From patchwork Tue Mar 22 15:08:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 64187 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp2122869lbc; Tue, 22 Mar 2016 08:09:57 -0700 (PDT) X-Received: by 10.98.33.208 with SMTP id o77mr55698491pfj.108.1458659395741; Tue, 22 Mar 2016 08:09:55 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id m65si11449576pfi.168.2016.03.22.08.09.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Mar 2016 08:09:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1aiNvY-0002Mw-0s; Tue, 22 Mar 2016 15:09:00 +0000 Received: from mail-ig0-x236.google.com ([2607:f8b0:4001:c05::236]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aiNvK-0002Ff-Ni for linux-arm-kernel@lists.infradead.org; Tue, 22 Mar 2016 15:08:49 +0000 Received: by mail-ig0-x236.google.com with SMTP id nk17so95561172igb.1 for ; Tue, 22 Mar 2016 08:08:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=o5f1XYCwEaTT+GOUCTtIM5uSwCyPU3Alnh7gJ7+TtaU=; b=daCR8UAP+b+ozFB6PGHOSOM+JZxo+JMkslDEnCwO6efjXDuN5VUWIpB6ZnnTexD8Mk MVW/8Sa6ywjCqRzk6mmyzt34WjOoKubNAyADj8pnnxcrzm/dW9pF/7GN9h/w8lMHaHd+ +Q3wCyrveXxtyctxOyfChMj4JB8IcVd1Q7ojk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=o5f1XYCwEaTT+GOUCTtIM5uSwCyPU3Alnh7gJ7+TtaU=; b=CEKk6zNGWHyfwKzzLjftPjwRILy5lq0gIMhVOloRsRQ8gSvNqI+e8312VAj4RiqCsY U2j6Aj10532OecLGqRNoRqG/2j5mHKS2I24YyPGH/FQIBHHCZOXOIQZRVE91LdmNuEvW xK1eH20dd7F+UcFZjO1RCq/Z5XTrirpEwn7l0Psd4Ix+WtxG/WGGy1P+KJ3aY3ILGV56 BgQJQaoEWX+tCK799Xj9ARTfJxmmMy1uGwr3j089TdEeo5YHae6e7KJmPKchNlHZfiNX M+uDYwPDA3VB9bxgCMAj4Oi2fkTO/Z2fGL/SYOK7dyJFhrsfzFMWSJxhxh07PqNJupuj uVgQ== X-Gm-Message-State: AD7BkJLalLhwjVpE+K3XVsow4zzVtnqfNTklOY7pl7MpgLXOd2S5vCm6I70duZw66tGGnjWXebZke+5qxhurSf4i MIME-Version: 1.0 X-Received: by 10.50.73.229 with SMTP id o5mr17172740igv.75.1458659305011; Tue, 22 Mar 2016 08:08:25 -0700 (PDT) Received: by 10.36.29.6 with HTTP; Tue, 22 Mar 2016 08:08:24 -0700 (PDT) In-Reply-To: <20160226150156.GC7475@codeblueprint.co.uk> References: <1456496435-12679-1-git-send-email-ard.biesheuvel@linaro.org> <1456496435-12679-2-git-send-email-ard.biesheuvel@linaro.org> <20160226150156.GC7475@codeblueprint.co.uk> Date: Tue, 22 Mar 2016 16:08:24 +0100 Message-ID: Subject: Re: [PATCH 2/2] arm*: efi: drop writable mapping of the UEFI System table From: Ard Biesheuvel To: Matt Fleming X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160322_080847_162303_DB7A11A3 X-CRM114-Status: GOOD ( 14.75 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:4001:c05:0:0:0:236 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "linux-efi@vger.kernel.org" , Leif Lindholm , "linux-arm-kernel@lists.infradead.org" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org On 26 February 2016 at 16:01, Matt Fleming wrote: > On Fri, 26 Feb, at 03:20:35PM, Ard Biesheuvel wrote: >> Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings") >> updated the early ARM UEFI init code to create the temporary, early >> mapping of the UEFI System table using read-only attributes, as a >> hardening measure against inadvertent modification. >> >> However, this still leaves the permanent, writable mapping of the UEFI >> System table, which is only ever referenced during invocations of UEFI >> Runtime Services, at which time the UEFI virtual mapping is available, >> which also covers the system table. (This is guaranteed by the fact that >> SetVirtualAddressMap(), which is a runtime service itself, converts >> various entries in the table to their virtual equivalents, which implies >> that the table must be covered by a RuntimeServicesData region that has >> the EFI_MEMORY_RUNTIME attribute.) >> >> So instead of creating this permanent mapping, record the virtual address >> of the system table inside the UEFI virtual mapping, and dereference that >> when accessing the table. This protects the contents of the system table >> from inadvertent (or deliberate) modification when no UEFI Runtime >> Services calls are in progress. >> >> Signed-off-by: Ard Biesheuvel >> --- >> drivers/firmware/efi/arm-init.c | 2 ++ >> drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++----------- >> 2 files changed, 18 insertions(+), 11 deletions(-) > > Looks like a nice cleanup. Applied. This patch causes a warning I hadn't spotted before sending it out. Could you fold this in please? Thanks, Ard. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c index 6c97d4884fc7..fe749da9997e 100644 --- a/drivers/firmware/efi/arm-runtime.c +++ b/drivers/firmware/efi/arm-runtime.c @@ -72,8 +72,8 @@ static bool __init efi_virtmap_init(void) */ if (efi_system_table >= phys && efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) { - efi.systab = (void *)(efi_system_table - phys + - md->virt_addr); + efi.systab = (void *)(unsigned long)(efi_system_table - + phys + md->virt_addr); systab_found = true; } }