diff options
| author | Steve McIntyre <steve@einval.com> | 2021-06-21 12:43:33 +0100 |
|---|---|---|
| committer | Steve McIntyre <steve@einval.com> | 2021-06-22 23:01:52 +0100 |
| commit | 9ace660bae651b1e07ddfbd1e37d6ae2a11165a7 (patch) | |
| tree | 4073340f89bfb0f517cc8c15c9ae6b2a728da80b | |
| parent | 45dce64638fc70dd447bb5bdfc31d3eb035aec1c (diff) | |
| download | efi-boot-shim-9ace660bae651b1e07ddfbd1e37d6ae2a11165a7.tar.gz efi-boot-shim-9ace660bae651b1e07ddfbd1e37d6ae2a11165a7.zip | |
Add arm64 patch to tweak section layout and stop crashing problems
Upstream issue #371. Closes: #990082, #990190
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/patches/fix_arm64_rela_sections.patch | 132 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 140 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 3e344ad7..d727cc74 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +shim (15.4-6) UNRELEASED; urgency=high + + * Add arm64 patch to tweak section layout and stop crashing + problems. Upstream issue #371. Closes: #990082, #990190 + + -- Steve McIntyre <93sam@debian.org> Tue, 22 Jun 2021 22:16:54 +0100 + shim (15.4-5) unstable; urgency=medium * Add defensive code around calls to db_get. Don't fail if they diff --git a/debian/patches/fix_arm64_rela_sections.patch b/debian/patches/fix_arm64_rela_sections.patch new file mode 100644 index 00000000..523bd333 --- /dev/null +++ b/debian/patches/fix_arm64_rela_sections.patch @@ -0,0 +1,132 @@ +From 9828f65f3e9de29da7bc70cb71069cc1d7ca1b4a Mon Sep 17 00:00:00 2001 +From: Gary Lin <glin@suse.com> +Date: Wed, 16 Jun 2021 16:13:32 +0800 +Subject: [PATCH] arm/aa64: fix the size of .rela* sections + +The previous commit(*) merged .rel* and .dyn* into .rodata, and this +made ld to generate the wrong size for .rela* sections that covered +other unrelated sections. When the EFI image was loaded, _relocate() +went through the unexpected data and may cause unexpected crash. +This commit moves .rel* and .dyn* out of .rodata in the ld script but +also moves the related variables, such as _evrodata, _rodata_size, +and _rodata_vsize, to the end of the new .dyn section, so that the +crafted pe-coff section header for .rodata still covers our new +.rela and .dyn sections. + +(*) 212ba30544f ("arm/aa64 targets: put .rel* and .dyn* in .rodata") + +Fix issue: https://github.com/rhboot/shim/issues/371 + +Signed-off-by: Gary Lin <glin@suse.com> +--- + Makefile | 4 ++-- + elf_aarch64_efi.lds | 24 ++++++++++++++++-------- + elf_arm_efi.lds | 24 ++++++++++++++++-------- + 3 files changed, 34 insertions(+), 18 deletions(-) + +Index: shim.git/Makefile +=================================================================== +--- shim.git.orig/Makefile ++++ shim.git/Makefile +@@ -244,7 +244,7 @@ endif + $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ + -j .dynamic -j .rodata -j .rel* \ + -j .rela* -j .reloc -j .eh_frame \ +- -j .vendor_cert -j .sbat \ ++ -j .vendor_cert -j .dyn -j .sbat \ + $(FORMAT) $< $@ + # I am tired of wasting my time fighting binutils timestamp code. + dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@ +@@ -260,7 +260,7 @@ ifneq ($(OBJCOPY_GTE224),1) + endif + $(OBJCOPY) -D -j .text -j .sdata -j .data \ + -j .dynamic -j .rodata -j .rel* \ +- -j .rela* -j .reloc -j .eh_frame -j .sbat \ ++ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ + -j .debug_info -j .debug_abbrev -j .debug_aranges \ + -j .debug_line -j .debug_str -j .debug_ranges \ + -j .note.gnu.build-id \ +Index: shim.git/elf_aarch64_efi.lds +=================================================================== +--- shim.git.orig/elf_aarch64_efi.lds ++++ shim.git/elf_aarch64_efi.lds +@@ -70,21 +70,29 @@ SECTIONS + .rodata : + { + _rodata = .; +- *(.rela.dyn) +- *(.rela.plt) +- *(.rela.got) +- *(.rela.data) +- *(.rela.data*) +- + *(.rodata*) + *(.srodata) +- *(.dynsym) +- *(.dynstr) + . = ALIGN(16); + *(.note.gnu.build-id) + . = ALIGN(4096); + *(.vendor_cert) + *(.data.ident) ++ . = ALIGN(4096); ++ } ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.dyn) ++ *(.rela.plt) ++ *(.rela.got) ++ *(.rela.data) ++ *(.rela.data*) ++ } ++ . = ALIGN(4096); ++ .dyn : ++ { ++ *(.dynsym) ++ *(.dynstr) + _evrodata = .; + . = ALIGN(4096); + } +Index: shim.git/elf_arm_efi.lds +=================================================================== +--- shim.git.orig/elf_arm_efi.lds ++++ shim.git/elf_arm_efi.lds +@@ -70,21 +70,29 @@ SECTIONS + .rodata : + { + _rodata = .; +- *(.rel.dyn) +- *(.rel.plt) +- *(.rel.got) +- *(.rel.data) +- *(.rel.data*) +- + *(.rodata*) + *(.srodata) +- *(.dynsym) +- *(.dynstr) + . = ALIGN(16); + *(.note.gnu.build-id) + . = ALIGN(4096); + *(.vendor_cert) + *(.data.ident) ++ . = ALIGN(4096); ++ } ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.dyn) ++ *(.rela.plt) ++ *(.rela.got) ++ *(.rela.data) ++ *(.rela.data*) ++ } ++ . = ALIGN(4096); ++ .dyn : ++ { ++ *(.dynsym) ++ *(.dynstr) + _evrodata = .; + . = ALIGN(4096); + } diff --git a/debian/patches/series b/debian/patches/series index 20e12aa7..eecb8c2a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ fix-import_one_mok_state.patch fix-broken-ia32-reloc.patch MOK-BootServicesData.patch Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch +fix_arm64_rela_sections.patch |