From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,TRACKER_ID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEC4EC433DB for ; Sat, 6 Feb 2021 08:12:13 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8136B64FC5 for ; Sat, 6 Feb 2021 08:12:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8136B64FC5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+jEQ1CrI4mL3EnbxMFes77IpHLGDedvHDRlZumdWEKs=; b=sxheSh0R0LW3L4vFls4jT2+ww dTK6e6hx7ibqUZT9eUsKlSgfkT3lVgQMDf0OorbV3tbV+7vfgpVjZXASEpwp9bAC7WzC6HDp+qStU EoIKB805YBtZQNHmiFs0UlpXRhfGzAaqDTjMn2WTj9NaqppaAhsc6n53iCEBy+CPuGEDJ+NLT85u/ gOilGm6ZZlnYEVLQEJeIA1P5Qo/L6yN28HMgcyPVyHKLJgKZVIGWHzKm0GiI1Jr8xFecD72Jn0te4 B1xF+1Vr2/h1VDqhu04wiI0rUnv3tO8fY/NA7diHRHej2E4TwNTjm2cagzteIcAwrsPWfYLKGnDG/ p3xWrF95A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l8Ifu-0001Hd-QM; Sat, 06 Feb 2021 08:10:38 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l8Ifp-0001H2-FC for linux-arm-kernel@lists.infradead.org; Sat, 06 Feb 2021 08:10:37 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 03E7964FC5 for ; Sat, 6 Feb 2021 08:10:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612599032; bh=/BF/s61QDvT4oGsaXBL7qxBGoPv1gu0wNk6KP39BBvU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=MAPIgso2qJJ5tqqxtliaY6VdwIlivhDJ+jUGr0ZkR6sWEHeYy25TIS6vhFzM/5BIZ 0xOu4OH+CWb4FDysxnbRJsGi34QRN3WmGt1kfqXXThCQgwI11t7PltnYHkOEhYY5Bj qfh0aSNScqyd5zDcg2RS+rbHDb/e48Vx7me7mDM9AByqtMMnga5ekp1VmGV5+WCRsL h0j0EFWLlM9XU133vzA0yqLRnTVGBp38PFPBjidT92EJOx7RpwUImddmInCGKjSNHC cijAHphYs+rtNSvQfFxybORTjsBqC8pclLWAbgInF2YK/MQmJ1tE1MAzdq1LuaiK5u P+IIu0sz4qhMQ== Received: by mail-ot1-f50.google.com with SMTP id k10so6944335otl.2 for ; Sat, 06 Feb 2021 00:10:31 -0800 (PST) X-Gm-Message-State: AOAM532+dcfdfwYFUTTk//+/UTLVfVSygINKol1HqizIqR5ihlXmp0nj 7wN1tGDCpa7vm0J8eh8LgNzxqJ+rSBeCtXc3WWw= X-Google-Smtp-Source: ABdhPJwAaCLSqHaW66O9yAzs2WLP+cDwtnC1zOLfF+9sbsnLezO5f5YYWBIcDZocwo6NAJ6w+emwDsxRl0aGdzF2JZo= X-Received: by 2002:a05:6830:1e2a:: with SMTP id t10mr6170595otr.90.1612599031222; Sat, 06 Feb 2021 00:10:31 -0800 (PST) MIME-Version: 1.0 References: <20200626155832.2323789-1-ardb@kernel.org> <20200626155832.2323789-3-ardb@kernel.org> <20210206031145.GA27503@dragon> In-Reply-To: <20210206031145.GA27503@dragon> From: Ard Biesheuvel Date: Sat, 6 Feb 2021 09:10:19 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 2/2] arm64/acpi: disallow writeable AML opregion mapping for EFI code regions To: Shawn Guo X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210206_031033_675716_CF00622E X-CRM114-Status: GOOD ( 27.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lorenzo Pieralisi , Kernel Hardening , Catalin Marinas , linux-arm-msm@vger.kernel.org, ACPI Devel Maling List , Sudeep Holla , Will Deacon , Linux ARM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Sat, 6 Feb 2021 at 04:11, Shawn Guo wrote: > > Hi Ard, > > On Fri, Jun 26, 2020 at 05:58:32PM +0200, Ard Biesheuvel wrote: > > Given that the contents of EFI runtime code and data regions are > > provided by the firmware, as well as the DSDT, it is not unimaginable > > that AML code exists today that accesses EFI runtime code regions using > > a SystemMemory OpRegion. There is nothing fundamentally wrong with that, > > but since we take great care to ensure that executable code is never > > mapped writeable and executable at the same time, we should not permit > > AML to create writable mapping. > > > > Signed-off-by: Ard Biesheuvel > > I'm booting Lenovo Flex 5G laptop with ACPI, and seeing this change > causes a memory abort[1] when upgrading ACPI tables via initrd[2]. > Dropping this change seems to fix the issue for me. But does that > looks like a correct fix to you? > > Shawn > > [1] https://fileserver.linaro.org/s/iDe9SaZeNNkyNxG > [2] Documentation/admin-guide/acpi/initrd_table_override.rst > Can you check whether reverting 32cf1a12cad43358e47dac8014379c2f33dfbed4 fixes the issue too? If it does, please report this as a regression. The OS should not modify firmware provided tables in-place, regardless of how they were delivered. BTW I recently started using my Yoga C630 with Debian, and I am quite happy with it! Thanks a lot for spending the time on the installer etc. I have observed some issues while using mine - I'm happy to share them, on a mailing list or anywhere else. > > --- > > arch/arm64/kernel/acpi.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c > > index 01b861e225b0..455966401102 100644 > > --- a/arch/arm64/kernel/acpi.c > > +++ b/arch/arm64/kernel/acpi.c > > @@ -301,6 +301,15 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size) > > pr_warn(FW_BUG "requested region covers kernel memory @ %pa\n", &phys); > > return NULL; > > > > + case EFI_RUNTIME_SERVICES_CODE: > > + /* > > + * This would be unusual, but not problematic per se, > > + * as long as we take care not to create a writable > > + * mapping for executable code. > > + */ > > + prot = PAGE_KERNEL_RO; > > + break; > > + > > case EFI_ACPI_RECLAIM_MEMORY: > > /* > > * ACPI reclaim memory is used to pass firmware tables > > -- > > 2.27.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel