From 154b4b125a082c290e7f2133e08b219c8f3cfb41 Mon Sep 17 00:00:00 2001 From: hzero1996 Date: Fri, 17 May 2024 11:40:24 +0800 Subject: [PATCH] Align section size up to page size for mem attrs (cherry picked from commit 5e5349dccfb1201963de3b0f773f4e614a227316) --- ...n-size-up-to-page-size-for-mem-attrs.patch | 33 +++++++++++++++++++ shim.spec | 6 +++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 backport-Align-section-size-up-to-page-size-for-mem-attrs.patch diff --git a/backport-Align-section-size-up-to-page-size-for-mem-attrs.patch b/backport-Align-section-size-up-to-page-size-for-mem-attrs.patch new file mode 100644 index 0000000..458cf16 --- /dev/null +++ b/backport-Align-section-size-up-to-page-size-for-mem-attrs.patch @@ -0,0 +1,33 @@ +From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001 +From: Nicholas Bishop +Date: Mon, 19 Dec 2022 18:56:13 -0500 +Subject: [PATCH] pe: Align section size up to page size for mem attrs + +Setting memory attributes is generally done at page granularity, and +this is enforced by checks in `get_mem_attrs` and +`update_mem_attrs`. But unlike the section address, the section size +isn't necessarily aligned to 4KiB. Round up the section size to fix +this. + +Signed-off-by: Nicholas Bishop +--- + pe.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/pe.c b/pe.c +index 9a3679e16..5ad0914ba 100644 +--- a/pe.c ++++ b/pe.c +@@ -1372,7 +1372,11 @@ handle_image (void *data, unsigned int datasize, + + Section->Misc.VirtualSize - 1); + + addr = (uintptr_t)base; +- length = (uintptr_t)end - (uintptr_t)base + 1; ++ // Align the length up to PAGE_SIZE. This is required because ++ // platforms generally set memory attributes at page ++ // granularity, but the section length (unlike the section ++ // address) is not required to be aligned. ++ length = ALIGN_VALUE((uintptr_t)end - (uintptr_t)base + 1, PAGE_SIZE); + + if (Section->Characteristics & EFI_IMAGE_SCN_MEM_WRITE) { + set_attrs |= MEM_ATTR_W; diff --git a/shim.spec b/shim.spec index 91582ef..bff032d 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.7 -Release: 11 +Release: 12 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -51,6 +51,7 @@ Patch13:backport-CVE-2023-0465.patch Patch14:backport-CVE-2023-2650.patch Patch15:backport-CVE-2024-0727.patch Patch16:backport-Always-clear-SbatLevel-when-Secure-Boot-is-disabled.patch +Patch17:backport-Align-section-size-up-to-page-size-for-mem-attrs.patch # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch @@ -190,6 +191,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Fri May 17 2024 wangcheng - 15.7-12 +- Align section size up to page size for mem attrs + * Wed May 8 2024 lijuzhang - 15.7-11 - replace vendor for BOOTX64.CSV or BOOTAA64.CSV -- Gitee