From: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
To: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
mark.rutland-5wv7dgnIgG8@public.gmane.org,
catalin.marinas-5wv7dgnIgG8@public.gmane.org,
will.deacon-5wv7dgnIgG8@public.gmane.org,
msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH v2] arm64/efi: don't pad between EFI_MEMORY_RUNTIME regions
Date: Wed, 9 Sep 2015 12:45:48 +0100 [thread overview]
Message-ID: <20150909114548.GC4973@codeblueprint.co.uk> (raw)
In-Reply-To: <1441782414-16284-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
On Wed, 09 Sep, at 09:06:54AM, Ard Biesheuvel wrote:
> The new Properties Table feature introduced in UEFIv2.5 may split
> memory regions that cover PE/COFF memory images into separate code
> and data regions. Since these regions only differ in the type (runtime
> code vs runtime data) and the permission bits, but not in the memory
> type attributes (UC/WC/WT/WB), the spec does not require them to be
> aligned to 64 KB.
>
> As the relative offset of PE/COFF .text and .data segments cannot be
> changed on the fly, this means that we can no longer pad out those
> regions to be mappable using 64 KB pages.
> Unfortunately, there is no annotation in the UEFI memory map that
> identifies data regions that were split off from a code region, so we
> must apply this logic to all adjacent runtime regions whose attributes
> only differ in the permission bits.
>
> So instead of rounding each memory region to 64 KB alignment at both
> ends, only round down regions that are not directly preceded by another
> runtime region with the same type attributes. Since the UEFI spec does
> not mandate that the memory map be sorted, this means we also need to
> sort it first.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> ---
>
> As discussed off list, this is the arm64 side of what we should backport
> to stable to prevent firmware that adheres to the current version of the
> UEFI v2.5 spec with the memprotect feature enabled from blowing up the system
> upon the first OS call into the runtime services.
>
> For arm64, we already map things in order, but since the spec does not mandate
> a sorted memory map, we need to sort it to be sure. This also allows us to
> easily find adjacent regions with < 64 KB granularity, which the current version
> of the spec allows if they only differ in permission bits (which the spec says
> are 'unused' on AArch64, which could be interpreted as 'allowed but ignored').
>
> Changes since v1:
> - Ensure that we don't inadvertently set the XN bit on the preceding region at
> mapping time if we the OS is running with >4 KB pages.
>
> arch/arm64/kernel/efi.c | 3 +-
> drivers/firmware/efi/libstub/arm-stub.c | 62 +++++++++++++++-----
> 2 files changed, 49 insertions(+), 16 deletions(-)
Thanks Ard. I've picked this up in my 'urgent' queue and tagged it for
stable, but it would be really good if folks on the Cc list could
provdide ACKs and Tested-by tags because this is the kind of kernel
code where dragons lurk.
--
Matt Fleming, Intel Open Source Technology Center
WARNING: multiple messages have this Message-ID (diff)
From: matt@codeblueprint.co.uk (Matt Fleming)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] arm64/efi: don't pad between EFI_MEMORY_RUNTIME regions
Date: Wed, 9 Sep 2015 12:45:48 +0100 [thread overview]
Message-ID: <20150909114548.GC4973@codeblueprint.co.uk> (raw)
In-Reply-To: <1441782414-16284-1-git-send-email-ard.biesheuvel@linaro.org>
On Wed, 09 Sep, at 09:06:54AM, Ard Biesheuvel wrote:
> The new Properties Table feature introduced in UEFIv2.5 may split
> memory regions that cover PE/COFF memory images into separate code
> and data regions. Since these regions only differ in the type (runtime
> code vs runtime data) and the permission bits, but not in the memory
> type attributes (UC/WC/WT/WB), the spec does not require them to be
> aligned to 64 KB.
>
> As the relative offset of PE/COFF .text and .data segments cannot be
> changed on the fly, this means that we can no longer pad out those
> regions to be mappable using 64 KB pages.
> Unfortunately, there is no annotation in the UEFI memory map that
> identifies data regions that were split off from a code region, so we
> must apply this logic to all adjacent runtime regions whose attributes
> only differ in the permission bits.
