From patchwork Sat Feb 2 09:41:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 157328 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1509829jaa; Sat, 2 Feb 2019 01:41:37 -0800 (PST) X-Google-Smtp-Source: ALg8bN71GluCc4tdes+5RboAmNPKF9iKoAvICp7fgOfbq5WNMLcWAcMnfuIWVyRg0lVkTNEfdg4u X-Received: by 2002:a17:902:f091:: with SMTP id go17mr44230664plb.235.1549100497001; Sat, 02 Feb 2019 01:41:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549100496; cv=none; d=google.com; s=arc-20160816; b=j3sUZ6qcLwybmhb/GfnxKKMROfaoc4LnJL1tQBotY0lc6Uwr7LzhgUaSVro2mcVcbi COLR73ZC0xQDWJBK1Y0cu0pXJ6oUK7GrVOq9tniFqMUt7BgSnOMQ2D64bxkAA6jhAp6K TiYsFJkcmkewIkwv574YZiBZ2NsdwF6S7gj24qqIBj0J0ZZWy7K96cZQru/cjftSpDwP 0thv6V0NiBURS4x2wjVcTVlt/9NcjvXtuQQCAV3c8PvEG4gHgKxYORjZUV+1Ss/f6Ozm Sux3Fsz5aIZD00HQfYXnq7wl6I8naJ9JtEuuE+kn6owalREOty8Q86MWlovTKA/8Q82P T3Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=bEfMhHDa9MBTeWUj0T9jDKJ2/Es/s2oL+argjHikJPY=; b=gwtX99UnnsIjwBQdZmpSMCzfu2ZkGg8YxJXXnxKNDXpTqJZiCoj5RIfOZMdiOnsyhR n8d9eZPVG/T5rqayVNwRDvl39cuqNSl3b1t5cZg7BZD2/9w3ci1eqpA1EkU6uWppZrvs JAPkRpPntVP8GGUkZMTMrXfp1+VGMNI+U73f8LZ32WZhawjxgqGuNnxePzTUBrvBpQpr 4vddWkLfeJYbm6qlLozH9c0heTLc7o/5m0dgQWDXUaFcJ3xVkoyH09ZICg9tpVPY6feb g6/LlMA04167mpI3v+u64zF15HEJBkMCZSJsSHNV6ozGDQxoZfruCU6ukSo0G/U5j8Iz Ry8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jv3prsbY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2si10149373plh.426.2019.02.02.01.41.36; Sat, 02 Feb 2019 01:41:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jv3prsbY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727539AbfBBJlf (ORCPT + 31 others); Sat, 2 Feb 2019 04:41:35 -0500 Received: from mail-ed1-f66.google.com ([209.85.208.66]:42426 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727341AbfBBJld (ORCPT ); Sat, 2 Feb 2019 04:41:33 -0500 Received: by mail-ed1-f66.google.com with SMTP id y20so7435136edw.9 for ; Sat, 02 Feb 2019 01:41:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bEfMhHDa9MBTeWUj0T9jDKJ2/Es/s2oL+argjHikJPY=; b=jv3prsbYfPGToN9VYrtVBCDnGVwI8FCguEqVr+vLr2YpkkYZHDJMVCxtU+fiLdmTpN zmvoRLA4S3QqE5tsaD9iSZh5IiG8DQu+09Or4V6zx5yVIlyDo9qkJov7pM0wG/Yw4Rc2 NdocXwjOLMUrNN6GL6G3VW1GlFlkMkZUxgxaA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bEfMhHDa9MBTeWUj0T9jDKJ2/Es/s2oL+argjHikJPY=; b=MguvFMtxzal2gH7q7avAy2PCWND/ytXmeueTZ4uR+8ye4k2qF/oRRSWhgdAA2Pd7Vc ibSBzywRS0LVdVwPd8bkLDGpuO82osvF6Bi5Yl2pbkx4vqG9HGac33TkoeVipka3IrA8 H3mpzXW/xkTL9hhfNfVGqEl0QoB2393cM9tzLS1Y6g2eSsve9Bzt2HXfLxtWNpLCk7+L RL5s14y8WJhsRxWlZsoiPROCOA7hGRSIr6JoFFvBHEgXuHggeuYdu4TSeXyNgQgTQfjO baWaVJwicSwF/7U7ywsmCpJ6qCsBtllPrt62QTeTbHp+GrTe4VDz7tbCXuZIxvkQQMG0 Pd5Q== X-Gm-Message-State: AJcUukfliDTKT4b0xAS395ve9/otMFNdoya8Ttp8kZ7t2XcDPuY9eb+F QwKj5uqc42jsDAA+jUrAXucpVA== X-Received: by 2002:a50:ba5c:: with SMTP id 28mr41749211eds.91.1549100491572; Sat, 02 Feb 2019 01:41:31 -0800 (PST) Received: from mba13.c.hoisthospitality.com ([109.236.135.164]) by smtp.gmail.com with ESMTPSA id l41sm2608824eda.83.2019.02.02.01.41.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 02 Feb 2019 01:41:30 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, AKASHI Takahiro , Alexander Graf , Bjorn Andersson , Borislav Petkov , Heinrich Schuchardt , Jeffrey Hugo , Lee Jones , Leif Lindholm , Linus Torvalds , Peter Jones , Peter Zijlstra , Sai Praneeth Prakhya Subject: [PATCH 03/10] efi: memattr: don't bail on zero VA if it equals the region's PA Date: Sat, 2 Feb 2019 10:41:12 +0100 Message-Id: <20190202094119.13230-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190202094119.13230-1-ard.biesheuvel@linaro.org> References: <20190202094119.13230-1-ard.biesheuvel@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The EFI memory attributes code cross-references the EFI memory map with the more granular EFI memory attributes table to ensure that they are in sync before applying the strict permissions to the regions it describes. Since we always install virtual mappings for the EFI runtime regions to which these strict permissions apply, we currently perform a sanity check on the EFI memory descriptor, and ensure that the EFI_MEMORY_RUNTIME bit is set, and that the virtual address has been assigned. However, in cases where a runtime region exists at physical address 0x0, and the virtual mapping equals the physical mapping, e.g., when running in mixed mode on x86, we encounter a memory descriptor with the runtime attribute and virtual address 0x0, and incorrectly draw the conclusion that a runtime region exists for which no virtual mapping was installed, and give up altogether. The consequence of this is that firmware mappings retain their read-write-execute permissions, making the system more vulnerable to attacks. So let's only bail if the virtual address of 0x0 has been assigned to a physical region that does not reside at address 0x0. Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory ...") Acked-by: Sai Praneeth Prakhya Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/memattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.17.1 diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c index 8986757eafaf..aac972b056d9 100644 --- a/drivers/firmware/efi/memattr.c +++ b/drivers/firmware/efi/memattr.c @@ -94,7 +94,7 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out) if (!(md->attribute & EFI_MEMORY_RUNTIME)) continue; - if (md->virt_addr == 0) { + if (md->virt_addr == 0 && md->phys_addr != 0) { /* no virtual mapping has been installed by the stub */ break; }