From: Matt Fleming <matt@codeblueprint.co.uk>
To: Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
Matt Fleming <matt@codeblueprint.co.uk>,
Leif Lindholm <leif.lindholm@linaro.org>,
Mark Rutland <mark.rutland@arm.com>
Subject: [PATCH 02/40] efi/arm*: Drop writable mapping of the UEFI System table
Date: Mon, 25 Apr 2016 21:06:34 +0100 [thread overview]
Message-ID: <1461614832-17633-3-git-send-email-matt@codeblueprint.co.uk> (raw)
In-Reply-To: <1461614832-17633-1-git-send-email-matt@codeblueprint.co.uk>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings")
updated the early ARM UEFI init code to create the temporary, early
mapping of the UEFI System table using read-only attributes, as a
hardening measure against inadvertent modification.
However, this still leaves the permanent, writable mapping of the UEFI
System table, which is only ever referenced during invocations of UEFI
Runtime Services, at which time the UEFI virtual mapping is available,
which also covers the system table. (This is guaranteed by the fact that
SetVirtualAddressMap(), which is a runtime service itself, converts
various entries in the table to their virtual equivalents, which implies
that the table must be covered by a RuntimeServicesData region that has
the EFI_MEMORY_RUNTIME attribute.)
So instead of creating this permanent mapping, record the virtual address
of the system table inside the UEFI virtual mapping, and dereference that
when accessing the table. This protects the contents of the system table
from inadvertent (or deliberate) modification when no UEFI Runtime
Services calls are in progress.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
---
drivers/firmware/efi/arm-init.c | 2 ++
drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++-----------
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/drivers/firmware/efi/arm-init.c b/drivers/firmware/efi/arm-init.c
index 8714f8c271ba..008ed1993b72 100644
--- a/drivers/firmware/efi/arm-init.c
+++ b/drivers/firmware/efi/arm-init.c
@@ -85,6 +85,8 @@ static int __init uefi_init(void)
efi.systab->hdr.revision >> 16,
efi.systab->hdr.revision & 0xffff);
+ efi.runtime_version = efi.systab->hdr.revision;
+
/* Show what we know for posterity */
c16 = early_memremap_ro(efi_to_phys(efi.systab->fw_vendor),
sizeof(vendor) * sizeof(efi_char16_t));
diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c
index 16c7d2a71156..771750df6b7d 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -42,10 +42,12 @@ static struct mm_struct efi_mm = {
static bool __init efi_virtmap_init(void)
{
efi_memory_desc_t *md;
+ bool systab_found;
efi_mm.pgd = pgd_alloc(&efi_mm);
init_new_context(NULL, &efi_mm);
+ systab_found = false;
for_each_efi_memory_desc(&memmap, md) {
phys_addr_t phys = md->phys_addr;
int ret;
@@ -64,8 +66,20 @@ static bool __init efi_virtmap_init(void)
&phys, ret);
return false;
}
+ /*
+ * If this entry covers the address of the UEFI system table,
+ * calculate and record its virtual address.
+ */
+ if (efi_system_table >= phys &&
+ efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) {
+ efi.systab = (void *)(unsigned long)(efi_system_table -
+ phys + md->virt_addr);
+ systab_found = true;
+ }
}
- return true;
+ if (!systab_found)
+ pr_err("No virtual mapping found for the UEFI System Table\n");
+ return systab_found;
}
/*
@@ -99,15 +113,8 @@ static int __init arm_enable_runtime_services(void)
memmap.map_end = memmap.map + mapsize;
efi.memmap = &memmap;
- efi.systab = (__force void *)ioremap_cache(efi_system_table,
- sizeof(efi_system_table_t));
- if (!efi.systab) {
- pr_err("Failed to remap EFI System Table\n");
- return -ENOMEM;
- }
-
if (!efi_virtmap_init()) {
- pr_err("No UEFI virtual mapping was installed -- runtime services will not be available\n");
+ pr_err("UEFI virtual mapping missing or invalid -- runtime services will not be available\n");
return -ENOMEM;
}
@@ -115,8 +122,6 @@ static int __init arm_enable_runtime_services(void)
efi_native_runtime_setup();
set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
- efi.runtime_version = efi.systab->hdr.revision;
-
return 0;
}
early_initcall(arm_enable_runtime_services);
--
2.7.3
WARNING: multiple messages have this Message-ID (diff)
From: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
To: Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
"H . Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
Cc: Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Matt Fleming
<matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>,
Leif Lindholm
<leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>
Subject: [PATCH 02/40] efi/arm*: Drop writable mapping of the UEFI System table
Date: Mon, 25 Apr 2016 21:06:34 +0100 [thread overview]
Message-ID: <1461614832-17633-3-git-send-email-matt@codeblueprint.co.uk> (raw)
In-Reply-To: <1461614832-17633-1-git-send-email-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
From: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings")
updated the early ARM UEFI init code to create the temporary, early
mapping of the UEFI System table using read-only attributes, as a
hardening measure against inadvertent modification.
