linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: tip-bot for Borislav Petkov <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: linux@roeck-us.net, mingo@kernel.org,
	linux-kernel@vger.kernel.org, fanc.fnst@cn.fujitsu.com,
	tglx@linutronix.de, x86@kernel.org, mingo@redhat.com,
	hpa@zytor.com, ard.biesheuvel@linaro.org, bp@suse.de,
	keescook@chromium.org
Subject: [tip:x86/boot] x86/boot: Correct RSDP parsing with 32-bit EFI
Date: Wed, 13 Feb 2019 03:27:55 -0800	[thread overview]
Message-ID: <tip-f9d230e893e864f13ce5ded9a49990fd024bfed5@git.kernel.org> (raw)
In-Reply-To: <20190208190248.GA10854@roeck-us.net>

Commit-ID:  f9d230e893e864f13ce5ded9a49990fd024bfed5
Gitweb:     https://git.kernel.org/tip/f9d230e893e864f13ce5ded9a49990fd024bfed5
Author:     Borislav Petkov <bp@suse.de>
AuthorDate: Mon, 11 Feb 2019 12:19:45 +0100
Committer:  Borislav Petkov <bp@suse.de>
CommitDate: Wed, 13 Feb 2019 12:19:05 +0100

x86/boot: Correct RSDP parsing with 32-bit EFI

Guenter Roeck reported triple faults of a 64-bit VM using a 32-bit OVMF
EFI image. After some singlestepping of the image in gdb, it turned out
that some of the EFI config tables were at bogus addresses. Which, as
Ard pointed out, results from using the wrong efi_config_table typedef.

So switch all EFI table pointers to unsigned longs and convert them to
the proper typedef only when accessing them. This way, the proper table
type is being used.

Shorten variable names, while at it.

Fixes: 33f0df8d843d ("x86/boot: Search for RSDP in the EFI tables")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Chao Fan <fanc.fnst@cn.fujitsu.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: bhe@redhat.com
Cc: caoj.fnst@cn.fujitsu.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: indou.takao@jp.fujitsu.com
Cc: Ingo Molnar <mingo@redhat.com>
Cc: kasong@redhat.com
Cc: Kees Cook <keescook@chromium.org>
Cc: msys.mizuma@gmail.com
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190208190248.GA10854@roeck-us.net
---
 arch/x86/boot/compressed/acpi.c | 50 +++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index c5a949335d8b..0ef4ad55b29b 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -50,7 +50,8 @@ static acpi_physical_address efi_get_rsdp_addr(void)
 	acpi_physical_address rsdp_addr = 0;
 
 #ifdef CONFIG_EFI
-	efi_system_table_t *systab;
+	unsigned long systab, systab_tables, config_tables;
+	unsigned int nr_tables;
 	struct efi_info *ei;
 	bool efi_64;
 	int size, i;
@@ -70,46 +71,57 @@ static acpi_physical_address efi_get_rsdp_addr(void)
 
 	/* Get systab from boot params. */
 #ifdef CONFIG_X86_64
-	systab = (efi_system_table_t *)(ei->efi_systab | ((__u64)ei->efi_systab_hi<<32));
+	systab = ei->efi_systab | ((__u64)ei->efi_systab_hi << 32);
 #else
 	if (ei->efi_systab_hi || ei->efi_memmap_hi) {
 		debug_putstr("Error getting RSDP address: EFI system table located above 4GB.\n");
 		return 0;
 	}
-	systab = (efi_system_table_t *)ei->efi_systab;
+	systab = ei->efi_systab;
 #endif
 	if (!systab)
 		error("EFI system table not found.");
 
-	/*
-	 * Get EFI tables from systab.
-	 */
-	size = efi_64 ? sizeof(efi_config_table_64_t) :
-			sizeof(efi_config_table_32_t);
+	/* Handle EFI bitness properly */
+	if (efi_64) {
+		efi_system_table_64_t *stbl = (efi_system_table_64_t *)systab;
+
+		config_tables	= stbl->tables;
+		nr_tables	= stbl->nr_tables;
+		size		= sizeof(efi_config_table_64_t);
+	} else {
+		efi_system_table_32_t *stbl = (efi_system_table_32_t *)systab;
 
-	for (i = 0; i < systab->nr_tables; i++) {
+		config_tables	= stbl->tables;
+		nr_tables	= stbl->nr_tables;
+		size		= sizeof(efi_config_table_32_t);
+	}
+
+	if (!config_tables)
+		error("EFI config tables not found.");
+
+	/* Get EFI tables from systab. */
+	for (i = 0; i < nr_tables; i++) {
 		acpi_physical_address table;
-		void *config_tables;
 		efi_guid_t guid;
 
-		config_tables = (void *)(systab->tables + size * i);
+		config_tables += size;
+
 		if (efi_64) {
-			efi_config_table_64_t *tmp_table;
+			efi_config_table_64_t *tbl = (efi_config_table_64_t *)config_tables;
 
-			tmp_table = config_tables;
-			guid = tmp_table->guid;
-			table = tmp_table->table;
+			guid  = tbl->guid;
+			table = tbl->table;
 
 			if (!IS_ENABLED(CONFIG_X86_64) && table >> 32) {
 				debug_putstr("Error getting RSDP address: EFI config table located above 4GB.\n");
 				return 0;
 			}
 		} else {
-			efi_config_table_32_t *tmp_table;
+			efi_config_table_32_t *tbl = (efi_config_table_32_t *)config_tables;
 
