Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1234281pxb;
        Fri, 20 Aug 2021 00:38:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzbEjyiQa4neIVPfstRJaZ8VgbJ2UUpQ4VulQj0dXsUgGMGo0VgmYIQpMo2CRP4xDkbz23c
X-Received: by 2002:a05:6402:2067:: with SMTP id bd7mr20440709edb.176.1629445114696;
        Fri, 20 Aug 2021 00:38:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629445114; cv=none;
        d=google.com; s=arc-20160816;
        b=XKF5yN9Bd7+n7hYxu50Tz3Svo4das8RGDwsN/LKzb4awpoocDpqFCbxyV2w/d95d18
         Iamsy+F1GtQeziqXEgIdaEMyzxMiMQFQHgj0pWg54h64qjb/kAgB5DHtQHo8DNR2DGzZ
         PhEbKEmzZm+5k565X3XJCL6YDfHbW89C0FMB1GrYSp+aAIjQZ4a/VnTO/yaGL5MyCxKg
         iU4XQr3l5LQshCLPxIbm3HlH058QStcdWCevIsQ6eJ2aOU8y1iyUZzcYB15kmt8s7GAg
         kdN9HSBohRljU04d6+ZApzq4Mc1EOR9nmitpKpJjUawUmQvFkC64VSVSjunC6bNUHTzM
         qGSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=qaXdyIIQaqoWIAGn1wqv6cRn866DNXtU0r8KfA9npcw=;
        b=ETSdUcqJVfqkfDmFfOvPdqrQMZNaHmMgOW7Wl3iC3m95qjU58aKIG5VVROCohg1+xs
         9lMmPMViczcOCwO5mp28fUQI4FzasR62qqERI5bE7TBm5P2Pn2aQtgi0MzkGIY3VozI4
         4b9HvszVLdL4Yvj6HSkBR+8jbgEew1v3wHaneIhCo1bQNUhn4u2U71jhW+CFMl4ZQunC
         rx6WR5MqiQ/fcqNIGIumN9eAa2Ni4YzFsq35UtMt30nQdcxMuI3EmnEUoL42gpSF8msM
         EL9kmsM1Jxonx4j6fnIF07o5CdChrvhsbKuAUNcKGhHa8M4EuB5q8ghnCettgTNotNYh
         GSEg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m17si5896007edv.35.2021.08.20.00.38.11;
        Fri, 20 Aug 2021 00:38:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238741AbhHTHfW (ORCPT <rfc822;liukuiyu0707@gmail.com>
        + 99 others); Fri, 20 Aug 2021 03:35:22 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51764 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238710AbhHTHfV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Aug 2021 03:35:21 -0400
Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33DB3C061756;
        Fri, 20 Aug 2021 00:34:44 -0700 (PDT)
Received: from cap.home.8bytes.org (p4ff2b1ea.dip0.t-ipconnect.de [79.242.177.234])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
        (No client certificate requested)
        by theia.8bytes.org (Postfix) with ESMTPSA id 7DEAB133;
        Fri, 20 Aug 2021 09:34:40 +0200 (CEST)
From:   Joerg Roedel <joro@8bytes.org>
To:     x86@kernel.org
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        hpa@zytor.com, Joerg Roedel <jroedel@suse.de>,
        Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@kernel.org>,
        Uros Bizjak <ubizjak@gmail.com>,
        Arvind Sankar <nivedita@alum.mit.edu>,
        Ard Biesheuvel <ardb@kernel.org>, linux-kernel@vger.kernel.org,
        Fabio Aiuto <fabioaiuto83@gmail.com>, stable@vger.kernel.org
Subject: [PATCH] x86/efi: Restore Firmware IDT in before ExitBootServices()
Date:   Fri, 20 Aug 2021 09:34:29 +0200
Message-Id: <20210820073429.19457-1-joro@8bytes.org>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Joerg Roedel <jroedel@suse.de>

Commit 79419e13e808 ("x86/boot/compressed/64: Setup IDT in startup_32
boot path") introduced an IDT into the 32 bit boot path of the
decompressor stub.  But the IDT is set up before ExitBootServices() is
called and some UEFI firmwares rely on their own IDT.

