* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 5:56 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-26 5:56 UTC (permalink / raw)
To: Matt Fleming
Cc: Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Ard Biesheuvel,
Linus Torvalds, Borislav Petkov, Andy Lutomirski, Denys Vlasenko,
Brian Gerst, Andrew Morton
So this commit worries me.
This bug is a good find, and the fix is obviously needed and urgent, but I'm not
sure about the implementation at all. (I've Cc:-ed a few more x86 low level
gents.)
* Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
> /*
> + * Iterate the EFI memory map in reverse order because the regions
> + * will be mapped top-down. The end result is the same as if we had
> + * mapped things forward, but doesn't require us to change the
> + * existing implementation of efi_map_region().
> + */
> +static inline void *efi_map_next_entry_reverse(void *entry)
> +{
> + /* Initial call */
> + if (!entry)
> + return memmap.map_end - memmap.desc_size;
> +
> + entry -= memmap.desc_size;
> + if (entry < memmap.map)
> + return NULL;
> +
> + return entry;
> +}
> +
> +/*
> + * efi_map_next_entry - Return the next EFI memory map descriptor
> + * @entry: Previous EFI memory map descriptor
> + *
> + * This is a helper function to iterate over the EFI memory map, which
> + * we do in different orders depending on the current configuration.
> + *
> + * To begin traversing the memory map @entry must be %NULL.
> + *
> + * Returns %NULL when we reach the end of the memory map.
> + */
> +static void *efi_map_next_entry(void *entry)
> +{
> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> + /*
> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
> + * config table feature requires us to map all entries
> + * in the same order as they appear in the EFI memory
> + * map. That is to say, entry N must have a lower
> + * virtual address than entry N+1. This is because the
> + * firmware toolchain leaves relative references in
> + * the code/data sections, which are split and become
> + * separate EFI memory regions. Mapping things
> + * out-of-order leads to the firmware accessing
> + * unmapped addresses.
> + *
> + * Since we need to map things this way whether or not
> + * the kernel actually makes use of
> + * EFI_PROPERTIES_TABLE, let's just switch to this
> + * scheme by default for 64-bit.
The thing is, if relative accesses between these 'sections' do happen then the
requirement is much stronger than just 'ordered by addresses' - then we must map
them continuously and as a single block!
So at minimum the comment should say that. But I think we want more:
> + */
> + return efi_map_next_entry_reverse(entry);
> + }
> +
> + /* Initial call */
> + if (!entry)
> + return memmap.map;
> +
> + entry += memmap.desc_size;
> + if (entry >= memmap.map_end)
> + return NULL;
> +
> + return entry;
> +}
> +
> +/*
> * Map the efi memory ranges of the runtime services and update new_mmap with
> * virtual addresses.
> */
> @@ -714,7 +778,8 @@ static void * __init efi_map_regions(int *count, int *pg_shift)
> unsigned long left = 0;
> efi_memory_desc_t *md;
>
> - for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
> + p = NULL;
> + while ((p = efi_map_next_entry(p))) {
> md = p;
> if (!(md->attribute & EFI_MEMORY_RUNTIME)) {
So why is this 64-bit only? Is 32-bit not affected because there we allocate
virtual addresses bottom-up?
This would be a lot clearer if we just mapped the entries in order, no questions
asked. Conditions like this:
> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
... just invite confusion and possible corner cases where we end up mapping them
wrong.
So could we make the whole code obviously bottom-up? Such as first calculating the
size of virtual memory needed, then allocating a _single_, obviously continuous
mapping, and then doing a very clear in-order mapping within that window? That
would remove any bitness and legacy dependencies.
Good virtual memory layout is so critical for any third party code that this
should be the central property of the whole approach, not just some side condition
somewhere in an iteration loop.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 6:44 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 6:44 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On 25 September 2015 at 22:56, Ingo Molnar <mingo@kernel.org> wrote:
>
> So this commit worries me.
>
> This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> gents.)
>
> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>
>> /*
>> + * Iterate the EFI memory map in reverse order because the regions
>> + * will be mapped top-down. The end result is the same as if we had
>> + * mapped things forward, but doesn't require us to change the
>> + * existing implementation of efi_map_region().
>> + */
>> +static inline void *efi_map_next_entry_reverse(void *entry)
>> +{
>> + /* Initial call */
>> + if (!entry)
>> + return memmap.map_end - memmap.desc_size;
>> +
>> + entry -= memmap.desc_size;
>> + if (entry < memmap.map)
>> + return NULL;
>> +
>> + return entry;
>> +}
>> +
>> +/*
>> + * efi_map_next_entry - Return the next EFI memory map descriptor
>> + * @entry: Previous EFI memory map descriptor
>> + *
>> + * This is a helper function to iterate over the EFI memory map, which
>> + * we do in different orders depending on the current configuration.
>> + *
>> + * To begin traversing the memory map @entry must be %NULL.
>> + *
>> + * Returns %NULL when we reach the end of the memory map.
>> + */
>> +static void *efi_map_next_entry(void *entry)
>> +{
>> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>> + /*
>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>> + * config table feature requires us to map all entries
>> + * in the same order as they appear in the EFI memory
>> + * map. That is to say, entry N must have a lower
>> + * virtual address than entry N+1. This is because the
>> + * firmware toolchain leaves relative references in
>> + * the code/data sections, which are split and become
>> + * separate EFI memory regions. Mapping things
>> + * out-of-order leads to the firmware accessing
>> + * unmapped addresses.
>> + *
>> + * Since we need to map things this way whether or not
>> + * the kernel actually makes use of
>> + * EFI_PROPERTIES_TABLE, let's just switch to this
>> + * scheme by default for 64-bit.
>
> The thing is, if relative accesses between these 'sections' do happen then the
> requirement is much stronger than just 'ordered by addresses' - then we must map
> them continuously and as a single block!
>
The primary difference between pre-2.5 and 2.5 with this feature
enabled is that formerly, each PE/COFF image in memory would be
covered by at most a single EfiRuntimeServicesCode region, and now, a
single PE/COFF image may be split into different regions. It is only
relative references *inside* such a PE/COFF image that we are
concerned about, since no symbol references exist between separate
ones.
Also, it is not only relative references inside the PE/COFF image that
cause the problem. Another aspect is that the offset that is applied
to all absolute references at relocation time is derived from the
offset of the base of the PE/COFF image. If part of the PE/COFF image
(the .data section) is moved relatively to the code section, these
absolute references are fixed up incorrectly. This is actually a
problem that we could solve at the firmware side, but since PE/COFF
does not really tolerate being split up like that, the correct fix is
to keep all regions belonging to a single PE/COFF image adjacent.
Since we can't tell which those regions are, the next best approach is
to keep all adjacent regions with the EFI_MEMORY_RUNTIME attribute
adjacent in the VA mapping.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 6:44 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 6:44 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On 25 September 2015 at 22:56, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>
> So this commit worries me.
>
> This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> gents.)
>
> * Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
>
>> /*
>> + * Iterate the EFI memory map in reverse order because the regions
>> + * will be mapped top-down. The end result is the same as if we had
>> + * mapped things forward, but doesn't require us to change the
>> + * existing implementation of efi_map_region().
>> + */
>> +static inline void *efi_map_next_entry_reverse(void *entry)
>> +{
>> + /* Initial call */
>> + if (!entry)
>> + return memmap.map_end - memmap.desc_size;
>> +
>> + entry -= memmap.desc_size;
>> + if (entry < memmap.map)
>> + return NULL;
>> +
>> + return entry;
>> +}
>> +
>> +/*
>> + * efi_map_next_entry - Return the next EFI memory map descriptor
>> + * @entry: Previous EFI memory map descriptor
>> + *
>> + * This is a helper function to iterate over the EFI memory map, which
>> + * we do in different orders depending on the current configuration.
>> + *
>> + * To begin traversing the memory map @entry must be %NULL.
>> + *
>> + * Returns %NULL when we reach the end of the memory map.
>> + */
>> +static void *efi_map_next_entry(void *entry)
>> +{
>> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>> + /*
>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>> + * config table feature requires us to map all entries
>> + * in the same order as they appear in the EFI memory
>> + * map. That is to say, entry N must have a lower
>> + * virtual address than entry N+1. This is because the
>> + * firmware toolchain leaves relative references in
>> + * the code/data sections, which are split and become
>> + * separate EFI memory regions. Mapping things
>> + * out-of-order leads to the firmware accessing
>> + * unmapped addresses.
>> + *
>> + * Since we need to map things this way whether or not
>> + * the kernel actually makes use of
>> + * EFI_PROPERTIES_TABLE, let's just switch to this
>> + * scheme by default for 64-bit.
>
> The thing is, if relative accesses between these 'sections' do happen then the
> requirement is much stronger than just 'ordered by addresses' - then we must map
> them continuously and as a single block!
>
The primary difference between pre-2.5 and 2.5 with this feature
enabled is that formerly, each PE/COFF image in memory would be
covered by at most a single EfiRuntimeServicesCode region, and now, a
single PE/COFF image may be split into different regions. It is only
relative references *inside* such a PE/COFF image that we are
concerned about, since no symbol references exist between separate
ones.
Also, it is not only relative references inside the PE/COFF image that
cause the problem. Another aspect is that the offset that is applied
to all absolute references at relocation time is derived from the
offset of the base of the PE/COFF image. If part of the PE/COFF image
(the .data section) is moved relatively to the code section, these
absolute references are fixed up incorrectly. This is actually a
problem that we could solve at the firmware side, but since PE/COFF
does not really tolerate being split up like that, the correct fix is
to keep all regions belonging to a single PE/COFF image adjacent.
Since we can't tell which those regions are, the next best approach is
to keep all adjacent regions with the EFI_MEMORY_RUNTIME attribute
adjacent in the VA mapping.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 5:56 ` Ingo Molnar
(?)
(?)
@ 2015-09-26 13:43 ` Matt Fleming
2015-09-27 7:03 ` Ingo Molnar
-1 siblings, 1 reply; 78+ messages in thread
From: Matt Fleming @ 2015-09-26 13:43 UTC (permalink / raw)
To: Ingo Molnar
Cc: Thomas Gleixner, H. Peter Anvin, Matt Fleming, linux-kernel,
linux-efi, Lee, Chun-Yi, Borislav Petkov, Leif Lindholm,
Peter Jones, James Bottomley, Matthew Garrett, Dave Young,
stable, Ard Biesheuvel, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On Sat, 26 Sep, at 07:56:43AM, Ingo Molnar wrote:
>
> So this commit worries me.
>
> This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> gents.)
Thanks, the more the merrier.
> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>
> > /*
> > + * Iterate the EFI memory map in reverse order because the regions
> > + * will be mapped top-down. The end result is the same as if we had
> > + * mapped things forward, but doesn't require us to change the
> > + * existing implementation of efi_map_region().
> > + */
> > +static inline void *efi_map_next_entry_reverse(void *entry)
> > +{
> > + /* Initial call */
> > + if (!entry)
> > + return memmap.map_end - memmap.desc_size;
> > +
> > + entry -= memmap.desc_size;
> > + if (entry < memmap.map)
> > + return NULL;
> > +
> > + return entry;
> > +}
> > +
> > +/*
> > + * efi_map_next_entry - Return the next EFI memory map descriptor
> > + * @entry: Previous EFI memory map descriptor
> > + *
> > + * This is a helper function to iterate over the EFI memory map, which
> > + * we do in different orders depending on the current configuration.
> > + *
> > + * To begin traversing the memory map @entry must be %NULL.
> > + *
> > + * Returns %NULL when we reach the end of the memory map.
> > + */
> > +static void *efi_map_next_entry(void *entry)
> > +{
> > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> > + /*
> > + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
> > + * config table feature requires us to map all entries
> > + * in the same order as they appear in the EFI memory
> > + * map. That is to say, entry N must have a lower
> > + * virtual address than entry N+1. This is because the
> > + * firmware toolchain leaves relative references in
> > + * the code/data sections, which are split and become
> > + * separate EFI memory regions. Mapping things
> > + * out-of-order leads to the firmware accessing
> > + * unmapped addresses.
> > + *
> > + * Since we need to map things this way whether or not
> > + * the kernel actually makes use of
> > + * EFI_PROPERTIES_TABLE, let's just switch to this
> > + * scheme by default for 64-bit.
>
> The thing is, if relative accesses between these 'sections' do happen then the
> requirement is much stronger than just 'ordered by addresses' - then we must map
> them continuously and as a single block!
>
> So at minimum the comment should say that. But I think we want more:
Well, the firmware doesn't place arbitrary gaps between these runtime
image sections in memory, they still get loaded into memory by the
firmware the old-fashioned way (as one contiguous blob). It's just
that we've now got two memory map entries for the single PE/COFF
image. Also, it's only sections from the same PE/COFF image that
reference each other (but like Ard said, we can't tell from the memmap
which entries are for a single PE/COFF image).
Because EFI memory map entries that are part of the same PE/COFF image
will be at consecutive addresses, we'll also map them contiguously in
the kernel virtual address space, because that's how the current code
works - it's just that the current code maps them backwards.
Yeah, I'm completely in favour of improving any of the comments.
> > + */
> > + return efi_map_next_entry_reverse(entry);
> > + }
> > +
> > + /* Initial call */
> > + if (!entry)
> > + return memmap.map;
> > +
> > + entry += memmap.desc_size;
> > + if (entry >= memmap.map_end)
> > + return NULL;
> > +
> > + return entry;
> > +}
> > +
> > +/*
> > * Map the efi memory ranges of the runtime services and update new_mmap with
> > * virtual addresses.
> > */
> > @@ -714,7 +778,8 @@ static void * __init efi_map_regions(int *count, int *pg_shift)
> > unsigned long left = 0;
> > efi_memory_desc_t *md;
> >
> > - for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
> > + p = NULL;
> > + while ((p = efi_map_next_entry(p))) {
> > md = p;
> > if (!(md->attribute & EFI_MEMORY_RUNTIME)) {
>
> So why is this 64-bit only? Is 32-bit not affected because there we allocate
> virtual addresses bottom-up?
32-bit would potentially be effected if 32-bit firmware ever enabled
the EFI_PROPERTIES_TABLE feature. Whether or not it worked would
depend on the fragemntation of the virtual memory space when we map
the EFI regions.
But I'm not aware of any 32-bit firmware shipping with Properties
Table support, and fixing it in the kernel like we do for x86-64 would
require changing the EFI region mapping code. That's something I
wanted to avoid for this patch since it needs to be applied to stable,
and especially when we haven't seen the feature being used in the
wild.