However, this still leaves the permanent, writable mapping of the UEFI
System table, which is only ever referenced during invocations of UEFI
Runtime Services, at which time the UEFI virtual mapping is available,
which also covers the system table. (This is guaranteed by the fact that
SetVirtualAddressMap(), which is a runtime service itself, converts
various entries in the table to their virtual equivalents, which implies
that the table must be covered by a RuntimeServicesData region that has
the EFI_MEMORY_RUNTIME attribute.)
So instead of creating this permanent mapping, record the virtual address
of the system table inside the UEFI virtual mapping, and dereference that
when accessing the table. This protects the contents of the system table
from inadvertent (or deliberate) modification when no UEFI Runtime
Services calls are in progress.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>
Cc: Leif Lindholm <leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Signed-off-by: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
---
drivers/firmware/efi/arm-init.c | 2 ++
drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++-----------
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/drivers/firmware/efi/arm-init.c b/drivers/firmware/efi/arm-init.c
index 8714f8c271ba..008ed1993b72 100644
--- a/drivers/firmware/efi/arm-init.c
+++ b/drivers/firmware/efi/arm-init.c
@@ -85,6 +85,8 @@ static int __init uefi_init(void)
efi.systab->hdr.revision >> 16,
efi.systab->hdr.revision & 0xffff);
+ efi.runtime_version = efi.systab->hdr.revision;
+
/* Show what we know for posterity */
c16 = early_memremap_ro(efi_to_phys(efi.systab->fw_vendor),
sizeof(vendor) * sizeof(efi_char16_t));
diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c
index 16c7d2a71156..771750df6b7d 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -42,10 +42,12 @@ static struct mm_struct efi_mm = {
static bool __init efi_virtmap_init(void)
{
efi_memory_desc_t *md;
+ bool systab_found;
efi_mm.pgd = pgd_alloc(&efi_mm);
init_new_context(NULL, &efi_mm);
+ systab_found = false;
for_each_efi_memory_desc(&memmap, md) {
phys_addr_t phys = md->phys_addr;
int ret;
@@ -64,8 +66,20 @@ static bool __init efi_virtmap_init(void)
&phys, ret);
return false;
}
+ /*
+ * If this entry covers the address of the UEFI system table,
+ * calculate and record its virtual address.
+ */
+ if (efi_system_table >= phys &&
+ efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) {
+ efi.systab = (void *)(unsigned long)(efi_system_table -
+ phys + md->virt_addr);
+ systab_found = true;
+ }
}
- return true;
+ if (!systab_found)
+ pr_err("No virtual mapping found for the UEFI System Table\n");
+ return systab_found;
}
/*
@@ -99,15 +113,8 @@ static int __init arm_enable_runtime_services(void)
memmap.map_end = memmap.map + mapsize;
efi.memmap = &memmap;
- efi.systab = (__force void *)ioremap_cache(efi_system_table,
- sizeof(efi_system_table_t));
- if (!efi.systab) {
- pr_err("Failed to remap EFI System Table\n");
- return -ENOMEM;
- }
-
if (!efi_virtmap_init()) {
- pr_err("No UEFI virtual mapping was installed -- runtime services will not be available\n");
+ pr_err("UEFI virtual mapping missing or invalid -- runtime services will not be available\n");
return -ENOMEM;
}
@@ -115,8 +122,6 @@ static int __init arm_enable_runtime_services(void)
efi_native_runtime_setup();
set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
- efi.runtime_version = efi.systab->hdr.revision;
-
return 0;
}
early_initcall(arm_enable_runtime_services);
--
2.7.3
next prev parent reply other threads:[~2016-04-25 20:19 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-25 20:06 [GIT PULL 00/40] EFI changes for v4.7 Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-25 20:06 ` [PATCH 01/40] efi: Get rid of EFI_SYSTEM_TABLES status bit Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:30 ` [tip:efi/core] efi: Get rid of the " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` Matt Fleming [this message]
