From patchwork Thu Jan 18 16:37:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124991 Delivered-To: patch@linaro.org Received: by 10.46.64.27 with SMTP id n27csp198891lja; Thu, 18 Jan 2018 08:37:50 -0800 (PST) X-Google-Smtp-Source: ACJfBotjMqflKniKur6N+s4zYLmUMCBs2f/shF4NJ7wse18rdwq+HgQbxw7FSM3Ssv4gir3Oh248 X-Received: by 10.98.242.77 with SMTP id y13mr17152250pfl.156.1516293469902; Thu, 18 Jan 2018 08:37:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516293469; cv=none; d=google.com; s=arc-20160816; b=Kc/dq3M1WO3RFJf8aeO8L+FgHXZgUwTDGR2joiIqKjRo1uuV15JPAkPVQngZxdiHH7 fBJM50I/8bHxbLbsBgAMo+4p1Yg2pYp3dKsZsKKraBOy6rhoJiv15/Oit9UUpvnSCHrg HRjqowEN48YTKSpG+cI/3vWJE8/wO4P1dRNgciC0qgSNNcmbqsVBry4u/zbKMLKIhkKq K6dFnpQVXoxX61GM8d7JWEdVNc4OU06QC6QIBJ33fs15OA3Tflc9Zc+cTIa+ivOk74yD 2NIivlQ1dWs9olmtyG5yF2QcX48IlOULfaS2zvZ2jqr7DsFcPPimIL3KOPOV/5x9lmQq sAGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=f3b3UQ3upaSW40v10lO/oDLjw/rlhDFv10p25PqcGdA=; b=K2QvE5sQ+4eJ4N3gWiVtgtpZsJvBXc51eCEJqvpJslwIuBA0G2q85cGVyuNZidGY90 2+y8pqcXtMZc2Zjqxz2yqeCPO8HY4onOTzr77VirMc/4JdG5yMqeU147mluIFQmNttm1 WJbPzbY2amC6KvnHAxvaBJFdwIaiMDXw+c24zGjSOWiwbjiPyj+GDDayEXTZ9JJK3f8Z aK6iJzPDIVpKcYC0bWKJ8vLRnaVsFuGL2H0+I6Hxe6rO691gdsKre2jUT0IbstQkRyTV IqUpMLSgAp8QS7bCWOc79+QmdC+Wr+qGY1CDIfJHgIhv3mceV/2idZwFfD1Nip0HO/9M yvgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MUjMlXxT; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si7391032pfa.58.2018.01.18.08.37.49; Thu, 18 Jan 2018 08:37:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MUjMlXxT; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755160AbeARQhs (ORCPT + 2 others); Thu, 18 Jan 2018 11:37:48 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:46796 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755149AbeARQhq (ORCPT ); Thu, 18 Jan 2018 11:37:46 -0500 Received: by mail-wm0-f67.google.com with SMTP id 143so23116696wma.5 for ; Thu, 18 Jan 2018 08:37:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=pncMdibLagHw7RNirom6kFNKVq4Zo25MWHj39OAKijw=; b=MUjMlXxTo3MSAFU0BE2lnAU8yuSoOjjAZxFAO7HF+S33khPiuXX3gNUSx9bJajW5OG kLfc2/t1r8ZsK4SfdDHToTcdEiKxkj2ZD+7t75JDboWX42aa1+3tPMzWAAswIDALGCjt G+L5YSYRMWXpgRSjmFPaJQel8FRD7B53Y3HPI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=pncMdibLagHw7RNirom6kFNKVq4Zo25MWHj39OAKijw=; b=CS7Az1FReEcwm05qhA5nqKsECMXVTD8cyZcemTa0nRsj0TfaF98z5VMw9+/zMbjSXa Js+q7vnWLXdaY1JidpjdcuaN5S2DWE87nv36BzPTw6ado+RTx1XER8KTIoFJvQYTMDi1 wIvmLt9VpJoqSpueR54IBOnKO+aP03VoiMLTFj/vN4tUvQ7PVHwR+Hk0iJZb7FSZpL03 Woq4nNqxYpvhSqSJf0+136jjazCTIURgTCEGDLJwXfwJ6uMpAaTim3G7gOVs3AKtwQdk 1ImzYDk7yWnmNbNguCpzc4gZAu2BdoSLdaiZSVUKI1lcmcSUGk5axrIjoZshPtc+u+ra KE5w== X-Gm-Message-State: AKwxytcTGNPNJlD1kF3vw/L/w6ags9sG8mRnUYGIoGjQefuXzPi6z5vv RkfVQ/GamU2r6zBzzqVtHLtczw== X-Received: by 10.28.116.16 with SMTP id p16mr5894728wmc.21.1516293464908; Thu, 18 Jan 2018 08:37:44 -0800 (PST) Received: from localhost.localdomain ([160.170.62.40]) by smtp.gmail.com with ESMTPSA id q196sm7671256wmb.22.2018.01.18.08.37.