From: Andy Lutomirski <luto@amacapital.net>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Ingo Molnar <mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Leif Lindholm <leif.lindholm@linaro.org>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>, stable <stable@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Brian Gerst <brgerst@gmail.com>, Dave Young <dyoung@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Jones <pjones@redhat.com>,
Matt Fleming <matt@codeblueprint.co.uk>,
Matt Fleming <matt.fleming@intel.com>,
Borislav Petkov <bp@suse.de>, "Lee, Chun-Yi" <jlee@suse.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
James Bottomley <JBottomley@odin.com>,
"Jordan Justen (Intel address)" <jordan.l.justen@intel.com>
Subject: Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
Date: Wed, 30 Sep 2015 09:43:05 -0700 [thread overview]
Message-ID: <CALCETrWCwuj1hmbGqXGs1vHG2Dk3aoOWD9Ve4gmXJ9S7jPUt-g@mail.gmail.com> (raw)
In-Reply-To: <CAKv+Gu-enULj-OMRufB3OPSUVueM1843bD1CdFybaAS7xMUKgw@mail.gmail.com>
On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 29 September 2015 at 23:58, Laszlo Ersek <lersek@redhat.com> wrote:
>> On 09/28/15 08:41, Matthew Garrett wrote:
>>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>>>
>>>> So the question is, what does Windows do?
>>>
>>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
>>> arguments to the qemu debug port. Unfortunately I'm about to drop
>>> mostly offline for a week, otherwise I'd give it a go...
> [...]
>> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
>> guests, with the properties table feature enabled vs. disabled in the
>> firmware. (All three Windows guests were updated first though.)
>>
>> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
>> the feature is enabled in the firmware. However, Windows 8.1 crashes
>> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
>> 2012 R2 and Windows 10 boot fine.
>>
>
> Looking at the log, it seems the VA mapping strategy is actually the
> same (i.e., bottom-up for Win10), and the difference can be explained
> by the differences in the memory map provided by the firmware to the
> OS. And indeed, the Win8.1 log shows the following:
>
> # MemType Phys 0x Virt 0x Size 0x Attributes
> -- ------- -------- -------- ------- -------------------------------
> 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
>
> I.e., the physical addresses increase while the virtual addresses
> decrease, and since each consecutive RuntimeCode/RuntimeData pair
> constitutes a PE/COFF image (.text and .data, respectively), the
> PE/COFF images appear corrupted in the virtual space.
All of this garbage makes me want to ask a rhetorical question:
Why on Earth did anyone think it's a good idea to invoke EFI functions
at CPL0 once the OS is booted?
And a more practical question:
Do we actually have to invoke EFI functions at CPL0?
I really mean it. Sure, for things like reboot where we give up
control and don't get it back, we need to do that. But for things
like variable access, the EFI code should really only need access to
EFI memor (with a known PA -> VA map) and the ability to trigger an
SMI. Doing it at CPL3 could require more fixups than would really
make sense, but could we virtualize it instead?
Actually, CPL3 + IOPL3 just might work.
Heck, on mixed-mode, we're already invoke EFI functions in compat
mode, and that seems okay, so those functions can't be poking at any
CPU state that varies between long and 32-bit modes.
--Andy
WARNING: multiple messages have this Message-ID (diff)
From: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
To: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: Laszlo Ersek <lersek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Denys Vlasenko <dvlasenk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Leif Lindholm
<leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>,
stable <stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Brian Gerst <brgerst-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Peter Jones <pjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Matt Fleming
<matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>,
Matt Fleming
<matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Borislav Petkov <bp-l3A5Bk7waGM@public.gmane.org>,
"Lee, Chun-Yi" <jlee-IBi9RG/b67k@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
James Bottomley <JBottomley-wo1vFcy6AUs@public.gmane.org>,
"Jordan Justen (Intel address)"
<jordan.l.justen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime
Date: Wed, 30 Sep 2015 09:43:05 -0700 [thread overview]
Message-ID: <CALCETrWCwuj1hmbGqXGs1vHG2Dk3aoOWD9Ve4gmXJ9S7jPUt-g@mail.gmail.com> (raw)
In-Reply-To: <CAKv+Gu-enULj-OMRufB3OPSUVueM1843bD1CdFybaAS7xMUKgw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Wed, Sep 30, 2015 at 2:30 AM, Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
> On 29 September 2015 at 23:58, Laszlo Ersek <lersek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>> On 09/28/15 08:41, Matthew Garrett wrote:
>>> On Mon, Sep 28, 2015 at 08:16:46AM +0200, Ingo Molnar wrote:
>>>
>>>> So the question is, what does Windows do?
