From patchwork Thu Mar  8 08:00:13 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 130977
Delivered-To: patch@linaro.org
Received: by 10.46.66.2 with SMTP id p2csp6177432lja;
 Thu, 8 Mar 2018 00:04:51 -0800 (PST)
X-Google-Smtp-Source: AG47ELs5DD4b626YTn4aIDXyXKErJnlhmXbT7w15uQioy5jzTyazSLNh0bQUlgaz3+Xlj7lr4/X1
X-Received: by 2002:a17:902:8541:: with SMTP id
 d1-v6mr23026395plo.54.1520496291586; 
 Thu, 08 Mar 2018 00:04:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520496291; cv=none;
 d=google.com; s=arc-20160816;
 b=Vi9pDdNXu+ZoEVQELO1gs37QZIJFcD+FuF6FjsKjMCwaC+fa/oBEc7gD8pWduDGl0r
 /GmXtl31mwhy6LKqRIh8S5SFhKzdSqfPLxIqklhSmyOcX2TnyXGkLMv4Dm1YNimdz4X/
 Bd2ry6vMQb1px5AgnlKA/5o2EQiVrLBk7wWvoKprUEZMF2qjucyrwEX25hPJEneltWmq
 mshUD40d9TbCrMLPk0Yg4UPJ7W7JEKnFJz7DGYVgJ9HfVJE2ySXr2VyRb34elVI3nWlg
 oTa9YWji0zJQhsRs51lOognxQsFu7bCVJBPw6LmNai6vT+dwIRn7oVv64/D3PQQJv241
 9euQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=sIYMOnIsHCHadIhT3O2PPHAzaH/6I/c6GgGolR3LAOM=;
 b=klOojoYEfBDyYVdmFrbsRWCWgpDVBwnWJEsbQh7Q9ODeklmtUpWxQvHmLcmeov6dYd
 xoO/2amNlybLgnj8E7JbnHmuZ6XaWJ0bLYlR7lDsjljX1UnWgwNYCQq1p/ltFiufMZXp
 xm9Enumy5hgaeZhXqg+tGjjhNhaBMzi5Qq4mUqoPDZBz+gEYV6uvAd1G61nF8UMhSRv2
 XPX0zSal/KmqOGKZgPJBC13rI74T8BrN0lum36LjeSjVdsyhz+L3DnP4ljG4bv3atawX
 nhDghy59+4mEU2BL8AYj6rtOUxM+1QlrefL1r5o0jq1xawaJukx/HPjsaSZ20uMJBacr
 iyCQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=hxPuaaYX;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 u8-v6si14513041plh.219.2018.03.08.00.04.51; 
 Thu, 08 Mar 2018 00:04:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=hxPuaaYX;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S935574AbeCHIEe (ORCPT <rfc822;dan.rue@linaro.org> + 28 others);
 Thu, 8 Mar 2018 03:04:34 -0500
Received: from mail-wr0-f193.google.com ([209.85.128.193]:34995 "EHLO
 mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S965050AbeCHICE (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Thu, 8 Mar 2018 03:02:04 -0500
Received: by mail-wr0-f193.google.com with SMTP id l43so4677822wrc.2
 for <linux-kernel@vger.kernel.org>;
 Thu, 08 Mar 2018 00:02:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=sIYMOnIsHCHadIhT3O2PPHAzaH/6I/c6GgGolR3LAOM=;
 b=hxPuaaYXpwudz13Z0VAL48sUd2ctopgT7lUe5tUF87uzgdJtRkkXen2XxBJgtvrzXY
 xBVA1FEu4NJ6bjid3bhL4Voat04maSrF2LsctVfzv8htdOSfEzIs76nGVdB/GlufZD0b
 zMzTr5WveIMTo2twjNpKDBktHp7tkgvCYkh6E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=sIYMOnIsHCHadIhT3O2PPHAzaH/6I/c6GgGolR3LAOM=;
 b=nPsnF3YtWowA4ff4pcwBOBlgvLxFSZ4SybseOfwGmzoSdZn8nHy13UiDGzaV3rko8G
 WWFPqC4eK8K+7plKYuDmunNFrJ1QIDM1lzmYfOw+5jmNKrFKtmLXDjfJocPnAfQpDrpW
 qXmvAqgSCFw1+fM5+Ui8VxBX/e1VYahXG0mdtDAt2Bjg2ZdBpJ0O+WsQ1gvsd5Bz3MGq
 UA/gSqYImjRcQFrxqu6E+lJsJWeNrTDdEj8IsIgkKLIp6SArmEc70Bv5hXRJD692GhCe
 ppq7nj+Bl0YGe9t1PYD+2Rj2sGnJlNve+dQgl82DzO0G3V/yhwdH8H3154K0p+Dngmjo
 qr4Q==
X-Gm-Message-State: APf1xPAdGGvwpAQ+pKX5gkDV7XyNOoUDw5gpRl2ZhZWlvgHUGqVnFP7S
 IrsLRGTsl4lDhfbj3d7h4LVl6w==
X-Received: by 10.223.189.136 with SMTP id l8mr23373572wrh.69.1520496122416; 
 Thu, 08 Mar 2018 00:02:02 -0800 (PST)
Received: from localhost.localdomain ([160.89.73.46])
 by smtp.gmail.com with ESMTPSA id
 e191sm11223361wmg.12.2018.03.08.00.02.00
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 08 Mar 2018 00:02:01 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
 Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-kernel@vger.kernel.org
Subject: [PATCH 05/12] efi: arm64: Check whether x18 is preserved by runtime
 services calls
Date: Thu,  8 Mar 2018 08:00:13 +0000
Message-Id: <20180308080020.22828-6-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.15.1
In-Reply-To: <20180308080020.22828-1-ard.biesheuvel@linaro.org>
References: <20180308080020.22828-1-ard.biesheuvel@linaro.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Whether or not we will ever decide to start using x18 as a platform
register in Linux is uncertain, but by that time, we will need to
ensure that UEFI runtime services calls don't corrupt it. So let's
start issuing warnings now for this, and increase the likelihood that
these firmware images have all been replaced by that time.

