[src/trunk]: src Add KASLR support in UEFI.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Add KASLR support in UEFI.
From: maxv <maxv%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 20:39:02 +0000

details:   https://anonhg.NetBSD.org/src/rev/5f3cd4d145e5
branches:  trunk
changeset: 457355:5f3cd4d145e5
user:      maxv <maxv%NetBSD.org@localhost>
date:      Thu Jun 20 17:33:30 2019 +0000

description:
Add KASLR support in UEFI.

diffstat:

 doc/TODO.kaslr                     |   2 +-
 sys/arch/i386/stand/efiboot/boot.c |  16 ++++++++++++++--
 sys/arch/i386/stand/lib/exec.c     |  27 +++++++++++++++++++++------
 sys/lib/libsa/loadfile_elf32.c     |   6 +++---
 4 files changed, 39 insertions(+), 12 deletions(-)

diffs (167 lines):

diff -r 6f50b22bee6e -r 5f3cd4d145e5 doc/TODO.kaslr
--- a/doc/TODO.kaslr    Thu Jun 20 17:12:37 2019 +0000
+++ b/doc/TODO.kaslr    Thu Jun 20 17:33:30 2019 +0000
@@ -46,4 +46,4 @@
 -- Sort the kernel sections by size, from largest to smallest, to save
    memory.
 
--- Add the "pkboot" command in the EFI bootloader.
+[DONE] -- Add the "pkboot" command in the EFI bootloader.
diff -r 6f50b22bee6e -r 5f3cd4d145e5 sys/arch/i386/stand/efiboot/boot.c
--- a/sys/arch/i386/stand/efiboot/boot.c        Thu Jun 20 17:12:37 2019 +0000
+++ b/sys/arch/i386/stand/efiboot/boot.c        Thu Jun 20 17:33:30 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: boot.c,v 1.10 2018/04/11 10:32:09 nonaka Exp $ */
+/*     $NetBSD: boot.c,v 1.11 2019/06/20 17:33:31 maxv Exp $   */
 
 /*-
  * Copyright (c) 2016 Kimihiro Nonaka <nonaka%netbsd.org@localhost>
@@ -62,6 +62,7 @@
 void   command_help(char *);
 void   command_quit(char *);
 void   command_boot(char *);
+void   command_pkboot(char *);
 void   command_consdev(char *);
 void   command_dev(char *);
 void   command_devpath(char *);
@@ -84,6 +85,7 @@
        { "?",          command_help },
        { "quit",       command_quit },
        { "boot",       command_boot },
+       { "pkboot",     command_pkboot },
        { "consdev",    command_consdev },
        { "dev",        command_dev },
        { "devpath",    command_devpath },
@@ -362,7 +364,8 @@
 
        printf("commands are:\n"
               "boot [xdNx:][filename] [-12acdqsvxz]\n"
-              "     (ex. \"hd0a:netbsd.old -s\"\n"
+              "     (ex. \"hd0a:netbsd.old -s\")\n"
+              "pkboot [xdNx:][filename] [-12acdqsvxz]\n"
               "dev [xd[N[x]]:]\n"
               "consdev {pc|com[0123][,{speed}]|com,{ioport}[,{speed}]}\n"
               "devpath\n"
@@ -435,6 +438,15 @@
 }
 
 void
+command_pkboot(char *arg)
+{
+       extern int has_prekern;
+       has_prekern = 1;
+       command_boot(arg);
+       has_prekern = 0;
+}
+
+void
 command_dev(char *arg)
 {
        static char savedevname[MAXDEVNAME + 1];
diff -r 6f50b22bee6e -r 5f3cd4d145e5 sys/arch/i386/stand/lib/exec.c
--- a/sys/arch/i386/stand/lib/exec.c    Thu Jun 20 17:12:37 2019 +0000
+++ b/sys/arch/i386/stand/lib/exec.c    Thu Jun 20 17:33:30 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: exec.c,v 1.69 2017/10/07 10:26:38 maxv Exp $    */
+/*     $NetBSD: exec.c,v 1.70 2019/06/20 17:33:31 maxv Exp $    */
 
 /*
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -275,6 +275,7 @@
 {
        paddr_t kernpa_start, kernpa_end;
        char prekernpath[] = "/prekern";
+       u_long prekern_start;
        int fd, flags;
 