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Jan 2018 08:37:43 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-efi@vger.kernel.org Cc: mark.rutland@arm.com, leif.lindholm@linaro.org, will.deacon@arm.com, catalin.marinas@arm.com, Ard Biesheuvel Subject: [PATCH] efi: arm64: Check whether x18 is preserved by runtime services calls Date: Thu, 18 Jan 2018 16:37:36 +0000 Message-Id: <20180118163736.1253-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Whether or not we will ever decide to start using x18 as a platform register in Linux is uncertain, but by that time, we will need to ensure that UEFI runtime services calls don't corrupt it. So let's start issuing warnings now for this, and increase the likelihood that these firmware images have all been replaced by that time. This has been fixed on the EDK2 side in commit 6d73863b5464 ("BaseTools/tools_def AARCH64: mark register x18 as reserved")., dated July 13, 2017. Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/efi.h | 4 +++- drivers/firmware/efi/Makefile | 2 +- drivers/firmware/efi/arm-runtime.c | 10 +++++++++ drivers/firmware/efi/arm64-rt-wrapper.S | 40 +++++++++++++++++++++++++++++++++ 4 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 drivers/firmware/efi/arm64-rt-wrapper.S -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h index 8389050328bb..2278e4bf270a 100644 --- a/arch/arm64/include/asm/efi.h +++ b/arch/arm64/include/asm/efi.h @@ -31,7 +31,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); ({ \ efi_##f##_t *__f; \ __f = p->f; \ - __f(args); \ + __efi_rt_asm_wrapper(__f, args); \ }) #define arch_efi_call_virt_teardown() \ @@ -40,6 +40,8 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); efi_virtmap_unload(); \ }) +efi_status_t __efi_rt_asm_wrapper(void *, ...); + #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT) /* arch specific definitions used by the stub code */ diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile index 269501dfba53..eb8be0a00931 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile @@ -28,5 +28,5 @@ obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o arm-obj-$(CONFIG_EFI) := arm-init.o arm-runtime.o obj-$(CONFIG_ARM) += $(arm-obj-y) -obj-$(CONFIG_ARM64) += $(arm-obj-y) +obj-$(CONFIG_ARM64) += $(arm-obj-y) arm64-rt-wrapper.o obj-$(CONFIG_EFI_CAPSULE_LOADER) += capsule-loader.o diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c index 1cc41c3d6315..de84b490a844 100644 --- a/drivers/firmware/efi/arm-runtime.c +++ b/drivers/firmware/efi/arm-runtime.c @@ -11,6 +11,8 @@ * */ +#define pr_fmt(fmt) "efi: " fmt + #include #include #include @@ -182,3 +184,11 @@ static int __init arm_dmi_init(void) return 0; } core_initcall(arm_dmi_init); + +#ifdef CONFIG_ARM64 +efi_status_t efi_handle_corrupted_x18(efi_status_t s) +{ + pr_warn_ratelimited(FW_BUG "x18 corrupted by EFI firmware!"); + return s; +} +#endif diff --git a/drivers/firmware/efi/arm64-rt-wrapper.S b/drivers/firmware/efi/arm64-rt-wrapper.S new file mode 100644 index 000000000000..a6a2b64134c9 --- /dev/null +++ b/drivers/firmware/efi/arm64-rt-wrapper.S @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2018 Linaro Ltd + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +ENTRY(__efi_rt_asm_wrapper) + stp x29, x30, [sp, #-32]! + mov x29, sp + + /* + * Register x18 is designated as the 'platform' register by the AAPCS, + * which means firmware running at the same exception level as the OS + * (such as UEFI) should never touch it. + */ + str x18, [sp, #16] + + /* + * We are lucky enough that no EFI runtime services take more than + * 5 arguments, so all are passed in registers rather than via the + * stack. + */ + mov x8, x0 + mov x0, x1 + mov x1, x2 + mov x2, x3 + mov x3, x4 + mov x4, x5 + blr x8 + + ldr x1, [sp, #16] + cmp x1, x18 + ldp x29, x30, [sp], #32 + b.ne efi_handle_corrupted_x18 // tail call + ret +ENDPROC(__efi_rt_asm_wrapper)