Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp3544520ima; Mon, 4 Feb 2019 00:46:47 -0800 (PST) X-Google-Smtp-Source: AHgI3IagZ3F6RFyc+vGW/rLhEJk24dvd0DiHaoru9CPjUq7AcFEuubpJ6nwDYmtQ2rlNJcWx80ac X-Received: by 2002:a63:334a:: with SMTP id z71mr12286066pgz.400.1549270007340; Mon, 04 Feb 2019 00:46:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549270007; cv=none; d=google.com; s=arc-20160816; b=XyGqWR/RfUq4Ggob21vfxAiZqGwStbPD8YUjfAD+RRdgPY5ArpHaUQDHnYhHqSDZHI VaU6FRAUCXgQ9nw9ZyoaC9OT3sT5+WL6F4RaOfQu9uujiDFVzc26uzXma8posbGe1tL8 bIgNBP/VJ0zjQalT7MuClcmLVUfLx3pHmAiNQLXGKV1++M1AmuYhQmBE+e/ulamEWnEa poRuDkAJGqy10l1qU1JkY2DaYgzIaCq/7CVL21HYtD4kTEBCH7Iy3u9t/FesJl3nVjUz pnwDQf0jKKexIl8PkL6Heo/8RvjDg0D8qRZ2jCAeO22d8nHeolxGxFNqsdegJPWpTks2 D2ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id :git-commit-id:subject:to:references:in-reply-to:reply-to:cc :message-id:from:date; bh=NVj6ywBbQSFP4NsrDF7DiA6mlOCcf7omKy4W5EFg3yc=; b=w70CP9viqVQrjJdWUoUbjSY5mX5Lk3wEdTtqD8iZ7rUWKpDodEgYgJoZtrNaVMA5lv +CwB4akmPaQ96lMYtF1pgWwkbn18HIEslQbcuSszM1Ydkz3qa3SaYg9g3s+U1DWe7mfG pJr4aW7SQzqcpj8WV2M/FWKm42cneF7qA5gYYZyanahL4n7lE4X7mbPv9qw4gW4K+R16 +QVlWm42S+eUT5NJpu4VjYgR+phmyNlPpp3/5GLnD5GW0ZCDuqTEXDP15tvQnjq0KyA4 PwNWMw2dQZkCd2rSt28Gg2tG1lXnv3KCckATF98WvI+D0u5aXFE1nHTna4JDd6uIcFAg vF/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d40si15139289pla.427.2019.02.04.00.46.13; Mon, 04 Feb 2019 00:46:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727678AbfBDInu (ORCPT + 99 others); Mon, 4 Feb 2019 03:43:50 -0500 Received: from terminus.zytor.com ([198.137.202.136]:32847 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727259AbfBDInt (ORCPT ); Mon, 4 Feb 2019 03:43:49 -0500 Received: from terminus.zytor.com (localhost [127.0.0.1]) by terminus.zytor.com (8.15.2/8.15.2) with ESMTPS id x148h3K9354484 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 4 Feb 2019 00:43:03 -0800 Received: (from tipbot@localhost) by terminus.zytor.com (8.15.2/8.15.2/Submit) id x148gxbk354480; Mon, 4 Feb 2019 00:42:59 -0800 Date: Mon, 4 Feb 2019 00:42:59 -0800 X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f From: tip-bot for Ard Biesheuvel Message-ID: Cc: jhugo@codeaurora.org, bjorn.andersson@linaro.org, agraf@suse.de, matt@codeblueprint.co.uk, pjones@redhat.com, lee.jones@linaro.org, hpa@zytor.com, xypron.glpk@gmx.de, leif.lindholm@linaro.org, sai.praneeth.prakhya@intel.com, bp@alien8.de, torvalds@linux-foundation.org, peterz@infradead.org, mingo@kernel.org, tglx@linutronix.de, ard.biesheuvel@linaro.org, takahiro.akashi@linaro.org, linux-kernel@vger.kernel.org Reply-To: lee.jones@linaro.org, bjorn.andersson@linaro.org, jhugo@codeaurora.org, pjones@redhat.com, agraf@suse.de, matt@codeblueprint.co.uk, mingo@kernel.org, peterz@infradead.org, torvalds@linux-foundation.org, bp@alien8.de, ard.biesheuvel@linaro.org, takahiro.akashi@linaro.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, hpa@zytor.com, sai.praneeth.prakhya@intel.com, xypron.glpk@gmx.de, leif.lindholm@linaro.org In-Reply-To: <20190202094119.13230-4-ard.biesheuvel@linaro.org> References: <20190202094119.13230-4-ard.biesheuvel@linaro.org> To: linux-tip-commits@vger.kernel.org Subject: [tip:efi/core] efi/memattr: Don't bail on zero VA if it equals the region's PA Git-Commit-ID: 5de0fef0230f3c8d75cff450a71740a7bf2db866 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,BAYES_00, FREEMAIL_FORGED_REPLYTO,T_DATE_IN_FUTURE_96_Q autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on terminus.zytor.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 5de0fef0230f3c8d75cff450a71740a7bf2db866 Gitweb: https://git.kernel.org/tip/5de0fef0230f3c8d75cff450a71740a7bf2db866 Author: Ard Biesheuvel AuthorDate: Sat, 2 Feb 2019 10:41:12 +0100 Committer: Ingo Molnar CommitDate: Mon, 4 Feb 2019 08:26:34 +0100 efi/memattr: Don't bail on zero VA if it equals the region's PA The EFI memory attributes code cross-references the EFI memory map with the more granular EFI memory attributes table to ensure that they are in sync before applying the strict permissions to the regions it describes. Since we always install virtual mappings for the EFI runtime regions to which these strict permissions apply, we currently perform a sanity check on the EFI memory descriptor, and ensure that the EFI_MEMORY_RUNTIME bit is set, and that the virtual address has been assigned. However, in cases where a runtime region exists at physical address 0x0, and the virtual mapping equals the physical mapping, e.g., when running in mixed mode on x86, we encounter a memory descriptor with the runtime attribute and virtual address 0x0, and incorrectly draw the conclusion that a runtime region exists for which no virtual mapping was installed, and give up altogether. The consequence of this is that firmware mappings retain their read-write-execute permissions, making the system more vulnerable to attacks. So let's only bail if the virtual address of 0x0 has been assigned to a physical region that does not reside at address 0x0. Signed-off-by: Ard Biesheuvel Acked-by: Sai Praneeth Prakhya Cc: AKASHI Takahiro Cc: Alexander Graf Cc: Bjorn Andersson Cc: Borislav Petkov Cc: Heinrich Schuchardt Cc: Jeffrey Hugo Cc: Lee Jones Cc: Leif Lindholm Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Jones Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory ...") Link: http://lkml.kernel.org/r/20190202094119.13230-4-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar --- drivers/firmware/efi/memattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c index 8986757eafaf..aac972b056d9 100644 --- a/drivers/firmware/efi/memattr.c +++ b/drivers/firmware/efi/memattr.c @@ -94,7 +94,7 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out) if (!(md->attribute & EFI_MEMORY_RUNTIME)) continue; - if (md->virt_addr == 0) { + if (md->virt_addr == 0 && md->phys_addr != 0) { /* no virtual mapping has been installed by the stub */ break; }