> This would be a lot clearer if we just mapped the entries in order, no questions
> asked. Conditions like this:
>
> > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>
> ... just invite confusion and possible corner cases where we end up mapping them
> wrong.
When we introduced the top-down scheme in commit d2f7cbe7b26a
("x86/efi: Runtime services virtual mapping") we also introduced the
"efi=old_map" kernel parameter to force the old virtual address
allocation scheme exactly because we were concerned we might run into
firmware "issues" with the way we mapped things.
That concern hasn't gone away now - it's intensified.
The above conditional just codifies a config combination that we've
always treated differently, and the conditional logic is only
necessary because this is generic x86 code.
I agree that it would be nicer without the conditional code, but
forcing the same allocation scheme across 32-bit and 64-bit is a
*much* bigger change than what is proposed here. Not just in terms of
patch size, but also in terms of risk.
> So could we make the whole code obviously bottom-up? Such as first calculating the
> size of virtual memory needed, then allocating a _single_, obviously continuous
> mapping, and then doing a very clear in-order mapping within that window? That
> would remove any bitness and legacy dependencies.
So, we could, and in fact the first version of this patch did just
that. You can find it here,
https://lkml.kernel.org/r/1441372447-23439-1-git-send-email-matt@codeblueprint.co.uk
But Ard suggested re-using the existing code and simply changing the
order we map the memmap entries in. And given the constraint for a
small patch for backporting, I think it's a better solution. The
actual virtual addresses we pick are exactly the same with the two
patches.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-27 7:03 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-27 7:03 UTC (permalink / raw)
To: Matt Fleming
Cc: Thomas Gleixner, H. Peter Anvin, Matt Fleming, linux-kernel,
linux-efi, Lee, Chun-Yi, Borislav Petkov, Leif Lindholm,
Peter Jones, James Bottomley, Matthew Garrett, Dave Young,
stable, Ard Biesheuvel, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
* Matt Fleming <matt@codeblueprint.co.uk> wrote:
> > So could we make the whole code obviously bottom-up? Such as first calculating
> > the size of virtual memory needed, then allocating a _single_, obviously
> > continuous mapping, and then doing a very clear in-order mapping within that
> > window? That would remove any bitness and legacy dependencies.
>
> So, we could, and in fact the first version of this patch did just that. You can
> find it here,
>
> https://lkml.kernel.org/r/1441372447-23439-1-git-send-email-matt@codeblueprint.co.uk
>
> But Ard suggested re-using the existing code and simply changing the order we
> map the memmap entries in.
Such implementational arguments (which are an internal cost) never trump
compatibility and robustness concerns (which are an external constraint).
> [...] And given the constraint for a small patch for backporting, I think it's a
> better solution. [...]
Ugh, backporting size is _even less_ of a valid argument when it comes to firmware
support correctness!
We can (perhaps) use these already existing patches as a simpler backport, but
there's absolutely no reason to keep that code as a solution:
> [...] The actual virtual addresses we pick are exactly the same with the two
> patches.
So I'm NAK-ing this for now:
- The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
allocator, because all the sections have already been determined by the
firmware, and, as we just learned the hard way, we do not want to deviate from
that! There's nothing to 'allocate'!
What these patches seem to implement is an elaborate 'allocator' that ends up
doing nothing on 'new 64-bit' ...
- The 32-bit and 64-bit and 'old_mmap' asymmetries:
if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
seem fragile and nonsensical. The question is: is it possible for the whole EFI
image to be larger than a couple of megabytes? If not then 32-bit should just
mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
not worth keeping as a legacy, because there's just nothing better than
mirroring the firmware layout.
My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
single absolute offset by which we shift the whole thing to a single base.
Is there any technical reason why we'd want to deviate from that? Gigabytes of
tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
layout that differs from the firmware layout?
Also, nobody seems to be asking the obvious hardware compatibility question when
trying to implement a standard influenced in great part by an entity that is
partly ignorant of and partly hostile to Linux: how does Windows map the EFI
sections, under what OSs are these firmware versions tested? I suspect no firmware
is released that crashes on bootup on all OSs that can run on that hardware,
right?
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-27 7:03 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-27 7:03 UTC (permalink / raw)
To: Matt Fleming
Cc: Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Ard Biesheuvel,
Linus Torvalds, Borislav Petkov, Andy Lutomirski, Denys Vlasenko,
Brian Gerst, Andrew Morton
* Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
> > So could we make the whole code obviously bottom-up? Such as first calculating
> > the size of virtual memory needed, then allocating a _single_, obviously
> > continuous mapping, and then doing a very clear in-order mapping within that
> > window? That would remove any bitness and legacy dependencies.
>
> So, we could, and in fact the first version of this patch did just that. You can
> find it here,
>
> https://lkml.kernel.org/r/1441372447-23439-1-git-send-email-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org
>
> But Ard suggested re-using the existing code and simply changing the order we
> map the memmap entries in.
Such implementational arguments (which are an internal cost) never trump
compatibility and robustness concerns (which are an external constraint).
> [...] And given the constraint for a small patch for backporting, I think it's a
> better solution. [...]
Ugh, backporting size is _even less_ of a valid argument when it comes to firmware
support correctness!
We can (perhaps) use these already existing patches as a simpler backport, but
there's absolutely no reason to keep that code as a solution:
> [...] The actual virtual addresses we pick are exactly the same with the two
> patches.
So I'm NAK-ing this for now:
- The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
allocator, because all the sections have already been determined by the
firmware, and, as we just learned the hard way, we do not want to deviate from
that! There's nothing to 'allocate'!
What these patches seem to implement is an elaborate 'allocator' that ends up
doing nothing on 'new 64-bit' ...
- The 32-bit and 64-bit and 'old_mmap' asymmetries:
if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
seem fragile and nonsensical. The question is: is it possible for the whole EFI
image to be larger than a couple of megabytes? If not then 32-bit should just
mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
not worth keeping as a legacy, because there's just nothing better than
mirroring the firmware layout.
My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
single absolute offset by which we shift the whole thing to a single base.
Is there any technical reason why we'd want to deviate from that? Gigabytes of
tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
layout that differs from the firmware layout?
Also, nobody seems to be asking the obvious hardware compatibility question when
trying to implement a standard influenced in great part by an entity that is
partly ignorant of and partly hostile to Linux: how does Windows map the EFI
sections, under what OSs are these firmware versions tested? I suspect no firmware
is released that crashes on bootup on all OSs that can run on that hardware,
right?
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-27 7:03 ` Ingo Molnar
(?)
@ 2015-09-28 6:49 ` Ard Biesheuvel
2015-09-28 8:22 ` Ingo Molnar
-1 siblings, 1 reply; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-28 6:49 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On 27 September 2015 at 08:03, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>
[...]
>> [...] The actual virtual addresses we pick are exactly the same with the two
>> patches.
>
> So I'm NAK-ing this for now:
>
> - The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
> allocator, because all the sections have already been determined by the
> firmware, and, as we just learned the hard way, we do not want to deviate from
> that! There's nothing to 'allocate'!
>
> What these patches seem to implement is an elaborate 'allocator' that ends up
> doing nothing on 'new 64-bit' ...
>
> - The 32-bit and 64-bit and 'old_mmap' asymmetries:
>
> if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>
> seem fragile and nonsensical. The question is: is it possible for the whole EFI
> image to be larger than a couple of megabytes? If not then 32-bit should just
> mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
> differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
> not worth keeping as a legacy, because there's just nothing better than
> mirroring the firmware layout.
>
> My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
> single absolute offset by which we shift the whole thing to a single base.
>
> Is there any technical reason why we'd want to deviate from that? Gigabytes of
> tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
> layout that differs from the firmware layout?
>
The combined EFI_MEMORY_RUNTIME regions could span the entire 1:1
addressable PA space. They usually don't but it is a possibility,
which means 32-bit will not generally be able to support this
approach. For 64-bit ARM, there are some minor complications when the
base of RAM is up very high in physical memory, but we already fixed
that for the boot time ID map and for KVM.
> Also, nobody seems to be asking the obvious hardware compatibility question when
> trying to implement a standard influenced in great part by an entity that is
> partly ignorant of and partly hostile to Linux: how does Windows map the EFI
> sections, under what OSs are these firmware versions tested? I suspect no firmware
> is released that crashes on bootup on all OSs that can run on that hardware,
> right?
>
Interestingly, it was the other way around this time. The engineers
that implemented this feature for EDK2 could not boot Windows 8
anymore, because it supposedly maps the regions in reverse order as
well (and MS too will need to backport a fix that inverts the mapping
order). The engineers also tested Linux/x86, by means of a SUSE
installer image, which booted fine, most likely due to the fact that
it is an older version which still uses the old memmap layout.
My concern with all of this is that this security feature will become
an obscure opt-in feature rather than something UEFIv2.5 firmware
implementations can enable by default.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 8:22 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-28 8:22 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
* Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> On 27 September 2015 at 08:03, Ingo Molnar <mingo@kernel.org> wrote:
> >
> > * Matt Fleming <matt@codeblueprint.co.uk> wrote:
> >
> [...]
> >> [...] The actual virtual addresses we pick are exactly the same with the two
> >> patches.
> >
> > So I'm NAK-ing this for now:
> >
> > - The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
> > allocator, because all the sections have already been determined by the
> > firmware, and, as we just learned the hard way, we do not want to deviate from
> > that! There's nothing to 'allocate'!
> >
> > What these patches seem to implement is an elaborate 'allocator' that ends up
> > doing nothing on 'new 64-bit' ...
> >
> > - The 32-bit and 64-bit and 'old_mmap' asymmetries:
> >
> > if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> >
> > seem fragile and nonsensical. The question is: is it possible for the whole EFI
> > image to be larger than a couple of megabytes? If not then 32-bit should just
> > mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
> > differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
> > not worth keeping as a legacy, because there's just nothing better than
> > mirroring the firmware layout.
> >
> > My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
> > single absolute offset by which we shift the whole thing to a single base.
> >
> > Is there any technical reason why we'd want to deviate from that? Gigabytes of
> > tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
> > layout that differs from the firmware layout?
> >
>
> The combined EFI_MEMORY_RUNTIME regions could span the entire 1:1 addressable PA
> space. They usually don't but it is a possibility, which means 32-bit will not
> generally be able to support this approach. [...]
Ok, that's a good argument which invalidates my NAK.
> [...] For 64-bit ARM, there are some minor complications when the base of RAM is
> up very high in physical memory, but we already fixed that for the boot time ID
> map and for KVM.
>
> > Also, nobody seems to be asking the obvious hardware compatibility question
> > when trying to implement a standard influenced in great part by an entity that
> > is partly ignorant of and partly hostile to Linux: how does Windows map the
> > EFI sections, under what OSs are these firmware versions tested? I suspect no
> > firmware is released that crashes on bootup on all OSs that can run on that
> > hardware, right?
>
> Interestingly, it was the other way around this time. The engineers that
> implemented this feature for EDK2 could not boot Windows 8 anymore, because it
> supposedly maps the regions in reverse order as well (and MS too will need to
> backport a fix that inverts the mapping order). The engineers also tested
> Linux/x86, by means of a SUSE installer image, which booted fine, most likely
> due to the fact that it is an older version which still uses the old memmap
> layout.
That's nice to hear!
> My concern with all of this is that this security feature will become an obscure
> opt-in feature rather than something UEFIv2.5 firmware implementations can
> enable by default.
Ok, so I think the patches are mostly fine after all, except that I don't think
the condition on 64-bit makes any sense:
+ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
I can see us being nervous wrt. backported patches, but is there any strong reason
to not follow this up with a third (non-backported) patch that changes this to:
+ if (!efi_enabled(EFI_OLD_MEMMAP)) {
for v4.4?
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 8:22 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-28 8:22 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
* Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
> On 27 September 2015 at 08:03, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
> >
> > * Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
> >
> [...]
> >> [...] The actual virtual addresses we pick are exactly the same with the two
> >> patches.
> >
> > So I'm NAK-ing this for now:
> >
> > - The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
> > allocator, because all the sections have already been determined by the
> > firmware, and, as we just learned the hard way, we do not want to deviate from
> > that! There's nothing to 'allocate'!
> >
> > What these patches seem to implement is an elaborate 'allocator' that ends up
> > doing nothing on 'new 64-bit' ...
> >
> > - The 32-bit and 64-bit and 'old_mmap' asymmetries:
> >
> > if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> >
> > seem fragile and nonsensical. The question is: is it possible for the whole EFI
> > image to be larger than a couple of megabytes? If not then 32-bit should just
> > mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
> > differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
> > not worth keeping as a legacy, because there's just nothing better than
> > mirroring the firmware layout.
> >
> > My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
> > single absolute offset by which we shift the whole thing to a single base.
> >
> > Is there any technical reason why we'd want to deviate from that? Gigabytes of
> > tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
> > layout that differs from the firmware layout?
> >
>
> The combined EFI_MEMORY_RUNTIME regions could span the entire 1:1 addressable PA
> space. They usually don't but it is a possibility, which means 32-bit will not
> generally be able to support this approach. [...]
Ok, that's a good argument which invalidates my NAK.
> [...] For 64-bit ARM, there are some minor complications when the base of RAM is
> up very high in physical memory, but we already fixed that for the boot time ID
> map and for KVM.
>
> > Also, nobody seems to be asking the obvious hardware compatibility question
> > when trying to implement a standard influenced in great part by an entity that
> > is partly ignorant of and partly hostile to Linux: how does Windows map the
> > EFI sections, under what OSs are these firmware versions tested? I suspect no
> > firmware is released that crashes on bootup on all OSs that can run on that
> > hardware, right?
>
> Interestingly, it was the other way around this time. The engineers that
> implemented this feature for EDK2 could not boot Windows 8 anymore, because it
> supposedly maps the regions in reverse order as well (and MS too will need to
> backport a fix that inverts the mapping order). The engineers also tested
> Linux/x86, by means of a SUSE installer image, which booted fine, most likely
> due to the fact that it is an older version which still uses the old memmap
> layout.
That's nice to hear!
> My concern with all of this is that this security feature will become an obscure
> opt-in feature rather than something UEFIv2.5 firmware implementations can
> enable by default.
