[PATCH v2 3/3] riscv: separate .data and .text sections of EFI binaries

25 Jan 2024

EFI binaries should not contain sections that are both writable and
executable. Separate the RX .text section from the RW .data section
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
---
v2:
    split patches
---
 arch/riscv/lib/crt0_riscv_efi.S    | 37 ++++++++++++++++++++++--------
 arch/riscv/lib/elf_riscv32_efi.lds | 22 ++++++++++++------
 arch/riscv/lib/elf_riscv64_efi.lds | 22 ++++++++++++------
 3 files changed, 58 insertions(+), 23 deletions(-)

diff --git a/arch/riscv/lib/crt0_riscv_efi.S b/arch/riscv/lib/crt0_riscv_efi.S
index ffe18fa387b..46b08552371 100644
--- a/arch/riscv/lib/crt0_riscv_efi.S
+++ b/arch/riscv/lib/crt0_riscv_efi.S
@@ -53,7 +53,7 @@ pe_header:
    .long	IMAGE_NT_SIGNATURE		/* 'PE' */
 coff_header:
    .short	PE_MACHINE			/* RISC-V 64/32-bit */
-	.short	2				/* nr_sections */
+	.short	3				/* nr_sections */
    .long	0				/* TimeDateStamp */
    .long	0				/* PointerToSymbolTable */
    .long	0				/* NumberOfSymbols */
@@ -144,16 +144,35 @@ section_table:
    .byte	0
    .byte	0
    .byte	0			/* end of 0 padding of section name */
-	.long	_edata - _start		/* VirtualSize */
+	.long	_etext - _start		/* VirtualSize */
    .long	_start - ImageBase	/* VirtualAddress */
-	.long	_edata - _start		/* SizeOfRawData */
+	.long	_etext - _start		/* SizeOfRawData */
    .long	_start - ImageBase	/* PointerToRawData */
-
-	.long	0		/* PointerToRelocations (0 for executables) */
-	.long	0		/* PointerToLineNumbers (0 for executables) */
-	.short	0		/* NumberOfRelocations  (0 for executables) */
-	.short	0		/* NumberOfLineNumbers  (0 for executables) */
-	.long	0xe0500020	/* Characteristics (section flags) */
+	.long	0			/* PointerToRelocations (0 for executables) */
+	.long	0			/* PointerToLineNumbers (0 for executables) */
+	.short	0			/* NumberOfRelocations  (0 for executables) */
+	.short	0			/* NumberOfLineNumbers  (0 for executables) */
+	/* Characteristics (section flags) */
+	.long	(IMAGE_SCN_MEM_READ | \
+		 IMAGE_SCN_MEM_EXECUTE | \
+		 IMAGE_SCN_CNT_CODE)
+
+	.ascii	".data"
+	.byte	0
+	.byte	0
+	.byte	0			/* end of 0 padding of section name */
+	.long	_edata - _data		/* VirtualSize */
+	.long	_data - ImageBase	/* VirtualAddress */
+	.long	_edata - _data		/* SizeOfRawData */
+	.long	_data - ImageBase	/* PointerToRawData */
+	.long	0			/* PointerToRelocations */
+	.long	0			/* PointerToLineNumbers */
+	.short	0			/* NumberOfRelocations */
+	.short	0			/* NumberOfLineNumbers */
+	/* Characteristics (section flags) */
+	.long	(IMAGE_SCN_MEM_WRITE | \
+		 IMAGE_SCN_MEM_READ | \
+		 IMAGE_SCN_CNT_INITIALIZED_DATA)
.align		12
 _start:
diff --git a/arch/riscv/lib/elf_riscv32_efi.lds b/arch/riscv/lib/elf_riscv32_efi.lds
index 940a5816b82..7b9bd7b7f15 100644
--- a/arch/riscv/lib/elf_riscv32_efi.lds
+++ b/arch/riscv/lib/elf_riscv32_efi.lds
@@ -7,6 +7,12 @@
OUTPUT_FORMAT("elf32-littleriscv", "elf32-littleriscv", "elf32-littleriscv")
 OUTPUT_ARCH(riscv)
+
+PHDRS
+{
+	data PT_LOAD FLAGS(3); /* SHF_WRITE | SHF_ALLOC */
+}
+
 ENTRY(_start)
 SECTIONS
 {
@@ -18,11 +24,17 @@ SECTIONS
    	*(.gnu.linkonce.t.*)
    	*(.srodata)
    	*(.rodata*)
+		. = ALIGN(16);
+		*(.dynamic);
    	. = ALIGN(512);
    }
+	.rela.dyn : { *(.rela.dyn) }
+	.rela.plt : { *(.rela.plt) }
+	.rela.got : { *(.rela.got) }
+	.rela.data : { *(.rela.data) *(.rela.data*) }
    _etext = .;
    _text_size = . - _text;
-	.dynamic  : { *(.dynamic) }
+	. = ALIGN(4096);
    .data : {
    	_data = .;
    	*(.sdata)
@@ -47,12 +59,8 @@ SECTIONS
    	. = ALIGN(512);
    	_bss_end = .;
    	_edata = .;
-	}
-	.rela.dyn : { *(.rela.dyn) }
-	.rela.plt : { *(.rela.plt) }
-	.rela.got : { *(.rela.got) }
-	.rela.data : { *(.rela.data) *(.rela.data*) }
-	_data_size = . - _etext;
+	} :data
+	_data_size = _edata - _data;
. = ALIGN(4096);
    .dynsym   : { *(.dynsym) }
diff --git a/arch/riscv/lib/elf_riscv64_efi.lds b/arch/riscv/lib/elf_riscv64_efi.lds
index be9f0ac6022..d0b4f3d1d64 100644
--- a/arch/riscv/lib/elf_riscv64_efi.lds
+++ b/arch/riscv/lib/elf_riscv64_efi.lds
@@ -7,6 +7,12 @@
OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv")
 OUTPUT_ARCH(riscv)
+
+PHDRS
+{
+	data PT_LOAD FLAGS(3); /* SHF_WRITE | SHF_ALLOC */
+}
+
 ENTRY(_start)
 SECTIONS
 {
@@ -18,11 +24,17 @@ SECTIONS
    	*(.gnu.linkonce.t.*)
    	*(.srodata)
    	*(.rodata*)
+		. = ALIGN(16);
+		*(.dynamic);
    	. = ALIGN(512);
    }
+	.rela.dyn : { *(.rela.dyn) }
+	.rela.plt : { *(.rela.plt) }
+	.rela.got : { *(.rela.got) }
+	.rela.data : { *(.rela.data) *(.rela.data*) }
    _etext = .;
    _text_size = . - _text;
-	.dynamic  : { *(.dynamic) }
+	. = ALIGN(4096);
    .data : {
    	_data = .;
    	*(.sdata)
@@ -47,12 +59,8 @@ SECTIONS
    	. = ALIGN(512);
    	_bss_end = .;
    	_edata = .;
-	}
-	.rela.dyn : { *(.rela.dyn) }
-	.rela.plt : { *(.rela.plt) }
-	.rela.got : { *(.rela.got) }
-	.rela.data : { *(.rela.data) *(.rela.data*) }
-	_data_size = . - _etext;
+	} :data
+	_data_size = _edata - _data;
. = ALIGN(4096);
    .dynsym   : { *(.dynsym) }
-- 
2.43.0


    