All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: "Mantas Mikulėnas" <grawity@gmail.com>,
	"Matthew Garrett" <mjg@redhat.com>,
	"Bjorn Helgaas" <bhelgaas@google.com>,
	"Seth Forshee" <seth.forshee@canonical.com>
Cc: Dave Airlie <airlied@gmail.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Regression: Screen turns off when booting in EFI mode
Date: Tue, 19 Mar 2013 10:58:11 -0700	[thread overview]
Message-ID: <CA+55aFyE3qCSnEfnCN6MkkKOj1kt_OCroJzTHEKkhUh+8Y7nXA@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFyOypoeXgBWP0d7KmL3YezmjwEgrB=ntZaZdYjdmFkQpA@mail.gmail.com>

On Tue, Mar 19, 2013 at 10:09 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> Doing things like blindly trusting the firmware data without even
> validating it is a really really bad idea. The commit actually looks
> seriously broken in other ways too, like blindly doing phys_to_virt()
> on that, and then trusting the result

Ok, looks like the only thing filling it in is eboot.c, and I guess it
relies on the EFI memory allocations having been mapped. Which they
hopefully have been.

Still, even that seems somewhat debatable. eboot.c does a plain
memcpy() on the pci->romimage returned by
EfiPciIoAttributeOperationGet. And I can *guarantee* that that doesn't
work on some PCI chips that end up sharing the decoder for the ROM and
the graphics aperture or other device oddities. Afaik, some Radeons do
that, for example.

So whoever wrote that eboot thing seems to assume that the world is a
lot simpler and saner than it actually is, and that everybody
magically got things right. Which they never do. The code was
presumably tested on just a couple of machines.

The problem (well, at least *one* problem) is that pci_map_rom()
actually knows about some of these issues, but if dev->rom and
dev->romlen have been set, it trusts them unconditionally. So we'd
either need to fix that, or we need to be really *really* sure that we
only set dev->rom to guaranteed-correct buffers.

At least the radeon code seems to verify that the ROM image starts
with 0x55/0xaa, but I'm guessing we can't do that in general, even if
it is the traditional PC rom pattern.

We only have a few users of "pci_map_rom()", I'm wondering if we can
move the "dev->rom/romsize" cases into the callers. Then the callers
could decide if they want to trust that "pseudo-shadowed" ROM image
(which would test that 55/aa pattern for example), or whether they
want to try to map the actual physical ROM.

                      Linus

  reply	other threads:[~2013-03-19 17:58 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-21 23:09 Regression: Screen turns off when booting in EFI mode Mantas Mikulėnas
2013-02-21 23:54 ` Dave Airlie
2013-02-22  1:03   ` Mantas Mikulėnas
2013-03-09 21:42     ` Mantas Mikulėnas
2013-03-19 17:09       ` Linus Torvalds
2013-03-19 17:58         ` Linus Torvalds [this message]
2013-03-19 19:31         ` Mantas Mikulėnas
2013-03-19 19:59         ` Matthew Garrett
2013-03-19 20:20           ` Linus Torvalds
2013-03-19 21:16             ` Mantas Mikulėnas
2013-03-19 21:26               ` [PATCH] PCI: Use ROM images from firmware only if no other ROM source available Matthew Garrett
2013-03-25 23:52               ` Regression: Screen turns off when booting in EFI mode Dave Airlie
2013-03-25 23:55                 ` Matthew Garrett
2013-03-27 19:29                   ` Bjorn Helgaas
2013-03-27 20:02                     ` Dave Airlie
2013-03-27 20:28                       ` Bjorn Helgaas
2013-03-26 21:25                 ` [PATCH 1/3] pci: Add PCI ROM helper for platform-provided ROM images Matthew Garrett
2013-03-26 21:25                   ` [PATCH 2/3] nouveau: Attempt to use platform-provided ROM image Matthew Garrett
2013-03-26 21:25                   ` [PATCH 3/3] radeon: " Matthew Garrett
2013-03-26 22:53                   ` [PATCH 1/3] pci: Add PCI ROM helper for platform-provided ROM images Bjorn Helgaas
2013-03-26 22:55                     ` Matthew Garrett
2013-03-27 20:33                       ` Bjorn Helgaas
2013-03-27 20:34                         ` Bjorn Helgaas
2013-03-28  8:48                         ` Mantas Mikulėnas
2013-04-01 17:39                           ` Bjorn Helgaas
2013-04-01 17:47                             ` Matthew Garrett
2013-04-02 20:10                               ` Bjorn Helgaas
2013-04-05 20:31                                 ` Chris Murphy
2013-04-05 20:35                                   ` Bjorn Helgaas
2013-04-05 22:28                                     ` Chris Murphy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+55aFyE3qCSnEfnCN6MkkKOj1kt_OCroJzTHEKkhUh+8Y7nXA@mail.gmail.com \
    --to=torvalds@linux-foundation.org \
    --cc=airlied@gmail.com \
    --cc=bhelgaas@google.com \
    --cc=grawity@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mjg@redhat.com \
    --cc=seth.forshee@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.