        *extmem = getextmem();
@@ -283,13 +284,17 @@
        marks[MARK_START] = loadaddr;
 
        /* Load the prekern (static) */
-       flags = LOAD_KERNEL & ~(LOAD_HDR|COUNT_HDR|LOAD_SYM|COUNT_SYM);
+       flags = LOAD_KERNEL & ~(LOAD_HDR|LOAD_SYM);
        if ((fd = loadfile(prekernpath, marks, flags)) == -1)
                return EIO;
        close(fd);
 
-       marks[MARK_END] = (1UL << 21); /* the kernel starts at 2MB XXX */
-       kernpa_start = marks[MARK_END];
+       prekern_start = marks[MARK_START];
+
+       /* The kernel starts at 2MB. */
+       marks[MARK_START] = loadaddr;
+       marks[MARK_END] = loadaddr + (1UL << 21);
+       kernpa_start = (1UL << 21);
 
        /* Load the kernel (dynamic) */
        flags = (LOAD_KERNEL | LOAD_DYN) & ~(floppy ? LOAD_BACKWARDS : 0);
@@ -297,7 +302,7 @@
                return EIO;
        close(fd);
 
-       kernpa_end = marks[MARK_END];
+       kernpa_end = marks[MARK_END] - loadaddr;
 
        /* If the root fs type is unusual, load its module. */
        if (fsmod != NULL)
@@ -319,6 +324,7 @@
        bi_getmemmap();
 #endif
 
+       marks[MARK_START] = prekern_start;
        marks[MARK_END] = (((u_long)marks[MARK_END] + sizeof(int) - 1)) &
            (-sizeof(int));
        image_end = marks[MARK_END];
@@ -518,7 +524,7 @@
        }
 
        efi_kernel_start = marks[MARK_START];
-       efi_kernel_size = image_end - efi_loadaddr - efi_kernel_start;
+       efi_kernel_size = image_end - (efi_loadaddr + efi_kernel_start);
 #endif
        startprog(marks[MARK_ENTRY], BOOT_NARGS, boot_argv,
            x86_trunc_page(basemem * 1024));
@@ -541,6 +547,15 @@
        u_long sz;
        int err, fd;
 
+       if (has_prekern) {
+               /*
+                * Hardcoded for now. Need to count both the prekern and the
+                * kernel. 128MB is enough in all cases, so use that.
+                */
+               *rsz = (128UL << 20);
+               return 0;
+       }
+
        howto = AB_SILENT;
 
        memset(marks, 0, sizeof(marks));
diff -r 6f50b22bee6e -r 5f3cd4d145e5 sys/lib/libsa/loadfile_elf32.c
--- a/sys/lib/libsa/loadfile_elf32.c    Thu Jun 20 17:12:37 2019 +0000
+++ b/sys/lib/libsa/loadfile_elf32.c    Thu Jun 20 17:33:30 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: loadfile_elf32.c,v 1.53 2018/08/23 17:35:42 jmcneill Exp $ */
+/* $NetBSD: loadfile_elf32.c,v 1.54 2019/06/20 17:33:30 maxv Exp $ */
 
 /*
  * Copyright (c) 1997, 2008, 2017 The NetBSD Foundation, Inc.
@@ -340,7 +340,7 @@
 static int
 ELFNAMEEND(loadfile_dynamic)(int fd, Elf_Ehdr *elf, u_long *marks, int flags)
 {
-       const u_long offset = 0;
+       const u_long offset = marks[MARK_START];
        Elf_Shdr *shdr;
        Elf_Addr shpp, addr;
        int i, j, loaded;
@@ -348,7 +348,7 @@
        Elf_Addr maxp, elfp = 0;
        int ret;
 
-       maxp = marks[MARK_END];
+       maxp = marks[MARK_END] - offset;
 
        internalize_ehdr(elf->e_ident[EI_DATA], elf);

Prev by Date: [src/trunk]: src/sys/net/npf Add error checking for previous memory allocatio...
Next by Date: [src/trunk]: src/usr.sbin/sysinst Avoid architecture specific ifdefs in main ...
Previous by Thread: [src/trunk]: src/sys/net/npf Add error checking for previous memory allocatio...
Next by Thread: [src/trunk]: src/usr.sbin/sysinst Avoid architecture specific ifdefs in main ...
Indexes:

Home | Main Index | Thread Index | Old Index