Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5597241img;
        Wed, 27 Mar 2019 11:23:25 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyE2m4K65YCvW2z5idOjKbHMrqVx4fN3k3kXpos8FkJYF6sr4MEb/SW4Njq2eKOkLdvkzZA
X-Received: by 2002:a17:902:b609:: with SMTP id b9mr38418234pls.134.1553711005543;
        Wed, 27 Mar 2019 11:23:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553711005; cv=none;
        d=google.com; s=arc-20160816;
        b=z0hfwpe/vvKB7LTqcANQAwqd5JtKBbGz3cQUHhsOos5vHuGAic5Om9tWv9roYA3a+m
         6O++zXd0+A2E9689NNta+E5xzkh6Hssr/L3pftV9BSRncameOfCjAnEtw3Lr5d+Onmq9
         mJZJiUoVDzD0NH5O9RSbrQSHeoafHOzHCKdFeNcty3UjkzPxYfiJZl55u2DrMA1WFctC
         26ZPvcoRfeSTnQB5wolBgpGr53uOTVPqgkt7hdRcOBz+3ZT1XAd4JXi3INxLlP3XdjXM
         en6p2l/SVLhBUAV3ZBHyOI5IqQV+N8pCCm3HIo6QXODpnRs8wmUxuTDC8DSo5wpimecI
         n+fQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=P8h55FafPmjkPkYtI0pNA233Z4WxyQf44Bqd1OSYkh8=;
        b=lc9Dqp+iA46UTge4a81uHjsquruMHMXEKQgLy1YdvPSF2fLYov1CBFU+VhPFRhLde3
         7MQOQmCMmfyLrD7/glklROO0aPU7AR93QVGF2Cb7tKLMNQ28gYv5xR4TLQwhzZScSfJj
         EJGpW/sbG0/LGNASnAWGArQlK1pmhbMw/xQ4cIQ3F32p+9/toSw1z1f3oW5apbPt7/by
         u6DbM2zZwOOfN63gOxwdmC724SrMEyZNmUa7GPeOatQeofu7EaUdc0hMpkCM6kSzNdvH
         vTRzUKAtW3zTu9/7OtBuuNn4ewXzOOnWb7zVt9uKt87JTtgX4KHsVSPOhh7fnIhi4A4e
         5dDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0dAZ6V8j;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y4si17274546pgv.100.2019.03.27.11.23.10;
        Wed, 27 Mar 2019 11:23:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0dAZ6V8j;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391312AbfC0SWf (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Wed, 27 Mar 2019 14:22:35 -0400
Received: from mail.kernel.org ([198.145.29.99]:40700 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2390573AbfC0SWd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Mar 2019 14:22:33 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 8EEBF2147C;
        Wed, 27 Mar 2019 18:22:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553710952;
        bh=81JqgWMFB869y/ri47/4vbTXKaXsKq3lhQfG4oVPJcg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=0dAZ6V8jWYnGH/ZX6z9mDJxPhrViVBiOPDYT5mxDY6j0BhfmB/EF4PK2WsANqYqzB
         gL9gl5EKLZTd/l123VjpT0+DFt+KHCMnGc2veya1JQHdVraorfVIUHNhREk839sVRM
         7KgLgLFFS5iMB3FQx1qwEOzG3N3VP87z8tG2VvSk=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        AKASHI Takahiro <takahiro.akashi@linaro.org>,
        Alexander Graf <agraf@suse.de>,
        Bjorn Andersson <bjorn.andersson@linaro.org>,
        Borislav Petkov <bp@alien8.de>,
        Heinrich Schuchardt <xypron.glpk@gmx.de>,
        Jeffrey Hugo <jhugo@codeaurora.org>,
        Lee Jones <lee.jones@linaro.org>,
        Leif Lindholm <leif.lindholm@linaro.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Peter Jones <pjones@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.9 62/87] efi/memattr: Don't bail on zero VA if it equals the region's PA
Date:   Wed, 27 Mar 2019 14:20:15 -0400
Message-Id: <20190327182040.17444-62-sashal@kernel.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20190327182040.17444-1-sashal@kernel.org>
References: <20190327182040.17444-1-sashal@kernel.org>
MIME-Version: 1.0
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

[ Upstream commit 5de0fef0230f3c8d75cff450a71740a7bf2db866 ]

The EFI memory attributes code cross-references the EFI memory map with
the more granular EFI memory attributes table to ensure that they are in
sync before applying the strict permissions to the regions it describes.

Since we always install virtual mappings for the EFI runtime regions to
which these strict permissions apply, we currently perform a sanity check
on the EFI memory descriptor, and ensure that the EFI_MEMORY_RUNTIME bit
is set, and that the virtual address has been assigned.

However, in cases where a runtime region exists at physical address 0x0,
and the virtual mapping equals the physical mapping, e.g., when running
in mixed mode on x86, we encounter a memory descriptor with the runtime
attribute and virtual address 0x0, and incorrectly draw the conclusion
that a runtime region exists for which no virtual mapping was installed,
and give up altogether. The consequence of this is that firmware mappings
retain their read-write-execute permissions, making the system more
vulnerable to attacks.

So let's only bail if the virtual address of 0x0 has been assigned to a
physical region that does not reside at address 0x0.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Alexander Graf <agraf@suse.de>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Jeffrey Hugo <jhugo@codeaurora.org>
Cc: Lee Jones <lee.jones@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Jones <pjones@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory ...")
Link: http://lkml.kernel.org/r/20190202094119.13230-4-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/memattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c
index 236004b9a50d..9faa09e7c31f 100644
--- a/drivers/firmware/efi/memattr.c
+++ b/drivers/firmware/efi/memattr.c
@@ -93,7 +93,7 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out)
 
 		if (!(md->attribute & EFI_MEMORY_RUNTIME))
 			continue;
-		if (md->virt_addr == 0) {
+		if (md->virt_addr == 0 && md->phys_addr != 0) {
 			/* no virtual mapping has been installed by the stub */
 			break;
 		}
-- 
2.19.1