these two reverts is long and winding. The above two commits were merged during the v3.17 merge window and turned the common EFI boot stub code into a static library. This necessitated making some symbols global in the x86 boot stub which introduced new entries into the early boot GOT. The problem was that we weren't fixing up the newly created GOT entries before invoking the EFI boot stub, which sometimes resulted in hangs or resets. This failure was reported by Maarten on his Macbook pro. The proposed fix was commit 9cb0e394 ("x86/efi: Fixup GOT in all boot code paths"). However, that caused issues for Linus when booting his Sony Vaio Pro 11. It was subsequently reverted in commit f3670394. So that leaves us back with Maarten's Macbook pro not booting. At this stage in the release cycle the least risky option is to revert the x86 EFI boot stub to the pre-merge window code structure where we explicitly #include efi-stub-helper.c instead of linking with the static library. The arm64 code remains unaffected. We can take another swing at the x86 parts for v3.18. Conflicts: arch/x86/include/asm/efi.h Tested-by:
-
Linus Torvalds authored
This reverts commit 9cb0e394. It causes my Sony Vaio Pro 11 to immediately reboot at startup. Acked-by:
Ingo Molnar <mingo@kernel.org> Cc: Peter Anvin <hpa@zytor.com> Cc: Maarten Lankhorst <maarten.lankhorst@canonical.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Matt Fleming <matt.fleming@intel.com> Signed-off-by:
-
- Sep 19, 2014
-
-
Kees Cook authored
The KASLR location-choosing logic needs to avoid the setup_data list memory areas as well. Without this, it would be possible to have the ASLR position stomp on the memory, ultimately causing the boot to fail. Signed-off-by:
-
- Sep 08, 2014
-
-
Matt Fleming authored
Maarten reported that his Macbook pro 8.2 stopped booting after commit f23cf8bd ("efi/x86: efistub: Move shared dependencies to <asm/efi.h>"), the main feature of which is changing the visibility of symbol 'efi_early' from local to global. By making 'efi_early' global we end up requiring an entry in the Global Offset Table. Unfortunately, while we do include code to fixup GOT entries in the early boot code, it's only called after we've executed the EFI boot stub. What this amounts to is that references to 'efi_early' in the EFI boot stub don't point to the correct place. Since we've got multiple boot entry points we need to be prepared to fixup the GOT in multiple places, while ensuring that we never do it more than once, otherwise the GOT entries will still point to the wrong place. Reported-by:
-
Yinghai Lu authored
Mantas found that after commit 4bf7111f ("x86/efi: Support initrd loaded above 4G"), the kernel freezes at the earliest possible moment when trying to boot via UEFI on Asus laptop. Revert to old way to load initrd under 4G on first try, second try will use above 4G buffer when initrd is too big and does not fit under 4G. [ The cause of the freeze appears to be a firmware bug when reading file data into buffers above 4GB, though the exact reason is unknown. Mantas reports that the hang can be avoid if the file size is a multiple of 512 bytes, but I've seen some ASUS firmware simply corrupting the file data rather than freezing. Laszlo fixed an issue in the upstream EDK2 DiskIO code in Aug 2013 which may possibly be related, commit 4e39b75e ("MdeModulePkg/DiskIoDxe: fix source/destination pointer of overrun transfer"). Whatever the cause, it's unlikely that a fix will be forthcoming from the vendor, hence the workaround - Matt ] Cc: Laszlo Ersek <lersek@redhat.com> Reported-by:
Mantas Mikulėnas <grawity@gmail.com> Reported-by:
Harald Hoyer <harald@redhat.com> Tested-by:
Anders Darander <anders@chargestorm.se> Tested-by:
Calvin Walton <calvin.walton@kepstin.ca> Signed-off-by:
Yinghai Lu <yinghai@kernel.org> Signed-off-by:
-
- Aug 17, 2014
-
-
Josh Triplett authored
All the code in early_serial_console.c gets compiled out if !CONFIG_EARLY_PRINTK, but early_serial_console.o itself still gets compiled in. Eliminate it from the compile entirely in that case. This does not change the generated code at all, in either case. Signed-off-by: -
Josh Triplett authored
All the code in aslr.c gets compiled out if !CONFIG_RANDOMIZE_BASE, but aslr.o itself still gets compiled in. Eliminate it from the compile entirely in that case. This does not change the generated code at all, in either case. Signed-off-by: -
