arm64/boot: Disallow BSS exports to startup code

BSS might be uninitialized when entering the startup code, so forbid the
use by the startup code of any variables that live after __bss_start in
the linker map.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Yeoreum Yun <yeoreum.yun@arm.com>
Reviewed-by: Yeoreum Yun <yeoreum.yun@arm.com>
Link: https://lore.kernel.org/r/20250508114328.2460610-8-ardb+git@google.com
[will: Drop export of 'memstart_offset_seed', as this has been removed]
Signed-off-by: Will Deacon <will@kernel.org>

diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index a637cc47222cf9d6b6d81d8436808d2af1a8c844..c5266430284b9f05e559f0a4cf5c605b07c150f4 100644 (file)
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -10,6 +10,12 @@
 #error This file should only be included in vmlinux.lds.S
 #endif
 
+#define PI_EXPORT_SYM(sym)             \
+       __PI_EXPORT_SYM(sym, __pi_ ## sym, Cannot export BSS symbol sym to startup code)
+#define __PI_EXPORT_SYM(sym, pisym, msg)\
+       PROVIDE(pisym = sym);           \
+       ASSERT((sym - KIMAGE_VADDR) < (__bss_start - KIMAGE_VADDR), #msg)
+
 PROVIDE(__efistub_primary_entry                = primary_entry);
 
 /*
@@ -36,36 +42,34 @@ PROVIDE(__pi___memcpy                       = __pi_memcpy);
 PROVIDE(__pi___memmove                 = __pi_memmove);
 PROVIDE(__pi___memset                  = __pi_memset);
 
-PROVIDE(__pi_id_aa64isar1_override     = id_aa64isar1_override);
-PROVIDE(__pi_id_aa64isar2_override     = id_aa64isar2_override);
-PROVIDE(__pi_id_aa64mmfr0_override     = id_aa64mmfr0_override);
-PROVIDE(__pi_id_aa64mmfr1_override     = id_aa64mmfr1_override);
-PROVIDE(__pi_id_aa64mmfr2_override     = id_aa64mmfr2_override);
-PROVIDE(__pi_id_aa64pfr0_override      = id_aa64pfr0_override);
-PROVIDE(__pi_id_aa64pfr1_override      = id_aa64pfr1_override);
-PROVIDE(__pi_id_aa64smfr0_override     = id_aa64smfr0_override);
-PROVIDE(__pi_id_aa64zfr0_override      = id_aa64zfr0_override);
-PROVIDE(__pi_arm64_sw_feature_override = arm64_sw_feature_override);
-PROVIDE(__pi_arm64_use_ng_mappings     = arm64_use_ng_mappings);
+PI_EXPORT_SYM(id_aa64isar1_override);
+PI_EXPORT_SYM(id_aa64isar2_override);
+PI_EXPORT_SYM(id_aa64mmfr0_override);
+PI_EXPORT_SYM(id_aa64mmfr1_override);
+PI_EXPORT_SYM(id_aa64mmfr2_override);
+PI_EXPORT_SYM(id_aa64pfr0_override);
+PI_EXPORT_SYM(id_aa64pfr1_override);
+PI_EXPORT_SYM(id_aa64smfr0_override);
+PI_EXPORT_SYM(id_aa64zfr0_override);
+PI_EXPORT_SYM(arm64_sw_feature_override);
+PI_EXPORT_SYM(arm64_use_ng_mappings);
 #ifdef CONFIG_CAVIUM_ERRATUM_27456
-PROVIDE(__pi_cavium_erratum_27456_cpus = cavium_erratum_27456_cpus);
-PROVIDE(__pi_is_midr_in_range_list     = is_midr_in_range_list);
+PI_EXPORT_SYM(cavium_erratum_27456_cpus);
+PI_EXPORT_SYM(is_midr_in_range_list);
 #endif
-PROVIDE(__pi__ctype                    = _ctype);
-
-PROVIDE(__pi_swapper_pg_dir            = swapper_pg_dir);
-
-PROVIDE(__pi__text                     = _text);
-PROVIDE(__pi__stext                    = _stext);
-PROVIDE(__pi__etext                    = _etext);
-PROVIDE(__pi___start_rodata            = __start_rodata);
-PROVIDE(__pi___inittext_begin          = __inittext_begin);
-PROVIDE(__pi___inittext_end            = __inittext_end);
-PROVIDE(__pi___initdata_begin          = __initdata_begin);
-PROVIDE(__pi___initdata_end            = __initdata_end);
-PROVIDE(__pi__data                     = _data);
-PROVIDE(__pi___bss_start               = __bss_start);
-PROVIDE(__pi__end                      = _end);
+PI_EXPORT_SYM(_ctype);
+
+PI_EXPORT_SYM(swapper_pg_dir);
+
+PI_EXPORT_SYM(_text);
+PI_EXPORT_SYM(_stext);
+PI_EXPORT_SYM(_etext);
+PI_EXPORT_SYM(__start_rodata);
+PI_EXPORT_SYM(__inittext_begin);
+PI_EXPORT_SYM(__inittext_end);
+PI_EXPORT_SYM(__initdata_begin);
+PI_EXPORT_SYM(__initdata_end);
+PI_EXPORT_SYM(_data);
 
 #ifdef CONFIG_KVM
 

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 466544c47dca182e3619679b5a9ac94a90b1ba4b..e4a525a865c1f1ddbea587f4fc8727ec97efed4d 100644 (file)
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -319,6 +319,7 @@ SECTIONS
 
        /* start of zero-init region */
        BSS_SECTION(SBSS_ALIGN, 0, 0)
+       __pi___bss_start = __bss_start;
 
        . = ALIGN(PAGE_SIZE);
        __pi_init_pg_dir = .;
@@ -332,6 +333,7 @@ SECTIONS
        . = ALIGN(SEGMENT_ALIGN);
        __pecoff_data_size = ABSOLUTE(. - __initdata_begin);
        _end = .;
+       __pi__end = .;
 
        STABS_DEBUG
        DWARF_DEBUG