Save the firmware IDT on boot and restore it before calling into EFI
functions to fix boot failures introduced by above commit.

Reported-by: Fabio Aiuto <fabioaiuto83@gmail.com>
Fixes: 79419e13e808 ("x86/boot/compressed/64: Setup IDT in startup_32 boot path")
Cc: stable@vger.kernel.org # 5.13+
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/boot/compressed/efi_thunk_64.S | 23 ++++++++++++++++++-----
 arch/x86/boot/compressed/head_64.S      |  3 +++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S
index 95a223b3e56a..99cfd5dea23c 100644
--- a/arch/x86/boot/compressed/efi_thunk_64.S
+++ b/arch/x86/boot/compressed/efi_thunk_64.S
@@ -39,7 +39,7 @@ SYM_FUNC_START(__efi64_thunk)
 	/*
 	 * Convert x86-64 ABI params to i386 ABI
 	 */
-	subq	$32, %rsp
+	subq	$64, %rsp
 	movl	%esi, 0x0(%rsp)
 	movl	%edx, 0x4(%rsp)
 	movl	%ecx, 0x8(%rsp)
@@ -49,14 +49,19 @@ SYM_FUNC_START(__efi64_thunk)
 	leaq	0x14(%rsp), %rbx
 	sgdt	(%rbx)
 
+	addq	$16, %rbx
+	sidt	(%rbx)
+
 	/*
-	 * Switch to gdt with 32-bit segments. This is the firmware GDT
-	 * that was installed when the kernel started executing. This
-	 * pointer was saved at the EFI stub entry point in head_64.S.
+	 * Switch to idt and gdt with 32-bit segments. This is the firmware GDT
+	 * and IDT that was installed when the kernel started executing. The
+	 * pointers were saved at the EFI stub entry point in head_64.S.
 	 *
 	 * Pass the saved DS selector to the 32-bit code, and use far return to
 	 * restore the saved CS selector.
 	 */
+	leaq	efi32_boot_idt(%rip), %rax
+	lidt	(%rax)
 	leaq	efi32_boot_gdt(%rip), %rax
 	lgdt	(%rax)
 
@@ -67,7 +72,7 @@ SYM_FUNC_START(__efi64_thunk)
 	pushq	%rax
 	lretq
 
-1:	addq	$32, %rsp
+1:	addq	$64, %rsp
 	movq	%rdi, %rax
 
 	pop	%rbx
@@ -132,6 +137,9 @@ SYM_FUNC_START_LOCAL(efi_enter32)
 	 */
 	cli
 
+	lidtl	(%ebx)
+	subl	$16, %ebx
+
 	lgdtl	(%ebx)
 
 	movl	%cr4, %eax
@@ -166,6 +174,11 @@ SYM_DATA_START(efi32_boot_gdt)
 	.quad	0
 SYM_DATA_END(efi32_boot_gdt)
 
+SYM_DATA_START(efi32_boot_idt)
+	.word	0
+	.quad	0
+SYM_DATA_END(efi32_boot_idt)
+
 SYM_DATA_START(efi32_boot_cs)
 	.word	0
 SYM_DATA_END(efi32_boot_cs)
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index a2347ded77ea..572c535cf45b 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -319,6 +319,9 @@ SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL)
 	movw	%cs, rva(efi32_boot_cs)(%ebp)
 	movw	%ds, rva(efi32_boot_ds)(%ebp)
 
+	/* Store firmware IDT descriptor */
+	sidtl	rva(efi32_boot_idt)(%ebp)
+
 	/* Disable paging */
 	movl	%cr0, %eax
 	btrl	$X86_CR0_PG_BIT, %eax
-- 
2.32.0