From patchwork Tue Dec 11 09:00:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 153405 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp380102ljp; Tue, 11 Dec 2018 01:00:54 -0800 (PST) X-Google-Smtp-Source: AFSGD/WDbPoO4mTS/uFTLxaDXl1giZc1DbVypZOy6ceZ2uIqgVKeoTMStbRNn2IRaFvuS2G94wdr X-Received: by 2002:aa7:d8d3:: with SMTP id k19mr14343418eds.64.1544518854575; Tue, 11 Dec 2018 01:00:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544518854; cv=none; d=google.com; s=arc-20160816; b=bqhxImQX8t2hiCDYgzzbOSEtMcOgu1MytW0mpVgrsaHtp6s7RQutrRum4gvbltVuDa cmMQf+nkPVZEYK3no6AO1v2fv4OxsHWXNac7Wfh5Z6ZiqibqCuQ3Obl+bDPnTfEsLNC7 0kCGy6ozvvXgGphlCusej7Msz8d8NiEPZl2Cdr3zbspMFTVsoSPXKPlHD4PLLv41rmvZ 6cojnDbTeaByU7phpaM+0/gQSECmhleyaLcCNVKWJTSyC+K/0T88iV1zowpE385W94tR vdfO3QpOuAMA5bu8H4SQt1DW6v9FT17BccNUu4zuicf02Yl9HZgW1cQrSYSVw77QO1b7 Ks0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from; bh=Bq6nOB1NRg9af18qPShP6+qC1DBlJbu6CHYt7kqud74=; b=cimptymhufckQtv49wzGFTLMxUDazN3kaCY8pN/dVHOO638x4j4d+Cek6fQkQHmQx5 zwudK6uigMTvq2AL+YHiyl+y/s8lIsS4qFdcO7a+9EFzUnGR4KMHAB4Fo4wvWHnXyHnj 3Qv3E95pPspdZn1RosRDqXk74Xh4O0DggePTuSb44c8rkvpNbx78ij1TCk7mPhK8Htgr OYYeECQDFNZmA3aP/TKM9YpNg0NlX1oNX0JXpbjsNqwV4GyNFemkWvE9Yk84HSwPzmdV Oh8ACwff4gm7gG9vs48t7HRrDxGei9jtjsHz5dy8SpPi1WmhELpUeq6hZIx5k3MfR0Me T3cw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id o3si1479867edd.368.2018.12.11.01.00.53; Tue, 11 Dec 2018 01:00:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id 95948C224A4; Tue, 11 Dec 2018 09:00:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 0C215C22126; Tue, 11 Dec 2018 09:00:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 1F7ADC22126; Tue, 11 Dec 2018 09:00:48 +0000 (UTC) Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by lists.denx.de (Postfix) with ESMTPS id BAEF3C21FD0 for ; Tue, 11 Dec 2018 09:00:47 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 25C44AF4B; Tue, 11 Dec 2018 09:00:47 +0000 (UTC) From: Alexander Graf To: u-boot@lists.denx.de Date: Tue, 11 Dec 2018 10:00:42 +0100 Message-Id: <20181211090042.89935-1-agraf@suse.de> X-Mailer: git-send-email 2.12.3 Cc: Heinrich Schuchardt , Guillaume GARDET , Loic Devulder Subject: [U-Boot] [PATCH v2] efi_loader: Make RTS relocation more robust X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" While changing the RTS alignment to 64KB in commit 7a82c3051c8f ("efi_loader: Align runtime section to 64kb") the relocation code started to break. The reason for that is that we didn't actually look at the real relocation data. We merely took the RUNTIME_CODE section as a hint and started to relocate based on self calculated data from that point on. That calculation was now out of sync though. To ensure we're not running into such a situation again, this patch makes the runtime relocation code a bit more robust. We can just trust the phys/virt hints from the payload. We also should check that we really only have a single section, as the code doesn't handle multiple code relocations yet. Fixes: 7a82c3051c8f ("efi_loader: Align runtime section to 64kb") Reported-by: Heinrich Schuchardt Reported-by: Loic Devulder Signed-off-by: Alexander Graf Reviewed-by: Heinrich Schuchardt Tested-by: Loic Devulder Tested-by: Jonathan Gray --- v1 -> v2: - Add more verbose comment explaining why we have the sanity check. --- lib/efi_loader/efi_runtime.c | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c index 95844efdb0..fff93f0960 100644 --- a/lib/efi_loader/efi_runtime.c +++ b/lib/efi_loader/efi_runtime.c @@ -436,14 +436,42 @@ static efi_status_t EFIAPI efi_set_virtual_address_map( uint32_t descriptor_version, struct efi_mem_desc *virtmap) { - ulong runtime_start = (ulong)&__efi_runtime_start & - ~(ulong)EFI_PAGE_MASK; int n = memory_map_size / descriptor_size; int i; + int rt_code_sections = 0; EFI_ENTRY("%lx %lx %x %p", memory_map_size, descriptor_size, descriptor_version, virtmap); + /* + * TODO: + * Further down we are cheating. While really we should implement + * SetVirtualAddressMap() events and ConvertPointer() to allow + * dynamically loaded drivers to expose runtime services, we don't + * today. + * + * So let's ensure we see exactly one single runtime section, as + * that is the built-in one. If we see more (or less), someone must + * have tried adding or removing to that which we don't support yet. + * In that case, let's better fail rather than expose broken runtime + * services. + */ + for (i = 0; i < n; i++) { + struct efi_mem_desc *map = (void*)virtmap + + (descriptor_size * i); + + if (map->type == EFI_RUNTIME_SERVICES_CODE) + rt_code_sections++; + } + + if (rt_code_sections != 1) { + /* + * We expose exactly one single runtime code section, so + * something is definitely going wrong. + */ + return EFI_EXIT(EFI_INVALID_PARAMETER); + } + /* Rebind mmio pointers */ for (i = 0; i < n; i++) { struct efi_mem_desc *map = (void*)virtmap + @@ -483,7 +511,7 @@ static efi_status_t EFIAPI efi_set_virtual_address_map( map = (void*)virtmap + (descriptor_size * i); if (map->type == EFI_RUNTIME_SERVICES_CODE) { ulong new_offset = map->virtual_start - - (runtime_start - gd->relocaddr); + map->physical_start + gd->relocaddr; efi_runtime_relocate(new_offset, map); /* Once we're virtual, we can no longer handle