From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45A7DC3F2D4 for ; Fri, 28 Feb 2020 10:02:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0E458246A8 for ; Fri, 28 Feb 2020 10:02:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582884175; bh=yTXR/aWTRf31QuLVSWpsZDTg2cGIQ6ZDOSL3SMzock8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=cj6Q5Tue9NQ1O+izwpTJn0T1znA2B1U4AkezVhYXW8XB5AQAWsmIBs1qgX5RLUAss kW9lbfzUsrIsDjfPs8fRr4GSxSBU/4KrbVIqScOZLhKPqKara2I1MdI4ZgzGR7m9uQ ArCRrRBj0nzhK3y75QQGqD89qr5I9NLe0KAtH3Bw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726831AbgB1KCy (ORCPT ); Fri, 28 Feb 2020 05:02:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:33412 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726440AbgB1KCy (ORCPT ); Fri, 28 Feb 2020 05:02:54 -0500 Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr [109.210.65.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 78C25246A2; Fri, 28 Feb 2020 10:02:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582884174; bh=yTXR/aWTRf31QuLVSWpsZDTg2cGIQ6ZDOSL3SMzock8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JxrXxSwmLwjs7T9fSyDBoq8W1cL31VwgG6bCXGzCpIhOVmw+ORk+P212pWj65MckC xJ+2+xmjeixtH/l417o9UJRKlyHtOuEdxwWT0wAuWJ24F+F/yfjJGis0sBbQSLfkiN 8Me8pAD/KSiF6SSeVijW3H3ItpjAosrmTEj0UtzQ= From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel Subject: [PATCH efi-next 3/3] efi: mark all EFI runtime services as unsupported on non-EFI boot Date: Fri, 28 Feb 2020 11:02:44 +0100 Message-Id: <20200228100244.10979-4-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228100244.10979-1-ardb@kernel.org> References: <20200228100244.10979-1-ardb@kernel.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Recent changes to the way we deal with EFI runtime services that are marked as unsupported by the firmware resulted in a regression for non-EFI boot. The problem is that all EFI runtime services are marked as available by default, and any non-NULL checks on the EFI service function pointers (which will be non-NULL even for runtime services that are unsupported on an EFI boot) were replaced with checks against the mask stored in efi.runtime_supported_mask. When doing a non-EFI boot, this check against the mask will return a false positive, given the fact that all runtime services are marked as enabled by default. Since we dropped the non-NULL check of the runtime service function pointer in favor of the mask check, we will now unconditionally dereference the function pointer, even if it is NULL, and go boom. So let's ensure that the mask reflects reality on a non-EFI boot, which is that all EFI runtime services are unsupported. Reported-by: David Hildenbrand Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 41269a95ff85..d1746a579c99 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -300,12 +300,12 @@ static int __init efisubsys_init(void) { int error; - if (!efi_enabled(EFI_BOOT)) - return 0; - if (!efi_enabled(EFI_RUNTIME_SERVICES)) efi.runtime_supported_mask = 0; + if (!efi_enabled(EFI_BOOT)) + return 0; + if (efi.runtime_supported_mask) { /* * Since we process only one efi_runtime_service() at a time, an -- 2.17.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50ED6C3F2D1 for ; Fri, 28 Feb 2020 10:03:54 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F117E246A2 for ; Fri, 28 Feb 2020 10:03:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="G/DOBmbA"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="JxrXxSwm" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F117E246A2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=HRhNXcO3UEP2uh4l77mXI5QLCIo5uoOkn07/mDG+Gi0=; b=G/DOBmbA4D97TSVTTwcYck9Dny aisSRvqdU5ffpZNgaDCcBkinC4OMKQTHKQO7rykzuRu5GhPuxwD5PskPXTc3OML4o1+q2ERnY4m3o QtUPkuUVfqsuRYOHYaLPHHAJnvAORYBj+lMKapJCRmZkoadEGqoUK7NHNPFmjCXxhtC/eBOsE7lan 9xZzulKLjeFrAtzw6oUSegpuzszLj4gTm6Q21dxjEs4va3JWKU9OPAdE4floMxSA5rNGHzA34Mqkf xB2wkDLntzPUmWYsMvspD0Lk0MmeCzXfteGedGFfr9IVYqeP1I5nIR9ZzS2LjEkULspIYrVa0O5vy KQPQfeEQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7cUh-0003f1-Jc; Fri, 28 Feb 2020 10:03:43 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j7cTu-0002vt-Iv for linux-arm-kernel@lists.infradead.org; Fri, 28 Feb 2020 10:02:56 +0000 Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr [109.210.65.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 78C25246A2; Fri, 28 Feb 2020 10:02:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582884174; bh=yTXR/aWTRf31QuLVSWpsZDTg2cGIQ6ZDOSL3SMzock8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JxrXxSwmLwjs7T9fSyDBoq8W1cL31VwgG6bCXGzCpIhOVmw+ORk+P212pWj65MckC xJ+2+xmjeixtH/l417o9UJRKlyHtOuEdxwWT0wAuWJ24F+F/yfjJGis0sBbQSLfkiN 8Me8pAD/KSiF6SSeVijW3H3ItpjAosrmTEj0UtzQ= From: Ard Biesheuvel To: linux-efi@vger.kernel.org Subject: [PATCH efi-next 3/3] efi: mark all EFI runtime services as unsupported on non-EFI boot Date: Fri, 28 Feb 2020 11:02:44 +0100 Message-Id: <20200228100244.10979-4-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228100244.10979-1-ardb@kernel.org> References: <20200228100244.10979-1-ardb@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200228_020254_660036_41DDAFB3 X-CRM114-Status: GOOD ( 12.87 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel , linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org Recent changes to the way we deal with EFI runtime services that are marked as unsupported by the firmware resulted in a regression for non-EFI boot. The problem is that all EFI runtime services are marked as available by default, and any non-NULL checks on the EFI service function pointers (which will be non-NULL even for runtime services that are unsupported on an EFI boot) were replaced with checks against the mask stored in efi.runtime_supported_mask. When doing a non-EFI boot, this check against the mask will return a false positive, given the fact that all runtime services are marked as enabled by default. Since we dropped the non-NULL check of the runtime service function pointer in favor of the mask check, we will now unconditionally dereference the function pointer, even if it is NULL, and go boom. So let's ensure that the mask reflects reality on a non-EFI boot, which is that all EFI runtime services are unsupported. Reported-by: David Hildenbrand Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 41269a95ff85..d1746a579c99 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -300,12 +300,12 @@ static int __init efisubsys_init(void) { int error; - if (!efi_enabled(EFI_BOOT)) - return 0; - if (!efi_enabled(EFI_RUNTIME_SERVICES)) efi.runtime_supported_mask = 0; + if (!efi_enabled(EFI_BOOT)) + return 0; + if (efi.runtime_supported_mask) { /* * Since we process only one efi_runtime_service() at a time, an -- 2.17.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel