From patchwork Fri Sep 25 22:02:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Fleming X-Patchwork-Id: 54180 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com [209.85.212.198]) by patches.linaro.org (Postfix) with ESMTPS id D7053218DB for ; Fri, 25 Sep 2015 22:02:52 +0000 (UTC) Received: by wicuu12 with SMTP id uu12sf14219432wic.2 for ; Fri, 25 Sep 2015 15:02:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=sjFUVhWaWBUMubKcMhX6uCwQ9H7M4M2waJssgu9miDc=; b=eq0+72amQGM3gNSZSYLkvLYHRapM0pkW35jAsDgUsn+XAPh3UB/aiFlEuSAX92C+ES 7kKLlssxf4fT8iUcVOB7nSJq8DfWC9dWGoxqmEwMP971NqUR6ClGSVb+KkX4ZNluiFvX 7srwKS+Iztzrq5kKQveQXyid6tLwlWgnHum7T6nKhlvvmtxqMBIAjQgh5gKaWpaYRkMl C59mOjVhdEqtW68RLVKtu04kH/Lx7auBTsZTfBxwocdjwkFrBSPDB+G5KGx1rfjVKmCU GxVqHqNnCrAYtkYm/HjiTqrhpKgx4G/ZDuctzmZHK6KCsY+APl2BjdXWzHuviqtpJ1eT N3mw== X-Gm-Message-State: ALoCoQnSvFsbcncOSzGBkm6L1pVRA06nFW44fpaM12ZSXGZfECZd6l6I/SPazHNVm6CYLgSLa0Nc X-Received: by 10.152.21.42 with SMTP id s10mr1299441lae.9.1443218572122; Fri, 25 Sep 2015 15:02:52 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.25.16.210 with SMTP id 79ls273378lfq.12.gmail; Fri, 25 Sep 2015 15:02:51 -0700 (PDT) X-Received: by 10.25.144.18 with SMTP id s18mr1486483lfd.47.1443218571820; Fri, 25 Sep 2015 15:02:51 -0700 (PDT) Received: from mail-la0-f53.google.com (mail-la0-f53.google.com. [209.85.215.53]) by mx.google.com with ESMTPS id k1si2564683lbd.96.2015.09.25.15.02.51 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Sep 2015 15:02:51 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.53 as permitted sender) client-ip=209.85.215.53; Received: by lacdq2 with SMTP id dq2so57027136lac.1 for ; Fri, 25 Sep 2015 15:02:51 -0700 (PDT) X-Received: by 10.152.21.196 with SMTP id x4mr2342503lae.86.1443218571661; Fri, 25 Sep 2015 15:02:51 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.59.35 with SMTP id w3csp285506lbq; Fri, 25 Sep 2015 15:02:50 -0700 (PDT) X-Received: by 10.67.6.164 with SMTP id cv4mr10269168pad.59.1443218570378; Fri, 25 Sep 2015 15:02:50 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id qx10si8280615pab.241.2015.09.25.15.02.50; Fri, 25 Sep 2015 15:02:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754771AbbIYWCs (ORCPT + 30 others); Fri, 25 Sep 2015 18:02:48 -0400 Received: from mail-wi0-f172.google.com ([209.85.212.172]:36219 "EHLO mail-wi0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751156AbbIYWC2 (ORCPT ); Fri, 25 Sep 2015 18:02:28 -0400 Received: by wicgb1 with SMTP id gb1so37544772wic.1 for ; Fri, 25 Sep 2015 15:02:26 -0700 (PDT) X-Received: by 10.180.19.68 with SMTP id c4mr5928333wie.50.1443218546708; Fri, 25 Sep 2015 15:02:26 -0700 (PDT) Received: from localhost ([90.203.240.153]) by smtp.gmail.com with ESMTPSA id fv13sm5234722wic.7.2015.09.25.15.02.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Sep 2015 15:02:26 -0700 (PDT) From: Matt Fleming To: Ingo Molnar , Thomas Gleixner , "H. Peter Anvin" Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Leif Lindholm , Catalin Marinas , Will Deacon , , Matt Fleming , Mark Rutland , Mark Salter Subject: [PATCH 2/2] arm64/efi: Don't pad between EFI_MEMORY_RUNTIME regions Date: Fri, 25 Sep 2015 23:02:19 +0100 Message-Id: <1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1443218539-7610-1-git-send-email-matt@codeblueprint.co.uk> References: <1443218539-7610-1-git-send-email-matt@codeblueprint.co.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: matt@codeblueprint.co.uk X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.53 as permitted sender) smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Ard Biesheuvel The new Properties Table feature introduced in UEFIv2.5 may split memory regions that cover PE/COFF memory images into separate code and data regions. Since these regions only differ in the type (runtime code vs runtime data) and the permission bits, but not in the memory type attributes (UC/WC/WT/WB), the spec does not require them to be aligned to 64 KB. Since the relative offset of PE/COFF .text and .data segments cannot be changed on the fly, this means that we can no longer pad out those regions to be mappable using 64 KB pages. Unfortunately, there is no annotation in the UEFI memory map that identifies data regions that were split off from a code region, so we must apply this logic to all adjacent runtime regions whose attributes only differ in the permission bits. So instead of rounding each memory region to 64 KB alignment at both ends, only round down regions that are not directly preceded by another runtime region with the same type attributes. Since the UEFI spec does not mandate that the memory map be sorted, this means we also need to sort it first. Note that this change will result in all EFI_MEMORY_RUNTIME regions whose start addresses are not aligned to the OS page size to be mapped