Changes in Makefile

0dc1754e - efi/libstub: Avoid legacy decompressor zlib/zstd wrappers

Wed, 20 Nov 2024 19:36:03 +0000

efi/libstub: Avoid legacy decompressor zlib/zstd wrappersRemove EFI zboot's dependency on the decompression wrappers used by thelegacy decompressor boot code, which can only process the input in onego, and this will not work for upcoming support for embedded ELF images.They also do some odd things like providing a barebones malloc()implementation, which is not needed in a hosted environment such as theEFI boot services.So instead, implement GZIP deflate and ZSTD decompression in terms ofthe underlying libraries. Support for other compression algoritms hasalready been dropped.Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

fb84cefd - x86/efi/mixed: Move mixed mode startup code into libstub

Tue, 07 Jan 2025 17:16:59 +0000

x86/efi/mixed: Move mixed mode startup code into libstubThe EFI mixed mode code has been decoupled from the legacy decompressor,in order to be able to reuse it with generic EFI zboot images for x86.Move the source file into the libstub source directory to facilitatethis.Acked-by: Ingo Molnar Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

8ba14d9f - efi: libstub: Use '-std=gnu11' to fix build with GCC 15

Wed, 22 Jan 2025 01:11:34 +0000

efi: libstub: Use '-std=gnu11' to fix build with GCC 15GCC 15 changed the default C standard version to C23, which should nothave impacted the kernel because it requests the gnu11 standard via'-std=' in the main Makefile. However, the EFI libstub Makefile uses itsown set of KBUILD_CFLAGS for x86 without a '-std=' value (i.e., usingthe default), resulting in errors from the kernel's definitions of bool,true, and false in stddef.h, which are reserved keywords under C23. ./include/linux/stddef.h:11:9: error: expected identifier before ‘false’ 11 | false = 0, ./include/linux/types.h:35:33: error: two or more data types in declaration specifiers 35 | typedef _Bool bool;Set '-std=gnu11' in the x86 cflags to resolve the error and consistentlyuse the same C standard version for the entire kernel. All otherarchitectures reuse KBUILD_CFLAGS from the rest of the kernel, so thisissue is not visible for them.Cc: stable@vger.kernel.orgReported-by: Kostadin Shishmanov Closes: https://lore.kernel.org/4OAhbllK7x4QJGpZjkYjtBYNLd_2whHx9oFiuZcGwtVR4hIzvduultkgfAIRZI3vQpZylu7Gl929HaYFRGeMEalWCpeMzCIIhLxxRhq4U-Y=@protonmail.com/Reported-by: Jakub Jelinek Closes: https://lore.kernel.org/Z4467umXR2PZ0M1H@tucnak/Signed-off-by: Nathan Chancellor Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

b5db73fb - riscv: enable HAVE_ARCH_STACKLEAK

Sun, 23 Jun 2024 23:53:16 +0000

riscv: enable HAVE_ARCH_STACKLEAKAdd support for the stackleak feature. Whenever the kernel returns to userspace the kernel stack is filled with a poison value.At the same time, disables the plugin in EFI stub code because EFI stubis out of scope for the protection.Tested on qemu and milkv duo:/ # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT[ 38.675575] lkdtm: Performing direct entry STACKLEAK_ERASING[ 38.678448] lkdtm: stackleak stack usage:[ 38.678448] high offset: 288 bytes[ 38.678448] current: 496 bytes[ 38.678448] lowest: 1328 bytes[ 38.678448] tracked: 1328 bytes[ 38.678448] untracked: 448 bytes[ 38.678448] poisoned: 14312 bytes[ 38.678448] low offset: 8 bytes[ 38.689887] lkdtm: OK: the rest of the thread stack is properly erasedSigned-off-by: Jisheng Zhang Reviewed-by: Charlie Jenkins Link: https://lore.kernel.org/r/20240623235316.2010-1-jszhang@kernel.orgSigned-off-by: Palmer Dabbelt List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

cd619387 - x86/efistub: Enable SMBIOS protocol handling for x86

Mon, 01 Jul 2024 07:35:33 +0000

x86/efistub: Enable SMBIOS protocol handling for x86The smbios.c source file is not currently included in the x86 build, andbefore we can do so, it needs some tweaks to build correctly incombination with the EFI mixed mode support.Reviewed-by: Lukas Wunner Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

