From patchwork Thu Nov 29 17:12:24 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 152417
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp2634105ljp;
 Thu, 29 Nov 2018 09:13:01 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UfevhGctWDmGDcUnwTUMaDq57LzhJB+0oU5Z+iZrhoqB47BLIdNE11LnqVgQRTeWFt6+bV
X-Received: by 2002:a63:d005:: with SMTP id z5mr1931864pgf.64.1543511581268; 
 Thu, 29 Nov 2018 09:13:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543511581; cv=none;
 d=google.com; s=arc-20160816;
 b=MEmKhSx5qwieF0YFYMQgHfKB7EWOdgEtgGaLx2i1Z9KSMKAeLZqbVyY4RuQJBK7I/i
 HwCrPnDo1A2soGBs9D98RdKJh+H+6k5hzVpVQN7XHFUpAeTsP6ad/yAEaLOEtJIFDBbJ
 MINEtQOePBjuLDOqhf+MSwbWOGlfadAM4gLlcFiIezWBZgAY0DqOIdO+pkKd6sp6wI26
 C4HDmayPXAvuBHdL52AmArC8Kbq3XUeaDaAOszYcLEf9iMsegFGgeoUg/8ALPWmfJzso
 q7xv0Q/8EnhiVRXqd1s/we/mJ0iX7Fx1PXbRrKSb2RPkHF5ZsBGGhZa/QXe1m1tQAD5P
 xeyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=otiyS0qoWsuunniYKJ1BwM1dERK1qmd7Q4dc5cs0rtA=;
 b=lC4MwG/R6iZukVCk42MYaaGdyuD46XlJ/hN/kmWtK2KEEhCYBDF6XlEmtLwR14EEPh
 vuaSTLEXYJ0wfSfYz3NBb+kV4ytaMeMSQXdu82gHtCr1qBU6MlKiqrT9O1gTKNZaeaLF
 KbPcxlQ3wxZVxzvEb/EnQa6nzT7WClqocv2qKi3tJNyIMV0GX6+vlG1nKWauTKpD4ZJ0
 22tDbFiLQ4m7wF/TK9wHK9KOGbvDTk4TaTDSBXyEVYER+O6KejDcbBUvWcgEf5nqFcnm
 Aiy02iEs8ohJu+4Xf8HbxB7roHVpFpxxTTJvwGUx9c5Df5rw3tzeRIIcZooj4OD/NP7y
 joqQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=j7gRNaTR;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 j61si2643262plb.232.2018.11.29.09.13.00; 
 Thu, 29 Nov 2018 09:13:01 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=j7gRNaTR;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1730576AbeK3ETD (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 32 others); Thu, 29 Nov 2018 23:19:03 -0500
Received: from mail-wm1-f65.google.com ([209.85.128.65]:53164 "EHLO
 mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1730504AbeK3ETC (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Thu, 29 Nov 2018 23:19:02 -0500
Received: by mail-wm1-f65.google.com with SMTP id r11-v6so3066032wmb.2
 for <linux-kernel@vger.kernel.org>;
 Thu, 29 Nov 2018 09:12:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=otiyS0qoWsuunniYKJ1BwM1dERK1qmd7Q4dc5cs0rtA=;
 b=j7gRNaTRiQ5ED0EKIyqB5OZVqFlopVcjKBcwU7WVTKKDNPA+l+hh3yBjmBd0+ZXCNM
 rrR87AZhWnRlTg+jbZzCsdue9gXmLeHFBz40pmpno3bSdRjQOP9NLqdYERHBNX+HXkOf
 MIllGYKc+Lfp3mnThSgb2dqkpQADtQc7ybq/M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=otiyS0qoWsuunniYKJ1BwM1dERK1qmd7Q4dc5cs0rtA=;
 b=mJv/13dWVSKnArL7bClPWzGs4ZQBAyBIklvLD0gnn/Hxaf702l9g7p4mCKaMeEyfKE
 PWCNyWFCavJ9ci8bP1grqDFRNUXApA4d0M7v6Z+vmqf/UXgTrp8qy+bpHrZa1smraN0A
 TqPVVkZgxFCIqCzQ0tlHY4+C+bIkb7Dp4y0wkWKgsO+7SSqPY5Dfu9h2XEYpoaUdpMUP
 FKAG5hMDkZ+6qac9CgdQe6dxMxhuXVoP5P4Kggg4KKvQsufId+f4S1zTPqZNvMcfXY+k
 pBen166m5VssZPWMnySfuSikqMrOnVSWjWvrqd+C8I5hhQoBDI+Ekf33dZom/EHHNQ+0
 LnrQ==
X-Gm-Message-State: AA+aEWa6l26ZZMq2RjThiCnCoJmsfXONmQY44943iNsC5Y+TgIq4k3YL
 keCm6F1qFfR3HHWevuOvHqC9sw==
X-Received: by 2002:a1c:6a01:: with SMTP id f1mr2608832wmc.17.1543511576404; 
 Thu, 29 Nov 2018 09:12:56 -0800 (PST)
Received: from harold.home ([2a01:cb1d:112:6f00:f070:d240:312e:9f99])
 by smtp.gmail.com with ESMTPSA id
 y185sm1593882wmg.34.2018.11.29.09.12.54
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 29 Nov 2018 09:12:55 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
 Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 linux-kernel@vger.kernel.org, Andy Lutomirski <luto@kernel.org>,
 Arend van Spriel <arend.vanspriel@broadcom.com>,
 Bhupesh Sharma <bhsharma@redhat.com>, Borislav Petkov <bp@alien8.de>,
 Dave Hansen <dave.hansen@intel.com>,
 Eric Snowberg <eric.snowberg@oracle.com>,
 Hans de Goede <hdegoede@redhat.com>, Joe Perches <joe@perches.com>,
 Jon Hunter <jonathanh@nvidia.com>, Julien Thierry <julien.thierry@arm.com>,
 Marc Zyngier <marc.zyngier@arm.com>,
 Nathan Chancellor <natechancellor@gmail.com>,
 Peter Zijlstra <peterz@infradead.org>,
 Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>,
 Sedat Dilek <sedat.dilek@gmail.com>, YiFei Zhu <zhuyifei1999@gmail.com>
Subject: [PATCH 05/11] x86/efi: Unmap EFI boot services code/data regions
 from efi_pgd
Date: Thu, 29 Nov 2018 18:12:24 +0100
Message-Id: <20181129171230.18699-6-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181129171230.18699-1-ard.biesheuvel@linaro.org>
References: <20181129171230.18699-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>

efi_free_boot_services(), as the name suggests, frees EFI boot services
code/data regions but forgets to unmap these regions from efi_pgd. This
means that any code that's running in efi_pgd address space (e.g:
any EFI runtime service) would still be able to access these regions but
the contents of these regions would have long been over written by
someone else. So, it's important to unmap these regions. Hence,
introduce efi_unmap_pages() to unmap these regions from efi_pgd.

After unmapping EFI boot services code/data regions, any illegal access
by buggy firmware to these regions would result in page fault which will
be handled by EFI specific fault handler.

Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Bhupesh Sharma <bhsharma@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/x86/platform/efi/quirks.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

-- 
2.19.1

diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index 95e77a667ba5..09e811b9da26 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c
@@ -369,6 +369,24 @@ void __init efi_reserve_boot_services(void)
 	}
 }
 
+/*
+ * Apart from having VA mappings for EFI boot services code/data regions,
+ * (duplicate) 1:1 mappings were also created as a quirk for buggy firmware. So,
+ * unmap both 1:1 and VA mappings.
+ */
+static void __init efi_unmap_pages(efi_memory_desc_t *md)
+{
+	pgd_t *pgd = efi_mm.pgd;
+	u64 pa = md->phys_addr;
+	u64 va = md->virt_addr;
+
+	if (kernel_unmap_pages_in_pgd(pgd, pa, md->num_pages))
+		pr_err("Failed to unmap 1:1 mapping for 0x%llx\n", pa);
+
+	if (kernel_unmap_pages_in_pgd(pgd, va, md->num_pages))
+		pr_err("Failed to unmap VA mapping for 0x%llx\n", va);
+}
+
 void __init efi_free_boot_services(void)
 {
 	phys_addr_t new_phys, new_size;
@@ -393,6 +411,13 @@ void __init efi_free_boot_services(void)
 			continue;
 		}
 
+		/*
+		 * Before calling set_virtual_address_map(), EFI boot services
+		 * code/data regions were mapped as a quirk for buggy firmware.
+		 * Unmap them from efi_pgd before freeing them up.
+		 */
+		efi_unmap_pages(md);
+
 		/*
 		 * Nasty quirk: if all sub-1MB memory is used for boot
 		 * services, we can get here without having allocated the