Josh Triplett authored
Switch VMLINUX_OBJS to vmlinux-objs-y, to eliminate Makefile conditionals in favor of vmlinux-objs-$(CONFIG_*) constructs. This does not change the generated code at all. Signed-off-by:
-
- Jul 18, 2014
-
-
Ulf Winkelvos authored
Hopefully this will enable us to better debug: https://bugzilla.kernel.org/show_bug.cgi?id=68761 Signed-off-by:
Ulf Winkelvos <ulf@winkelvos.de> Signed-off-by:
-
Ard Biesheuvel authored
This patch changes both x86 and arm64 efistub implementations from #including shared .c files under drivers/firmware/efi to building shared code as a static library. The x86 code uses a stub built into the boot executable which uncompresses the kernel at boot time. In this case, the library is linked into the decompressor. In the arm64 case, the stub is part of the kernel proper so the library is linked into the kernel proper as well. Signed-off-by:
-
- Jul 07, 2014
-
-
Ard Biesheuvel authored
In order to move from the #include "../../../xxxxx.c" anti-pattern used by both the x86 and arm64 versions of the stub to a static library linked into either the kernel proper (arm64) or a separate boot executable (x86), there is some prepatory work required. This patch does the following: - move forward declarations of functions shared between the arch specific and the generic parts of the stub to include/linux/efi.h - move forward declarations of functions shared between various .c files of the generic stub code to a new local header file called "efistub.h" - add #includes to all .c files which were formerly relying on the #includor to include the correct header files - remove all static modifiers from functions which will need to be externally visible once we move to a static library Signed-off-by:
-
Ard Biesheuvel authored
This moves definitions depended upon both by code under arch/x86/boot and under drivers/firmware/efi to <asm/efi.h>. This is in preparation of turning the stub code under drivers/firmware/efi into a static library. Signed-off-by:
-
- Jun 19, 2014
-
-
Yinghai Lu authored
For boot efi kernel directly without bootloader. If the kernel support XLF_CAN_BE_LOADED_ABOVE_4G, we should not limit initrd under hdr->initrd_add_max. Signed-off-by:
-
- Jun 16, 2014
-
-
Kees Cook authored
Changes kASLR from being compile-time selectable (blocked by CONFIG_HIBERNATION), to being boot-time selectable (with hibernation available by default) via the "kaslr" kernel command line. Signed-off-by:
Pavel Machek <pavel@ucw.cz> Signed-off-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
- May 08, 2014
-
-
Vivek Goyal authored
Given the fact that we removed inclusion of boot.h from boot/string.c does not look like we need misc.h inclusion in compressed/string.c. So remove it. misc.h was also pulling in string_32.h which in turn had macros for memcmp and memcpy. So we don't need to #undef memcmp and memcpy anymore. Signed-off-by:
Vivek Goyal <vgoyal@redhat.com> Link: http://lkml.kernel.org/r/1398447972-27896-3-git-send-email-vgoyal@redhat.com Signed-off-by:
H. Peter Anvin <hpa@zytor.com>
-
- May 05, 2014
-
-
Andi Kleen authored
As requested by Linus add explicit __visible to the asmlinkage users. This marks all functions visible to assembler. Tree sweep for arch/x86/* Signed-off-by:
Andi Kleen <ak@linux.intel.com> Link: http://lkml.kernel.org/r/1398984278-29319-3-git-send-email-andi@firstfloor.org Signed-off-by:
-
- Apr 17, 2014
-
-
Matt Fleming authored
We really only need one phys and one virt function call, and then only one assembly function to make firmware calls. Since we are not using the C type system anyway, we're not really losing much by deleting the macros apart from no longer having a check that we are passing the correct number of parameters. The lack of duplicated code seems like a worthwhile trade-off. Cc: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Cc: Borislav Petkov <bp@suse.de> Signed-off-by: -
H. Peter Anvin authored
Instead of truncating UTF-16 assuming all characters is ASCII, properly convert it to UTF-8. Signed-off-by:
Roy Franz <roy.franz@linaro.org> Signed-off-by:
Leif Lindholm <leif.lindholm@linaro.org> Signed-off-by:
-
- Apr 10, 2014
-
-
Matt Fleming authored