2335c9cb - ARM: 9407/1: Add support for STACKLEAK gcc plugin

Thu, 27 Jun 2024 07:38:44 +0000

ARM: 9407/1: Add support for STACKLEAK gcc pluginAdd the STACKLEAK gcc plugin to arm32 by adding the helper used bystackleak common code: on_thread_stack(). It initialize the stack with thepoison value before returning from system calls which improves the kernelsecurity. Additionally, this disables the plugin in EFI stub code anddecompress code, which are out of scope for the protection.Before the test on Qemu versatilepb board: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)After: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: stackleak stack usage: high offset: 80 bytes current: 280 bytes lowest: 696 bytes tracked: 696 bytes untracked: 192 bytes poisoned: 7220 bytes low offset: 4 bytes lkdtm: OK: the rest of the thread stack is properly erasedSigned-off-by: Jinjie Ruan Acked-by: Ard Biesheuvel Reviewed-by: Linus Walleij Signed-off-by: Russell King (Oracle) List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

ed0f9410 - ARM: 9404/1: arm32: enable HAVE_LD_DEAD_CODE_DATA_ELIMINATION

Mon, 03 Jun 2024 15:37:50 +0000

ARM: 9404/1: arm32: enable HAVE_LD_DEAD_CODE_DATA_ELIMINATIONThe current arm32 architecture does not yet support theHAVE_LD_DEAD_CODE_DATA_ELIMINATION feature. arm32 is widely used inembedded scenarios, and enabling this feature would be beneficial forreducing the size of the kernel image.In order to make this work, we keep the necessary tables by annotatingthem with KEEP, also it requires further changes to linker script to KEEPsome tables and wildcard compiler generated sections into the right place.When using ld.lld for linking, KEEP is not recognized within the OVERLAYcommand, and Ard proposed a concise method to solve this problem.It boots normally with defconfig, vexpress_defconfig and tinyconfig.The size comparison of zImage is as follows:defconfig vexpress_defconfig tinyconfig5137712 5138024 424192 no dce5032560 4997824 298384 dce2.0% 2.7% 29.7% shrinkWhen using smaller config file, there is a significant reduction in thesize of the zImage.We also tested this patch on a commercially available single-boardcomputer, and the comparison is as follows:a15eb_config2161384 no dce2092240 dce3.2% shrinkThe zImage size has been reduced by approximately 3.2%, which is 70KB on2.1M.Signed-off-by: Yuntao Liu Tested-by: Arnd Bergmann Reviewed-by: Arnd Bergmann Reviewed-by: Linus Walleij Signed-off-by: Russell King (Oracle) List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

7f7f6f7a - Makefile: remove redundant tool coverage variables

Mon, 06 May 2024 13:35:43 +0000

Makefile: remove redundant tool coverage variablesNow Kbuild provides reasonable defaults for objtool, sanitizers, andprofilers.Remove redundant variables.Note:This commit changes the coverage for some objects: - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV - include arch/sparc/vdso/vdso-image-*.o into UBSAN - include arch/sparc/vdso/vma.o into UBSAN - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vma.o into GCOV, KCOV - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOVI believe these are positive effects because all of them are kernelspace objects.Signed-off-by: Masahiro Yamada Reviewed-by: Kees Cook Tested-by: Roberto Sassu List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

2947a456 - treewide: update LLVM Bugzilla links

Tue, 09 Jan 2024 22:16:31 +0000

treewide: update LLVM Bugzilla linksLLVM moved their issue tracker from their own Bugzilla instance to GitHubissues. While all of the links are still valid, they may not necessarilyshow the most up to date information around the issues, as all updateswill occur on GitHub, not Bugzilla.Another complication is that the Bugzilla issue number is not always thesame as the GitHub issue number. Thankfully, LLVM maintains this mappingthrough two shortlinks: https://llvm.org/bz -> https://bugs.llvm.org/show_bug.cgi?id= https://llvm.org/pr -> https://github.com/llvm/llvm-project/issues/Switch all "https://bugs.llvm.org/show_bug.cgi?id=" links to the"https://llvm.org/pr" shortlink so that the links show the most up todate information. Each migrated issue links back to the Bugzilla entry,so there should be no loss of fidelity of information here.Link: https://lkml.kernel.org/r/20240109-update-llvm-links-v1-3-eb09b59db071@kernel.orgSigned-off-by: Nathan Chancellor Reviewed-by: Kees Cook Acked-by: Fangrui Song Cc: Alexei Starovoitov Cc: Andrii Nakryiko Cc: Daniel Borkmann Cc: Mykola Lysenko Signed-off-by: Andrew Morton List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

