- May 05, 2014
-
-
H. Peter Anvin authored
arch/x86/crypto/sha1_avx2_x86_64_asm.S introduced _end as a local symbol, which broke the build under certain circumstances. Although the wisdom of _end as a local symbol can definitely be questioned, the build should not break for that reason. Thus, filter the output of nm to only get global symbols of appropriate type. Reported-by:
Andy Lutomirski <luto@amacapital.net> Cc: Chandramouli Narayanan <mouli@linux.intel.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
H. Peter Anvin <hpa@linux.intel.com> Link: http://lkml.kernel.org/n/tip-uxm3j3w3odglcwhafwq5tjqu@git.kernel.org
-
- Apr 10, 2014
-
-
Matt Fleming authored
We're currently passing the file handle for the root file system to efi_file_read() and efi_file_close(), instead of the file handle for the file we wish to read/close. While this has worked up until now, it seems that it has only been by pure luck. Olivier explains, "The issue is the UEFI Fat driver might return the same function for 'fh->read()' and 'h->read()'. While in our case it does not work with a different implementation of EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. In our case, we return a different pointer when reading a directory and reading a file." Fixing this actually clears up the two functions because we can drop one of the arguments, and instead only pass a file 'handle' argument. Reported-by:
Olivier Martin <olivier.martin@arm.com> Reviewed-by:
Mark Rutland <mark.rutland@arm.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Signed-off-by:
Matt Fleming <matt.fleming@intel.com>
-
Matt Fleming authored
code32_start should point at the start of the protected mode code, and *not* at the beginning of the bzImage. This is much easier to do in assembly so document that callers of make_boot_params() need to fill out code32_start. The fallout from this bug is that we would end up relocating the image but copying the image at some offset, resulting in what appeared to be memory corruption. Reported-by:
Thomas Bächler <thomas@archlinux.org> Signed-off-by:
-
Matt Fleming authored
commit 54b52d87 ("x86/efi: Build our own EFI services pointer table") introduced a regression because the 64-bit file_size() implementation passed a pointer to a 32-bit data object, instead of a pointer to a 64-bit object. Because the firmware treats the object as 64-bits regardless it was reading random values from the stack for the upper 32-bits. This resulted in people being unable to boot their machines, after seeing the following error messages, Failed to get file info size Failed to alloc highmem for files Reported-by:
Dzmitry Sledneu <dzmitry.sledneu@gmail.com> Reported-by:
Koen Kooi <koen@dominion.thruhere.net> Tested-by:
-
- Mar 26, 2014
-
-
Matt Fleming authored
The ARM EFI boot stub doesn't need to care about the efi_early infrastructure that x86 requires in order to do mixed mode thunking. So wrap everything up in an efi_call_early() macro. This allows x86 to do the necessary indirection jumps to call whatever firmware interface is necessary (native or mixed mode), but also allows the ARM folks to mask the fact that they don't support relocation in the boot stub and need to pass 'sys_table_arg' to every function. [ hpa: there are no object code changes from this patch ] Signed-off-by:
-
- Mar 20, 2014
-
-
Chris Bainbridge authored
Many Pentium M systems disable PAE but may have a functionally usable PAE implementation. This adds the "forcepae" parameter which bypasses the boot check for PAE, and sets the CPU as being PAE capable. Using this parameter will taint the kernel with TAINT_CPU_OUT_OF_SPEC. Signed-off-by:
Chris Bainbridge <chris.bainbridge@gmail.com> Link: http://lkml.kernel.org/r/20140307114040.GA4997@localhost Acked-by:
Borislav Petkov <bp@suse.de> Signed-off-by:
H. Peter Anvin <hpa@zytor.com>
-
- Mar 19, 2014
-
-
Vivek Goyal authored
Currently compressed/misc.c needs to link against memset(). I think one of the reasons of this need is inclusion of various header files which define static inline functions and use memset() inside these. For example, include/linux/bitmap.h I think trying to include "../string.h" and using builtin version of memset does not work because by the time "#define memset" shows up, it is too late. Some other header file has already used memset() and expects to find a definition during link phase. Currently we have a C definitoin of memset() in misc.c. Move it to compressed/string.c so that others can use it if need be. Signed-off-by:
Vivek Goyal <vgoyal@redhat.com> Link: http://lkml.kernel.org/r/1395170800-11059-6-git-send-email-vgoyal@redhat.com Signed-off-by:
-
Vivek Goyal authored
Try to treat memcmp() in same way as memcpy() and memset(). Provide a declaration in boot/string.h and by default user gets a memcmp() which maps to builtin function. Move optimized definition of memcmp() in boot/string.c. Now a user can do #undef memcmp and link against string.c to use optimzied memcmp(). It also simplifies boot/compressed/string.c where we had to redefine memcmp(). That extra definition is gone now. Signed-off-by:
