From patchwork Thu Jan 25 10:31:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 125781 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp1016475ljf; Thu, 25 Jan 2018 02:31:45 -0800 (PST) X-Google-Smtp-Source: AH8x227UKCmB2652yBdj2TXJPuXMrQPrcmH0Knz3cSt3spa3tXhE8uViogiljId3R0JrpXXXIZJy X-Received: by 2002:a17:902:901:: with SMTP id 1-v6mr4933147plm.165.1516876305499; Thu, 25 Jan 2018 02:31:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516876305; cv=none; d=google.com; s=arc-20160816; b=jtNykKRwY4PgmssKD5DTSrfOPj1erJrk77PlIEFEMLykikZxQUhJZqgw4RTB2cmvLz J1ic2eRy/xJXR3MBBaHqZ08VT8Z/nWYXD86JHHk57QnU552pNscBn34z/f5IMwJG9VA2 YNsose3Yu2k+eVLHgW96oNpM4V5cASHWi4s8KAV0UdWRpcau6VT8UutB6kHnLOvgAWP4 /iiBE8ylyrRQ0E5bnexmQuB66C27vBdAO1exExF1AUWssFC3JjCaaF2cB3ZKLh1I05DV Mn6cU3DKXZTUtaA7/Xj7X5KE48rmbn7GXWJpol0JZ3aV4j34lAdB2V3dh5bEo4223nbb NC0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Xe5JmMmDwwUr5T0FCZ/VUEhhBYMAFbvH+yWUfjWsPb0=; b=duORBymbDRZ1QVFSwZiP77Ax+6WhuVNopdWDmnMDT9kQJG/NM1wnJFZ2CCX4DW6jlO Sd0Tq4oTTuKsDemAGc31+shZr2Wpol7e6BWmQohXb8ujxGspRX+wzXuWt+yK4uhHthEi dxkEIfkbP/2lsgG2OWFcVMfqregnH99862xVEHmBgK8L25H+2VJxFdWg93QfXe3QRv1B JPZbkxoOQHtbjqVPgbaf8UfoCTrRrdkXi9RC0i7Y+BmPSth0Z8cyOS/1gnRXqYaoBtQ1 OPN2k101MVlup6rHPPxHGh5Ivv3yJ/9KizjEogUOeJZIT2fd9cP3z2nc5oKurmFobtQQ IIKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hmpUCbzy; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q7si4419852pfh.74.2018.01.25.02.31.45; Thu, 25 Jan 2018 02:31:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hmpUCbzy; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751155AbeAYKbp (ORCPT + 2 others); Thu, 25 Jan 2018 05:31:45 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:38381 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750937AbeAYKbo (ORCPT ); Thu, 25 Jan 2018 05:31:44 -0500 Received: by mail-wm0-f65.google.com with SMTP id 141so13874107wme.3 for ; Thu, 25 Jan 2018 02:31:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ENyilZee9iaBr2WP0Stghq26HbxwLHoZXiP079Ty8WI=; b=hmpUCbzykVcTdH+JbOomigdSptumbmLN0we8ap5xI3OXqnufBzvTxjt2xxnIYbJkoe sBiNW488gzGspC3PMhJMRmpXSFrB7oBxLrzzziWCX/VIgQn/QuxcTPSjQTB2MS1/VB/D +CtT6oTTu6CZmftoxcY29NNm9GVMhIzFFM1jg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ENyilZee9iaBr2WP0Stghq26HbxwLHoZXiP079Ty8WI=; b=ZWnFwCcfPJbV3k5L/h8Fz/nJjlDAu3ZP2E7YtHzYWa2/70DVI2VqJGdYOVk6y3Stf6 oUmbz24SaZEY6tRRQPYsefDjY2b0QHSLR5Vz5bV6/Qf44slQstZvx/8S2LQSTIBj9u7P aUKdcSTqSJCViPIkk9bsjLAakDtLLou1MlOboAo3obmgV2Fhoeu3xGWPhmnC3dAQgFPb JgE7kaktO3/EVSrImmbSBG40OOjqcIHDF6rxWx9e6wjhcIGEXkQdLnc+LGSGrx/fL4Dl 1Rux9UG8lFA2i+Pry0mZjDsONxjG44RbpmjCvykGVY3nwqyf3QnrX02Ayh3kf1L8uH+7 vSHw== X-Gm-Message-State: AKwxytcO7sndglEzp58/cU8GXBlbAc6FyiFYiSBUR7gRJg4weCkPbfdG KpP+DV8I0jIGISBfy/7j/IpegwAFavc= X-Received: by 10.28.11.70 with SMTP id 67mr6552705wml.158.1516876302449; Thu, 25 Jan 2018 02:31:42 -0800 (PST) Received: from localhost.localdomain ([160.167.127.168]) by smtp.gmail.com with ESMTPSA id j77sm1199964wmf.37.2018.01.25.02.31.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2018 02:31:41 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, will.deacon@arm.com, catalin.marinas@arm.com, mark.rutland@arm.com, marc.zyngier@arm.com Cc: joakim.bech@linaro.org, leif.lindholm@linaro.org, graeme.gregory@linaro.org, Ard Biesheuvel Subject: [PATCH 1/4] efi: arm64: Check whether x18 is preserved by runtime services calls Date: Thu, 25 Jan 2018 10:31:28 +0000 Message-Id: <20180125103131.19168-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180125103131.19168-1-ard.biesheuvel@linaro.org> References: <20180125103131.19168-1-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Whether or not we will ever decide to start using x18 as a platform register in Linux is uncertain, but by that time, we will need to ensure that UEFI runtime services calls don't corrupt it. So let's start issuing warnings now for this, and increase the likelihood that these firmware images have all been replaced by that time. This has been fixed on the EDK2 side in commit 6d73863b5464 ("BaseTools/tools_def AARCH64: mark register x18 as reserved")., dated July 13, 2017. Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/efi.h | 4 +- arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/efi-rt-wrapper.S | 41 ++++++++++++++++++++ arch/arm64/kernel/efi.c | 6 +++ 4 files changed, 52 insertions(+), 2 deletions(-) -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Acked-by: Will Deacon diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h index 8389050328bb..192d791f1103 100644 --- a/arch/arm64/include/asm/efi.h +++ b/arch/arm64/include/asm/efi.h @@ -31,7 +31,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); ({ \ efi_##f##_t *__f; \ __f = p->f; \ - __f(args); \ + __efi_rt_asm_wrapper(__f, #f, args); \ }) #define arch_efi_call_virt_teardown() \ @@ -40,6 +40,8 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); efi_virtmap_unload(); \ }) +efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...); + #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT) /* arch specific definitions used by the stub code */ diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index b87541360f43..6a4bd80c75bd 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -38,7 +38,8 @@ arm64-obj-$(CONFIG_CPU_PM) += sleep.o suspend.o arm64-obj-$(CONFIG_CPU_IDLE) += cpuidle.o arm64-obj-$(CONFIG_JUMP_LABEL) += jump_label.o arm64-obj-$(CONFIG_KGDB) += kgdb.o -arm64-obj-$(CONFIG_EFI) += efi.o efi-entry.stub.o +arm64-obj-$(CONFIG_EFI) += efi.o efi-entry.stub.o \ + efi-rt-wrapper.o arm64-obj-$(CONFIG_PCI) += pci.o arm64-obj-$(CONFIG_ARMV8_DEPRECATED) += armv8_deprecated.o arm64-obj-$(CONFIG_ACPI) += acpi.o diff --git a/arch/arm64/kernel/efi-rt-wrapper.S b/arch/arm64/kernel/efi-rt-wrapper.S new file mode 100644 index 000000000000..05235ebb336d --- /dev/null +++ b/arch/arm64/kernel/efi-rt-wrapper.S @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2018 Linaro Ltd + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +ENTRY(__efi_rt_asm_wrapper) + stp x29, x30, [sp, #-32]! + mov x29, sp + + /* + * Register x18 is designated as the 'platform' register by the AAPCS, + * which means firmware running at the same exception level as the OS + * (such as UEFI) should never touch it. + */ + stp x1, x18, [sp, #16] + + /* + * We are lucky enough that no EFI runtime services take more than + * 5 arguments, so all are passed in registers rather than via the + * stack. + */ + mov x8, x0 + mov x0, x2 + mov x1, x3 + mov x2, x4 + mov x3, x5 + mov x4, x6 + blr x8 + + ldp x1, x2, [sp, #16] + cmp x2, x18 + ldp x29, x30, [sp], #32 + b.ne 0f + ret +0: b efi_handle_corrupted_x18 // tail call +ENDPROC(__efi_rt_asm_wrapper) diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c index 82cd07592519..af4f943cffac 100644 --- a/arch/arm64/kernel/efi.c +++ b/arch/arm64/kernel/efi.c @@ -124,3 +124,9 @@ bool efi_poweroff_required(void) { return efi_enabled(EFI_RUNTIME_SERVICES); } + +asmlinkage efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f) +{ + pr_err_ratelimited(FW_BUG "register x18 corrupted by EFI %s\n", f); + return s; +}