Ok, so I think the patches are mostly fine after all, except that I don't think
the condition on 64-bit makes any sense:
+ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
I can see us being nervous wrt. backported patches, but is there any strong reason
to not follow this up with a third (non-backported) patch that changes this to:
+ if (!efi_enabled(EFI_OLD_MEMMAP)) {
for v4.4?
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 9:51 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-28 9:51 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On 28 September 2015 at 09:22, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
>> On 27 September 2015 at 08:03, Ingo Molnar <mingo@kernel.org> wrote:
>> >
>> > * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>> >
>> [...]
>> >> [...] The actual virtual addresses we pick are exactly the same with the two
>> >> patches.
>> >
>> > So I'm NAK-ing this for now:
>> >
>> > - The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
>> > allocator, because all the sections have already been determined by the
>> > firmware, and, as we just learned the hard way, we do not want to deviate from
>> > that! There's nothing to 'allocate'!
>> >
>> > What these patches seem to implement is an elaborate 'allocator' that ends up
>> > doing nothing on 'new 64-bit' ...
>> >
>> > - The 32-bit and 64-bit and 'old_mmap' asymmetries:
>> >
>> > if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>> >
>> > seem fragile and nonsensical. The question is: is it possible for the whole EFI
>> > image to be larger than a couple of megabytes? If not then 32-bit should just
>> > mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
>> > differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
>> > not worth keeping as a legacy, because there's just nothing better than
>> > mirroring the firmware layout.
>> >
>> > My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
>> > single absolute offset by which we shift the whole thing to a single base.
>> >
>> > Is there any technical reason why we'd want to deviate from that? Gigabytes of
>> > tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
>> > layout that differs from the firmware layout?
>> >
>>
>> The combined EFI_MEMORY_RUNTIME regions could span the entire 1:1 addressable PA
>> space. They usually don't but it is a possibility, which means 32-bit will not
>> generally be able to support this approach. [...]
>
> Ok, that's a good argument which invalidates my NAK.
>
>> [...] For 64-bit ARM, there are some minor complications when the base of RAM is
>> up very high in physical memory, but we already fixed that for the boot time ID
>> map and for KVM.
>>
>> > Also, nobody seems to be asking the obvious hardware compatibility question
>> > when trying to implement a standard influenced in great part by an entity that
>> > is partly ignorant of and partly hostile to Linux: how does Windows map the
>> > EFI sections, under what OSs are these firmware versions tested? I suspect no
>> > firmware is released that crashes on bootup on all OSs that can run on that
>> > hardware, right?
>>
>> Interestingly, it was the other way around this time. The engineers that
>> implemented this feature for EDK2 could not boot Windows 8 anymore, because it
>> supposedly maps the regions in reverse order as well (and MS too will need to
>> backport a fix that inverts the mapping order). The engineers also tested
>> Linux/x86, by means of a SUSE installer image, which booted fine, most likely
>> due to the fact that it is an older version which still uses the old memmap
>> layout.
>
> That's nice to hear!
>
>> My concern with all of this is that this security feature will become an obscure
>> opt-in feature rather than something UEFIv2.5 firmware implementations can
>> enable by default.
>
> Ok, so I think the patches are mostly fine after all,
That is good to hear.
> except that I don't think
> the condition on 64-bit makes any sense:
>
> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>
> I can see us being nervous wrt. backported patches, but is there any strong reason
> to not follow this up with a third (non-backported) patch that changes this to:
>
> + if (!efi_enabled(EFI_OLD_MEMMAP)) {
>
> for v4.4?
>
The 32-bit side essentially implements the old memmap only, which is
the the bottom-up version. So old memmap will be implied by 32-bit but
not set in the EFI flags, resulting in the reverse enumeration being
used with the bottom-up mapping logic. The net result of that is that
we create the same problem for 32-bit that we are trying to solve for
64-bit, i.e., the regions will end up in reverse order in the VA
mapping.
To deobfuscate this particular conditional, we could set
EFI_OLD_MEMMAP unconditionally on 32-bit x86. Or we could reshuffle
variables and conditionals in various other way. I am not convinced
that the overall end result will be any better though.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 9:51 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-28 9:51 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On 28 September 2015 at 09:22, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>
> * Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
>
>> On 27 September 2015 at 08:03, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>> >
>> > * Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
>> >
>> [...]
>> >> [...] The actual virtual addresses we pick are exactly the same with the two
>> >> patches.
>> >
>> > So I'm NAK-ing this for now:
>> >
>> > - The code is it reads today pretends to be an 'allocator'. It is _NOT_ an
>> > allocator, because all the sections have already been determined by the
>> > firmware, and, as we just learned the hard way, we do not want to deviate from
>> > that! There's nothing to 'allocate'!
>> >
>> > What these patches seem to implement is an elaborate 'allocator' that ends up
>> > doing nothing on 'new 64-bit' ...
>> >
>> > - The 32-bit and 64-bit and 'old_mmap' asymmetries:
>> >
>> > if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>> >
>> > seem fragile and nonsensical. The question is: is it possible for the whole EFI
>> > image to be larger than a couple of megabytes? If not then 32-bit should just
>> > mirror the firmware layout as well, and if EFI_OLD_MEMMAP does anything
>> > differently from this _obvious_ 1:1 mapping of the EFI memory offsets then it's
>> > not worth keeping as a legacy, because there's just nothing better than
>> > mirroring the firmware layout.
>> >
>> > My suggestion would be to just 1:1 map what the EFI tables describe, modulo the
>> > single absolute offset by which we shift the whole thing to a single base.
>> >
>> > Is there any technical reason why we'd want to deviate from that? Gigabytes of
>> > tables or gigabytes of holes that 32-bit cannot handle? Firmware that wants an OS
>> > layout that differs from the firmware layout?
>> >
>>
>> The combined EFI_MEMORY_RUNTIME regions could span the entire 1:1 addressable PA
>> space. They usually don't but it is a possibility, which means 32-bit will not
>> generally be able to support this approach. [...]
>
> Ok, that's a good argument which invalidates my NAK.
>
>> [...] For 64-bit ARM, there are some minor complications when the base of RAM is
>> up very high in physical memory, but we already fixed that for the boot time ID
>> map and for KVM.
>>
>> > Also, nobody seems to be asking the obvious hardware compatibility question
>> > when trying to implement a standard influenced in great part by an entity that
>> > is partly ignorant of and partly hostile to Linux: how does Windows map the
>> > EFI sections, under what OSs are these firmware versions tested? I suspect no
>> > firmware is released that crashes on bootup on all OSs that can run on that
>> > hardware, right?
>>
>> Interestingly, it was the other way around this time. The engineers that
>> implemented this feature for EDK2 could not boot Windows 8 anymore, because it
>> supposedly maps the regions in reverse order as well (and MS too will need to
>> backport a fix that inverts the mapping order). The engineers also tested
>> Linux/x86, by means of a SUSE installer image, which booted fine, most likely
>> due to the fact that it is an older version which still uses the old memmap
>> layout.
>
> That's nice to hear!
>
>> My concern with all of this is that this security feature will become an obscure
>> opt-in feature rather than something UEFIv2.5 firmware implementations can
>> enable by default.
>
> Ok, so I think the patches are mostly fine after all,
That is good to hear.
> except that I don't think
> the condition on 64-bit makes any sense:
>
> + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>
> I can see us being nervous wrt. backported patches, but is there any strong reason
> to not follow this up with a third (non-backported) patch that changes this to:
>
> + if (!efi_enabled(EFI_OLD_MEMMAP)) {
>
> for v4.4?
>
The 32-bit side essentially implements the old memmap only, which is
the the bottom-up version. So old memmap will be implied by 32-bit but
not set in the EFI flags, resulting in the reverse enumeration being
used with the bottom-up mapping logic. The net result of that is that
we create the same problem for 32-bit that we are trying to solve for
64-bit, i.e., the regions will end up in reverse order in the VA
mapping.
To deobfuscate this particular conditional, we could set
EFI_OLD_MEMMAP unconditionally on 32-bit x86. Or we could reshuffle
variables and conditionals in various other way. I am not convinced
that the overall end result will be any better though.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-28 9:51 ` Ard Biesheuvel
(?)
@ 2015-09-29 9:12 ` Ingo Molnar
2015-09-29 10:41 ` Ard Biesheuvel
2015-09-29 13:52 ` Matt Fleming
-1 siblings, 2 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-29 9:12 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
* Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> > except that I don't think
> > the condition on 64-bit makes any sense:
> >
> > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> >
> > I can see us being nervous wrt. backported patches, but is there any strong reason
> > to not follow this up with a third (non-backported) patch that changes this to:
> >
> > + if (!efi_enabled(EFI_OLD_MEMMAP)) {
> >
> > for v4.4?
> >
>
> The 32-bit side essentially implements the old memmap only, which is the the
> bottom-up version. So old memmap will be implied by 32-bit but not set in the
> EFI flags, resulting in the reverse enumeration being used with the bottom-up
> mapping logic. The net result of that is that we create the same problem for
> 32-bit that we are trying to solve for 64-bit, i.e., the regions will end up in
> reverse order in the VA mapping.
>
> To deobfuscate this particular conditional, we could set EFI_OLD_MEMMAP
> unconditionally on 32-bit x86. Or we could reshuffle variables and conditionals
> in various other way.
Setting EFI_OLD_MEMMAP would be fine, if doing that has no bad side effects.
> [...] I am not convinced that the overall end result will be any better though.
That's not true, we change an obscure, implicit dependency on 32-bit detail to an
explicit EFI_OLD_MEMMAP flag that shows exactly what's happening. That's a clear
improvement.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-29 9:12 ` Ingo Molnar
@ 2015-09-29 10:41 ` Ard Biesheuvel
2015-09-29 14:18 ` Matt Fleming
2015-09-29 13:52 ` Matt Fleming
1 sibling, 1 reply; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-29 10:41 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On 29 September 2015 at 11:12, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
>> > except that I don't think
>> > the condition on 64-bit makes any sense:
>> >
>> > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
>> >
>> > I can see us being nervous wrt. backported patches, but is there any strong reason
>> > to not follow this up with a third (non-backported) patch that changes this to:
>> >
>> > + if (!efi_enabled(EFI_OLD_MEMMAP)) {
>> >
>> > for v4.4?
>> >
>>
>> The 32-bit side essentially implements the old memmap only, which is the the
>> bottom-up version. So old memmap will be implied by 32-bit but not set in the
>> EFI flags, resulting in the reverse enumeration being used with the bottom-up
>> mapping logic. The net result of that is that we create the same problem for
>> 32-bit that we are trying to solve for 64-bit, i.e., the regions will end up in
>> reverse order in the VA mapping.
>>
>> To deobfuscate this particular conditional, we could set EFI_OLD_MEMMAP
>> unconditionally on 32-bit x86. Or we could reshuffle variables and conditionals
>> in various other way.
>
> Setting EFI_OLD_MEMMAP would be fine, if doing that has no bad side effects.
>
>> [...] I am not convinced that the overall end result will be any better though.
>
> That's not true, we change an obscure, implicit dependency on 32-bit detail to an
> explicit EFI_OLD_MEMMAP flag that shows exactly what's happening. That's a clear
> improvement.
>
OK, fair enough. I agree that setting the flag for 32-bit would be
semantically correct. I will leave it to Matt to comment whether it is
reasonable in terms of changes to other parts of the code.
Thanks,
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 14:18 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-29 14:18 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Ingo Molnar, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On Tue, 29 Sep, at 12:41:23PM, Ard Biesheuvel wrote:
>
> OK, fair enough. I agree that setting the flag for 32-bit would be
> semantically correct. I will leave it to Matt to comment whether it is
> reasonable in terms of changes to other parts of the code.
It should be pretty minimal. Let me take a swing at the patch.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 14:18 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-29 14:18 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Ingo Molnar, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Tue, 29 Sep, at 12:41:23PM, Ard Biesheuvel wrote:
>
> OK, fair enough. I agree that setting the flag for 32-bit would be
> semantically correct. I will leave it to Matt to comment whether it is
> reasonable in terms of changes to other parts of the code.
It should be pretty minimal. Let me take a swing at the patch.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 13:52 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-29 13:52 UTC (permalink / raw)
To: Ingo Molnar
Cc: Ard Biesheuvel, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On Tue, 29 Sep, at 11:12:30AM, Ingo Molnar wrote:
>
> * Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> > > except that I don't think
> > > the condition on 64-bit makes any sense:
> > >
> > > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> > >
> > > I can see us being nervous wrt. backported patches, but is there any strong reason
> > > to not follow this up with a third (non-backported) patch that changes this to:
> > >
> > > + if (!efi_enabled(EFI_OLD_MEMMAP)) {
> > >
> > > for v4.4?
> > >
> >
> > The 32-bit side essentially implements the old memmap only, which is the the
> > bottom-up version. So old memmap will be implied by 32-bit but not set in the
> > EFI flags, resulting in the reverse enumeration being used with the bottom-up
> > mapping logic. The net result of that is that we create the same problem for
> > 32-bit that we are trying to solve for 64-bit, i.e., the regions will end up in
> > reverse order in the VA mapping.
> >
> > To deobfuscate this particular conditional, we could set EFI_OLD_MEMMAP
> > unconditionally on 32-bit x86. Or we could reshuffle variables and conditionals
> > in various other way.
>
> Setting EFI_OLD_MEMMAP would be fine, if doing that has no bad side effects.
Right, I think that's a very good suggestion, because like Ard
mentioned, since EFI_OLD_MEMMAP is implied for 32-bit (there's no
other way to map stuff currently), so it makes sense to force set the
bit.
> > [...] I am not convinced that the overall end result will be any better though.
>
> That's not true, we change an obscure, implicit dependency on 32-bit detail to an
> explicit EFI_OLD_MEMMAP flag that shows exactly what's happening. That's a clear
> improvement.
Agreed.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 13:52 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-29 13:52 UTC (permalink / raw)
To: Ingo Molnar
Cc: Ard Biesheuvel, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Tue, 29 Sep, at 11:12:30AM, Ingo Molnar wrote:
>
> * Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
>
> > > except that I don't think
> > > the condition on 64-bit makes any sense:
> > >
> > > + if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
> > >
> > > I can see us being nervous wrt. backported patches, but is there any strong reason
> > > to not follow this up with a third (non-backported) patch that changes this to:
> > >
> > > + if (!efi_enabled(EFI_OLD_MEMMAP)) {
> > >
> > > for v4.4?