-
Vivek Goyal authored
Move optimized versions of memcpy to compressed/string.c This will allow any other code to use these functions too if need be in future. Again trying to put definition in a common place instead of hiding it in misc.c Signed-off-by:
-
Vivek Goyal authored
Create a separate arch/x86/boot/string.h file to provide declaration of some of the common string functions. By default memcpy, memset and memcmp functions will default to gcc builtin functions. If code wants to use an optimized version of any of these functions, they need to #undef the respective macro and link against a local file providing definition of undefed function. For example, arch/x86/boot/* code links against copy.S to get memcpy() and memcmp() definitions. arch/86/boot/compressed/* links against compressed/string.c. There are quite a few places in arch/x86/ where these functions are used. Idea is to try to consilidate their declaration and possibly definitions so that it can be reused. I am planning to reuse boot/string.h in arch/x86/purgatory/ and use gcc builtin functions for memcpy, memset and memcmp. Signed-off-by:
-
Vivek Goyal authored
With CONFIG_X86_32=y, string_32.h gets pulled in compressed/string.c by "misch.h". string_32.h defines a macro to map memcmp to __builtin_memcmp(). And that macro in turn changes the name of memcmp() defined here and converts it to __builtin_memcmp(). I thought that's not the intention though. We probably want to provide our own optimized definition of memcmp(). If yes, then undef the memcmp before we define a new memcmp. Signed-off-by:
-
- Mar 13, 2014
-
-
Borislav Petkov authored
The name in struct bootparam is ->initrd_addr_max and not ramdisk_max. Fix that. Signed-off-by:
-
- Mar 05, 2014
-
-
Matt Fleming authored
The kbuild test robot reported the following errors, introduced with commit 54b52d87 ("x86/efi: Build our own EFI services pointer table"), arch/x86/boot/compressed/head_32.o: In function `efi32_config': >> (.data+0x58): undefined reference to `efi_call_phys' arch/x86/boot/compressed/head_64.o: In function `efi64_config': >> (.data+0x90): undefined reference to `efi_call6' Wrap the efi*_config structures in #ifdef CONFIG_EFI_STUB so that we don't make references to EFI functions if they're not compiled in. Signed-off-by:
-
Matt Fleming authored
The kbuild test robot reported the following errors that were introduced with commit 993c30a0 ("x86, tools: Consolidate #ifdef code"), arch/x86/boot/tools/build.c: In function 'update_pecoff_setup_and_reloc': >> arch/x86/boot/tools/build.c:252:1: error: parameter name omitted static inline void update_pecoff_setup_and_reloc(unsigned int) {} ^ arch/x86/boot/tools/build.c: In function 'update_pecoff_text': >> arch/x86/boot/tools/build.c:253:1: error: parameter name omitted static inline void update_pecoff_text(unsigned int, unsigned int) {} ^ >> arch/x86/boot/tools/build.c:253:1: error: parameter name omitted arch/x86/boot/tools/build.c: In function 'main': >> arch/x86/boot/tools/build.c:372:2: warning: implicit declaration of function 'efi_stub_entry_update' [-Wimplicit-function-declaration] efi_stub_entry_update(); ^ Signed-off-by:
-
- Mar 04, 2014
-
-
Matt Fleming authored
Some EFI firmware makes use of the FPU during boottime services and clearing X86_CR4_OSFXSR by overwriting %cr4 causes the firmware to crash. Add the PAE bit explicitly instead of trashing the existing contents, leaving the rest of the bits as the firmware set them. Cc: H. Peter Anvin <hpa@zytor.com> Signed-off-by: -
Matt Fleming authored
Add the Kconfig option and bump the kernel header version so that boot loaders can check whether the handover code is available if they want. The xloadflags field in the bzImage header is also updated to reflect that the kernel supports both entry points by setting both of XLF_EFI_HANDOVER_32 and XLF_EFI_HANDOVER_64 when CONFIG_EFI_MIXED=y. XLF_CAN_BE_LOADED_ABOVE_4G is disabled so that the kernel text is guaranteed to be addressable with 32-bits. Note that no boot loaders should be using the bits set in xloadflags to decide which entry point to jump to. The entire scheme is based on the concept that 32-bit bootloaders always jump to ->handover_offset and 64-bit loaders always jump to ->handover_offset + 512. We set both bits merely to inform the boot loader that it's safe to use the native handover offset even if the machine type in the PE/COFF header claims otherwise. Signed-off-by: -
Matt Fleming authored
