diff mbox

[2/2] arm*: efi: drop writable mapping of the UEFI System table

Message ID CAKv+Gu8+pYR_jxjcVeXgekVqD_BugtRLgNNhOkvhuaEpddbHRg@mail.gmail.com
State New
Headers show

Commit Message

Ard Biesheuvel March 22, 2016, 3:08 p.m. UTC 
On 26 February 2016 at 16:01, Matt Fleming <matt@codeblueprint.co.uk> wrote:
> On Fri, 26 Feb, at 03:20:35PM, Ard Biesheuvel wrote:

>> Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings")

>> updated the early ARM UEFI init code to create the temporary, early

>> mapping of the UEFI System table using read-only attributes, as a

>> hardening measure against inadvertent modification.

>>

>> However, this still leaves the permanent, writable mapping of the UEFI

>> System table, which is only ever referenced during invocations of UEFI

>> Runtime Services, at which time the UEFI virtual mapping is available,

>> which also covers the system table. (This is guaranteed by the fact that

>> SetVirtualAddressMap(), which is a runtime service itself, converts

>> various entries in the table to their virtual equivalents, which implies

>> that the table must be covered by a RuntimeServicesData region that has

>> the EFI_MEMORY_RUNTIME attribute.)

>>

>> So instead of creating this permanent mapping, record the virtual address

>> of the system table inside the UEFI virtual mapping, and dereference that

>> when accessing the table. This protects the contents of the system table

>> from inadvertent (or deliberate) modification when no UEFI Runtime

>> Services calls are in progress.

>>

>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>> ---

>>  drivers/firmware/efi/arm-init.c    |  2 ++

>>  drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++-----------

>>  2 files changed, 18 insertions(+), 11 deletions(-)

>

> Looks like a nice cleanup. Applied.


This patch causes a warning I hadn't spotted before sending it out.
Could you fold this in please?


Thanks,
Ard.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Comments

Ard Biesheuvel March 23, 2016, 10:11 p.m. UTC | #1 
On 23 March 2016 at 17:16, Matt Fleming <matt@codeblueprint.co.uk> wrote:
> On Tue, 22 Mar, at 04:08:24PM, Ard Biesheuvel wrote:

>>

>> This patch causes a warning I hadn't spotted before sending it out.

>> Could you fold this in please?

>>

>> diff --git a/drivers/firmware/efi/arm-runtime.c

>> b/drivers/firmware/efi/arm-runtime.c

>> index 6c97d4884fc7..fe749da9997e 100644

>> --- a/drivers/firmware/efi/arm-runtime.c

>> +++ b/drivers/firmware/efi/arm-runtime.c

>> @@ -72,8 +72,8 @@ static bool __init efi_virtmap_init(void)

>>                  */

>>                 if (efi_system_table >= phys &&

>>                     efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) {

>> -                       efi.systab = (void *)(efi_system_table - phys +

>> -                                             md->virt_addr);

>> +                       efi.systab = (void *)(unsigned long)(efi_system_table -

>> +                                                         phys + md->virt_addr);

>>                         systab_found = true;

>>                 }

>>         }

>

> Done, please check,

>

>   https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=next&id=4fd5c619dcf4f3d2c86d4a686ce66fc01e877a08


Looks good to me, thanks.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
diff mbox

Patch

diff --git a/drivers/firmware/efi/arm-runtime.c
b/drivers/firmware/efi/arm-runtime.c
index 6c97d4884fc7..fe749da9997e 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -72,8 +72,8 @@  static bool __init efi_virtmap_init(void)
                 */
                if (efi_system_table >= phys &&
                    efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) {
-                       efi.systab = (void *)(efi_system_table - phys +
-                                             md->virt_addr);
+                       efi.systab = (void *)(unsigned long)(efi_system_table -
+                                                         phys + md->virt_addr);
                        systab_found = true;
                }
        }