From patchwork Fri Dec 24 08:08:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 527721 Delivered-To: patch@linaro.org Received: by 2002:ac0:b243:0:0:0:0:0 with SMTP id s3csp28974imc; Fri, 24 Dec 2021 00:09:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJypRLj7I8XP9a6Cog5Q7h7eRfQPx/FObZFudOFMH5tXMyvExug4GStagXWWg0kL9SMLiJ7m X-Received: by 2002:a17:907:62a1:: with SMTP id nd33mr4480641ejc.578.1640333340923; Fri, 24 Dec 2021 00:09:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1640333340; cv=none; d=google.com; s=arc-20160816; b=eich6ru+EUuJzt7PmduvXwG80qaJTuht+7AjUkcrpTjhVqB4rV7UNGRJCQkdz6Jbcv SUJs5vIvqx9rNTwu9WtHifxX1ucc4TZWCCc4TMzCXtsBmh1kpCx+Ww9A0Xnco992gq/E Dhf0EBy4YeJQagBPxIlMrFgDXSp1tQwDtDRXgY+CB3Z6fIa/icGu28axCtOm9gBLW8TX S+uwHsXWajiQs0S52UIWM0NeCyp+orHb2O0AaGXR+OpbFlxcjNG473TlTk6vJkwU6v1h XB8X5sJNdoi3g/V0dMWzYl58WFzxEI7l5+eNkXeo3Xff0t3LRZ/uY52Z89eD4F/jw4qg X0Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=GPVPXaaZoBVJl0V1/e30U1ID71yNnSGbOTPFnWZtR2A=; b=nr8SIQXLsXdTeVlwpPtinkN0/LD4QKrCbKRjyMMP3teS13ZoqLoIekYuqNEpDjal19 NcvU6eo0BnSgKIKSq2707Dt+XZbZ33XYzGp1t/sISerIhop/sE1ZjDPnqg+uGzzlYXvI ijnpJVGK/EWXqhX9Kb1N3TM/OQMLlSdGA9YE8VMuushkyC+wCtg29xEohw+oAmW4d7w/ RRkxrtzuaiTbXtwVWvpv/lCjm364uatXrfJefGRWFmIvX9fzToq7hgUnUxZvMz2Xq/1V Pb4M5uMgodBuSxPGwpImBbrPIoJ7uhY+hAo6qglPmxK5qElSdOhp9Xqo0Si4+Ut8NF0X arIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gd0+h7EM; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ji3si3670222ejc.138.2021.12.24.00.09.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Dec 2021 00:09:00 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gd0+h7EM; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5775E83709; Fri, 24 Dec 2021 09:08:57 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="gd0+h7EM"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CDD5883691; Fri, 24 Dec 2021 09:08:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7C27783691 for ; Fri, 24 Dec 2021 09:08:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x32f.google.com with SMTP id j140-20020a1c2392000000b003399ae48f58so6916281wmj.5 for ; Fri, 24 Dec 2021 00:08:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GPVPXaaZoBVJl0V1/e30U1ID71yNnSGbOTPFnWZtR2A=; b=gd0+h7EM8SJ7HN+m3jITqSBN3/gOJJDvTOnHJncRvbbcJzzLkRS+zFP/7sX7uX63zT Mf0KLkK1H2Vh9dOja+VpiStmQSv4nG+YWZXa5bbu952YLJrhD7d/Nf0h9th06SXjFRZb T52PdmguKP9btDSc7Cqjf1/uv3IosYn9c22/mcj+dty+eeLR84183qXZpzZz1rQlrK3C bbogI59Xu68xxSNIYtGCy+mPZ6l3/rqHSAeZ+wMSoB5RCU/ssVB99OI15klCSrvYyK9n 59sbTrJGIWMrJUeVobM9BoXjp8hGA10HWjNjd1xDEqfIQ/KeOHlbcai/K2HP1XylFrX3 BLSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GPVPXaaZoBVJl0V1/e30U1ID71yNnSGbOTPFnWZtR2A=; b=ffbAl/XKsrgKET6sb6ewVlxUvfsKiJWt7WJUUqCu1PO3BrxNLaj+j8Uv3K1fQ1hcrS I+TTXhkE6v7yMJG1gixV/yp9fPPKl5Dv5Aqr98ALhWoZKUo2NCi65/BNmdKBDtAwLmR+ 9Suzg8i7On1f0IWiA1NqrCmcr2zHLuDrphrJR3CRSmcjzGadcJJfSWT/oeOJkSVnzpWh Bi0zzKXUUxXQ3g2WVBw5q0zAweSFC33Fc0hfcqsOinNemwtE2YIzA75Q16GhWWcaNO4A XDI6gTf14+4tpcDC9rPCo4mDqGnX6K6i22iZe26Yl4+5tB7Dz2jR1rQiubZb7sqniEJt IMuA== X-Gm-Message-State: AOAM532txri4++jKNJYRR2pqMYK13CL7xx8YruNmwU7vvDhFNRtcAh4T ufR5urhs5DWFsfgLmu+RKnjvGA== X-Received: by 2002:a7b:c118:: with SMTP id w24mr2827454wmi.22.1640333330989; Fri, 24 Dec 2021 00:08:50 -0800 (PST) Received: from hades.. ([2a02:587:46a6:e776:230:64ff:fe3b:505d]) by smtp.gmail.com with ESMTPSA id u3sm9235984wrs.0.2021.12.24.00.08.