The EFI handover code only works if the "bitness" of the firmware and the kernel match, i.e. 64-bit firmware and 64-bit kernel - it is not possible to mix the two. This goes against the tradition that a 32-bit kernel can be loaded on a 64-bit BIOS platform without having to do anything special in the boot loader. Linux distributions, for one thing, regularly run only 32-bit kernels on their live media. Despite having only one 'handover_offset' field in the kernel header, EFI boot loaders use two separate entry points to enter the kernel based on the architecture the boot loader was compiled for, (1) 32-bit loader: handover_offset (2) 64-bit loader: handover_offset + 512 Since we already have two entry points, we can leverage them to infer the bitness of the firmware we're running on, without requiring any boot loader modifications, by making (1) and (2) valid entry points for both CONFIG_X86_32 and CONFIG_X86_64 kernels. To be clear, a 32-bit boot loader will always use (1) and a 64-bit boot loader will always use (2). It's just that, if a single kernel image supports (1) and (2) that image can be used with both 32-bit and 64-bit boot loaders, and hence both 32-bit and 64-bit EFI. (1) and (2) must be 512 bytes apart at all times, but that is already part of the boot ABI and we could never change that delta without breaking existing boot loaders anyhow. Signed-off-by: -
Matt Fleming authored
Make the decision which code path to take at runtime based on efi_early->is64. Signed-off-by: -
Matt Fleming authored
Implement the transition code to go from IA32e mode to protected mode in the EFI boot stub. This is required to use 32-bit EFI services from a 64-bit kernel. Since EFI boot stub is executed in an identity-mapped region, there's not much we need to do before invoking the 32-bit EFI boot services. However, we do reload the firmware's global descriptor table (efi32_boot_gdt) in case things like timer events are still running in the firmware. Signed-off-by: -
Matt Fleming authored
It's not possible to dereference the EFI System table directly when booting a 64-bit kernel on a 32-bit EFI firmware because the size of pointers don't match. In preparation for supporting the above use case, build a list of function pointers on boot so that callers don't have to worry about converting pointer sizes through multiple levels of indirection. Signed-off-by: -
Matt Fleming authored
The traditional approach of using machine-specific types such as 'unsigned long' does not allow the kernel to interact with firmware running in a different CPU mode, e.g. 64-bit kernel with 32-bit EFI. Add distinct EFI structure definitions for both 32-bit and 64-bit so that we can use them in the 32-bit and 64-bit code paths. Acked-by:
-
Matt Fleming authored
Instead of littering main() with #ifdef CONFIG_EFI_STUB, move the logic into separate functions that do nothing if the config option isn't set. This makes main() much easier to read. Acked-by:
-
Matt Fleming authored
handover_offset is now filled out by build.c. Don't set a default value as it will be overwritten anyway. Acked-by:
-
- Feb 26, 2014
-
-
Kees Cook authored
This silences build warnings about unexported variables and functions. Signed-off-by:
Kees Cook <keescook@chromium.org> Link: http://lkml.kernel.org/r/20140209215644.GA30339@www.outflux.net Signed-off-by:
-
- Jan 30, 2014
-
-
David Woodhouse authored
Commit dd78b973 ("x86, boot: Move CPU flags out of cpucheck") introduced ambiguous inline asm in the has_eflag() function. In 16-bit mode want the instruction to be 'pushfl', but we just say 'pushf' and hope the compiler does what we wanted. When building with 'clang -m16', it won't, because clang doesn't use the horrid '.code16gcc' hack that even 'gcc -m16' uses internally. Say what we mean and don't make the compiler make assumptions. [ hpa: ideally we would be able to use the gcc %zN construct here, but that is broken for 64-bit integers in gcc < 4.5. The code with plain "pushf/popf" is fine for 32- or 64-bit mode, but not for 16-bit mode; in 16-bit mode those are 16-bit instructions in .code16 mode, and 32-bit instructions in .code16gcc mode. ] Signed-off-by:
David Woodhouse <David.Woodhouse@intel.com> Link: http://lkml.kernel.org/r/1391079628.26079.82.camel@shinybook.infradead.org Signed-off-by:
-
- Jan 22, 2014
-
-
David Woodhouse authored
It looks like GCC will always emit an object that is marked with an explicit section, although the documentation doesn't say that and we possibly shouldn't be relying on it. Clang does *not* do so, so add __attribute__((used)) to make sure. Signed-off-by:
-
David Woodhouse authored
Define them once in arch/x86/Makefile instead of twice. Signed-off-by:
-
- Jan 14, 2014
-
-
Wei Yongjun authored
Remove including <linux/version.h> that don't need it. Signed-off-by:
Wei Yongjun <yongjun_wei@trendmicro.com.cn> Link: http://lkml.kernel.org/r/CAPgLHd-Fjx1RybjWFAu1vHRfTvhWwMLL3x46BouC5uNxHPjy1A@mail.gmail.com Acked-by:
-
- Jan 04, 2014
-
-
H. Peter Anvin authored
The .inittext section tries to aggregate all functions which are needed to get a message out in the case of a load failure. However, putchar() uses intcall(), so intcall() should be in the .inittext section. Signed-off-by:
