| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 May 2013 13:09:11 +0200 From: Borislav Petkov <bp@...en8.de> To: Matt Fleming <matt@...sole-pimps.org> Cc: Russ Anderson <rja@....com>, Matthew Garrett <matthew.garrett@...ula.com>, matt.fleming@...el.com, linux-efi@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...ux.intel.com> Subject: Re: [regression, bisected] x86: efi: Pass boot services variable info to runtime code On Fri, May 24, 2013 at 08:43:31AM +0100, Matt Fleming wrote: > What appears to be happening is that your the EFI runtime services > code is calling into the EFI boot services code, which is definitely > a bug in your firmware because we're at runtime, but we've seen > other machines that do similar things so we usually handle it just > fine. However, what makes your case different, and the reason you > see the above splat, is that it's using the physical address of > the EFI boot services region, not the virtual one we setup with > SetVirtualAddressMap(). Which is a second firmware bug. I'm speechless. Let's have someone else do the ranting this time: http://www.happyassassin.net/2013/05/03/a-day-in-the-life-of-a-firmware-engineer/ > Again, we have seen other machines that access > physical addresses after SetVirtualAddressMap(), but until now we > haven't had any non-optional code that triggered them. > > The only reason I can see that the offending commit would introduce this > problem is because it calls QueryVariableInfo() at boot time. I notice > that your machine is an SGI UV one, is there any chance you could get a > firmware fix for this? If possible, it would be also good to confirm > that it's this chunk of code in setup_efi_vars(), > > status = efi_call_phys4(sys_table->runtime->query_variable_info, > EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS | > EFI_VARIABLE_RUNTIME_ACCESS, &store_size, > &remaining_size, &var_size); > > that later makes GetNextVariable() jump to the physical address of the > EFI Boot Services region. Because if not, we need to do some more > digging. > > Borislav, how are your 1:1 mapping patches coming along? In theory, once > those are merged we can gracefully workaround these kinds of issues. What do you mean, map boot time functions 1:1 too? In any case, I think I have an idea about the bug I was discussing with hpa recently but I need to do more experimenting. I have the next week off, though, so don't hold your breath just yet :). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists