From patchwork Fri Feb 28 12:14:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 206504 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95A40C3F2D2 for ; Fri, 28 Feb 2020 12:14:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 633DC2087F for ; Fri, 28 Feb 2020 12:14:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892076; bh=fsUSHqSO8WF5liIRA+Rrk+SECjOcvWOfT3GkhH9jRbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=sB8I4mTj70MIfDpDVavAqzVJlp5q/u5eLiBbqFAmIENNmknD51/MWzOS6Y2Z1KJ+Q Z3DN815wyj4uvavq5osLzA4BF2hxonNZY3/G/Q4J1tj+u1Y/lhKLvqAIv8TJRsaSfa irtG4NrL911ZPa1HlwkOIt3Tvf9Sl+8crzsIgryk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726118AbgB1MOR (ORCPT ); Fri, 28 Feb 2020 07:14:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:45230 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725769AbgB1MOQ (ORCPT ); Fri, 28 Feb 2020 07:14:16 -0500 Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr [109.210.65.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9FA84246AF; Fri, 28 Feb 2020 12:14:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892056; bh=fsUSHqSO8WF5liIRA+Rrk+SECjOcvWOfT3GkhH9jRbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uKOGIRX78xyAAkqESJCuuFajLWlg/Eg8Mt/X2efQBzp7ZZWa0MOR6gxnRKcg22Qo6 pAMD4nMP3PTf960ka5sOQrG7wZWgcjsy5Nw53fYmu5FlnZwZDE6DiaytDzBN0/Cr0Y awNyTwTSSkEPpC9Vyi4QJ0k+fPqi5qO4Rcf0ASeM= From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, David Hildenbrand , Heinrich Schuchardt , Tom Lendacky Subject: [PATCH 1/6] efi/x86: Add TPM related EFI tables to unencrypted mapping checks Date: Fri, 28 Feb 2020 13:14:03 +0100 Message-Id: <20200228121408.9075-2-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228121408.9075-1-ardb@kernel.org> References: <20200228121408.9075-1-ardb@kernel.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Tom Lendacky When booting with SME active, EFI tables must be mapped unencrypted since they were built by UEFI in unencrypted memory. Update the list of tables to be checked during early_memremap() processing to account for the EFI TPM tables. This fixes a bug where an EFI TPM log table has been created by UEFI, but it lives in memory that has been marked as usable rather than reserved. Cc: # v5.4+ Signed-off-by: Tom Lendacky Link: https://lore.kernel.org/r/4144cd813f113c20cdfa511cf59500a64e6015be.1582662842.git.thomas.lendacky@amd.com Signed-off-by: Ard Biesheuvel --- arch/x86/platform/efi/efi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index 43b24e149312..0a8117865430 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -88,6 +88,8 @@ static const unsigned long * const efi_tables[] = { #ifdef CONFIG_EFI_RCI2_TABLE &rci2_table_phys, #endif + &efi.tpm_log, + &efi.tpm_final_log, }; u64 efi_setup; /* efi setup_data physical address */ From patchwork Fri Feb 28 12:14:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 206505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52190C3F2D2 for ; Fri, 28 Feb 2020 12:14:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1F2542087F for ; Fri, 28 Feb 2020 12:14:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892075; bh=FoQDG3xdJuBlX9Uf6sQGSNLk3h0Lwk3nb9QI5kC4A5U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=tM5MXQJ9May634EnRxdlDRYBsrv9NxkoSjNwMY+etq5fe57Ibk/IAbXLWmKC2fmmI eOVZmkZhiO4JFbPQXSgOsYpeWTb0gq5QCv1OH8Pybf0IMz1d6UP582M5pSjiag6dSq GRYi3xKkom7tTI5DSH/87UiBsCmC5L1KGphc5DkM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726738AbgB1MOV (ORCPT ); Fri, 28 Feb 2020 07:14:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:45358 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726614AbgB1MOV (ORCPT ); Fri, 28 Feb 2020 07:14:21 -0500 Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr [109.210.65.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A510B246B6; Fri, 28 Feb 2020 12:14:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892060; bh=FoQDG3xdJuBlX9Uf6sQGSNLk3h0Lwk3nb9QI5kC4A5U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O+qoS2prwh0smdk1Ih84pqcIFbf4cmbb+oj9xxTVjc37OFQmji/GNZ+YXPRB518gJ 6HwyHNOVl8iMarvvCYVxzKRAGQzMHLzEa2vMWnVGWMOYSfN2zK1b8I1JOl+vwLYzZW ASAqKt5Ohw3metMGkew1mxt2tteRQD+qlEvwa4a8= From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, David Hildenbrand , Heinrich Schuchardt , Tom Lendacky Subject: [PATCH 3/6] efi: don't shadow i in efi_config_parse_tables() Date: Fri, 28 Feb 2020 13:14:05 +0100 Message-Id: <20200228121408.9075-4-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228121408.9075-1-ardb@kernel.org> References: <20200228121408.9075-1-ardb@kernel.