This has been fixed on the EDK2 side in commit 6d73863b5464
("BaseTools/tools_def AARCH64: mark register x18 as reserved").,
dated July 13, 2017.

Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/include/asm/efi.h       |  4 +++-
 arch/arm64/kernel/Makefile         |  3 ++-
 arch/arm64/kernel/efi-rt-wrapper.S | 41 ++++++++++++++++++++++++++++++++++++++
 arch/arm64/kernel/efi.c            |  6 ++++++
 4 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm64/kernel/efi-rt-wrapper.S

-- 
2.15.1

diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h
index 8389050328bb..192d791f1103 100644
--- a/arch/arm64/include/asm/efi.h
+++ b/arch/arm64/include/asm/efi.h
@@ -31,7 +31,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);
 ({									\
 	efi_##f##_t *__f;						\
 	__f = p->f;							\
-	__f(args);							\
+	__efi_rt_asm_wrapper(__f, #f, args);				\
 })
 
 #define arch_efi_call_virt_teardown()					\
@@ -40,6 +40,8 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);
 	efi_virtmap_unload();						\
 })
 
+efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...);
+
 #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT)
 
 /* arch specific definitions used by the stub code */
diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index b87541360f43..6a4bd80c75bd 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -38,7 +38,8 @@ arm64-obj-$(CONFIG_CPU_PM)		+= sleep.o suspend.o
 arm64-obj-$(CONFIG_CPU_IDLE)		+= cpuidle.o
 arm64-obj-$(CONFIG_JUMP_LABEL)		+= jump_label.o
 arm64-obj-$(CONFIG_KGDB)		+= kgdb.o
-arm64-obj-$(CONFIG_EFI)			+= efi.o efi-entry.stub.o
+arm64-obj-$(CONFIG_EFI)			+= efi.o efi-entry.stub.o		\
+					   efi-rt-wrapper.o
 arm64-obj-$(CONFIG_PCI)			+= pci.o
 arm64-obj-$(CONFIG_ARMV8_DEPRECATED)	+= armv8_deprecated.o
 arm64-obj-$(CONFIG_ACPI)		+= acpi.o
diff --git a/arch/arm64/kernel/efi-rt-wrapper.S b/arch/arm64/kernel/efi-rt-wrapper.S
new file mode 100644
index 000000000000..05235ebb336d
--- /dev/null
+++ b/arch/arm64/kernel/efi-rt-wrapper.S
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/linkage.h>
+
+ENTRY(__efi_rt_asm_wrapper)
+	stp	x29, x30, [sp, #-32]!
+	mov	x29, sp
+
+	/*
+	 * Register x18 is designated as the 'platform' register by the AAPCS,
+	 * which means firmware running at the same exception level as the OS
+	 * (such as UEFI) should never touch it.
+	 */
+	stp	x1, x18, [sp, #16]
+
+	/*
+	 * We are lucky enough that no EFI runtime services take more than
+	 * 5 arguments, so all are passed in registers rather than via the
+	 * stack.
+	 */
+	mov	x8, x0
+	mov	x0, x2
+	mov	x1, x3
+	mov	x2, x4
+	mov	x3, x5
+	mov	x4, x6
+	blr	x8
+
+	ldp	x1, x2, [sp, #16]
+	cmp	x2, x18
+	ldp	x29, x30, [sp], #32
+	b.ne	0f
+	ret
+0:	b	efi_handle_corrupted_x18	// tail call
+ENDPROC(__efi_rt_asm_wrapper)
diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
index f85ac58d08a3..fb5b3cd3a1c7 100644
--- a/arch/arm64/kernel/efi.c
+++ b/arch/arm64/kernel/efi.c
@@ -126,3 +126,9 @@ bool efi_poweroff_required(void)
 {
 	return efi_enabled(EFI_RUNTIME_SERVICES);
 }
+
+asmlinkage efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f)
+{
+	pr_err_ratelimited(FW_BUG "register x18 corrupted by EFI %s\n", f);
+	return s;
+}