From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ardb@kernel.org>,
linux-kernel@vger.kernel.org,
David Hildenbrand <david@redhat.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 6/6] efi: mark all EFI runtime services as unsupported on non-EFI boot
Date: Fri, 28 Feb 2020 13:14:08 +0100 [thread overview]
Message-ID: <20200228121408.9075-7-ardb@kernel.org> (raw)
In-Reply-To: <20200228121408.9075-1-ardb@kernel.org>
Recent changes to the way we deal with EFI runtime services that
are marked as unsupported by the firmware resulted in a regression
for non-EFI boot. The problem is that all EFI runtime services are
marked as available by default, and any non-NULL checks on the EFI
service function pointers (which will be non-NULL even for runtime
services that are unsupported on an EFI boot) were replaced with
checks against the mask stored in efi.runtime_supported_mask.
When doing a non-EFI boot, this check against the mask will return
a false positive, given the fact that all runtime services are
marked as enabled by default. Since we dropped the non-NULL check
of the runtime service function pointer in favor of the mask check,
we will now unconditionally dereference the function pointer, even
if it is NULL, and go boom.
So let's ensure that the mask reflects reality on a non-EFI boot,
which is that all EFI runtime services are unsupported.
Reported-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/efi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 41269a95ff85..d1746a579c99 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -300,12 +300,12 @@ static int __init efisubsys_init(void)
{
int error;
- if (!efi_enabled(EFI_BOOT))
- return 0;
-
if (!efi_enabled(EFI_RUNTIME_SERVICES))
efi.runtime_supported_mask = 0;
+ if (!efi_enabled(EFI_BOOT))
+ return 0;
+
if (efi.runtime_supported_mask) {
/*
* Since we process only one efi_runtime_service() at a time, an
--
2.17.1
next prev parent reply other threads:[~2020-02-28 12:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-28 12:14 [GIT PULL 0/6] More EFI updates for v5.7 Ard Biesheuvel
2020-02-28 12:14 ` [PATCH 1/6] efi/x86: Add TPM related EFI tables to unencrypted mapping checks Ard Biesheuvel
2020-02-28 12:14 ` [PATCH 2/6] efi/x86: Add RNG seed EFI table to unencrypted mapping check Ard Biesheuvel
2020-02-28 12:14 ` [PATCH 3/6] efi: don't shadow i in efi_config_parse_tables() Ard Biesheuvel
2020-02-28 12:14 ` [PATCH 4/6] efi/arm: clean EFI stub exit code from cache instead of avoiding it Ard Biesheuvel
2020-02-28 12:14 ` [PATCH 5/6] efi/arm64: " Ard Biesheuvel
2020-02-28 12:14 ` Ard Biesheuvel [this message]
2020-03-04 22:48 ` [GIT PULL 0/6] More EFI updates for v5.7 Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200228121408.9075-7-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=david@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).