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Heinrich Schuchardt Shadowing variables is generally frowned upon. Let's simply reuse the existing loop counter i instead of shadowing it. Signed-off-by: Heinrich Schuchardt Link: https://lore.kernel.org/r/20200223221324.156086-1-xypron.glpk@gmx.de Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 1e79f77d4e6c..41269a95ff85 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -554,7 +554,6 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, while (prsv) { struct linux_efi_memreserve *rsv; u8 *p; - int i; /* * Just map a full page: that is what we will get From patchwork Fri Feb 28 12:14:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 206506 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30BCDC3F2D3 for ; Fri, 28 Feb 2020 12:14:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F37132087F for ; Fri, 28 Feb 2020 12:14:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892073; bh=yTXR/aWTRf31QuLVSWpsZDTg2cGIQ6ZDOSL3SMzock8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=xa9UTONoQ8QmqWOojVQORxByHh+jV826Dpz0vADglT6JV9Yo8YmyB3nkYFvqFRcUf zDk0TtBCrhZI3e4tHrOEYQ8gqTyw7FDI275aIqS9k0HWOs1mGcnaDFD66+sBXB9F76 PzgMUdnG3yEiIYzIBh1EyGibHmv+5cTo+2QHZJE8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726867AbgB1MO3 (ORCPT ); Fri, 28 Feb 2020 07:14:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:45526 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725802AbgB1MO1 (ORCPT ); Fri, 28 Feb 2020 07:14:27 -0500 Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr [109.210.65.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5EB2A246B0; Fri, 28 Feb 2020 12:14:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582892067; bh=yTXR/aWTRf31QuLVSWpsZDTg2cGIQ6ZDOSL3SMzock8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=w07DWlvLoPCwL0fRxHx/IgzLfCPPIjb58njjlVnP5imFJV5GIi/s5SG2dtLxv+4Ia EAvM20IQCwbRDgKgIFLFJ7/BXJwGZ3n0ZUbIbHbTUA6tgzDMXZMUoYS3ONFUW9RLWg w/5pAX4gy8MS1RYnbpZY6CNt6dvRQ9R5aMoCSng8= From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, David Hildenbrand , Heinrich Schuchardt , Tom Lendacky Subject: [PATCH 6/6] efi: mark all EFI runtime services as unsupported on non-EFI boot Date: Fri, 28 Feb 2020 13:14:08 +0100 Message-Id: <20200228121408.9075-7-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228121408.9075-1-ardb@kernel.org> References: <20200228121408.9075-1-ardb@kernel.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Recent changes to the way we deal with EFI runtime services that are marked as unsupported by the firmware resulted in a regression for non-EFI boot. The problem is that all EFI runtime services are marked as available by default, and any non-NULL checks on the EFI service function pointers (which will be non-NULL even for runtime services that are unsupported on an EFI boot) were replaced with checks against the mask stored in efi.runtime_supported_mask. When doing a non-EFI boot, this check against the mask will return a false positive, given the fact that all runtime services are marked as enabled by default. Since we dropped the non-NULL check of the runtime service function pointer in favor of the mask check, we will now unconditionally dereference the function pointer, even if it is NULL, and go boom. So let's ensure that the mask reflects reality on a non-EFI boot, which is that all EFI runtime services are unsupported. Reported-by: David Hildenbrand Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 41269a95ff85..d1746a579c99 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -300,12 +300,12 @@ static int __init efisubsys_init(void) { int error; - if (!efi_enabled(EFI_BOOT)) - return 0; - if (!efi_enabled(EFI_RUNTIME_SERVICES)) efi.runtime_supported_mask = 0; + if (!efi_enabled(EFI_BOOT)) + return 0; + if (efi.runtime_supported_mask) { /* * Since we process only one efi_runtime_service() at a time, an