with executable permissions (i.e., on kernels compiled with 64 KB pages). However, since these mappings are only active during the time that UEFI Runtime Services are being invoked, the window for abuse is rather small. Signed-off-by: Ard Biesheuvel Tested-by: Mark Salter Reviewed-by: Mark Salter Cc: Leif Lindholm Reviewed-by: Mark Rutland Tested-by: Mark Rutland [UEFI 2.4 only] Cc: Catalin Marinas Cc: Will Deacon Cc: # v4.0+ Signed-off-by: Matt Fleming --- arch/arm64/kernel/efi.c | 3 +- drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++++------ 2 files changed, 75 insertions(+), 16 deletions(-) diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c index e8ca6eaedd02..13671a9cf016 100644 --- a/arch/arm64/kernel/efi.c +++ b/arch/arm64/kernel/efi.c @@ -258,7 +258,8 @@ static bool __init efi_virtmap_init(void) */ if (!is_normal_ram(md)) prot = __pgprot(PROT_DEVICE_nGnRE); - else if (md->type == EFI_RUNTIME_SERVICES_CODE) + else if (md->type == EFI_RUNTIME_SERVICES_CODE || + !PAGE_ALIGNED(md->phys_addr)) prot = PAGE_KERNEL_EXEC; else prot = PAGE_KERNEL; diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index e29560e6b40b..950c87f5d279 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -13,6 +13,7 @@ */ #include +#include #include #include "efistub.h" @@ -305,6 +306,44 @@ fail: */ #define EFI_RT_VIRTUAL_BASE 0x40000000 +static int cmp_mem_desc(const void *l, const void *r) +{ + const efi_memory_desc_t *left = l, *right = r; + + return (left->phys_addr > right->phys_addr) ? 1 : -1; +} + +/* + * Returns whether region @left ends exactly where region @right starts, + * or false if either argument is NULL. + */ +static bool regions_are_adjacent(efi_memory_desc_t *left, + efi_memory_desc_t *right) +{ + u64 left_end; + + if (left == NULL || right == NULL) + return false; + + left_end = left->phys_addr + left->num_pages * EFI_PAGE_SIZE; + + return left_end == right->phys_addr; +} + +/* + * Returns whether region @left and region @right have compatible memory type + * mapping attributes, and are both EFI_MEMORY_RUNTIME regions. + */ +static bool regions_have_compatible_memory_type_attrs(efi_memory_desc_t *left, + efi_memory_desc_t *right) +{ + static const u64 mem_type_mask = EFI_MEMORY_WB | EFI_MEMORY_WT | + EFI_MEMORY_WC | EFI_MEMORY_UC | + EFI_MEMORY_RUNTIME; + + return ((left->attribute ^ right->attribute) & mem_type_mask) == 0; +} + /* * efi_get_virtmap() - create a virtual mapping for the EFI memory map * @@ -317,33 +356,52 @@ void efi_get_virtmap(efi_memory_desc_t *memory_map, unsigned long map_size, int *count) { u64 efi_virt_base = EFI_RT_VIRTUAL_BASE; - efi_memory_desc_t *out = runtime_map; + efi_memory_desc_t *in, *prev = NULL, *out = runtime_map; int l; - for (l = 0; l < map_size; l += desc_size) { - efi_memory_desc_t *in = (void *)memory_map + l; + /* + * To work around potential issues with the Properties Table feature + * introduced in UEFI 2.5, which may split PE/COFF executable images + * in memory into several RuntimeServicesCode and RuntimeServicesData + * regions, we need to preserve the relative offsets between adjacent + * EFI_MEMORY_RUNTIME regions with the same memory type attributes. + * The easiest way to find adjacent regions is to sort the memory map + * before traversing it. + */ + sort(memory_map, map_size / desc_size, desc_size, cmp_mem_desc, NULL); + + for (l = 0; l < map_size; l += desc_size, prev = in) { u64 paddr, size; + in = (void *)memory_map + l; if (!(in->attribute & EFI_MEMORY_RUNTIME)) continue; + paddr = in->phys_addr; + size = in->num_pages * EFI_PAGE_SIZE; + /* * Make the mapping compatible with 64k pages: this allows * a 4k page size kernel to kexec a 64k page size kernel and * vice versa. */ - paddr = round_down(in->phys_addr, SZ_64K); - size = round_up(in->num_pages * EFI_PAGE_SIZE + - in->phys_addr - paddr, SZ_64K); - - /* - * Avoid wasting memory on PTEs by choosing a virtual base that - * is compatible with section mappings if this region has the - * appropriate size and physical alignment. (Sections are 2 MB - * on 4k granule kernels) - */ - if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M) - efi_virt_base = round_up(efi_virt_base, SZ_2M); + if (!regions_are_adjacent(prev, in) || + !regions_have_compatible_memory_type_attrs(prev, in)) { + + paddr = round_down(in->phys_addr, SZ_64K); + size += in->phys_addr - paddr; + + /* + * Avoid wasting memory on PTEs by choosing a virtual + * base that is compatible with section mappings if this + * region has the appropriate size and physical + * alignment. (Sections are 2 MB on 4k granule kernels) + */ + if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M) + efi_virt_base = round_up(efi_virt_base, SZ_2M); + else + efi_virt_base = round_up(efi_virt_base, SZ_64K); + } in->virt_addr = efi_virt_base + in->phys_addr - paddr; efi_virt_base += size;