linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	linux-kernel@vger.kernel.org,
	AKASHI Takahiro <takahiro.akashi@linaro.org>,
	Alexander Graf <agraf@suse.de>,
	Bjorn Andersson <bjorn.andersson@linaro.org>,
	Borislav Petkov <bp@alien8.de>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Jeffrey Hugo <jhugo@codeaurora.org>,
	Lee Jones <lee.jones@linaro.org>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Jones <pjones@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Subject: [PATCH 03/10] efi: memattr: don't bail on zero VA if it equals the region's PA
Date: Sat,  2 Feb 2019 10:41:12 +0100	[thread overview]
Message-ID: <20190202094119.13230-4-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190202094119.13230-1-ard.biesheuvel@linaro.org>

The EFI memory attributes code cross-references the EFI memory map with
the more granular EFI memory attributes table to ensure that they are in
sync before applying the strict permissions to the regions it describes.

Since we always install virtual mappings for the EFI runtime regions to
which these strict permissions apply, we currently perform a sanity check
on the EFI memory descriptor, and ensure that the EFI_MEMORY_RUNTIME bit
is set, and that the virtual address has been assigned.

However, in cases where a runtime region exists at physical address 0x0,
and the virtual mapping equals the physical mapping, e.g., when running
in mixed mode on x86, we encounter a memory descriptor with the runtime
attribute and virtual address 0x0, and incorrectly draw the conclusion
that a runtime region exists for which no virtual mapping was installed,
and give up altogether. The consequence of this is that firmware mappings
retain their read-write-execute permissions, making the system more
vulnerable to attacks.

So let's only bail if the virtual address of 0x0 has been assigned to a
physical region that does not reside at address 0x0.

Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory ...")
Acked-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/memattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c
index 8986757eafaf..aac972b056d9 100644
--- a/drivers/firmware/efi/memattr.c
+++ b/drivers/firmware/efi/memattr.c
@@ -94,7 +94,7 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out)
 
 		if (!(md->attribute & EFI_MEMORY_RUNTIME))
 			continue;
-		if (md->virt_addr == 0) {
+		if (md->virt_addr == 0 && md->phys_addr != 0) {
 			/* no virtual mapping has been installed by the stub */
 			break;
 		}
-- 
2.17.1


  parent reply	other threads:[~2019-02-02  9:41 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-02  9:41 [GIT PULL 00/10] EFI changes for v5.1 Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 01/10] x86/efi: Mark can_free_region() as an __init function Ard Biesheuvel
2019-02-04  7:21   ` [tip:efi/core] " tip-bot for Sai Praneeth Prakhya
2019-02-02  9:41 ` [PATCH 02/10] x86/efi: Return error status if mapping EFI regions fail Ard Biesheuvel
2019-02-04  7:18   ` Ingo Molnar
2019-02-04  7:25     ` Ingo Molnar
2019-02-04  7:28     ` Ard Biesheuvel
2019-02-04 22:29       ` Prakhya, Sai Praneeth
2019-02-08 15:50         ` Ard Biesheuvel
2019-02-02  9:41 ` Ard Biesheuvel [this message]
2019-02-04  8:42   ` [tip:efi/core] efi/memattr: Don't bail on zero VA if it equals the region's PA tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 04/10] efi: use 32-bit alignment for efi_guid_t Ard Biesheuvel
2019-02-04  8:43   ` [tip:efi/core] efi: Use " tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 05/10] efi/fdt: More cleanups Ard Biesheuvel
2019-02-04  8:44   ` [tip:efi/core] efi/fdt: Apply more cleanups tip-bot for Ingo Molnar
2019-02-02  9:41 ` [PATCH 06/10] efi: replace GPL license boilerplate with SPDX headers Ard Biesheuvel
2019-02-04  8:44   ` [tip:efi/core] efi: Replace " tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 07/10] efi: arm/arm64: allow SetVirtualAddressMap() to be omitted Ard Biesheuvel
2019-02-04  8:45   ` [tip:efi/core] efi/arm/arm64: Allow " tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 08/10] x86: make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol Ard Biesheuvel
2019-02-04  8:46   ` [tip:efi/core] x86: Make " tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 09/10] efi: x86: convert x86 EFI earlyprintk into generic earlycon implementation Ard Biesheuvel
2019-02-04  8:46   ` [tip:efi/core] efi/x86: Convert " tip-bot for Ard Biesheuvel
2019-02-02  9:41 ` [PATCH 10/10] acpi: bgrt: parse BGRT to obtain BMP address before it gets clobbered Ard Biesheuvel
2019-02-04  8:47   ` [tip:efi/core] acpi/bgrt: Parse " tip-bot for Ard Biesheuvel
2019-02-05 19:07   ` [PATCH 10/10] acpi: bgrt: parse " Ghannam, Yazen
2019-02-05 23:27     ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190202094119.13230-4-ard.biesheuvel@linaro.org \
    --to=ard.biesheuvel@linaro.org \
    --cc=agraf@suse.de \
    --cc=bjorn.andersson@linaro.org \
    --cc=bp@alien8.de \
    --cc=jhugo@codeaurora.org \
    --cc=lee.jones@linaro.org \
    --cc=leif.lindholm@linaro.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=pjones@redhat.com \
    --cc=sai.praneeth.prakhya@intel.com \
    --cc=takahiro.akashi@linaro.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).