-
David Woodhouse authored
This reverts commit 28b48688 ("x86, boot: use .code16gcc instead of .code16"). Versions of binutils older than 2.16 are already not working, so this workaround is no longer necessary either. At the same time, some of the transformations that .code16gcc does can be *extremely* counterintuitive to a human programmer. [ hpa: folded ret -> retl and call -> calll fixes from followup patch ] Signed-off-by:
-
- Dec 29, 2013
-
-
Dave Young authored
Old kexec-tools can not load new kernels. The reason is kexec-tools does not fill efi_info in x86 setup header previously, thus EFI failed to initialize. In new kexec-tools it will by default to fill efi_info and pass other EFI required infomation to 2nd kernel so kexec kernel EFI initialization can succeed finally. To prevent from breaking userspace, add a new xloadflags bit so kexec-tools can check the flag and switch to old logic. Signed-off-by:
Dave Young <dyoung@redhat.com> Acked-by:
Toshi Kani <toshi.kani@hp.com> Signed-off-by:
-
- Dec 09, 2013
-
-
H. Peter Anvin authored
In checkin 5551a34e x86-64, build: Always pass in -mno-sse we unconditionally added -mno-sse to the main build, to keep newer compilers from generating SSE instructions from autovectorization. However, this did not extend to the special environments (arch/x86/boot, arch/x86/boot/compressed, and arch/x86/realmode/rm). Add -mno-sse to the compiler command line for these environments, and add -mno-mmx to all the environments as well, as we don't want a compiler to generate MMX code either. This patch also removes a $(cc-option) call for -m32, since we have long since stopped supporting compilers too old for the -m32 option, and in fact hardcode it in other places in the Makefiles. Reported-by:Kevin B. Smith <kevin.b.smith@intel.com> Cc: Sunil K. Pandey <sunil.k.pandey@intel.com> Signed-off-by:
-
- Nov 12, 2013
-
-
Kees Cook authored
The build_str needs to be char [] not char * for the sizeof() to report the string length. Reported-by:
Mathias Krause <minipli@googlemail.com> Signed-off-by:
-
H. Peter Anvin authored
If we don't have RDRAND (in which case nothing else *should* matter), most sources have a highly biased entropy distribution. Use a circular multiply to diffuse the entropic bits. A circular multiply is a good operation for this: it is cheap on standard hardware and because it is symmetric (unlike an ordinary multiply) it doesn't introduce its own bias. Cc: Kees Cook <keescook@chromium.org> Signed-off-by:
-
Kees Cook authored
Depending on availability, mix the RDRAND and RDTSC entropy together with XOR. Only when neither is available should the i8254 be used. Update the Kconfig documentation to reflect this. Additionally, since bits used for entropy is masked elsewhere, drop the needless masking in the get_random_long(). Similarly, use the entire TSC, not just the low 32 bits. Finally, to improve the starting entropy, do a simple hashing of a build-time versions string and the boot-time boot_params structure for some additional level of unpredictability. Signed-off-by:
-
- Oct 13, 2013
-
-
H. Peter Anvin authored
When a function is used in more than one file it may not be possible to immediately tell from context what the intended meaning is. As such, it is more important that the naming be self-evident. Thus, change get_flags() to get_cpuflags(). For consistency, change check_flags() to check_cpuflags() even though it is only used in cpucheck.c. Link: http://lkml.kernel.org/r/1381450698-28710-2-git-send-email-keescook@chromium.org Signed-off-by:
-
Kees Cook authored
Counts available alignment positions across all e820 maps, and chooses one randomly for the new kernel base address, making sure not to collide with unsafe memory areas. Signed-off-by:
-
Kees Cook authored
Adds potential sources of randomness: RDRAND, RDTSC, or the i8254. This moves the pre-alternatives inline rdrand function into the header so both pieces of code can use it. Availability of RDRAND is then controlled by CONFIG_ARCH_RANDOM, if someone wants to disable it even for kASLR. Signed-off-by:
-
Kees Cook authored
This allows decompress_kernel to return a new location for the kernel to be relocated to. Additionally, enforces CONFIG_PHYSICAL_START as the minimum relocation position when building with CONFIG_RELOCATABLE. With CONFIG_RANDOMIZE_BASE set, the choose_kernel_location routine will select a new location to decompress the kernel, though here it is presently a no-op. The kernel command line option "nokaslr" is introduced to bypass these routines. Signed-off-by:
-
Kees Cook authored
Refactor the CPU flags handling out of the cpucheck routines so that they can be reused by the future ASLR routines (in order to detect CPU features like RDRAND and RDTSC). This reworks has_eflag() and has_fpu() to be used on both 32-bit and 64-bit, and refactors the calls to cpuid to make them PIC-safe on 32-bit. Signed-off-by:
-