-			tmp_table = config_tables;
-			guid = tmp_table->guid;
-			table = tmp_table->table;
+			guid  = tbl->guid;
+			table = tbl->table;
 		}
 
 		if (!(efi_guidcmp(guid, ACPI_TABLE_GUID)))

  parent reply	other threads:[~2019-02-13 11:28 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-23 11:08 [PATCH v16 0/7] Parse ACPI table and limit KASLR to choosing immovable memory Chao Fan
2019-01-23 11:08 ` [PATCH v16 1/7] x86/boot: Copy kstrtoull() to boot/string.c instead of simple_strtoull() Chao Fan
2019-02-01 10:58   ` [tip:x86/boot] x86/boot: Copy kstrtoull() to boot/string.c tip-bot for Chao Fan
2019-01-23 11:08 ` [PATCH v16 2/7] x86/boot: Introduce get_acpi_rsdp() to parse RSDP in cmdline from KEXEC Chao Fan
2019-02-01 10:59   ` [tip:x86/boot] x86/boot: Add "acpi_rsdp=" early parsing tip-bot for Chao Fan
2019-01-23 11:08 ` [PATCH v16 3/7] x86/boot: Introduce efi_get_rsdp_addr() to find RSDP from EFI table Chao Fan
2019-02-01 10:59   ` [tip:x86/boot] x86/boot: Search for RSDP in the EFI tables tip-bot for Chao Fan
2019-01-23 11:08 ` [PATCH v16 4/7] x86/boot: Introduce bios_get_rsdp_addr() to search RSDP in memory Chao Fan
2019-02-01 11:00   ` [tip:x86/boot] x86/boot: Search for " tip-bot for Chao Fan
2019-01-23 11:08 ` [PATCH v16 5/7] x86/boot: Early parse RSDP and fill in boot_params Chao Fan
2019-01-23 11:17   ` Chao Fan
2019-02-01 11:01   ` [tip:x86/boot] x86/boot: Early parse RSDP and save it " tip-bot for Chao Fan
2019-02-08 19:02     ` Guenter Roeck
2019-02-08 19:10       ` Borislav Petkov
2019-02-08 20:44         ` Guenter Roeck
2019-02-08 21:53           ` Borislav Petkov
2019-02-11  0:22             ` Borislav Petkov
2019-02-11  1:33               ` Chao Fan
2019-02-11  9:46               ` Ard Biesheuvel
2019-02-11  9:55                 ` Chao Fan
2019-02-11  9:57                   ` Ard Biesheuvel
2019-02-11 10:10                     ` Chao Fan
2019-02-11 10:17                       ` Ard Biesheuvel
2019-02-11 10:24                         ` Borislav Petkov
2019-02-11 10:33                           ` Ard Biesheuvel
2019-02-11 10:42                           ` Borislav Petkov
2019-02-11 10:46                             ` Ard Biesheuvel
2019-02-11 11:04                               ` Borislav Petkov
2019-02-11 11:55                                 ` Ard Biesheuvel
2019-02-11 12:16                                   ` Borislav Petkov
2019-02-11 11:20                               ` Borislav Petkov
2019-02-11 13:21                                 ` Chao Fan
2019-02-13  1:54                                 ` Chao Fan
2019-02-13  7:36                                   ` Boris Petkov
2019-02-13  7:58                                     ` Chao Fan
2019-02-13  8:01                                       ` Ard Biesheuvel
2019-02-13  8:12                                         ` Chao Fan
2019-02-13  8:50                                           ` Borislav Petkov
2019-02-13  8:57                                             ` Chao Fan
2019-02-11  1:07         ` Chao Fan
2019-02-11  9:30       ` Chao Fan
2019-02-11 10:08         ` Borislav Petkov
2019-02-11 13:03           ` Chao Fan
2019-02-11 14:08           ` Guenter Roeck
2019-02-13  9:06       ` [tip:x86/boot] x86/boot: Correct RSDP parsing with 32-bit EFI tip-bot for Borislav Petkov
2019-02-13 11:27       ` tip-bot for Borislav Petkov [this message]
2019-01-23 11:08 ` [PATCH v16 6/7] x86/boot: Parse SRAT address from RSDP and store immovable memory Chao Fan
2019-02-01 11:01   ` [tip:x86/boot] x86/boot: Parse SRAT table and count immovable memory regions tip-bot for Chao Fan
2019-01-23 11:08 ` [PATCH v16 7/7] x86/boot/KASLR: Limit KASLR to extracting kernel in immovable memory Chao Fan
2019-02-01 11:02   ` [tip:x86/boot] x86/boot/KASLR: Limit KASLR to extract the kernel in immovable memory only tip-bot for Chao Fan
2019-01-28 17:51 ` [PATCH v16 0/7] Parse ACPI table and limit KASLR to choosing immovable memory Borislav Petkov
2019-01-30  5:58   ` Chao Fan
2019-01-30 11:22     ` [PATCH] x86/boot: Build the command line parsing code unconditionally (was: Re: [PATCH v16 0/7] Parse ACPI table and limit KASLR to choosing immovable memory) Borislav Petkov
2019-02-01 10:57       ` [tip:x86/boot] x86/boot: Build the command line parsing code unconditionally tip-bot for Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-f9d230e893e864f13ce5ded9a49990fd024bfed5@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=bp@suse.de \
    --cc=fanc.fnst@cn.fujitsu.com \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=linux@roeck-us.net \
    --cc=mingo@kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).