>>>
>>> It's pretty trivial to hack OVMF to dump the SetVirtualAddressMap()
>>> arguments to the qemu debug port. Unfortunately I'm about to drop
>>> mostly offline for a week, otherwise I'd give it a go...
> [...]
>> Then I booted my Windows Server 2012 R2, Windows 8.1, and Windows 10
>> guests, with the properties table feature enabled vs. disabled in the
>> firmware. (All three Windows guests were updated first though.)
>>
>> All three Windows OSes adapt their SetVirtualAddressMap() calls, when
>> the feature is enabled in the firmware. However, Windows 8.1 crashes
>> nonetheless (BSOD, I forget the fault details, sorry). Windows Server
>> 2012 R2 and Windows 10 boot fine.
>>
>
> Looking at the log, it seems the VA mapping strategy is actually the
> same (i.e., bottom-up for Win10), and the difference can be explained
> by the differences in the memory map provided by the firmware to the
> OS. And indeed, the Win8.1 log shows the following:
>
> # MemType Phys 0x Virt 0x Size 0x Attributes
> -- ------- -------- -------- ------- -------------------------------
> 0 RtData 7EC21000 FFBFA000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 1 RtCode 7EC27000 FFBF3000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 2 RtData 7EC2E000 FFBEC000 0007000 [UC|WC|WT|WB| |XP| | | |RT]
> 3 RtData 7EC35000 FFBEB000 0001000 [UC|WC|WT|WB| |XP| | | |RT]
> 4 RtCode 7EC36000 FFBE6000 0005000 [UC|WC|WT|WB| | |RO| | |RT]
> 5 RtData 7EC3B000 FFBE4000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 6 RtData 7EC60000 FFBDE000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 7 RtCode 7EC66000 FFBD5000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 8 RtData 7EC6F000 FFBD3000 0002000 [UC|WC|WT|WB| |XP| | | |RT]
> 9 RtData 7EC9E000 FFAFA000 00D9000 [UC|WC|WT|WB| |XP| | | |RT]
> 10 RtCode 7ED77000 FFA63000 0097000 [UC|WC|WT|WB| | |RO| | |RT]
> 11 RtData 7EE0E000 FFA58000 000B000 [UC|WC|WT|WB| |XP| | | |RT]
> 12 RtData 7FE99000 FFA52000 0006000 [UC|WC|WT|WB| |XP| | | |RT]
> 13 RtCode 7FE9F000 FFA4C000 0006000 [UC|WC|WT|WB| | |RO| | |RT]
> 14 RtData 7FEA5000 FFA49000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 15 RtCode 7FEA8000 FFA42000 0007000 [UC|WC|WT|WB| | |RO| | |RT]
> 16 RtData 7FEAF000 FFA3F000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 17 RtCode 7FEB2000 FFA36000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 18 RtData 7FEBB000 FFA33000 0003000 [UC|WC|WT|WB| |XP| | | |RT]
> 19 RtCode 7FEBE000 FFA2A000 0009000 [UC|WC|WT|WB| | |RO| | |RT]
> 20 RtData 7FEC7000 FFA04000 0026000 [UC|WC|WT|WB| |XP| | | |RT]
> 21 RtData 7FFD0000 FF9E4000 0020000 [UC|WC|WT|WB| |XP| | | |RT]
> 22 RtData FFE00000 FF7E4000 0200000 [UC| | | | |XP| | | |RT]
>
> I.e., the physical addresses increase while the virtual addresses
> decrease, and since each consecutive RuntimeCode/RuntimeData pair
> constitutes a PE/COFF image (.text and .data, respectively), the
> PE/COFF images appear corrupted in the virtual space.
All of this garbage makes me want to ask a rhetorical question:
Why on Earth did anyone think it's a good idea to invoke EFI functions
at CPL0 once the OS is booted?
And a more practical question:
Do we actually have to invoke EFI functions at CPL0?
I really mean it. Sure, for things like reboot where we give up
control and don't get it back, we need to do that. But for things
like variable access, the EFI code should really only need access to
EFI memor (with a known PA -> VA map) and the ability to trigger an
SMI. Doing it at CPL3 could require more fixups than would really
make sense, but could we virtualize it instead?
Actually, CPL3 + IOPL3 just might work.
Heck, on mixed-mode, we're already invoke EFI functions in compat
mode, and that seems okay, so those functions can't be poking at any
CPU state that varies between long and 32-bit modes.