We're currently passing the file handle for the root file system to efi_file_read() and efi_file_close(), instead of the file handle for the file we wish to read/close. While this has worked up until now, it seems that it has only been by pure luck. Olivier explains, "The issue is the UEFI Fat driver might return the same function for 'fh->read()' and 'h->read()'. While in our case it does not work with a different implementation of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. In our case, we return a different pointer when reading a directory and reading a file." Fixing this actually clears up the two functions because we can drop one of the arguments, and instead only pass a file 'handle' argument. Reported-by:
Olivier Martin <olivier.martin@arm.com> Reviewed-by:
Mark Rutland <mark.rutland@arm.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Signed-off-by:
-
Matt Fleming authored
code32_start should point at the start of the protected mode code, and *not* at the beginning of the bzImage. This is much easier to do in assembly so document that callers of make_boot_params() need to fill out code32_start. The fallout from this bug is that we would end up relocating the image but copying the image at some offset, resulting in what appeared to be memory corruption. Reported-by:
Thomas Bächler <thomas@archlinux.org> Signed-off-by:
-
Matt Fleming authored
commit 54b52d87 ("x86/efi: Build our own EFI services pointer table") introduced a regression because the 64-bit file_size() implementation passed a pointer to a 32-bit data object, instead of a pointer to a 64-bit object. Because the firmware treats the object as 64-bits regardless it was reading random values from the stack for the upper 32-bits. This resulted in people being unable to boot their machines, after seeing the following error messages, Failed to get file info size Failed to alloc highmem for files Reported-by:
Dzmitry Sledneu <dzmitry.sledneu@gmail.com> Reported-by:
Koen Kooi <koen@dominion.thruhere.net> Tested-by:
-
- Mar 26, 2014
-
-
Matt Fleming authored
The ARM EFI boot stub doesn't need to care about the efi_early infrastructure that x86 requires in order to do mixed mode thunking. So wrap everything up in an efi_call_early() macro. This allows x86 to do the necessary indirection jumps to call whatever firmware interface is necessary (native or mixed mode), but also allows the ARM folks to mask the fact that they don't support relocation in the boot stub and need to pass 'sys_table_arg' to every function. [ hpa: there are no object code changes from this patch ] Signed-off-by:
-
- Mar 19, 2014
-
-
Vivek Goyal authored
Currently compressed/misc.c needs to link against memset(). I think one of the reasons of this need is inclusion of various header files which define static inline functions and use memset() inside these. For example, include/linux/bitmap.h I think trying to include "../string.h" and using builtin version of memset does not work because by the time "#define memset" shows up, it is too late. Some other header file has already used memset() and expects to find a definition during link phase. Currently we have a C definitoin of memset() in misc.c. Move it to compressed/string.c so that others can use it if need be. Signed-off-by:
-
Vivek Goyal authored
Try to treat memcmp() in same way as memcpy() and memset(). Provide a declaration in boot/string.h and by default user gets a memcmp() which maps to builtin function. Move optimized definition of memcmp() in boot/string.c. Now a user can do #undef memcmp and link against string.c to use optimzied memcmp(). It also simplifies boot/compressed/string.c where we had to redefine memcmp(). That extra definition is gone now. Signed-off-by:
-
Vivek Goyal authored
Move optimized versions of memcpy to compressed/string.c This will allow any other code to use these functions too if need be in future. Again trying to put definition in a common place instead of hiding it in misc.c Signed-off-by:
-
Vivek Goyal authored
With CONFIG_X86_32=y, string_32.h gets pulled in compressed/string.c by "misch.h". string_32.h defines a macro to map memcmp to __builtin_memcmp(). And that macro in turn changes the name of memcmp() defined here and converts it to __builtin_memcmp(). I thought that's not the intention though. We probably want to provide our own optimized definition of memcmp(). If yes, then undef the memcmp before we define a new memcmp. Signed-off-by:
-