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Dec 2021 00:08:50 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Ilias Apalodimas , Ying-Chun Liu , Jens Wiklander , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH v2] efi_loader: Don't limit the StMM buffer size explicitly Date: Fri, 24 Dec 2021 10:08:41 +0200 Message-Id: <20211224080841.98906-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.38 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas Currently we allow and explicitly check a single shared page with StandAloneMM. This is dictated by OP-TEE which runs the application. However there's no way for us dynamically discover the number of pages we are allowed to use. Since writing big EFI signature list variable requires more than a page, OP-TEE has bumped the number of shared pages to four. Let's remove our explicit check and allow the request to reach OP-TEE even if it's bigger than what it supports. There's no need to sanitize the number of pages internally. OP-TEE will fail if we try to write more than it's allowed. The error will just trigger later on, during the StMM access. While at it add an error message to help users figure out what failed. Signed-off-by: Ilias Apalodimas Tested-by: Ying-Chun Liu (PaulLiu) Signed-off-by: Ilias Apalodimas --- Changes since v1: (was "Bump the number of shared pages with StandAloneMM") - Remove the check entirely and rely on tee trigeering the error include/tee.h | 1 + lib/efi_loader/efi_variable_tee.c | 21 ++++++++++----------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/tee.h b/include/tee.h index 44e9cd4321bc..087810bd12e4 100644 --- a/include/tee.h +++ b/include/tee.h @@ -39,6 +39,7 @@ #define TEE_SUCCESS 0x00000000 #define TEE_ERROR_STORAGE_NOT_AVAILABLE 0xf0100003 #define TEE_ERROR_GENERIC 0xffff0000 +#define TEE_ERROR_EXCESS_DATA 0xffff0004 #define TEE_ERROR_BAD_PARAMETERS 0xffff0006 #define TEE_ERROR_ITEM_NOT_FOUND 0xffff0008 #define TEE_ERROR_NOT_IMPLEMENTED 0xffff0009 diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c index 281f886124af..b2d1513bea5d 100644 --- a/lib/efi_loader/efi_variable_tee.c +++ b/lib/efi_loader/efi_variable_tee.c @@ -15,7 +15,6 @@ #include #include -#define OPTEE_PAGE_SIZE BIT(12) extern struct efi_var_file __efi_runtime_data *efi_var_buf; static efi_uintn_t max_buffer_size; /* comm + var + func + data */ static efi_uintn_t max_payload_size; /* func + data */ @@ -113,9 +112,18 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize) rc = tee_invoke_func(conn.tee, &arg, 2, param); tee_shm_free(shm); + /* + * Although the max payload is configurable on StMM, we only share + * four pages from OP-TEE for the non-secure buffer used to communicate + * with StMM. OP-TEE will reject anything bigger than that and will + * return. So le'ts at least warn users + */ tee_close_session(conn.tee, conn.session); - if (rc || arg.ret != TEE_SUCCESS) + if (rc || arg.ret != TEE_SUCCESS) { + if (arg.ret == TEE_ERROR_EXCESS_DATA) + log_err("Variable payload too large\n"); return EFI_DEVICE_ERROR; + } switch (param[1].u.value.a) { case ARM_SVC_SPM_RET_SUCCESS: @@ -255,15 +263,6 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) goto out; } *size = var_payload->size; - /* - * Although the max payload is configurable on StMM, we only share a - * single page from OP-TEE for the non-secure buffer used to communicate - * with StMM. Since OP-TEE will reject to map anything bigger than that, - * make sure we are in bounds. - */ - if (*size > OPTEE_PAGE_SIZE) - *size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE - - MM_VARIABLE_COMMUNICATE_SIZE; /* * There seems to be a bug in EDK2 miscalculating the boundaries and * size checks, so deduct 2 more bytes to fulfill this requirement. Fix