--Andy
next prev parent reply other threads:[~2015-09-30 16:43 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-25 22:02 [GIT PULL 0/2] EFI urgent fixes Matt Fleming
2015-09-25 22:02 ` Matt Fleming
2015-09-25 22:02 ` [PATCH 1/2] x86/efi: Map EFI memmap entries in-order at runtime Matt Fleming
2015-09-25 22:02 ` Matt Fleming
2015-09-26 5:56 ` Ingo Molnar
2015-09-26 5:56 ` Ingo Molnar
2015-09-26 6:44 ` Ard Biesheuvel
2015-09-26 6:44 ` Ard Biesheuvel
2015-09-26 13:43 ` Matt Fleming
2015-09-27 7:03 ` Ingo Molnar
2015-09-27 7:03 ` Ingo Molnar
2015-09-28 6:49 ` Ard Biesheuvel
2015-09-28 8:22 ` Ingo Molnar
2015-09-28 8:22 ` Ingo Molnar
2015-09-28 9:51 ` Ard Biesheuvel
2015-09-28 9:51 ` Ard Biesheuvel
2015-09-29 9:12 ` Ingo Molnar
2015-09-29 10:41 ` Ard Biesheuvel
2015-09-29 14:18 ` Matt Fleming
2015-09-29 14:18 ` Matt Fleming
2015-09-29 13:52 ` Matt Fleming
2015-09-29 13:52 ` Matt Fleming
2015-09-26 17:01 ` Andy Lutomirski
2015-09-26 17:01 ` Andy Lutomirski
2015-09-26 17:20 ` H. Peter Anvin
2015-09-26 18:15 ` Ard Biesheuvel
2015-09-26 18:15 ` Ard Biesheuvel
2015-09-26 19:49 ` H. Peter Anvin
2015-09-26 19:57 ` Matt Fleming
2015-09-26 20:09 ` Ard Biesheuvel
2015-09-26 20:09 ` Ard Biesheuvel
2015-09-26 20:19 ` H. Peter Anvin
2015-09-27 16:30 ` Andy Lutomirski
2015-09-27 18:06 ` Matthew Garrett
2015-09-27 18:06 ` Matthew Garrett
2015-09-28 6:16 ` Ingo Molnar
2015-09-28 6:16 ` Ingo Molnar
2015-09-28 6:41 ` Matthew Garrett
2015-09-29 21:58 ` Laszlo Ersek
2015-09-29 21:58 ` Laszlo Ersek
2015-09-30 9:30 ` Ard Biesheuvel
2015-09-30 16:43 ` Andy Lutomirski [this message]
2015-09-30 16:43 ` Andy Lutomirski
2015-09-30 17:24 ` James Bottomley
2015-09-30 17:24 ` James Bottomley
2015-09-30 17:24 ` James Bottomley
2015-09-30 0:54 ` H. Peter Anvin
2015-09-30 0:54 ` H. Peter Anvin
2015-09-26 19:55 ` Matt Fleming
2015-09-26 19:55 ` Matt Fleming
2015-09-27 6:50 ` Ingo Molnar
2015-10-01 12:48 ` [tip:core/urgent] x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down tip-bot for Matt Fleming
2015-10-02 9:44 ` Matt Fleming
2015-09-25 22:02 ` [PATCH 2/2] arm64/efi: Don't pad between EFI_MEMORY_RUNTIME regions Matt Fleming
2015-09-25 22:02 ` Matt Fleming
2015-09-26 6:01 ` Ingo Molnar
2015-09-26 6:01 ` Ingo Molnar
2015-09-26 7:08 ` Ard Biesheuvel
2015-09-26 7:08 ` Ard Biesheuvel
2015-09-27 7:06 ` Ingo Molnar
2015-09-27 7:06 ` Ingo Molnar
2015-09-27 10:40 ` Borislav Petkov
2015-09-28 6:20 ` Ingo Molnar
2015-09-29 9:31 ` Dave Young
2015-09-29 10:24 ` Borislav Petkov
2015-09-29 14:36 ` Matt Fleming
2015-09-29 14:36 ` Matt Fleming
2015-09-30 0:56 ` H. Peter Anvin
2015-09-30 0:56 ` H. Peter Anvin
2015-09-30 8:33 ` Borislav Petkov
2015-09-30 8:33 ` Borislav Petkov
2015-09-30 1:03 ` H. Peter Anvin
2015-09-30 1:16 ` Andy Lutomirski
2015-09-30 1:19 ` H. Peter Anvin
2015-09-30 4:24 ` Ard Biesheuvel
2015-09-30 4:24 ` Ard Biesheuvel
2015-10-01 10:44 ` Ingo Molnar
2015-10-01 12:49 ` [tip:core/urgent] arm64/efi: Fix boot crash by not padding " tip-bot for Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrWCwuj1hmbGqXGs1vHG2Dk3aoOWD9Ve4gmXJ9S7jPUt-g@mail.gmail.com \
--to=luto@amacapital.net \
--cc=JBottomley@odin.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=jlee@suse.com \
--cc=jordan.l.justen@intel.com \
--cc=leif.lindholm@linaro.org \
--cc=lersek@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=pjones@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.