Add KASLR support in UEFI.

2019-06-20 17:33:30 +00:00 · 2019-06-20 17:33:30 +00:00 · 61683f02cb
commit 61683f02cb
parent 5db0dcccf9
4 changed files with 39 additions and 12 deletions
--- a/doc/TODO.kaslr
+++ b/doc/TODO.kaslr
@ -46,4 +46,4 @@
 -- Sort the kernel sections by size, from largest to smallest, to save
   memory.

-- Add the "pkboot" command in the EFI bootloader.
+[DONE] -- Add the "pkboot" command in the EFI bootloader.
--- a/sys/arch/i386/stand/efiboot/boot.c
+++ b/sys/arch/i386/stand/efiboot/boot.c
@ -1,4 +1,4 @@
-/*	$NetBSD: boot.c,v 1.10 2018/04/11 10:32:09 nonaka Exp $	*/
+/*	$NetBSD: boot.c,v 1.11 2019/06/20 17:33:31 maxv Exp $	*/

 /*-
 * Copyright (c) 2016 Kimihiro Nonaka <nonaka@netbsd.org>
@ -62,6 +62,7 @@ static const char * const names[][2] = {
 void	command_help(char *);
 void	command_quit(char *);
 void	command_boot(char *);
+void	command_pkboot(char *);
 void	command_consdev(char *);
 void	command_dev(char *);
 void	command_devpath(char *);
@ -84,6 +85,7 @@ const struct bootblk_command commands[] = {
 	{ "?",		command_help },
 	{ "quit",	command_quit },
 	{ "boot",	command_boot },
+	{ "pkboot",	command_pkboot },
 	{ "consdev",	command_consdev },
 	{ "dev",	command_dev },
 	{ "devpath",	command_devpath },
@ -362,7 +364,8 @@ command_help(char *arg)

 	printf("commands are:\n"
 	       "boot [xdNx:][filename] [-12acdqsvxz]\n"
-	       "     (ex. \"hd0a:netbsd.old -s\"\n"
+	       "     (ex. \"hd0a:netbsd.old -s\")\n"
+	       "pkboot [xdNx:][filename] [-12acdqsvxz]\n"
 	       "dev [xd[N[x]]:]\n"
 	       "consdev {pc|com[0123][,{speed}]|com,{ioport}[,{speed}]}\n"
 	       "devpath\n"
@ -434,6 +437,15 @@ command_boot(char *arg)
 	}
 }

+void
+command_pkboot(char *arg)
+{
+	extern int has_prekern;
+	has_prekern = 1;
+	command_boot(arg);
+	has_prekern = 0;
+}
+
 void
 command_dev(char *arg)
 {
--- a/sys/arch/i386/stand/lib/exec.c
+++ b/sys/arch/i386/stand/lib/exec.c
@ -1,4 +1,4 @@
-/*	$NetBSD: exec.c,v 1.69 2017/10/07 10:26:38 maxv Exp $	 */
+/*	$NetBSD: exec.c,v 1.70 2019/06/20 17:33:31 maxv Exp $	 */

 /*
 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -275,6 +275,7 @@ common_load_prekern(const char *file, u_long *basemem, u_long *extmem,
 {
 	paddr_t kernpa_start, kernpa_end;
 	char prekernpath[] = "/prekern";
+	u_long prekern_start;
 	int fd, flags;

 	*extmem = getextmem();
@ -283,13 +284,17 @@ common_load_prekern(const char *file, u_long *basemem, u_long *extmem,
 	marks[MARK_START] = loadaddr;

 	/* Load the prekern (static) */
-	flags = LOAD_KERNEL & ~(LOAD_HDR|COUNT_HDR|LOAD_SYM|COUNT_SYM);
+	flags = LOAD_KERNEL & ~(LOAD_HDR|LOAD_SYM);
 	if ((fd = loadfile(prekernpath, marks, flags)) == -1)
 		return EIO;
 	close(fd);

-	marks[MARK_END] = (1UL << 21); /* the kernel starts at 2MB XXX */
-	kernpa_start = marks[MARK_END];
+	prekern_start = marks[MARK_START];
+
+	/* The kernel starts at 2MB. */
+	marks[MARK_START] = loadaddr;
+	marks[MARK_END] = loadaddr + (1UL << 21);
+	kernpa_start = (1UL << 21);

 	/* Load the kernel (dynamic) */
 	flags = (LOAD_KERNEL | LOAD_DYN) & ~(floppy ? LOAD_BACKWARDS : 0);
@ -297,7 +302,7 @@ common_load_prekern(const char *file, u_long *basemem, u_long *extmem,
 		return EIO;
 	close(fd);

-	kernpa_end = marks[MARK_END];
+	kernpa_end = marks[MARK_END] - loadaddr;

 	/* If the root fs type is unusual, load its module. */
 	if (fsmod != NULL)
@ -319,6 +324,7 @@ common_load_prekern(const char *file, u_long *basemem, u_long *extmem,
 	bi_getmemmap();
 #endif

+	marks[MARK_START] = prekern_start;
 	marks[MARK_END] = (((u_long)marks[MARK_END] + sizeof(int) - 1)) &
 	    (-sizeof(int));
 	image_end = marks[MARK_END];
@ -518,7 +524,7 @@ exec_netbsd(const char *file, physaddr_t loadaddr, int boothowto, int floppy,
 	}

 	efi_kernel_start = marks[MARK_START];
-	efi_kernel_size = image_end - efi_loadaddr - efi_kernel_start;
+	efi_kernel_size = image_end - (efi_loadaddr + efi_kernel_start);
 #endif
 	startprog(marks[MARK_ENTRY], BOOT_NARGS, boot_argv,
 	    x86_trunc_page(basemem * 1024));
@ -541,6 +547,15 @@ count_netbsd(const char *file, u_long *rsz)
 	u_long sz;
 	int err, fd;

+	if (has_prekern) {
+		/*
+		 * Hardcoded for now. Need to count both the prekern and the
+		 * kernel. 128MB is enough in all cases, so use that.
+		 */
+		*rsz = (128UL << 20);
+		return 0;
+	}
+
 	howto = AB_SILENT;

 	memset(marks, 0, sizeof(marks));
--- a/sys/lib/libsa/loadfile_elf32.c
+++ b/sys/lib/libsa/loadfile_elf32.c
@ -1,4 +1,4 @@
-/* $NetBSD: loadfile_elf32.c,v 1.53 2018/08/23 17:35:42 jmcneill Exp $ */
+/* $NetBSD: loadfile_elf32.c,v 1.54 2019/06/20 17:33:30 maxv Exp $ */

 /*
 * Copyright (c) 1997, 2008, 2017 The NetBSD Foundation, Inc.
@ -340,7 +340,7 @@ ELFNAMEEND(readfile_global)(int fd, u_long offset, Elf_Off elfoff,
 static int
 ELFNAMEEND(loadfile_dynamic)(int fd, Elf_Ehdr *elf, u_long *marks, int flags)
 {
-	const u_long offset = 0;
+	const u_long offset = marks[MARK_START];
 	Elf_Shdr *shdr;
 	Elf_Addr shpp, addr;
 	int i, j, loaded;
@ -348,7 +348,7 @@ ELFNAMEEND(loadfile_dynamic)(int fd, Elf_Ehdr *elf, u_long *marks, int flags)
 	Elf_Addr maxp, elfp = 0;
 	int ret;

-	maxp = marks[MARK_END];
+	maxp = marks[MARK_END] - offset;

 	internalize_ehdr(elf->e_ident[EI_DATA], elf);