d2baf8cc - riscv/efistub: Tighten ELF relocation check

Tue, 16 Jan 2024 13:52:27 +0000

riscv/efistub: Tighten ELF relocation checkThe EFI stub makefile contains logic to ensure that the objects thatmake up the stub do not contain relocations that require runtime fixups(typically to account for the runtime load address of the executable)On RISC-V, we also avoid GP based relocations, as they require that GPis assigned the correct base in the startup code, which is notimplemented in the EFI stub.So add these relocation types to the grep expression that is used tocarry out this check.Link: https://lkml.kernel.org/r/42c63cb9-87d0-49db-9af8-95771b186684%40siemens.comSigned-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

afb2a4fb - riscv/efistub: Ensure GP-relative addressing is not used

Fri, 12 Jan 2024 18:37:29 +0000

riscv/efistub: Ensure GP-relative addressing is not usedThe cflags for the RISC-V efistub were missing -mno-relax, thus wereunder the risk that the compiler could use GP-relative addressing. Thathappened for _edata with binutils-2.41 and kernel 6.1, causing therelocation to fail due to an invalid kernel_size in handle_kernel_image.It was not yet observed with newer versions, but that may just be luck.Cc: Signed-off-by: Jan Kiszka Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

457926b2 - riscv: Optimize bitops with Zbb extension

Tue, 31 Oct 2023 06:45:53 +0000

riscv: Optimize bitops with Zbb extensionThis patch leverages the alternative mechanism to dynamically optimizebitops (including __ffs, __fls, ffs, fls) with Zbb instructions. WhenZbb ext is not supported by the runtime CPU, legacy implementation isused. If Zbb is supported, then the optimized variants will be selectedvia alternative patching.The legacy bitops support is taken from the generic C implementation asfallback.If the parameter is a build-time constant, we leverage compiler builtin tocalculate the result directly, this approach is inspired by x86 bitopsimplementation.EFI stub runs before the kernel, so alternative mechanism should not beused there, this patch introduces a macro NO_ALTERNATIVE for this purpose.Signed-off-by: Xiao Wang Reviewed-by: Charlie Jenkins Link: https://lore.kernel.org/r/20231031064553.2319688-3-xiao.w.wang@intel.comSigned-off-by: Palmer Dabbelt List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

5f51c5d0 - x86/efi: Drop EFI stub .bss from .data section

Tue, 12 Sep 2023 09:00:52 +0000

x86/efi: Drop EFI stub .bss from .data sectionNow that the EFI stub always zero inits its BSS section upon entry,there is no longer a need to place the BSS symbols carried by the stubinto the .data section.Signed-off-by: Ard Biesheuvel Signed-off-by: Ingo Molnar Link: https://lore.kernel.org/r/20230912090051.4014114-18-ardb@google.com List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

b7ac4b8e - riscv: libstub: Implement KASLR by using generic functions

Sat, 22 Jul 2023 12:38:50 +0000

riscv: libstub: Implement KASLR by using generic functionsWe can now use arm64 functions to handle the move of the kernel physicalmapping: if KASLR is enabled, we will try to get a random seed from thefirmware, if not possible, the kernel will be moved to a location thatsuits its alignment constraints.Signed-off-by: Alexandre Ghiti Tested-by: Conor Dooley Tested-by: Song Shuai Reviewed-by: Sami Tolvanen Tested-by: Sami Tolvanen Link: https://lore.kernel.org/r/20230722123850.634544-6-alexghiti@rivosinc.comSigned-off-by: Palmer Dabbelt List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

6b56beb5 - arm64: libstub: Move KASLR handling functions to kaslr.c

Sat, 22 Jul 2023 12:38:48 +0000

arm64: libstub: Move KASLR handling functions to kaslr.cThis prepares for riscv to use the same functions to handle the pĥysicalkernel move when KASLR is enabled.Signed-off-by: Alexandre Ghiti Acked-by: Ard Biesheuvel Tested-by: Conor Dooley Tested-by: Song Shuai Reviewed-by: Sami Tolvanen Tested-by: Sami Tolvanen Link: https://lore.kernel.org/r/20230722123850.634544-4-alexghiti@rivosinc.comSigned-off-by: Palmer Dabbelt List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