> > >
> >
> > The 32-bit side essentially implements the old memmap only, which is the the
> > bottom-up version. So old memmap will be implied by 32-bit but not set in the
> > EFI flags, resulting in the reverse enumeration being used with the bottom-up
> > mapping logic. The net result of that is that we create the same problem for
> > 32-bit that we are trying to solve for 64-bit, i.e., the regions will end up in
> > reverse order in the VA mapping.
> >
> > To deobfuscate this particular conditional, we could set EFI_OLD_MEMMAP
> > unconditionally on 32-bit x86. Or we could reshuffle variables and conditionals
> > in various other way.
>
> Setting EFI_OLD_MEMMAP would be fine, if doing that has no bad side effects.
Right, I think that's a very good suggestion, because like Ard
mentioned, since EFI_OLD_MEMMAP is implied for 32-bit (there's no
other way to map stuff currently), so it makes sense to force set the
bit.
> > [...] I am not convinced that the overall end result will be any better though.
>
> That's not true, we change an obscure, implicit dependency on 32-bit detail to an
> explicit EFI_OLD_MEMMAP flag that shows exactly what's happening. That's a clear
> improvement.
Agreed.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 17:01 ` Andy Lutomirski
0 siblings, 0 replies; 78+ messages in thread
From: Andy Lutomirski @ 2015-09-26 17:01 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Ard Biesheuvel, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo@kernel.org> wrote:
>
> So this commit worries me.
>
> This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> gents.)
>
> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>> + /*
>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>> + * config table feature requires us to map all entries
>> + * in the same order as they appear in the EFI memory
>> + * map. That is to say, entry N must have a lower
>> + * virtual address than entry N+1. This is because the
>> + * firmware toolchain leaves relative references in
>> + * the code/data sections, which are split and become
>> + * separate EFI memory regions. Mapping things
>> + * out-of-order leads to the firmware accessing
>> + * unmapped addresses.
>> + *
I'm clearly missing something. What is EFI doing that it doesn't care
how big the gap between sections is but it still requires them to be
in order? It's not as though x86_64 has an addressing mode that
allows only non-negative offsets.
--Andy
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 17:01 ` Andy Lutomirski
0 siblings, 0 replies; 78+ messages in thread
From: Andy Lutomirski @ 2015-09-26 17:01 UTC (permalink / raw)
To: Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Ard Biesheuvel, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>
> So this commit worries me.
>
> This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> gents.)
>
> * Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
>> + /*
>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>> + * config table feature requires us to map all entries
>> + * in the same order as they appear in the EFI memory
>> + * map. That is to say, entry N must have a lower
>> + * virtual address than entry N+1. This is because the
>> + * firmware toolchain leaves relative references in
>> + * the code/data sections, which are split and become
>> + * separate EFI memory regions. Mapping things
>> + * out-of-order leads to the firmware accessing
>> + * unmapped addresses.
>> + *
I'm clearly missing something. What is EFI doing that it doesn't care
how big the gap between sections is but it still requires them to be
in order? It's not as though x86_64 has an addressing mode that
allows only non-negative offsets.
--Andy
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 17:01 ` Andy Lutomirski
(?)
@ 2015-09-26 17:20 ` H. Peter Anvin
2015-09-26 18:15 ` Ard Biesheuvel
2015-09-26 19:55 ` Matt Fleming
-1 siblings, 2 replies; 78+ messages in thread
From: H. Peter Anvin @ 2015-09-26 17:20 UTC (permalink / raw)
To: Andy Lutomirski, Ingo Molnar
Cc: Matt Fleming, Thomas Gleixner, Matt Fleming, linux-kernel,
linux-efi, Lee, Chun-Yi, Borislav Petkov, Leif Lindholm,
Peter Jones, James Bottomley, Matthew Garrett, Dave Young,
stable, Ard Biesheuvel, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
I think it "works" because the affected BIOSes don't put spaces between the chunks. I have discussed this with Matt.
On September 26, 2015 10:01:14 AM PDT, Andy Lutomirski <luto@amacapital.net> wrote:
>On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo@kernel.org> wrote:
>>
>> So this commit worries me.
>>
>> This bug is a good find, and the fix is obviously needed and urgent,
>but I'm not
>> sure about the implementation at all. (I've Cc:-ed a few more x86 low
>level
>> gents.)
>>
>> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>>> + /*
>>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>>> + * config table feature requires us to map all entries
>>> + * in the same order as they appear in the EFI memory
>>> + * map. That is to say, entry N must have a lower
>>> + * virtual address than entry N+1. This is because the
>>> + * firmware toolchain leaves relative references in
>>> + * the code/data sections, which are split and become
>>> + * separate EFI memory regions. Mapping things
>>> + * out-of-order leads to the firmware accessing
>>> + * unmapped addresses.
>>> + *
>
>I'm clearly missing something. What is EFI doing that it doesn't care
>how big the gap between sections is but it still requires them to be
>in order? It's not as though x86_64 has an addressing mode that
>allows only non-negative offsets.
>
>--Andy
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 18:15 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 18:15 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Andy Lutomirski, Ingo Molnar, Matt Fleming, Thomas Gleixner,
Matt Fleming, linux-kernel, linux-efi, Lee, Chun-Yi,
Borislav Petkov, Leif Lindholm, Peter Jones, James Bottomley,
Matthew Garrett, Dave Young, stable, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On 26 September 2015 at 10:20, H. Peter Anvin <hpa@zytor.com> wrote:
> I think it "works" because the affected BIOSes don't put spaces between the chunks. I have discussed this with Matt.
>
Forgive the ASCII art but perhaps an illustration might help:
before the 2.5 feature, PE/COFF runtime images were remapped as
illustrated here:
PA VA
+---------------+ +---------------+
| | | |
| PE/COFF .text | | EFI |
| | | Runtime |
+- - - - - - - -+ => | Services |----+
| | | Code | | : :
| PE/COFF .data | | | | : :
| | | | | +---------------+
+---------------+ +---------------+ | | |
| | | | | | EFI |
: : : : | | Runtime |
: : : : +--->| Services |
| | | | | Code |
+---------------+ +---------------+ | |
| | | | | |
| PE/COFF .text | | EFI | +---------------+
| | | Runtime | : gap :
+- - - - - - - -+ => | Services |---+ +---------------+
| | | Code | | | |
| PE/COFF .data | | | | | EFI |
| | | | | | Runtime |
+---------------+ +---------------+ +---->| Services |
| | | | | Code |
: : : : | |
: : : : | |
: : : : +---------------+
: : : : : :
Since the affected symbol references only exist between PE/COFF .text
and PE/COFF .data, there is never a problem since each is PE/COFF
image is mapped as a single region.
However, with the new feature enabled, this no longer holds:
PA VA
+---------------+ +---------------+
| | | |
| PE/COFF .text | | RtServices |----+
| | | Code | |
+- - - - - - - -+ => +---------------+ | +---------------+
| | | RtServices | +--->| RtServices |
| PE/COFF .data | | Data | | Code |
| | | |----+ +---------------+
+---------------+ +---------------+ | : gap :
| | | | | +---------------+
: : : : +--->| RtServices |
: : : : | Data |
| | | | +---------------+
+---------------+ +---------------+ : gap :
| | | | +---------------+
| PE/COFF .text | | RtServices |-------->| RtServices |
| | | Code | | Code |
+- - - - - - - -+ => +---------------+ +---------------+
| | | RtServices | : gap :
| PE/COFF .data | | Data |---+ +---------------+
| | | | | | RtServices |
+---------------+ +---------------+ +---->| Data |
| | | | | |
: : : : +---------------+
: : : : : :
: : : : : :
The illustration uses gaps, but obviously, this applies equally to
inverting the mapping order, since the PE/COFF .text and .data
sections will end up out of order.
--
Ard.
> On September 26, 2015 10:01:14 AM PDT, Andy Lutomirski <luto@amacapital.net> wrote:
>>On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo@kernel.org> wrote:
>>>
>>> So this commit worries me.
>>>
>>> This bug is a good find, and the fix is obviously needed and urgent,
>>but I'm not
>>> sure about the implementation at all. (I've Cc:-ed a few more x86 low
>>level
>>> gents.)
>>>
>>> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>>>> + /*
>>>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>>>> + * config table feature requires us to map all entries
>>>> + * in the same order as they appear in the EFI memory
>>>> + * map. That is to say, entry N must have a lower
>>>> + * virtual address than entry N+1. This is because the
>>>> + * firmware toolchain leaves relative references in
>>>> + * the code/data sections, which are split and become
>>>> + * separate EFI memory regions. Mapping things
>>>> + * out-of-order leads to the firmware accessing
>>>> + * unmapped addresses.
>>>> + *
>>
>>I'm clearly missing something. What is EFI doing that it doesn't care
>>how big the gap between sections is but it still requires them to be
>>in order? It's not as though x86_64 has an addressing mode that
>>allows only non-negative offsets.
>>
>>--Andy
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 18:15 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 18:15 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Andy Lutomirski, Ingo Molnar, Matt Fleming, Thomas Gleixner,
Matt Fleming, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
On 26 September 2015 at 10:20, H. Peter Anvin <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org> wrote:
> I think it "works" because the affected BIOSes don't put spaces between the chunks. I have discussed this with Matt.
>
Forgive the ASCII art but perhaps an illustration might help:
before the 2.5 feature, PE/COFF runtime images were remapped as
illustrated here:
PA VA
+---------------+ +---------------+
| | | |
| PE/COFF .text | | EFI |
| | | Runtime |
+- - - - - - - -+ => | Services |----+
| | | Code | | : :
| PE/COFF .data | | | | : :
| | | | | +---------------+
+---------------+ +---------------+ | | |
| | | | | | EFI |
: : : : | | Runtime |
: : : : +--->| Services |
| | | | | Code |
+---------------+ +---------------+ | |
| | | | | |
| PE/COFF .text | | EFI | +---------------+
| | | Runtime | : gap :
+- - - - - - - -+ => | Services |---+ +---------------+
| | | Code | | | |
| PE/COFF .data | | | | | EFI |
| | | | | | Runtime |
+---------------+ +---------------+ +---->| Services |
| | | | | Code |
: : : : | |
: : : : | |
: : : : +---------------+
: : : : : :
Since the affected symbol references only exist between PE/COFF .text
and PE/COFF .data, there is never a problem since each is PE/COFF
image is mapped as a single region.
However, with the new feature enabled, this no longer holds:
PA VA
+---------------+ +---------------+
| | | |
| PE/COFF .text | | RtServices |----+
| | | Code | |
+- - - - - - - -+ => +---------------+ | +---------------+
| | | RtServices | +--->| RtServices |
| PE/COFF .data | | Data | | Code |
| | | |----+ +---------------+
+---------------+ +---------------+ | : gap :
| | | | | +---------------+
: : : : +--->| RtServices |
: : : : | Data |
| | | | +---------------+
+---------------+ +---------------+ : gap :
| | | | +---------------+
| PE/COFF .text | | RtServices |-------->| RtServices |
| | | Code | | Code |
+- - - - - - - -+ => +---------------+ +---------------+
| | | RtServices | : gap :
| PE/COFF .data | | Data |---+ +---------------+
| | | | | | RtServices |
+---------------+ +---------------+ +---->| Data |
| | | | | |
: : : : +---------------+
: : : : : :
: : : : : :
The illustration uses gaps, but obviously, this applies equally to
inverting the mapping order, since the PE/COFF .text and .data
sections will end up out of order.
--
Ard.
> On September 26, 2015 10:01:14 AM PDT, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote:
>>On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>>>
>>> So this commit worries me.
>>>
>>> This bug is a good find, and the fix is obviously needed and urgent,
>>but I'm not
>>> sure about the implementation at all. (I've Cc:-ed a few more x86 low
>>level
>>> gents.)
>>>
>>> * Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
>>>> + /*
>>>> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
>>>> + * config table feature requires us to map all entries
>>>> + * in the same order as they appear in the EFI memory
>>>> + * map. That is to say, entry N must have a lower
>>>> + * virtual address than entry N+1. This is because the
>>>> + * firmware toolchain leaves relative references in
>>>> + * the code/data sections, which are split and become
>>>> + * separate EFI memory regions. Mapping things
>>>> + * out-of-order leads to the firmware accessing
>>>> + * unmapped addresses.
>>>> + *
>>
>>I'm clearly missing something. What is EFI doing that it doesn't care
>>how big the gap between sections is but it still requires them to be
>>in order? It's not as though x86_64 has an addressing mode that
>>allows only non-negative offsets.
>>
>>--Andy
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 18:15 ` Ard Biesheuvel
(?)
@ 2015-09-26 19:49 ` H. Peter Anvin
2015-09-26 19:57 ` Matt Fleming
-1 siblings, 1 reply; 78+ messages in thread
From: H. Peter Anvin @ 2015-09-26 19:49 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Andy Lutomirski, Ingo Molnar, Matt Fleming, Thomas Gleixner,
Matt Fleming, linux-kernel, linux-efi, Lee, Chun-Yi,
Borislav Petkov, Leif Lindholm, Peter Jones, James Bottomley,
Matthew Garrett, Dave Young, stable, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
It is still a hack unless all relative offsets are preserved. That is actually simpler, even: no sorting necessary.
On September 26, 2015 11:15:57 AM PDT, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>On 26 September 2015 at 10:20, H. Peter Anvin <hpa@zytor.com> wrote:
>> I think it "works" because the affected BIOSes don't put spaces
>between the chunks. I have discussed this with Matt.
>>
>
>Forgive the ASCII art but perhaps an illustration might help:
>
>before the 2.5 feature, PE/COFF runtime images were remapped as
>illustrated here:
>
> PA VA
>+---------------+ +---------------+
>| | | |
>| PE/COFF .text | | EFI |
>| | | Runtime |
>+- - - - - - - -+ => | Services |----+
>| | | Code | | : :
>| PE/COFF .data | | | | : :
>| | | | | +---------------+
>+---------------+ +---------------+ | | |
>| | | | | | EFI |
>: : : : | | Runtime |
>: : : : +--->| Services |
>| | | | | Code |
>+---------------+ +---------------+ | |
>| | | | | |
>| PE/COFF .text | | EFI | +---------------+
>| | | Runtime | : gap :
>+- - - - - - - -+ => | Services |---+ +---------------+
>| | | Code | | | |
>| PE/COFF .data | | | | | EFI |
>| | | | | | Runtime |
>+---------------+ +---------------+ +---->| Services |
>| | | | | Code |
>: : : : | |
>: : : : | |
>: : : : +---------------+
>: : : : : :
>
>Since the affected symbol references only exist between PE/COFF .text
>and PE/COFF .data, there is never a problem since each is PE/COFF
>image is mapped as a single region.