2016-04-25 20:06 ` [PATCH 02/40] efi/arm*: Drop writable mapping of the UEFI System table Matt Fleming
2016-04-28 10:30 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 03/40] x86/mm/pat: Document the (currently) EFI-only code path Matt Fleming
2016-04-28 10:31 ` [tip:efi/core] " tip-bot for Matt Fleming
2016-04-25 20:06 ` [PATCH 04/40] efi/arm64: Report unexpected errors when determining Secure Boot status Matt Fleming
2016-04-28 10:31 ` [tip:efi/core] " tip-bot for Linn Crosetto
2016-04-25 20:06 ` [PATCH 05/40] efi/arm64: Check SetupMode " Matt Fleming
2016-04-28 10:31 ` [tip:efi/core] " tip-bot for Linn Crosetto
2016-04-25 20:06 ` [PATCH 06/40] efi: Iterate over efi.memmap in for_each_efi_memory_desc Matt Fleming
2016-04-28 10:32 ` [tip:efi/core] efi: Iterate over efi.memmap in for_each_efi_memory_desc() tip-bot for Matt Fleming
2016-04-25 20:06 ` [PATCH 07/40] efi: Remove global 'memmap' Matt Fleming
2016-04-28 10:32 ` [tip:efi/core] efi: Remove global 'memmap' EFI memory map tip-bot for Matt Fleming
2016-04-29 8:31 ` [PATCH] efi: Remove unnecessary (and buggy) .memmap initialization from the Xen EFI driver Ingo Molnar
2016-04-29 8:39 ` Matt Fleming
2016-04-29 9:53 ` [tip:efi/core] " tip-bot for Ingo Molnar
2016-04-25 20:06 ` [PATCH 08/40] efi: Check EFI_MEMORY_DESCRIPTOR version explicitly Matt Fleming
2016-04-28 10:33 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 09/40] efi/arm*: Use memremap() to create the persistent memmap mapping Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:33 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 10/40] ARM: efi: Apply strict permissons for UEFI Runtime Services regions Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:33 ` [tip:efi/core] ARM/efi: Apply strict permissions " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 11/40] arm64: efi: Apply strict permissons " Matt Fleming
2016-04-28 10:34 ` [tip:efi/core] arm64/efi: Apply strict permissions to " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 12/40] efi: Add support for the EFI_MEMORY_ATTRIBUTES_TABLE config table Matt Fleming
2016-04-28 10:34 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 13/40] efi: Implement generic support for the Memory Attributes table Matt Fleming
2016-04-28 10:35 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 14/40] efi/arm*: Take the Memory Attributes table into account Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:35 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 15/40] x86/efi: Remove the always true EFI_DEBUG symbol Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:36 ` [tip:efi/core] " tip-bot for Matt Fleming
2016-04-25 20:06 ` [PATCH 16/40] x86/efi: Prepare GOP handling code for reuse as generic code Matt Fleming
2016-04-28 10:36 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 17/40] efi/libstub: Move Graphics Output Protocol handling to " Matt Fleming
2016-04-28 10:36 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 18/40] x86/efi: efifb: Move DMI based quirks handling out of " Matt Fleming
2016-04-28 10:37 ` [tip:efi/core] x86/efi/efifb: " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 19/40] efifb: Use builtin_platform_driver and drop unused includes Matt Fleming
2016-04-28 10:37 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 20/40] arm64/efi: libstub: Make screen_info accessible to the UEFI stub Matt Fleming
2016-04-28 10:38 ` [tip:efi/core] arm64/efi/libstub: " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 21/40] efi/arm: libstub: " Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:38 ` [tip:efi/core] efi/arm/libstub: " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 22/40] efi/arm*: libstub: Wire up GOP protocol to struct screen_info Matt Fleming
2016-04-28 10:38 ` [tip:efi/core] efi/arm*/libstub: Wire up GOP protocol to 'struct screen_info' tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 23/40] efi/arm*: Wire up struct screen_info to efi-framebuffer platform device Matt Fleming