>
> So instead of rounding each memory region to 64 KB alignment at both
> ends, only round down regions that are not directly preceded by another
> runtime region with the same type attributes. Since the UEFI spec does
> not mandate that the memory map be sorted, this means we also need to
> sort it first.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>
> As discussed off list, this is the arm64 side of what we should backport
> to stable to prevent firmware that adheres to the current version of the
> UEFI v2.5 spec with the memprotect feature enabled from blowing up the system
> upon the first OS call into the runtime services.
>
> For arm64, we already map things in order, but since the spec does not mandate
> a sorted memory map, we need to sort it to be sure. This also allows us to
> easily find adjacent regions with < 64 KB granularity, which the current version
> of the spec allows if they only differ in permission bits (which the spec says
> are 'unused' on AArch64, which could be interpreted as 'allowed but ignored').
>
> Changes since v1:
> - Ensure that we don't inadvertently set the XN bit on the preceding region at
> mapping time if we the OS is running with >4 KB pages.
>
> arch/arm64/kernel/efi.c | 3 +-
> drivers/firmware/efi/libstub/arm-stub.c | 62 +++++++++++++++-----
> 2 files changed, 49 insertions(+), 16 deletions(-)
Thanks Ard. I've picked this up in my 'urgent' queue and tagged it for
stable, but it would be really good if folks on the Cc list could
provdide ACKs and Tested-by tags because this is the kind of kernel
code where dragons lurk.
--
Matt Fleming, Intel Open Source Technology Center
next prev parent reply other threads:[~2015-09-09 11:45 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-04 13:06 [PATCH] arm64/efi: don't pad between EFI_MEMORY_RUNTIME regions Ard Biesheuvel
[not found] ` <1441371986-4554-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2015-09-09 7:06 ` [PATCH v2] " Ard Biesheuvel
2015-09-09 7:06 ` Ard Biesheuvel
2015-09-09 7:28 ` Ard Biesheuvel
[not found] ` <1441782414-16284-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2015-09-09 11:45 ` Matt Fleming [this message]
2015-09-09 11:45 ` Matt Fleming
2015-09-09 21:44 ` Mark Salter
2015-09-09 21:44 ` Mark Salter
2015-09-10 13:22 ` Mark Rutland
2015-09-10 13:22 ` Mark Rutland
2015-09-10 13:40 ` Ard Biesheuvel
2015-09-10 13:40 ` Ard Biesheuvel
[not found] ` <CAKv+Gu91fT=bQ1C3AETDCeKzgJ0fpwm1+gdKF02F7t8VzqVYFA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-10 14:04 ` Mark Rutland
2015-09-10 14:04 ` Mark Rutland
2015-09-10 14:51 ` Ard Biesheuvel
2015-09-10 14:51 ` Ard Biesheuvel
[not found] ` <CAKv+Gu-U0zcQpqXeb4BoRL+BcJvJ0dxRx6gZb77eJc520Spd2w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-10 15:03 ` Mark Rutland
2015-09-10 15:03 ` Mark Rutland
2015-09-10 15:41 ` [PATCH v3] " Ard Biesheuvel
2015-09-10 15:41 ` Ard Biesheuvel
[not found] ` <1441899699-14893-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2015-09-10 16:08 ` Mark Rutland
2015-09-10 16:08 ` Mark Rutland
2015-09-10 16:10 ` Ard Biesheuvel
2015-09-10 16:10 ` Ard Biesheuvel
[not found] ` <CAKv+Gu914YCoEvs9QkS619+gPW3qv1UTXqjmBhLPuH6ZCdmEqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-23 13:50 ` Matt Fleming
2015-09-23 13:50 ` Matt Fleming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150909114548.GC4973@codeblueprint.co.uk \
--to=matt-mf/unelci9gs6ibeejttw/xrex20p6io@public.gmane.org \
--cc=ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=catalin.marinas-5wv7dgnIgG8@public.gmane.org \
--cc=leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark.rutland-5wv7dgnIgG8@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=will.deacon-5wv7dgnIgG8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.