>However, with the new feature enabled, this no longer holds:
> PA VA
>+---------------+ +---------------+
>| | | |
>| PE/COFF .text | | RtServices |----+
>| | | Code | |
>+- - - - - - - -+ => +---------------+ | +---------------+
>| | | RtServices | +--->| RtServices |
>| PE/COFF .data | | Data | | Code |
>| | | |----+ +---------------+
>+---------------+ +---------------+ | : gap :
>| | | | | +---------------+
>: : : : +--->| RtServices |
>: : : : | Data |
>| | | | +---------------+
>+---------------+ +---------------+ : gap :
>| | | | +---------------+
>| PE/COFF .text | | RtServices |-------->| RtServices |
>| | | Code | | Code |
>+- - - - - - - -+ => +---------------+ +---------------+
>| | | RtServices | : gap :
>| PE/COFF .data | | Data |---+ +---------------+
>| | | | | | RtServices |
>+---------------+ +---------------+ +---->| Data |
>| | | | | |
>: : : : +---------------+
>: : : : : :
>: : : : : :
>
>The illustration uses gaps, but obviously, this applies equally to
>inverting the mapping order, since the PE/COFF .text and .data
>sections will end up out of order.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 19:49 ` H. Peter Anvin
@ 2015-09-26 19:57 ` Matt Fleming
2015-09-26 20:09 ` Ard Biesheuvel
0 siblings, 1 reply; 78+ messages in thread
From: Matt Fleming @ 2015-09-26 19:57 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Ard Biesheuvel, Andy Lutomirski, Ingo Molnar, Thomas Gleixner,
Matt Fleming, linux-kernel, linux-efi, Lee, Chun-Yi,
Borislav Petkov, Leif Lindholm, Peter Jones, James Bottomley,
Matthew Garrett, Dave Young, stable, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Sat, 26 Sep, at 12:49:26PM, H. Peter Anvin wrote:
>
> It is still a hack unless all relative offsets are preserved. That
> is actually simpler, even: no sorting necessary.
Unless I'm missing something, preserving relative offsets is exactly
what we do today, modulo PMD_SIZE gaps.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 20:09 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 20:09 UTC (permalink / raw)
To: Matt Fleming
Cc: H. Peter Anvin, Andy Lutomirski, Ingo Molnar, Thomas Gleixner,
Matt Fleming, linux-kernel, linux-efi, Lee, Chun-Yi,
Borislav Petkov, Leif Lindholm, Peter Jones, James Bottomley,
Matthew Garrett, Dave Young, stable, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
> On 26 sep. 2015, at 12:57, Matt Fleming <matt@codeblueprint.co.uk> wrote:
>
>> On Sat, 26 Sep, at 12:49:26PM, H. Peter Anvin wrote:
>>
>> It is still a hack unless all relative offsets are preserved. That
>> is actually simpler, even: no sorting necessary.
>
> Unless I'm missing something, preserving relative offsets is exactly
> what we do today, modulo PMD_SIZE gaps.
>
I think what Peter means is preserving the relative offsets inside the entire 1:1 space.
This is not at all what we do currently, and i don't think it is generally feasible on 32-bit (since the physical range may conflict with the virtual kernel mappings)
However, on 64 bit (both arm and x86), this boils down to not calling setVA() in the first place, which i'm all in favor of.
--
Ard.
> --
> Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 20:09 ` Ard Biesheuvel
0 siblings, 0 replies; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-26 20:09 UTC (permalink / raw)
To: Matt Fleming
Cc: H. Peter Anvin, Andy Lutomirski, Ingo Molnar, Thomas Gleixner,
Matt Fleming, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
> On 26 sep. 2015, at 12:57, Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> wrote:
>
>> On Sat, 26 Sep, at 12:49:26PM, H. Peter Anvin wrote:
>>
>> It is still a hack unless all relative offsets are preserved. That
>> is actually simpler, even: no sorting necessary.
>
> Unless I'm missing something, preserving relative offsets is exactly
> what we do today, modulo PMD_SIZE gaps.
>
I think what Peter means is preserving the relative offsets inside the entire 1:1 space.
This is not at all what we do currently, and i don't think it is generally feasible on 32-bit (since the physical range may conflict with the virtual kernel mappings)
However, on 64 bit (both arm and x86), this boils down to not calling setVA() in the first place, which i'm all in favor of.
--
Ard.
> --
> Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 20:09 ` Ard Biesheuvel
(?)
@ 2015-09-26 20:19 ` H. Peter Anvin
2015-09-27 16:30 ` Andy Lutomirski
-1 siblings, 1 reply; 78+ messages in thread
From: H. Peter Anvin @ 2015-09-26 20:19 UTC (permalink / raw)
To: Ard Biesheuvel, Matt Fleming
Cc: Andy Lutomirski, Ingo Molnar, Thomas Gleixner, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Linus Torvalds, Borislav Petkov,
Andy Lutomirski, Denys Vlasenko, Brian Gerst, Andrew Morton
Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
I don't actually think it is all that infeasible to keep relative offsets consistent for the regions we have to map. PMD_SIZE is not a very large chunk so it could be a problem.
On September 26, 2015 1:09:17 PM PDT, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
>> On 26 sep. 2015, at 12:57, Matt Fleming <matt@codeblueprint.co.uk>
>wrote:
>>
>>> On Sat, 26 Sep, at 12:49:26PM, H. Peter Anvin wrote:
>>>
>>> It is still a hack unless all relative offsets are preserved. That
>>> is actually simpler, even: no sorting necessary.
>>
>> Unless I'm missing something, preserving relative offsets is exactly
>> what we do today, modulo PMD_SIZE gaps.
>>
>
>I think what Peter means is preserving the relative offsets inside the
>entire 1:1 space.
>
>This is not at all what we do currently, and i don't think it is
>generally feasible on 32-bit (since the physical range may conflict
>with the virtual kernel mappings)
>
>However, on 64 bit (both arm and x86), this boils down to not calling
>setVA() in the first place, which i'm all in favor of.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 20:19 ` H. Peter Anvin
@ 2015-09-27 16:30 ` Andy Lutomirski
2015-09-27 18:06 ` Matthew Garrett
0 siblings, 1 reply; 78+ messages in thread
From: Andy Lutomirski @ 2015-09-27 16:30 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Denys Vlasenko, Leif Lindholm, Thomas Gleixner, Borislav Petkov,
stable, Andrew Morton, Matthew Garrett, Ingo Molnar, Brian Gerst,
Dave Young, linux-efi, Ard Biesheuvel, Linus Torvalds,
Peter Jones, Matt Fleming, Matt Fleming, Borislav Petkov, Lee,
Chun-Yi, linux-kernel, James Bottomley
On Sep 26, 2015 1:19 PM, "H. Peter Anvin" <hpa@zytor.com> wrote:
>
> Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
>
Why can't we map everything completely 1:1 (VA = PA) and call the
setVA thing but pass it literally the identity.
Firmwares that need it to be called will work, and firmwares that fail
to update all offsets will be fine because there's nothing to update.
--Andy
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-27 18:06 ` Matthew Garrett
0 siblings, 0 replies; 78+ messages in thread
From: Matthew Garrett @ 2015-09-27 18:06 UTC (permalink / raw)
To: Andy Lutomirski
Cc: H. Peter Anvin, Denys Vlasenko, Leif Lindholm, Thomas Gleixner,
Borislav Petkov, stable, Andrew Morton, Ingo Molnar, Brian Gerst,
Dave Young, linux-efi, Ard Biesheuvel, Linus Torvalds,
Peter Jones, Matt Fleming, Matt Fleming, Borislav Petkov, Lee,
Chun-Yi, linux-kernel, James Bottomley
On Sun, Sep 27, 2015 at 09:30:48AM -0700, Andy Lutomirski wrote:
> On Sep 26, 2015 1:19 PM, "H. Peter Anvin" <hpa@zytor.com> wrote:
> >
> > Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
> >
>
> Why can't we map everything completely 1:1 (VA = PA) and call the
> setVA thing but pass it literally the identity.
Last time I tried this I found that some firmware makes assumptions
about having high addresses.
--
Matthew Garrett | mjg59@srcf.ucam.org
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-27 18:06 ` Matthew Garrett
0 siblings, 0 replies; 78+ messages in thread
From: Matthew Garrett @ 2015-09-27 18:06 UTC (permalink / raw)
To: Andy Lutomirski
Cc: H. Peter Anvin, Denys Vlasenko, Leif Lindholm, Thomas Gleixner,
Borislav Petkov, stable, Andrew Morton, Ingo Molnar, Brian Gerst,
Dave Young, linux-efi-u79uwXL29TY76Z2rM5mHXA, Ard Biesheuvel,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, James Bottomley
On Sun, Sep 27, 2015 at 09:30:48AM -0700, Andy Lutomirski wrote:
> On Sep 26, 2015 1:19 PM, "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org> wrote:
> >
> > Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
> >
>
> Why can't we map everything completely 1:1 (VA = PA) and call the
> setVA thing but pass it literally the identity.
Last time I tried this I found that some firmware makes assumptions
about having high addresses.
--
Matthew Garrett | mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 6:16 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-28 6:16 UTC (permalink / raw)
To: Matthew Garrett
Cc: Andy Lutomirski, H. Peter Anvin, Denys Vlasenko, Leif Lindholm,
Thomas Gleixner, Borislav Petkov, stable, Andrew Morton,
Brian Gerst, Dave Young, linux-efi, Ard Biesheuvel,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi, linux-kernel, James Bottomley
* Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> On Sun, Sep 27, 2015 at 09:30:48AM -0700, Andy Lutomirski wrote:
> > On Sep 26, 2015 1:19 PM, "H. Peter Anvin" <hpa@zytor.com> wrote:
> > >
> > > Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
> > >
> >
> > Why can't we map everything completely 1:1 (VA = PA) and call the
> > setVA thing but pass it literally the identity.
>
> Last time I tried this I found that some firmware makes assumptions
> about having high addresses.
So the question is, what does Windows do?
PC firmware is a hostile environment for Linux, to be compatible the best we can
do is to mimic the environment that the firmware is tested under - i.e. try to use
the firmware in the way Windows uses it.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-28 6:16 ` Ingo Molnar
0 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-28 6:16 UTC (permalink / raw)
To: Matthew Garrett
Cc: Andy Lutomirski, H. Peter Anvin, Denys Vlasenko, Leif Lindholm,
Thomas Gleixner, Borislav Petkov, stable, Andrew Morton,
Brian Gerst, Dave Young, linux-efi-u79uwXL29TY76Z2rM5mHXA,
Ard Biesheuvel, Linus Torvalds, Peter Jones, Matt Fleming,
Matt Fleming, Borislav Petkov, Lee, Chun-Yi,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, James Bottomley
* Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org> wrote:
> On Sun, Sep 27, 2015 at 09:30:48AM -0700, Andy Lutomirski wrote:
> > On Sep 26, 2015 1:19 PM, "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org> wrote:
> > >
> > > Sadly a lot of firmware is known to fail in that configuration :( That was very much our guest choice.
> > >
> >
> > Why can't we map everything completely 1:1 (VA = PA) and call the
> > setVA thing but pass it literally the identity.
>
> Last time I tried this I found that some firmware makes assumptions
> about having high addresses.
So the question is, what does Windows do?
PC firmware is a hostile environment for Linux, to be compatible the best we can
do is to mimic the environment that the firmware is tested under - i.e. try to use
the firmware in the way Windows uses it.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-28 6:16 ` Ingo Molnar
(?)
@ 2015-09-28 6:41 ` Matthew Garrett
2015-09-29 21:58 ` Laszlo Ersek
-1 siblings, 1 reply; 78+ messages in thread
From: Matthew Garrett @ 2015-09-28 6:41 UTC (permalink / raw)
To: Ingo Molnar
Cc: Andy Lutomirski, H. Peter Anvin, Denys Vlasenko, Leif Lindholm,
Thomas Gleixner, Borislav Petkov, stable, Andrew Morton,
Brian Gerst, Dave Young, linux-efi, Ard Biesheuvel,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi, linux-kernel, James Bottomley
On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
> So the question is, what does Windows do?
It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
arguments to the qemu debug port. Unfortunately I'm about to drop mostly
offline for a week, otherwise I'd give it a go...
--
Matthew Garrett | mjg59@srcf.ucam.org
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 21:58 ` Laszlo Ersek
0 siblings, 0 replies; 78+ messages in thread
From: Laszlo Ersek @ 2015-09-29 21:58 UTC (permalink / raw)
To: Matthew Garrett, Ingo Molnar
Cc: Andy Lutomirski, H. Peter Anvin, Denys Vlasenko, Leif Lindholm,
Thomas Gleixner, Borislav Petkov, stable, Andrew Morton,
Brian Gerst, Dave Young, linux-efi, Ard Biesheuvel,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi, linux-kernel, James Bottomley,
Jordan Justen (Intel address)
On 09/28/15 08:41, Matthew Garrett wrote:
> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>
>> So the question is, what does Windows do?
>
> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
> arguments to the qemu debug port. Unfortunately I'm about to drop
> mostly offline for a week, otherwise I'd give it a go...
In order to enable the properties table feature in OVMF, two conditions
have to be satisfied:
(a) set gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable to TRUE
(b) build DXE_RUNTIME_DRIVER modules with 4KB section alignment
(a) used to be possible only statically (ie. at build time), but since
edk2 commit ab081a50e5 [1] it can be done dynamically too, on the qemu
command line. See that edk2 commit for details.
This OVMF feature depends on QEMU commit 81b2b81062 [2]. Another patch
from Gabriel is under review that enables such simple settings without
host-side files [3].
(b) is satisfied by the edk2 patch that Ard posted today [4].
Because I know how much people like building OVMF, I uploaded a fresh
OVMF binary (which includes a number of other patches from my personal
tree, but those are irrelevent here), with a matching varstore template,
to [5]. The relevant edk2 patches (ie. the one from Ard [4], and a debug
patch like you mention above) can also be found under [5].
