From patchwork Mon Dec 24 16:22:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 154467 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp4041206ljp; Mon, 24 Dec 2018 08:22:46 -0800 (PST) X-Google-Smtp-Source: AFSGD/UTJGX40Bea3qrujIDhg4I31XXWPix0ULDFYMqyPOqRhVCjmDGLm93mP4tEywwuCNCZ41rf X-Received: by 2002:a62:7892:: with SMTP id t140mr13631311pfc.237.1545668566661; Mon, 24 Dec 2018 08:22:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545668566; cv=none; d=google.com; s=arc-20160816; b=dQnb8gc7tjAsICxrc8pDMh+Z19X2pz4FTKU6q8KYderZ1KLaLOUzeAXVZ0++w2UBau THORGwRKpFA+Wvxh+ZtXJ9U369nB1xX4ilvEPmHXifahDMSN1jTtKon4KqSfM52YiAS4 qAbKIoEtTkfOnXzx/6O5y6bol91r+67d/v4o1O1K25Xz3gU0iq4bxcMZPOC5SKQ87c/M jbsHJBFw9+qSYrNzKyF0Q5mTfT3PXcfE2tYyHruv8l07x2GKN8eJgl3+lHBGFA8L327K gAVfQhJt5LWvUbJ0tyAlq017uNtbT8lKuhX6jej0WuUlhOlwyWlyIc9QoVGJKWU3Vfjp xsKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=mfotilG7twZ4h4GcOMUJ/ubvK6EzA8iYgLyaXybP/uI=; b=kjfUayqubEbr8+I5tk4zOEReEPUAI7JuQgIQVu9hXamVZvCUWK2YOaZQbLBQkfGTgd mFftZlHvFwFg3Zikued2DWhtbSyrRNCoZE0AeP+pfIp61KLnvWUToqor5h1iX3Rirr98 EF81AGukUt3tC5+0E4nDxw/m8F+FUEvA7XwURk9d0r1tZVf4tj2xXxIDHwKZKQNW0cBF sBl32k5FbFtV+yempB1S+rNOa2mvGT3yIlWAku3YQmLGFGS5eftfu7TbAQphXrjT9/5d ZfivPUb8PIEqPE9RH9VTcavDp0Qk/4RPHxGWAzINY5DuFimhI/VFhtkblTLSTKphgBW9 3Oaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ieGeGgSy; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f127si27348407pfc.69.2018.12.24.08.22.46; Mon, 24 Dec 2018 08:22:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ieGeGgSy; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725648AbeLXQWp (ORCPT + 3 others); Mon, 24 Dec 2018 11:22:45 -0500 Received: from mail-wr1-f67.google.com ([209.85.221.67]:35382 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725355AbeLXQWo (ORCPT ); Mon, 24 Dec 2018 11:22:44 -0500 Received: by mail-wr1-f67.google.com with SMTP id 96so11944273wrb.2 for ; Mon, 24 Dec 2018 08:22:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=mfotilG7twZ4h4GcOMUJ/ubvK6EzA8iYgLyaXybP/uI=; b=ieGeGgSySnia63H9UEfrhUg9AAX41txIMb68ye5oSVL0uBGz4BWHnb8Nnk4WBUWjLb rDnAblhbmOspHAGMGIoC9xh2+fkN3+K+oIpMmzJPJpUKx7yqWUzwQr4NMsjyvsq9eK4b WjPBM6owwhP8875VMiLEqFxv+9Vl5cCmvgTNY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=mfotilG7twZ4h4GcOMUJ/ubvK6EzA8iYgLyaXybP/uI=; b=ZzRDaIXePsEDJqilG4kjuT1ot+BxH7nuapSYD2hbW7Woe/uzOotVOHz08bTtFXMC6G c1U9UfvFl7YPF9kYjFJq8FLmHaRqqZxzw58KtLN8Cz5Yk6fK2q38eLeBzEhzo2pL9P7y zCIBs9z40zZrqtMCQH9txAKFtKhmL3f7S3rCE7V+UqIt/lE1+nUhYSR2zhAqJaWYEkrA 1sF25mAd8UwW5IkdJKf0JzwYnvkEo6RkbmB5W2yWQZFqZfGqYWHm0lZ7Fs8IXeGaU/n1 tVotuelKQ+DikhhFzoF8WdDTV19NoiBhaA551exaskmo22axSoa8QUYpfn12aqZu5BkM pXYA== X-Gm-Message-State: AJcUukeDO4gMpTtwb2s2mDqUQoLPLsYrXCyO7WSalGJcWIiHp5DfHdCP pO+MiKixGzyR+7n13Xlg/qMcvcMcORY= X-Received: by 2002:adf:cc91:: with SMTP id p17mr12668856wrj.118.1545668562353; Mon, 24 Dec 2018 08:22:42 -0800 (PST) Received: from localhost.localdomain (33.153.69.91.rev.sfr.net. [91.69.153.33]) by smtp.gmail.com with ESMTPSA id h2sm26074027wrv.87.2018.12.24.08.22.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Dec 2018 08:22:41 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: sai.praneeth.prakhya@intel.com, mingo@kernel.org, Ard Biesheuvel Subject: [PATCH] efi: memattr: don't bail on zero VA if it equals the region's PA Date: Mon, 24 Dec 2018 17:22:38 +0100 Message-Id: <20181224162238.5614-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The EFI memory attributes code cross-references the EFI memory map with the more granular EFI memory attributes table to ensure that they are in sync before applying the strict permissions to the regions it describes. Since we always install virtual mappings for the EFI runtime regions to which these strict permissions apply, we currently perform a sanity check on the EFI memory descriptor, and ensure that the EFI_MEMORY_RUNTIME bit is set, and that the virtual address has been assigned. However, in cases where a runtime region exists at physical address 0x0, and the virtual mapping equals the physical mapping, e.g., when running in mixed mode on x86, we encounter a memory descriptor with the runtime attribute and virtual address 0x0, and incorrectly draw the conclusion that a runtime region exists for which no virtual mapping was installed, and give up altogether. The consequence of this is that firmware mappings retain their read-write-execute permissions, making the system more vulnerable to attacks. So let's only bail if the virtual address of 0x0 has been assigned to a physical region that does not reside at address 0x0. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/memattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.17.1 diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c index 8f289dbc237c..58452fde92cc 100644 --- a/drivers/firmware/efi/memattr.c +++ b/drivers/firmware/efi/memattr.c @@ -91,7 +91,7 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out) if (!(md->attribute & EFI_MEMORY_RUNTIME)) continue; - if (md->virt_addr == 0) { + if (md->virt_addr == 0 && md->phys_addr != 0) { /* no virtual mapping has been installed by the stub */ break; }