From: cdown Date: Thu, 22 Jan 2026 12:16:49 +0000 (-0800) Subject: boot: Fix UKI boot for kernels with non-zero ImageBase X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9d300dc4c9318fa6df22772c8f5ac94b1dd30cc;p=thirdparty%2Fsystemd.git boot: Fix UKI boot for kernels with non-zero ImageBase The current code incorrectly subtracts ImageBase from section VirtualAddress values when loading sections into memory. This is based on a misunderstanding of the PE specification. VirtualAddress in section headers is the address of the first byte of the section relative to the image base when the section is loaded into memory. In other words, VirtualAddress is already an RVA measured from the image base, it is definitely NOT an absolute address that needs to be adjusted. So when loading a PE image into a newly allocated buffer, sections should be copied to buffer + VirtualAddress, regardless of what ImageBase says. The ImageBase field merely indicates the *preferred* load address, it does not affect how section RVAs are interpreted. This happens to not cause issues when ImageBase was 0 (since VirtualAddress - 0 = VirtualAddress), which is why this bug went undetected on modern kernels. However, it fails with kernels that have non-zero ImageBase values. So let's remove the nonsensical VirtualAddress < ImageBase check, and remove the ImageBase subtractions from section loading offsets. This lets all kernel UKIs work properly again. Fixes: #40342 --- diff --git a/src/boot/linux.c b/src/boot/linux.c index 22b758b8e64..3d20258ddc5 100644 --- a/src/boot/linux.c +++ b/src/boot/linux.c @@ -161,14 +161,13 @@ EFI_STATUS linux_exec( size_t kernel_size_in_memory = 0; uint32_t compat_entry_point, entry_point; - uint64_t image_base; EFI_STATUS err; assert(parent_image); assert(iovec_is_set(kernel)); assert(iovec_is_valid(initrd)); - err = pe_kernel_info(kernel->iov_base, &entry_point, &compat_entry_point, &image_base, &kernel_size_in_memory); + err = pe_kernel_info(kernel->iov_base, &entry_point, &compat_entry_point, /* ret_image_base= */ NULL, &kernel_size_in_memory); #if defined(__i386__) || defined(__x86_64__) if (err == EFI_UNSUPPORTED) /* Kernel is too old to support LINUX_INITRD_MEDIA_GUID, try the deprecated EFI handover @@ -276,10 +275,9 @@ EFI_STATUS linux_exec( if (h->SizeOfRawData == 0) continue; - if ((h->VirtualAddress < image_base) - || (h->VirtualAddress - image_base + h->SizeOfRawData > kernel_size_in_memory)) + if (h->VirtualAddress + h->SizeOfRawData > kernel_size_in_memory) return log_error_status(EFI_LOAD_ERROR, "Section would write outside of memory"); - memcpy(loaded_kernel + h->VirtualAddress - image_base, + memcpy(loaded_kernel + h->VirtualAddress, (const uint8_t*)kernel->iov_base + h->PointerToRawData, h->SizeOfRawData); memzero(loaded_kernel + h->VirtualAddress + h->SizeOfRawData, @@ -288,7 +286,7 @@ EFI_STATUS linux_exec( /* Not a code section? Nothing to do, leave as-is. */ if (memory_proto && (h->Characteristics & (PE_CODE|PE_EXECUTE))) { nx_sections = xrealloc(nx_sections, n_nx_sections * sizeof(struct iovec), (n_nx_sections + 1) * sizeof(struct iovec)); - nx_sections[n_nx_sections].iov_base = loaded_kernel + h->VirtualAddress - image_base; + nx_sections[n_nx_sections].iov_base = loaded_kernel + h->VirtualAddress; nx_sections[n_nx_sections].iov_len = h->VirtualSize; err = memory_mark_ro_x(memory_proto, &nx_sections[n_nx_sections]);