(
I recommend to start QEMU like this:
# Create a new (empty) varstore for the virtual machine, from the
# varstore template.
cp OVMF_VARS.fd my-vars.fd
# Start the VM, with direct kernel boot.
qemu-system-x86_64 \
-m 2048 \
-M pc,accel=kvm \
\
-device qxl-vga \
\
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=my-vars.fd \
\
-debugcon file:debug.log \
-global isa-debugcon.iobase=0x402 \
\
-chardev stdio,signal=off,mux=on,id=char0 \
-mon chardev=char0,mode=readline,default \
-serial chardev:char0 \
\
-kernel vmlinuz... \
-initrd initramfs... \
-append "root=..." \
\
...
The guest will have 2GB of RAM, it will use KVM, the virtual video card
will be QXL; the OVMF debug log will be written to "debug.log". The key
combination [Control-A C] will switch between the QEMU monitor prompt
and the serial port of the guest. The above should be suitable for rapid
testing of kernels built on the host.
)
Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
guests, with the properties table feature enabled vs. disabled in the
firmware. (All three Windows guests were updated first though.)
All three Windows OSes adapt their SetVirtualAddressMap() calls, when
the feature is enabled in the firmware. However, Windows 8.1 crashes
nonetheless (BSOD, I forget the fault details, sorry). Windows Server
2012 R2 and Windows 10 boot fine.
I uploaded the verbose OVMF log files from all six guest boots to [5].
The tables you might be interested in are dumped at the ends of the log
files.
All three guests had 2GB of RAM. They had different VM configurations,
but between disabling and enabling the properties table feature, no
other knob was tweaked. Therefore the two log files of the same guest
should be comparable against each other, for each guest. For example:
$ colordiff -u ovmf.win10.prop.{disabled,enabled}.log
Because stuff hosted on the web privately tends to go away, I'll quote
that diff here, for posterity:
> --- ovmf.win10.prop.disabled.log 2015-09-29 22:01:45.252126086 +0200
> +++ ovmf.win10.prop.enabled.log 2015-09-29 21:50:54.579475078 +0200
> @@ -24,7 +24,7 @@
> QemuFwCfg interface is supported.
> Platform PEIM Loaded
> CMOS:
> -00: 38 00 01 00 22 00 03 29 09 15 26 02 00 80 00 00
> +00: 48 00 50 00 21 00 03 29 09 15 26 02 00 80 00 00
> 10: 00 00 00 00 06 80 02 FF FF 00 00 00 00 00 00 00
> 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 30: FF FF 20 00 00 7F 00 20 30 00 00 00 00 12 00 00
> @@ -1110,6 +1110,17 @@
> InstallProtocolInterface: 4CF5B200-68B8-4CA5-9EEC-B23E3F50029A 7F271568
> [Variable]END_OF_DXE is signaled
> Initialize variable error flag (FF)
> +MemoryProtectionAttribute - 0x0000000000000001
> +Total Image Count - 0x8
> +Dump ImageRecord:
> + Image[0]: 0x000000007EC26000 - 0x000000000000A000
> + Image[1]: 0x000000007EC35000 - 0x0000000000008000
> + Image[2]: 0x000000007EC65000 - 0x000000000000C000
> + Image[3]: 0x000000007ED76000 - 0x00000000000A3000
> + Image[4]: 0x000000007FE9E000 - 0x0000000000009000
> + Image[5]: 0x000000007FEA7000 - 0x000000000000A000
> + Image[6]: 0x000000007FEB1000 - 0x000000000000C000
> + Image[7]: 0x000000007FEBD000 - 0x000000000000C000
> S3Ready!
> SaveLockBox: Guid=DEA652B0-D587-4C54-B5B4-C682E7A0AA3D Buffer=7FEEE000 Length=0xA
> SetLockBoxAttributes: Guid=DEA652B0-D587-4C54-B5B4-C682E7A0AA3D Attributes=0x1
> @@ -1822,18 +1833,29 @@
> InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7F0EBA00
> Loading driver at 0x00010000000 EntryPoint=0x00010014790 bootmgfw.efi
> InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 7F0B8898
> -RuntimeDriverSetVirtualAddressMap: 12 descriptors
> +RuntimeDriverSetVirtualAddressMap: 23 descriptors
> # Memory Type PhysicalStart 0x VirtualStart 0x Size 0x Attributes
> -- ------------ ---------------- ---------------- ---------------- --------------------------------------
> - 0 RuntimeData 000000007EC21000 FFFFFFFFFF7E4000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 1 RuntimeCode 000000007EC26000 FFFFFFFFFF7E9000 000000000000A000 [UC|WC|WT|WB| | | | | | | |RT]
> - 2 RuntimeData 000000007EC30000 FFFFFFFFFF7F3000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 3 RuntimeCode 000000007EC35000 FFFFFFFFFF7F8000 0000000000008000 [UC|WC|WT|WB| | | | | | | |RT]
> - 4 RuntimeData 000000007EC60000 FFFFFFFFFF800000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 5 RuntimeCode 000000007EC65000 FFFFFFFFFF805000 000000000000C000 [UC|WC|WT|WB| | | | | | | |RT]
> - 6 RuntimeData 000000007EC9E000 FFFFFFFFFF811000 00000000000D8000 [UC|WC|WT|WB| | | | | | | |RT]
> - 7 RuntimeCode 000000007ED76000 FFFFFFFFFF8E9000 00000000000A3000 [UC|WC|WT|WB| | | | | | | |RT]
> - 8 RuntimeCode 000000007FE99000 FFFFFFFFFF98C000 0000000000030000 [UC|WC|WT|WB| | | | | | | |RT]
> - 9 RuntimeData 000000007FEC9000 FFFFFFFFFF9BC000 0000000000024000 [UC|WC|WT|WB| | | | | | | |RT]
> -10 RuntimeData 000000007FFD0000 FFFFFFFFFF9E0000 0000000000020000 [UC|WC|WT|WB| | | | | | | |RT]
> -11 RuntimeData 00000000FFE00000 FFFFFFFFFFA00000 0000000000200000 [UC| | | | | | | | | | |RT]
> + 0 RuntimeData 000000007EC21000 FFFFFFFFFF7E4000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 1 RuntimeCode 000000007EC27000 FFFFFFFFFF7EA000 0000000000007000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 2 RuntimeData 000000007EC2E000 FFFFFFFFFF7F1000 0000000000007000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 3 RuntimeData 000000007EC35000 FFFFFFFFFF7F8000 0000000000001000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 4 RuntimeCode 000000007EC36000 FFFFFFFFFF7F9000 0000000000005000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 5 RuntimeData 000000007EC3B000 FFFFFFFFFF7FE000 0000000000002000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 6 RuntimeData 000000007EC60000 FFFFFFFFFF800000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 7 RuntimeCode 000000007EC66000 FFFFFFFFFF806000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 8 RuntimeData 000000007EC6F000 FFFFFFFFFF80F000 0000000000002000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 9 RuntimeData 000000007EC9E000 FFFFFFFFFF811000 00000000000D9000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +10 RuntimeCode 000000007ED77000 FFFFFFFFFF8EA000 0000000000097000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +11 RuntimeData 000000007EE0E000 FFFFFFFFFF981000 000000000000B000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +12 RuntimeData 000000007FE99000 FFFFFFFFFF98C000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +13 RuntimeCode 000000007FE9F000 FFFFFFFFFF992000 0000000000006000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +14 RuntimeData 000000007FEA5000 FFFFFFFFFF998000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +15 RuntimeCode 000000007FEA8000 FFFFFFFFFF99B000 0000000000007000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +16 RuntimeData 000000007FEAF000 FFFFFFFFFF9A2000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +17 RuntimeCode 000000007FEB2000 FFFFFFFFFF9A5000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +18 RuntimeData 000000007FEBB000 FFFFFFFFFF9AE000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +19 RuntimeCode 000000007FEBE000 FFFFFFFFFF9B1000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +20 RuntimeData 000000007FEC7000 FFFFFFFFFF9BA000 0000000000026000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +21 RuntimeData 000000007FFD0000 FFFFFFFFFF9E0000 0000000000020000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +22 RuntimeData 00000000FFE00000 FFFFFFFFFFA00000 0000000000200000 [UC| | | | | | |XP| | | |RT]
Thanks
Laszlo
[1] https://github.com/tianocore/edk2/commit/ab081a50e5
[2] https://github.com/qemu/qemu/commit/81b2b81062
[3] http://news.gmane.org/find-root.php?message_id=%3C1443544141-26568-1-git-send-email-somlo@cmu.edu%3E
[4] http://thread.gmane.org/gmane.comp.bios.edk2.devel/2640
[5] http://people.redhat.com/~lersek/ovmf_prop_table/
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-29 21:58 ` Laszlo Ersek
0 siblings, 0 replies; 78+ messages in thread
From: Laszlo Ersek @ 2015-09-29 21:58 UTC (permalink / raw)
To: Matthew Garrett, Ingo Molnar
Cc: Andy Lutomirski, H. Peter Anvin, Denys Vlasenko, Leif Lindholm,
Thomas Gleixner, Borislav Petkov, stable, Andrew Morton,
Brian Gerst, Dave Young, linux-efi-u79uwXL29TY76Z2rM5mHXA,
Ard Biesheuvel, Linus Torvalds, Peter Jones, Matt Fleming,
Matt Fleming, Borislav Petkov, Lee, Chun-Yi,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, James Bottomley,
Jordan Justen (Intel address)
On 09/28/15 08:41, Matthew Garrett wrote:
> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>
>> So the question is, what does Windows do?
>
> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
> arguments to the qemu debug port. Unfortunately I'm about to drop
> mostly offline for a week, otherwise I'd give it a go...
In order to enable the properties table feature in OVMF, two conditions
have to be satisfied:
(a) set gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable to TRUE
(b) build DXE_RUNTIME_DRIVER modules with 4KB section alignment
(a) used to be possible only statically (ie. at build time), but since
edk2 commit ab081a50e5 [1] it can be done dynamically too, on the qemu
command line. See that edk2 commit for details.
This OVMF feature depends on QEMU commit 81b2b81062 [2]. Another patch
from Gabriel is under review that enables such simple settings without
host-side files [3].
(b) is satisfied by the edk2 patch that Ard posted today [4].
Because I know how much people like building OVMF, I uploaded a fresh
OVMF binary (which includes a number of other patches from my personal
tree, but those are irrelevent here), with a matching varstore template,
to [5]. The relevant edk2 patches (ie. the one from Ard [4], and a debug
patch like you mention above) can also be found under [5].
(
I recommend to start QEMU like this:
# Create a new (empty) varstore for the virtual machine, from the
# varstore template.
cp OVMF_VARS.fd my-vars.fd
# Start the VM, with direct kernel boot.
qemu-system-x86_64 \
-m 2048 \
-M pc,accel=kvm \
\
-device qxl-vga \
\
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=my-vars.fd \
\
-debugcon file:debug.log \
-global isa-debugcon.iobase=0x402 \
\
-chardev stdio,signal=off,mux=on,id=char0 \
-mon chardev=char0,mode=readline,default \
-serial chardev:char0 \
\
-kernel vmlinuz... \
-initrd initramfs... \
-append "root=..." \
\
...
The guest will have 2GB of RAM, it will use KVM, the virtual video card
will be QXL; the OVMF debug log will be written to "debug.log". The key
combination [Control-A C] will switch between the QEMU monitor prompt
and the serial port of the guest. The above should be suitable for rapid
testing of kernels built on the host.
)
Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
guests, with the properties table feature enabled vs. disabled in the
firmware. (All three Windows guests were updated first though.)
All three Windows OSes adapt their SetVirtualAddressMap() calls, when
the feature is enabled in the firmware. However, Windows 8.1 crashes
nonetheless (BSOD, I forget the fault details, sorry). Windows Server
2012 R2 and Windows 10 boot fine.
I uploaded the verbose OVMF log files from all six guest boots to [5].
The tables you might be interested in are dumped at the ends of the log
files.
All three guests had 2GB of RAM. They had different VM configurations,
but between disabling and enabling the properties table feature, no
other knob was tweaked. Therefore the two log files of the same guest
should be comparable against each other, for each guest. For example:
$ colordiff -u ovmf.win10.prop.{disabled,enabled}.log
Because stuff hosted on the web privately tends to go away, I'll quote
that diff here, for posterity:
> --- ovmf.win10.prop.disabled.log 2015-09-29 22:01:45.252126086 +0200
> +++ ovmf.win10.prop.enabled.log 2015-09-29 21:50:54.579475078 +0200
> @@ -24,7 +24,7 @@
> QemuFwCfg interface is supported.
> Platform PEIM Loaded
> CMOS:
> -00: 38 00 01 00 22 00 03 29 09 15 26 02 00 80 00 00
> +00: 48 00 50 00 21 00 03 29 09 15 26 02 00 80 00 00
> 10: 00 00 00 00 06 80 02 FF FF 00 00 00 00 00 00 00
> 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 30: FF FF 20 00 00 7F 00 20 30 00 00 00 00 12 00 00
> @@ -1110,6 +1110,17 @@
> InstallProtocolInterface: 4CF5B200-68B8-4CA5-9EEC-B23E3F50029A 7F271568
> [Variable]END_OF_DXE is signaled
> Initialize variable error flag (FF)
> +MemoryProtectionAttribute - 0x0000000000000001
> +Total Image Count - 0x8
> +Dump ImageRecord:
> + Image[0]: 0x000000007EC26000 - 0x000000000000A000
> + Image[1]: 0x000000007EC35000 - 0x0000000000008000
> + Image[2]: 0x000000007EC65000 - 0x000000000000C000
> + Image[3]: 0x000000007ED76000 - 0x00000000000A3000
> + Image[4]: 0x000000007FE9E000 - 0x0000000000009000
> + Image[5]: 0x000000007FEA7000 - 0x000000000000A000
> + Image[6]: 0x000000007FEB1000 - 0x000000000000C000
> + Image[7]: 0x000000007FEBD000 - 0x000000000000C000
> S3Ready!
