Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1499403imm; Mon, 3 Sep 2018 01:59:57 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaYGjl5/JffCpwIMM84LuLzz53udhLhitAyDpdwu8LLnp2XLoSy0d58GWEYA57IB51r8W8g X-Received: by 2002:a63:fb57:: with SMTP id w23-v6mr25256256pgj.441.1535965197400; Mon, 03 Sep 2018 01:59:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535965197; cv=none; d=google.com; s=arc-20160816; b=0jq/pdxb11KNNEc5cNWwfZwRmfudaB4R/9ep96ENqLJAVl+FfR034dA+DvnWIPeYMp lTrt0VsYUerhS3HmYlaxa2Z4UcuntHTQURMVAkOqukjXeyDeYj44WeaAvL9ufgR2LXxj HypNmFkXM8/JVZ4tq1Gbb4DUbRH5aV9NMpNioCnt7p1MpHwwKWaWIQMMtZK00VyMF28H xKpKOoP1drG0iv7FutWMCV0KW3WXc1/qXhBXcNcnaygeXpGtZZMZ1niCnCkOz6PHHrG1 QMTmP3I8d8kSdEh7fV/Nwvk3VwtjKy2PS1fOru6r1ygv/0ImrtyDiYIxkcycE0sna4yD 0JyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=KagtA7dwGMYTG8VaCsxswg2zf6iCqNTPlnKJG0gTIng=; b=EaMa6eMBC/yLDuBT0BU5cn3qRCxmOZQO50U2AeSPNfDEMg2EdNziUjWpr4jBMlcjzY v1uPA5Y1KlEBIO0we/YENtjQgfgRiLlmX3ZA799loCIeJWpzcNXNe5Tdf7OXMBgRf53n opTXZFB/Z9S1lpjSRcMWooC6nq6pTCUHCEUfbCJAET14NJFkn0ZhCDZk6u4QLxC7ZbpV KcPOmyFYvuLtg4UMGjSjxwtLR+j+rw7RhDN4GOaTjmquk2as+fbUW0f3Q4rVJFK98VI8 ZN/JEADxgnb5qr0vhbO6mAfvzKe54cors1apivwsNHy2fg5+FFDw1WRZAzIh5V7RXysj 14FA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d37-v6si17867954pla.40.2018.09.03.01.59.42; Mon, 03 Sep 2018 01:59:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727327AbeICNRr (ORCPT + 99 others); Mon, 3 Sep 2018 09:17:47 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:54602 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726203AbeICNRr (ORCPT ); Mon, 3 Sep 2018 09:17:47 -0400 Received: from p4fea45ac.dip0.t-ipconnect.de ([79.234.69.172] helo=[192.168.0.145]) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fwkgs-0004TL-Gb; Mon, 03 Sep 2018 10:58:34 +0200 Date: Mon, 3 Sep 2018 10:58:33 +0200 (CEST) From: Thomas Gleixner To: Sai Praneeth Prakhya cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, ricardo.neri@intel.com, matt@codeblueprint.co.uk, Lee Chun-Yi , Al Stone , Borislav Petkov , Ingo Molnar , Andy Lutomirski , Bhupesh Sharma , Peter Zijlstra , Ard Biesheuvel Subject: Re: [PATCH V2 4/6] x86/efi: Add efi page fault handler to fixup/recover from page faults caused by firmware In-Reply-To: <1535881594-25469-5-git-send-email-sai.praneeth.prakhya@intel.com> Message-ID: References: <1535881594-25469-1-git-send-email-sai.praneeth.prakhya@intel.com> <1535881594-25469-5-git-send-email-sai.praneeth.prakhya@intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2 Sep 2018, Sai Praneeth Prakhya wrote: > Kernel panics/hangs because the memory region requested by the firmware > isn't mapped, which causes a page fault in ring 0 and the kernel fails > to handle it, leading to die(). To save kernel from hanging, add an efi > specific page fault handler which detects illegal accesses by the > firmware and > 1. If the illegally accessed region is EFI_BOOT_SERVICES_, > the efi page fault handler fixes it up by mapping the requested > region. > 2. If any other region (Eg: EFI_CONVENTIONAL_MEMORY or > EFI_LOADER_), then the efi page fault handler freezes > efi_rts_wq and schedules a new process. > 3. If the access is to any other efi region like above but if the efi > runtime service is efi_reset_system(), then the efi page fault > handler will reboot the machine through BIOS. > > Illegal accesses to EFI_BOOT_SERVICES_ and to other regions > are dealt differently in efi page fault handler because, *generally* > EFI_BOOT_SERVICES_ regions are smaller in size relative to > other efi regions and hence could be reserved and can be dynamically > mapped. But other EFI regions like EFI_CONVENTIONAL_MEMORY and > EFI_LOADER_ cannot be reserved as they are very huge in size > and reserving them will make the kernel un-bootable. > > The efi specific page fault handler offers us two advantages: > 1. Avoid panics/hangs caused by buggy firmware. > 2. Shout loud that the firmware is buggy and hence is not a kernel bug. > > Finally, this new mapping will not impact a reboot from kexec, as kexec > is only concerned about runtime memory regions. No. This is just a horrible hack to make completely bogus firmware work and never fixed. The proper thing to do is to have a minimal page fault handler which does: 1) Yell loudly if that ever happens 2) Handles the reboot request gracefully 3) Freeze and disable the EFI mess for all other cases That does not require any hackery to make these mappings work from atomic context and keeps the mess confined to the EFI code where it belongs. Ideally we just blacklist the offending system and be done with it. Thanks, tglx