cb1c9e02 - x86/efistub: Perform 4/5 level paging switch from the stub

Mon, 07 Aug 2023 16:27:13 +0000

x86/efistub: Perform 4/5 level paging switch from the stubIn preparation for updating the EFI stub boot flow to avoid the baremetal decompressor code altogether, implement the support code forswitching between 4 and 5 levels of paging before jumping to the kernelproper.Reuse the newly refactored trampoline that the bare metal decompressoruses, but relies on EFI APIs to allocate 32-bit addressable memory andremap it with the appropriate permissions. Given that the bare metaldecompressor will no longer call into the trampoline if the number ofpaging levels is already set correctly, it is no longer needed to removeNX restrictions from the memory range where this trampoline may end up.Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Acked-by: Kirill A. Shutemov Link: https://lore.kernel.org/r/20230807162720.545787-17-ardb@kernel.org List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

f6e6e95c - efi/riscv: libstub: Fix comment about absolute relocation

Thu, 03 Aug 2023 05:56:11 +0000

efi/riscv: libstub: Fix comment about absolute relocationWe don't want absolute symbols references in the stub, so fix the doublenegation in the comment.Signed-off-by: Xiao Wang Signed-off-by: Ard Biesheuvel List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

745e3ed8 - efi/libstub: Implement support for unaccepted memory

Tue, 06 Jun 2023 14:26:31 +0000

efi/libstub: Implement support for unaccepted memoryUEFI Specification version 2.9 introduces the concept of memoryacceptance: Some Virtual Machine platforms, such as Intel TDX or AMDSEV-SNP, requiring memory to be accepted before it can be used by theguest. Accepting happens via a protocol specific for the VirtualMachine platform.Accepting memory is costly and it makes VMM allocate memory for theaccepted guest physical address range. It's better to postpone memoryacceptance until memory is needed. It lowers boot time and reducesmemory overhead.The kernel needs to know what memory has been accepted. Firmwarecommunicates this information via memory map: a new memory type --EFI_UNACCEPTED_MEMORY -- indicates such memory.Range-based tracking works fine for firmware, but it gets bulky forthe kernel: e820 (or whatever the arch uses) has to be modified on everypage acceptance. It leads to table fragmentation and there's a limitednumber of entries in the e820 table.Another option is to mark such memory as usable in e820 and track if therange has been accepted in a bitmap. One bit in the bitmap represents anaturally aligned power-2-sized region of address space -- unit.For x86, unit size is 2MiB: 4k of the bitmap is enough to track 64GiB orphysical address space.In the worst-case scenario -- a huge hole in the middle of theaddress space -- It needs 256MiB to handle 4PiB of the addressspace.Any unaccepted memory that is not aligned to unit_size gets acceptedupfront.The bitmap is allocated and constructed in the EFI stub and passed downto the kernel via EFI configuration table. allocate_e820() allocates thebitmap if unaccepted memory is present, according to the size ofunaccepted region.Signed-off-by: Kirill A. Shutemov Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20230606142637.5171-4-kirill.shutemov@linux.intel.com List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

8358098b - arm64: efi: Enable BTI codegen and add PE/COFF annotation

Tue, 18 Apr 2023 13:49:48 +0000

arm64: efi: Enable BTI codegen and add PE/COFF annotationUEFI heavily relies on so-called protocols, which are essentiallytables populated with pointers to executable code, and these are invokedindirectly using BR or BLR instructions.This makes the EFI execution context vulnerable to attacks on forwardedge control flow, and so it would help if we could enable hardwareenforcement (BTI) on CPUs that implement it.So let's no longer disable BTI codegen for the EFI stub, and set thenewly introduced PE/COFF header flag when the kernel is built with BTIlanding pads.Signed-off-by: Ard Biesheuvel Reviewed-by: Mark Brown List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile

61786170 - efi: arm64: enter with MMU and caches enabled

Wed, 11 Jan 2023 10:22:36 +0000

efi: arm64: enter with MMU and caches enabledInstead of cleaning the entire loaded kernel image to the PoC anddisabling the MMU and caches before branching to the kernel's bare metalentry point, we can leave the MMU and caches enabled, and rely on EFI'scacheable 1:1 mapping of all of system RAM (which is mandated by thespec) to populate the initial page tables.This removes the need for managing coherency in software, which istedious and error prone.Note that we still need to clean the executable region of the image tothe PoU if this is required for I/D coherency, but only if we actuallydecided to move the image in memory, as otherwise, this will have beentaken care of by the loader.This change affects both the builtin EFI stub as well as the zbootdecompressor, which now carries the entire EFI stub along with thedecompression code and the compressed image.Signed-off-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20230111102236.1430401-7-ardb@kernel.orgSigned-off-by: Catalin Marinas List of files: /linux-6.15/drivers/firmware/efi/libstub/Makefile