> SaveLockBox: Guid=DEA652B0-D587-4C54-B5B4-C682E7A0AA3D Buffer=7FEEE000 Length=0xA
> SetLockBoxAttributes: Guid=DEA652B0-D587-4C54-B5B4-C682E7A0AA3D Attributes=0x1
> @@ -1822,18 +1833,29 @@
> InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7F0EBA00
> Loading driver at 0x00010000000 EntryPoint=0x00010014790 bootmgfw.efi
> InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 7F0B8898
> -RuntimeDriverSetVirtualAddressMap: 12 descriptors
> +RuntimeDriverSetVirtualAddressMap: 23 descriptors
> # Memory Type PhysicalStart 0x VirtualStart 0x Size 0x Attributes
> -- ------------ ---------------- ---------------- ---------------- --------------------------------------
> - 0 RuntimeData 000000007EC21000 FFFFFFFFFF7E4000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 1 RuntimeCode 000000007EC26000 FFFFFFFFFF7E9000 000000000000A000 [UC|WC|WT|WB| | | | | | | |RT]
> - 2 RuntimeData 000000007EC30000 FFFFFFFFFF7F3000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 3 RuntimeCode 000000007EC35000 FFFFFFFFFF7F8000 0000000000008000 [UC|WC|WT|WB| | | | | | | |RT]
> - 4 RuntimeData 000000007EC60000 FFFFFFFFFF800000 0000000000005000 [UC|WC|WT|WB| | | | | | | |RT]
> - 5 RuntimeCode 000000007EC65000 FFFFFFFFFF805000 000000000000C000 [UC|WC|WT|WB| | | | | | | |RT]
> - 6 RuntimeData 000000007EC9E000 FFFFFFFFFF811000 00000000000D8000 [UC|WC|WT|WB| | | | | | | |RT]
> - 7 RuntimeCode 000000007ED76000 FFFFFFFFFF8E9000 00000000000A3000 [UC|WC|WT|WB| | | | | | | |RT]
> - 8 RuntimeCode 000000007FE99000 FFFFFFFFFF98C000 0000000000030000 [UC|WC|WT|WB| | | | | | | |RT]
> - 9 RuntimeData 000000007FEC9000 FFFFFFFFFF9BC000 0000000000024000 [UC|WC|WT|WB| | | | | | | |RT]
> -10 RuntimeData 000000007FFD0000 FFFFFFFFFF9E0000 0000000000020000 [UC|WC|WT|WB| | | | | | | |RT]
> -11 RuntimeData 00000000FFE00000 FFFFFFFFFFA00000 0000000000200000 [UC| | | | | | | | | | |RT]
> + 0 RuntimeData 000000007EC21000 FFFFFFFFFF7E4000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 1 RuntimeCode 000000007EC27000 FFFFFFFFFF7EA000 0000000000007000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 2 RuntimeData 000000007EC2E000 FFFFFFFFFF7F1000 0000000000007000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 3 RuntimeData 000000007EC35000 FFFFFFFFFF7F8000 0000000000001000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 4 RuntimeCode 000000007EC36000 FFFFFFFFFF7F9000 0000000000005000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 5 RuntimeData 000000007EC3B000 FFFFFFFFFF7FE000 0000000000002000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 6 RuntimeData 000000007EC60000 FFFFFFFFFF800000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 7 RuntimeCode 000000007EC66000 FFFFFFFFFF806000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> + 8 RuntimeData 000000007EC6F000 FFFFFFFFFF80F000 0000000000002000 [UC|WC|WT|WB| | | |XP| | | |RT]
> + 9 RuntimeData 000000007EC9E000 FFFFFFFFFF811000 00000000000D9000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +10 RuntimeCode 000000007ED77000 FFFFFFFFFF8EA000 0000000000097000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +11 RuntimeData 000000007EE0E000 FFFFFFFFFF981000 000000000000B000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +12 RuntimeData 000000007FE99000 FFFFFFFFFF98C000 0000000000006000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +13 RuntimeCode 000000007FE9F000 FFFFFFFFFF992000 0000000000006000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +14 RuntimeData 000000007FEA5000 FFFFFFFFFF998000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +15 RuntimeCode 000000007FEA8000 FFFFFFFFFF99B000 0000000000007000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +16 RuntimeData 000000007FEAF000 FFFFFFFFFF9A2000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +17 RuntimeCode 000000007FEB2000 FFFFFFFFFF9A5000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +18 RuntimeData 000000007FEBB000 FFFFFFFFFF9AE000 0000000000003000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +19 RuntimeCode 000000007FEBE000 FFFFFFFFFF9B1000 0000000000009000 [UC|WC|WT|WB| | | | |RO| | |RT]
> +20 RuntimeData 000000007FEC7000 FFFFFFFFFF9BA000 0000000000026000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +21 RuntimeData 000000007FFD0000 FFFFFFFFFF9E0000 0000000000020000 [UC|WC|WT|WB| | | |XP| | | |RT]
> +22 RuntimeData 00000000FFE00000 FFFFFFFFFFA00000 0000000000200000 [UC| | | | | | |XP| | | |RT]
Thanks
Laszlo
[1] https://github.com/tianocore/edk2/commit/ab081a50e5
[2] https://github.com/qemu/qemu/commit/81b2b81062
[3] http://news.gmane.org/find-root.php?message_id=%3C1443544141-26568-1-git-send-email-somlo-D+Gtc/HYRWM@public.gmane.org%3E
[4] http://thread.gmane.org/gmane.comp.bios.edk2.devel/2640
[5] http://people.redhat.com/~lersek/ovmf_prop_table/
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-29 21:58 ` Laszlo Ersek
(?)
@ 2015-09-30 9:30 ` Ard Biesheuvel
2015-09-30 16:43 ` Andy Lutomirski
-1 siblings, 1 reply; 78+ messages in thread
From: Ard Biesheuvel @ 2015-09-30 9:30 UTC (permalink / raw)
To: Laszlo Ersek
Cc: Matthew Garrett, Ingo Molnar, Andy Lutomirski, H. Peter Anvin,
Denys Vlasenko, Leif Lindholm, Thomas Gleixner, Borislav Petkov,
stable, Andrew Morton, Brian Gerst, Dave Young, linux-efi,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi, linux-kernel, James Bottomley,
Jordan Justen (Intel address)
On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
> On 09/28/15 08:41, Matthew Garrett wrote:
>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>>
>>> So the question is, what does Windows do?
>>
>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
>> arguments to the qemu debug port. Unfortunately I'm about to drop
>> mostly offline for a week, otherwise I'd give it a go...
[...]
> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
> guests, with the properties table feature enabled vs. disabled in the
> firmware. (All three Windows guests were updated first though.)
>
> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
> the feature is enabled in the firmware. However, Windows 8.1 crashes
> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
> 2012 R2 and Windows 10 boot fine.
>
Looking at the log, it seems the VA mapping strategy is actually the
same (i.e., bottom-up for Win10), and the difference can be explained
by the differences in the memory map provided by the firmware to the
OS. And indeed, the Win8.1 log shows the following:
# MemType Phys 0x Virt 0x Size 0x Attributes
-- ------- -------- -------- ------- -------------------------------
0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
I.e., the physical addresses increase while the virtual addresses
decrease, and since each consecutive RuntimeCode/RuntimeData pair
constitutes a PE/COFF image (.text and .data, respectively), the
PE/COFF images appear corrupted in the virtual space.
> I uploaded the verbose OVMF log files from all six guest boots to [5].
> The tables you might be interested in are dumped at the ends of the log
> files.
>
> All three guests had 2GB of RAM. They had different VM configurations,
> but between disabling and enabling the properties table feature, no
> other knob was tweaked. Therefore the two log files of the same guest
> should be comparable against each other, for each guest. For example:
>
> $ colordiff -u ovmf.win10.prop.{disabled,enabled}.log
>
> Because stuff hosted on the web privately tends to go away, I'll quote
> that diff here, for posterity:
>
>> --- ovmf.win10.prop.disabled.log 2015-09-29 22:01:45.252126086 +0200
>> +++ ovmf.win10.prop.enabled.log 2015-09-29 21:50:54.579475078 +0200
[...]
Thanks a lot for taking the time, this is very useful info.
--
Ard.
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 16:43 ` Andy Lutomirski
0 siblings, 0 replies; 78+ messages in thread
From: Andy Lutomirski @ 2015-09-30 16:43 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Laszlo Ersek, Matthew Garrett, Ingo Molnar, H. Peter Anvin,
Denys Vlasenko, Leif Lindholm, Thomas Gleixner, Borislav Petkov,
stable, Andrew Morton, Brian Gerst, Dave Young, linux-efi,
Linus Torvalds, Peter Jones, Matt Fleming, Matt Fleming,
Borislav Petkov, Lee, Chun-Yi, linux-kernel, James Bottomley,
Jordan Justen (Intel address)
On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
>> On 09/28/15 08:41, Matthew Garrett wrote:
>>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>>>
>>>> So the question is, what does Windows do?
>>>
>>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
>>> arguments to the qemu debug port. Unfortunately I'm about to drop
>>> mostly offline for a week, otherwise I'd give it a go...
> [...]
>> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
>> guests, with the properties table feature enabled vs. disabled in the
>> firmware. (All three Windows guests were updated first though.)
>>
>> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
>> the feature is enabled in the firmware. However, Windows 8.1 crashes
>> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
>> 2012 R2 and Windows 10 boot fine.
>>
>
> Looking at the log, it seems the VA mapping strategy is actually the
> same (i.e., bottom-up for Win10), and the difference can be explained
> by the differences in the memory map provided by the firmware to the
> OS. And indeed, the Win8.1 log shows the following:
>
> # MemType Phys 0x Virt 0x Size 0x Attributes
> -- ------- -------- -------- ------- -------------------------------
> 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
>
> I.e., the physical addresses increase while the virtual addresses
> decrease, and since each consecutive RuntimeCode/RuntimeData pair
> constitutes a PE/COFF image (.text and .data, respectively), the
> PE/COFF images appear corrupted in the virtual space.
All of this garbage makes me want to ask a rhetorical question:
Why on Earth did anyone think it's a good idea to invoke EFI functions
at CPL0 once the OS is booted?
And a more practical question:
Do we actually have to invoke EFI functions at CPL0?
I really mean it. Sure, for things like reboot where we give up
control and don't get it back, we need to do that. But for things
like variable access, the EFI code should really only need access to
EFI memor (with a known PA -> VA map) and the ability to trigger an
SMI. Doing it at CPL3 could require more fixups than would really
make sense, but could we virtualize it instead?
Actually, CPL3 + IOPL3 just might work.
Heck, on mixed-mode, we're already invoke EFI functions in compat
mode, and that seems okay, so those functions can't be poking at any
CPU state that varies between long and 32-bit modes.
--Andy
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 16:43 ` Andy Lutomirski
0 siblings, 0 replies; 78+ messages in thread
From: Andy Lutomirski @ 2015-09-30 16:43 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Laszlo Ersek, Matthew Garrett, Ingo Molnar, H. Peter Anvin,
Denys Vlasenko, Leif Lindholm, Thomas Gleixner, Borislav Petkov,
stable, Andrew Morton, Brian Gerst, Dave Young,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Linus Torvalds, Peter Jones,
Matt Fleming, Matt Fleming, Borislav Petkov, Lee, Chun-Yi,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, James Bottomley,
Jordan Justen (Intel address)
On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
> On 29 September 2015 at 23:58, Laszlo Ersek <lersek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>> On 09/28/15 08:41, Matthew Garrett wrote:
>>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>>>
>>>> So the question is, what does Windows do?
>>>
>>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
>>> arguments to the qemu debug port. Unfortunately I'm about to drop
>>> mostly offline for a week, otherwise I'd give it a go...
> [...]
>> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
>> guests, with the properties table feature enabled vs. disabled in the
>> firmware. (All three Windows guests were updated first though.)
>>
>> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
>> the feature is enabled in the firmware. However, Windows 8.1 crashes
>> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
>> 2012 R2 and Windows 10 boot fine.
>>
>
> Looking at the log, it seems the VA mapping strategy is actually the
> same (i.e., bottom-up for Win10), and the difference can be explained
> by the differences in the memory map provided by the firmware to the
> OS. And indeed, the Win8.1 log shows the following:
>
> # MemType Phys 0x Virt 0x Size 0x Attributes
> -- ------- -------- -------- ------- -------------------------------
> 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
>
> I.e., the physical addresses increase while the virtual addresses
> decrease, and since each consecutive RuntimeCode/RuntimeData pair
> constitutes a PE/COFF image (.text and .data, respectively), the
> PE/COFF images appear corrupted in the virtual space.
All of this garbage makes me want to ask a rhetorical question:
Why on Earth did anyone think it's a good idea to invoke EFI functions
at CPL0 once the OS is booted?
And a more practical question:
Do we actually have to invoke EFI functions at CPL0?
I really mean it. Sure, for things like reboot where we give up
control and don't get it back, we need to do that. But for things
like variable access, the EFI code should really only need access to
EFI memor (with a known PA -> VA map) and the ability to trigger an
SMI. Doing it at CPL3 could require more fixups than would really
make sense, but could we virtualize it instead?
Actually, CPL3 + IOPL3 just might work.
Heck, on mixed-mode, we're already invoke EFI functions in compat
mode, and that seems okay, so those functions can't be poking at any
CPU state that varies between long and 32-bit modes.
--Andy
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-30 16:43 ` Andy Lutomirski
(?)
@ 2015-09-30 17:24 ` James Bottomley
-1 siblings, 0 replies; 78+ messages in thread
From: James Bottomley @ 2015-09-30 17:24 UTC (permalink / raw)
To: luto
Cc: matt, mingo, pjones, ard.biesheuvel, jlee, torvalds, tglx,
lersek, dyoung, linux-kernel, stable, jordan.l.justen, akpm, hpa,
brgerst, linux-efi, bp, bp, dvlasenk, leif.lindholm,
matt.fleming, mjg59
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 5044 bytes --]
On Wed, 2015-09-30 at 09:43 -0700, Andy Lutomirski wrote:
> On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> > On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
> >> On 09/28/15 08:41, Matthew Garrett wrote:
> >>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
> >>>
> >>>> So the question is, what does Windows do?
> >>>
> >>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
> >>> arguments to the qemu debug port. Unfortunately I'm about to drop
> >>> mostly offline for a week, otherwise I'd give it a go...
> > [...]
> >> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
> >> guests, with the properties table feature enabled vs. disabled in the
> >> firmware. (All three Windows guests were updated first though.)
> >>
> >> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
> >> the feature is enabled in the firmware. However, Windows 8.1 crashes
> >> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
> >> 2012 R2 and Windows 10 boot fine.