2016-04-28 10:39 ` [tip:efi/core] efi/arm*: Wire up 'struct screen_info' " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 24/40] efifb: Enable the efi-framebuffer platform driver for ARM and arm64 Matt Fleming
2016-04-28 10:39 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:06 ` [PATCH 25/40] efibc: EFI Bootloader Control Matt Fleming
2016-04-25 20:06 ` Matt Fleming
2016-04-28 10:40 ` [tip:efi/core] efibc: Add EFI Bootloader Control module tip-bot for Compostella, Jeremy
2016-04-29 9:53 ` Ingo Molnar
2016-04-29 10:30 ` Matt Fleming
2016-04-29 11:36 ` Compostella, Jeremy
2016-04-29 12:16 ` Matt Fleming
2016-04-29 13:53 ` Compostella, Jeremy
2016-04-29 19:46 ` Ingo Molnar
2016-04-30 8:33 ` Compostella, Jeremy
2016-04-30 20:01 ` Matt Fleming
2016-04-30 20:08 ` Matt Fleming
2016-05-02 7:56 ` Compostella, Jeremy
2016-05-03 14:41 ` Matt Fleming
2016-05-01 8:03 ` Ard Biesheuvel
2016-05-01 13:13 ` Matt Fleming
2016-04-25 20:06 ` [PATCH 26/40] efi: Move efi_status_to_err() to drivers/firmware/efi/ Matt Fleming
2016-04-28 10:40 ` [tip:efi/core] " tip-bot for Matt Fleming
2016-04-25 20:06 ` [PATCH 27/40] efi: Capsule update support Matt Fleming
2016-04-28 10:40 ` [tip:efi/core] efi: Add 'capsule' " tip-bot for Matt Fleming
2016-04-25 20:07 ` [PATCH 28/40] x86/efi: Force EFI reboot to process pending capsules Matt Fleming
2016-04-28 10:41 ` [tip:efi/core] " tip-bot for Matt Fleming
2016-04-25 20:07 ` [PATCH 29/40] efi: A misc char interface to update EFI firmware Matt Fleming
2016-04-28 10:41 ` [tip:efi/core] efi: Add misc char driver " tip-bot for Kweh, Hock Leong
2016-04-25 20:07 ` [PATCH 30/40] efi/arm-init: Reserve rather than unmap the memory map for ARM as well Matt Fleming
2016-04-28 10:42 ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-04-25 20:07 ` [PATCH 31/40] efi/runtime-wrappers: Add {__,}efi_call_virt templates Matt Fleming
2016-04-25 20:07 ` Matt Fleming
2016-04-28 10:42 ` [tip:efi/core] efi/runtime-wrappers: Add {__,}efi_call_virt() templates tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 32/40] arm64/efi: Move to generic {__,}efi_call_virt Matt Fleming
2016-04-25 20:07 ` Matt Fleming
2016-04-28 10:42 ` [tip:efi/core] arm64/efi: Move to generic {__,}efi_call_virt() tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 33/40] arm/efi: Move to generic {__,}efi_call_virt Matt Fleming
2016-04-28 10:43 ` [tip:efi/core] arm/efi: Move to generic {__,}efi_call_virt() tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 34/40] x86/efi: Move to generic {__,}efi_call_virt Matt Fleming
2016-04-25 20:07 ` Matt Fleming
2016-04-28 10:43 ` [tip:efi/core] x86/efi: Move to generic {__,}efi_call_virt() tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 35/40] efi/runtime-wrappers: Remove redundant ifdefs Matt Fleming
2016-04-25 20:07 ` Matt Fleming
2016-04-28 10:44 ` [tip:efi/core] efi/runtime-wrappers: Remove redundant #ifdefs tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 36/40] efi/runtime-wrappers: Detect firmware irq flag corruption Matt Fleming
2016-04-28 10:44 ` [tip:efi/core] efi/runtime-wrappers: Detect firmware IRQ " tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 37/40] arm64/efi: Enable runtime call flag checking Matt Fleming
2016-04-28 10:44 ` [tip:efi/core] " tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 38/40] arm/efi: " Matt Fleming
2016-04-28 10:45 ` [tip:efi/core] " tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 39/40] x86/efi: " Matt Fleming
2016-04-28 10:45 ` [tip:efi/core] " tip-bot for Mark Rutland
2016-04-25 20:07 ` [PATCH 40/40] efi/runtime-wrappers: Remove ARCH_EFI_IRQ_FLAGS_MASK ifdef Matt Fleming
2016-04-28 10:46 ` [tip:efi/core] efi/runtime-wrappers: Remove ARCH_EFI_IRQ_FLAGS_MASK #ifdef tip-bot for Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1461614832-17633-3-git-send-email-matt@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=ard.biesheuvel@linaro.org \
--cc=hpa@zytor.com \
--cc=leif.lindholm@linaro.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.