> >>
> >
> > Looking at the log, it seems the VA mapping strategy is actually the
> > same (i.e., bottom-up for Win10), and the difference can be explained
> > by the differences in the memory map provided by the firmware to the
> > OS. And indeed, the Win8.1 log shows the following:
> >
> > # MemType Phys 0x Virt 0x Size 0x Attributes
> > -- ------- -------- -------- ------- -------------------------------
> > 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> > 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> > 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> > 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> > 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> > 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> > 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> > 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> > 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> > 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
> >
> > I.e., the physical addresses increase while the virtual addresses
> > decrease, and since each consecutive RuntimeCode/RuntimeData pair
> > constitutes a PE/COFF image (.text and .data, respectively), the
> > PE/COFF images appear corrupted in the virtual space.
>
> All of this garbage makes me want to ask a rhetorical question:
>
> Why on Earth did anyone think it's a good idea to invoke EFI functions
> at CPL0 once the OS is booted?
I'm afraid the originators of EFI (Intel) look on it as a DOS
replacement ... with the same OS support.
> And a more practical question:
>
> Do we actually have to invoke EFI functions at CPL0?
>
> I really mean it. Sure, for things like reboot where we give up
> control and don't get it back, we need to do that. But for things
> like variable access, the EFI code should really only need access to
> EFI memor (with a known PA -> VA map) and the ability to trigger an
> SMI. Doing it at CPL3 could require more fixups than would really
> make sense, but could we virtualize it instead?
>
> Actually, CPL3 + IOPL3 just might work.
>
> Heck, on mixed-mode, we're already invoke EFI functions in compat
> mode, and that seems okay, so those functions can't be poking at any
> CPU state that varies between long and 32-bit modes.
It's hard. The EFI functions expect to interact directly with kernel
memory, which they can't at CPL3. We could vector all that through a
CPL3 readable buffer but anything within EFI that uses privileged
instructions will fault and we'll have to handle it ... this really
sounds like a can of worms. Especially as windows will be no help
testing all of this because it will call in at CPL0.
James
ÿôèº{.nÇ+·®+%Ëÿ±éݶ\x17¥wÿº{.nÇ+·¥{±þG«éÿ{ayº\x1dÊÚë,j\a¢f£¢·hïêÿêçz_è®\x03(éÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?¨èÚ&£ø§~á¶iOæ¬z·vØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?I¥
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 17:24 ` James Bottomley
0 siblings, 0 replies; 78+ messages in thread
From: James Bottomley @ 2015-09-30 17:24 UTC (permalink / raw)
To: luto
Cc: matt, mingo, pjones, ard.biesheuvel, jlee, torvalds, tglx,
lersek, dyoung, linux-kernel, stable, jordan.l.justen, akpm, hpa,
brgerst, linux-efi, bp, bp, dvlasenk, leif.lindholm,
matt.fleming, mjg59
On Wed, 2015-09-30 at 09:43 -0700, Andy Lutomirski wrote:
> On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> > On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
> >> On 09/28/15 08:41, Matthew Garrett wrote:
> >>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
> >>>
> >>>> So the question is, what does Windows do?
> >>>
> >>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
> >>> arguments to the qemu debug port. Unfortunately I'm about to drop
> >>> mostly offline for a week, otherwise I'd give it a go...
> > [...]
> >> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
> >> guests, with the properties table feature enabled vs. disabled in the
> >> firmware. (All three Windows guests were updated first though.)
> >>
> >> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
> >> the feature is enabled in the firmware. However, Windows 8.1 crashes
> >> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
> >> 2012 R2 and Windows 10 boot fine.
> >>
> >
> > Looking at the log, it seems the VA mapping strategy is actually the
> > same (i.e., bottom-up for Win10), and the difference can be explained
> > by the differences in the memory map provided by the firmware to the
> > OS. And indeed, the Win8.1 log shows the following:
> >
> > # MemType Phys 0x Virt 0x Size 0x Attributes
> > -- ------- -------- -------- ------- -------------------------------
> > 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> > 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> > 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> > 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> > 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> > 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> > 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> > 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> > 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> > 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
> >
> > I.e., the physical addresses increase while the virtual addresses
> > decrease, and since each consecutive RuntimeCode/RuntimeData pair
> > constitutes a PE/COFF image (.text and .data, respectively), the
> > PE/COFF images appear corrupted in the virtual space.
>
> All of this garbage makes me want to ask a rhetorical question:
>
> Why on Earth did anyone think it's a good idea to invoke EFI functions
> at CPL0 once the OS is booted?
I'm afraid the originators of EFI (Intel) look on it as a DOS
replacement ... with the same OS support.
> And a more practical question:
>
> Do we actually have to invoke EFI functions at CPL0?
>
> I really mean it. Sure, for things like reboot where we give up
> control and don't get it back, we need to do that. But for things
> like variable access, the EFI code should really only need access to
> EFI memor (with a known PA -> VA map) and the ability to trigger an
> SMI. Doing it at CPL3 could require more fixups than would really
> make sense, but could we virtualize it instead?
>
> Actually, CPL3 + IOPL3 just might work.
>
> Heck, on mixed-mode, we're already invoke EFI functions in compat
> mode, and that seems okay, so those functions can't be poking at any
> CPU state that varies between long and 32-bit modes.
It's hard. The EFI functions expect to interact directly with kernel
memory, which they can't at CPL3. We could vector all that through a
CPL3 readable buffer but anything within EFI that uses privileged
instructions will fault and we'll have to handle it ... this really
sounds like a can of worms. Especially as windows will be no help
testing all of this because it will call in at CPL0.
James
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 17:24 ` James Bottomley
0 siblings, 0 replies; 78+ messages in thread
From: James Bottomley @ 2015-09-30 17:24 UTC (permalink / raw)
To: luto
Cc: matt, mingo, pjones, ard.biesheuvel, jlee, torvalds, tglx,
lersek, dyoung, linux-kernel, stable, jordan.l.justen, akpm, hpa,
brgerst, linux-efi, bp, bp, dvlasenk
On Wed, 2015-09-30 at 09:43 -0700, Andy Lutomirski wrote:
> On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> > On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
> >> On 09/28/15 08:41, Matthew Garrett wrote:
> >>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
> >>>
> >>>> So the question is, what does Windows do?
> >>>
> >>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
> >>> arguments to the qemu debug port. Unfortunately I'm about to drop
> >>> mostly offline for a week, otherwise I'd give it a go...
> > [...]
> >> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
> >> guests, with the properties table feature enabled vs. disabled in the
> >> firmware. (All three Windows guests were updated first though.)
> >>
> >> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
> >> the feature is enabled in the firmware. However, Windows 8.1 crashes
> >> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
> >> 2012 R2 and Windows 10 boot fine.
> >>
> >
> > Looking at the log, it seems the VA mapping strategy is actually the
> > same (i.e., bottom-up for Win10), and the difference can be explained
> > by the differences in the memory map provided by the firmware to the
> > OS. And indeed, the Win8.1 log shows the following:
> >
> > # MemType Phys 0x Virt 0x Size 0x Attributes
> > -- ------- -------- -------- ------- -------------------------------
> > 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> > 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> > 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> > 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> > 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> > 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> > 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> > 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> > 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> > 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> > 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> > 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> > 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> > 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> > 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
> >
> > I.e., the physical addresses increase while the virtual addresses
> > decrease, and since each consecutive RuntimeCode/RuntimeData pair
> > constitutes a PE/COFF image (.text and .data, respectively), the
> > PE/COFF images appear corrupted in the virtual space.
>
> All of this garbage makes me want to ask a rhetorical question:
>
> Why on Earth did anyone think it's a good idea to invoke EFI functions
> at CPL0 once the OS is booted?
I'm afraid the originators of EFI (Intel) look on it as a DOS
replacement ... with the same OS support.
> And a more practical question:
>
> Do we actually have to invoke EFI functions at CPL0?
>
> I really mean it. Sure, for things like reboot where we give up
> control and don't get it back, we need to do that. But for things
> like variable access, the EFI code should really only need access to
> EFI memor (with a known PA -> VA map) and the ability to trigger an
> SMI. Doing it at CPL3 could require more fixups than would really
> make sense, but could we virtualize it instead?
>
> Actually, CPL3 + IOPL3 just might work.
>
> Heck, on mixed-mode, we're already invoke EFI functions in compat
> mode, and that seems okay, so those functions can't be poking at any
> CPU state that varies between long and 32-bit modes.
It's hard. The EFI functions expect to interact directly with kernel
memory, which they can't at CPL3. We could vector all that through a
CPL3 readable buffer but anything within EFI that uses privileged
instructions will fault and we'll have to handle it ... this really
sounds like a can of worms. Especially as windows will be no help
testing all of this because it will call in at CPL0.
James
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 0:54 ` H. Peter Anvin
0 siblings, 0 replies; 78+ messages in thread
From: H. Peter Anvin @ 2015-09-30 0:54 UTC (permalink / raw)
To: Ingo Molnar, Matthew Garrett
Cc: Andy Lutomirski, Denys Vlasenko, Leif Lindholm, Thomas Gleixner,
Borislav Petkov, stable, Andrew Morton, Brian Gerst, Dave Young,
linux-efi, Ard Biesheuvel, Linus Torvalds, Peter Jones,
Matt Fleming, Matt Fleming, Borislav Petkov, Lee, Chun-Yi,
linux-kernel, James Bottomley
On 09/27/2015 11:16 PM, Ingo Molnar wrote:
>
> So the question is, what does Windows do?
>
> PC firmware is a hostile environment for Linux, to be compatible the best we can
> do is to mimic the environment that the firmware is tested under - i.e. try to use
> the firmware in the way Windows uses it.
>
Windows apparently went through the same exercise of breakage followed
by a fix. It is unknown if Windows will preserve gaps since those are
not manifest on existing firmware.
-hpa
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-30 0:54 ` H. Peter Anvin
0 siblings, 0 replies; 78+ messages in thread
From: H. Peter Anvin @ 2015-09-30 0:54 UTC (permalink / raw)
To: Ingo Molnar, Matthew Garrett
Cc: Andy Lutomirski, Denys Vlasenko, Leif Lindholm, Thomas Gleixner,
Borislav Petkov, stable, Andrew Morton, Brian Gerst, Dave Young,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Ard Biesheuvel, Linus Torvalds,
Peter Jones, Matt Fleming, Matt Fleming, Borislav Petkov, Lee,
Chun-Yi, linux-kernel-u79uwXL29TY76Z2rM5mHXA, James Bottomley
On 09/27/2015 11:16 PM, Ingo Molnar wrote:
>
> So the question is, what does Windows do?
>
> PC firmware is a hostile environment for Linux, to be compatible the best we can
> do is to mimic the environment that the firmware is tested under - i.e. try to use
> the firmware in the way Windows uses it.
>
Windows apparently went through the same exercise of breakage followed
by a fix. It is unknown if Windows will preserve gaps since those are
not manifest on existing firmware.
-hpa
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 19:55 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-26 19:55 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Andy Lutomirski, Ingo Molnar, Thomas Gleixner, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Ard Biesheuvel, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Sat, 26 Sep, at 10:20:22AM, H. Peter Anvin wrote:
>
> I think it "works" because the affected BIOSes don't put spaces
> between the chunks. I have discussed this with Matt.
Right, that's very true. Though note that the current mapping
algorithm will handle a gap <= PMD_SIZE, it's just anything larger
than PMD_SIZE we "squash" to the next multiple of PMD_SIZE.
It's unclear whether the firmware toolchains would even support
references between sections with a PMD_SIZE gap between them, and I
think the firmware engineers would have to go out of their way to
actually insert such a gap.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
@ 2015-09-26 19:55 ` Matt Fleming
0 siblings, 0 replies; 78+ messages in thread
From: Matt Fleming @ 2015-09-26 19:55 UTC (permalink / raw)
To: H. Peter Anvin
Cc: Andy Lutomirski, Ingo Molnar, Thomas Gleixner, Matt Fleming,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Ard Biesheuvel, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
On Sat, 26 Sep, at 10:20:22AM, H. Peter Anvin wrote:
>
> I think it "works" because the affected BIOSes don't put spaces
> between the chunks. I have discussed this with Matt.
Right, that's very true. Though note that the current mapping
algorithm will handle a gap <= PMD_SIZE, it's just anything larger
than PMD_SIZE we "squash" to the next multiple of PMD_SIZE.
It's unclear whether the firmware toolchains would even support
references between sections with a PMD_SIZE gap between them, and I
think the firmware engineers would have to go out of their way to
actually insert such a gap.
--
Matt Fleming, Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 78+ messages in thread
* Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
2015-09-26 17:01 ` Andy Lutomirski
(?)
(?)
@ 2015-09-27 6:50 ` Ingo Molnar
-1 siblings, 0 replies; 78+ messages in thread
From: Ingo Molnar @ 2015-09-27 6:50 UTC (permalink / raw)
To: Andy Lutomirski
Cc: Matt Fleming, Thomas Gleixner, H. Peter Anvin, Matt Fleming,
linux-kernel, linux-efi, Lee, Chun-Yi, Borislav Petkov,
Leif Lindholm, Peter Jones, James Bottomley, Matthew Garrett,
Dave Young, stable, Ard Biesheuvel, Linus Torvalds,
Borislav Petkov, Andy Lutomirski, Denys Vlasenko, Brian Gerst,
Andrew Morton
* Andy Lutomirski <luto@amacapital.net> wrote:
> On Fri, Sep 25, 2015 at 10:56 PM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> > So this commit worries me.
> >
> > This bug is a good find, and the fix is obviously needed and urgent, but I'm not
> > sure about the implementation at all. (I've Cc:-ed a few more x86 low level
> > gents.)
> >
> > * Matt Fleming <matt@codeblueprint.co.uk> wrote:
> >> + /*
> >> + * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
> >> + * config table feature requires us to map all entries
> >> + * in the same order as they appear in the EFI memory
> >> + * map. That is to say, entry N must have a lower
> >> + * virtual address than entry N+1. This is because the
> >> + * firmware toolchain leaves relative references in
> >> + * the code/data sections, which are split and become
> >> + * separate EFI memory regions. Mapping things
> >> + * out-of-order leads to the firmware accessing
> >> + * unmapped addresses.
> >> + *
>
> I'm clearly missing something. What is EFI doing that it doesn't care how big
> the gap between sections is but it still requires them to be in order? It's not
> as though x86_64 has an addressing mode that allows only non-negative offsets.
It appears the problem is that what we think to be 'different sections' are in
reality smaller parts of the same section.
Any relative address calculation will be broken if we don't preserve the relative
positions of these sections/sub-sections. Any CPU that supports addition is
affected, it doesn't need any special addressing modes.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 78+ messages in thread