lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 14 Aug 2020 10:20:20 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Atish Patra <atish.patra@....com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Albert Ou <aou@...s.berkeley.edu>,
        Alistair Francis <alistair.francis@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Anup Patel <anup.patel@....com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Borislav Petkov <bp@...e.de>,
        Greentime Hu <greentime.hu@...ive.com>,
        Ingo Molnar <mingo@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        linux-efi <linux-efi@...r.kernel.org>,
        linux-riscv <linux-riscv@...ts.infradead.org>,
        fwts-devel@...ts.ubuntu.com, Mao Han <han_mao@...ky.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Michal Simek <michal.simek@...inx.com>,
        Mike Rapoport <rppt@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Paul Walmsley <paul.walmsley@...ive.com>,
        Steven Price <steven.price@....com>,
        Waiman Long <longman@...hat.com>,
        Will Deacon <will@...nel.org>,
        Daniel Schaefer <daniel.schaefer@....com>,
        "abner.chang@....com" <abner.chang@....com>
Subject: Re: [PATCH v5 8/9] RISC-V: Add EFI runtime services

On Thu, 13 Aug 2020 at 01:48, Atish Patra <atish.patra@....com> wrote:
>
> This patch adds EFI runtime service support for RISC-V.
>
> Signed-off-by: Atish Patra <atish.patra@....com>

Acked-by: Ard Biesheuvel <ardb@...nel.org>

> ---
>  arch/riscv/Kconfig                      |   2 +
>  arch/riscv/include/asm/efi.h            |  20 ++++
>  arch/riscv/include/asm/mmu.h            |   2 +
>  arch/riscv/include/asm/pgtable.h        |   4 +
>  arch/riscv/kernel/Makefile              |   1 +
>  arch/riscv/kernel/efi.c                 | 105 +++++++++++++++++
>  arch/riscv/kernel/setup.c               |   7 +-
>  arch/riscv/mm/init.c                    |   2 +-
>  drivers/firmware/efi/Makefile           |   2 +
>  drivers/firmware/efi/libstub/efi-stub.c |  11 +-
>  drivers/firmware/efi/riscv-runtime.c    | 143 ++++++++++++++++++++++++
>  11 files changed, 295 insertions(+), 4 deletions(-)
>  create mode 100644 arch/riscv/kernel/efi.c
>  create mode 100644 drivers/firmware/efi/riscv-runtime.c
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index e11907cc7a43..b2164109483d 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -412,7 +412,9 @@ config EFI
>         select EFI_PARAMS_FROM_FDT
>         select EFI_STUB
>         select EFI_GENERIC_STUB
> +       select EFI_RUNTIME_WRAPPERS
>         select RISCV_ISA_C
> +       depends on MMU
>         default y
>         help
>           This option provides support for runtime services provided
> diff --git a/arch/riscv/include/asm/efi.h b/arch/riscv/include/asm/efi.h
> index 86da231909bb..93c305a638f4 100644
> --- a/arch/riscv/include/asm/efi.h
> +++ b/arch/riscv/include/asm/efi.h
> @@ -5,11 +5,28 @@
>  #ifndef _ASM_EFI_H
>  #define _ASM_EFI_H
>
> +#include <asm/csr.h>
>  #include <asm/io.h>
>  #include <asm/mmu_context.h>
>  #include <asm/ptrace.h>
>  #include <asm/tlbflush.h>
>
> +#ifdef CONFIG_EFI
> +extern void efi_init(void);
> +#else
> +#define efi_init()
> +#endif
> +
> +int efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md);
> +int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md);
> +
> +#define arch_efi_call_virt_setup()      efi_virtmap_load()
> +#define arch_efi_call_virt_teardown()   efi_virtmap_unload()
> +
> +#define arch_efi_call_virt(p, f, args...) p->f(args)
> +
> +#define ARCH_EFI_IRQ_FLAGS_MASK (SR_IE | SR_SPIE)
> +
>  /* on RISC-V, the FDT may be located anywhere in system RAM */
>  static inline unsigned long efi_get_max_fdt_addr(unsigned long dram_base)
>  {
> @@ -33,4 +50,7 @@ static inline void efifb_setup_from_dmi(struct screen_info *si, const char *opt)
>  {
>  }
>
> +void efi_virtmap_load(void);
> +void efi_virtmap_unload(void);
> +
>  #endif /* _ASM_EFI_H */
> diff --git a/arch/riscv/include/asm/mmu.h b/arch/riscv/include/asm/mmu.h
> index 967eacb01ab5..dabcf2cfb3dc 100644
> --- a/arch/riscv/include/asm/mmu.h
> +++ b/arch/riscv/include/asm/mmu.h
> @@ -20,6 +20,8 @@ typedef struct {
>  #endif
>  } mm_context_t;
>
> +void __init create_pgd_mapping(pgd_t *pgdp, uintptr_t va, phys_addr_t pa,
> +                              phys_addr_t sz, pgprot_t prot);
>  #endif /* __ASSEMBLY__ */
>
>  #endif /* _ASM_RISCV_MMU_H */
> diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
> index 815f8c959dd4..183f1f4b2ae6 100644
> --- a/arch/riscv/include/asm/pgtable.h
> +++ b/arch/riscv/include/asm/pgtable.h
> @@ -100,6 +100,10 @@
>
>  #define PAGE_KERNEL            __pgprot(_PAGE_KERNEL)
>  #define PAGE_KERNEL_EXEC       __pgprot(_PAGE_KERNEL | _PAGE_EXEC)
> +#define PAGE_KERNEL_READ       __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
> +#define PAGE_KERNEL_EXEC       __pgprot(_PAGE_KERNEL | _PAGE_EXEC)
> +#define PAGE_KERNEL_READ_EXEC  __pgprot((_PAGE_KERNEL & ~_PAGE_WRITE) \
> +                                        | _PAGE_EXEC)
>
>  #define PAGE_TABLE             __pgprot(_PAGE_TABLE)
>
> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
> index eabec4dce50b..0b48059cc9da 100644
> --- a/arch/riscv/kernel/Makefile
> +++ b/arch/riscv/kernel/Makefile
> @@ -36,6 +36,7 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_
>  $(obj)/%.stub.o: $(obj)/%.o FORCE
>         $(call if_changed,objcopy)
>
> +obj-$(CONFIG_EFI)              += efi.o
>  obj-$(CONFIG_FPU)              += fpu.o
>  obj-$(CONFIG_SMP)              += smpboot.o
>  obj-$(CONFIG_SMP)              += smp.o
> diff --git a/arch/riscv/kernel/efi.c b/arch/riscv/kernel/efi.c
> new file mode 100644
> index 000000000000..d7a723b446c3
> --- /dev/null
> +++ b/arch/riscv/kernel/efi.c
> @@ -0,0 +1,105 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2020 Western Digital Corporation or its affiliates.
> + * Adapted from arch/arm64/kernel/efi.c
> + */
> +
> +#include <linux/efi.h>
> +#include <linux/init.h>
> +
> +#include <asm/efi.h>
> +#include <asm/pgtable.h>
> +#include <asm/pgtable-bits.h>
> +
> +/*
> + * Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
> + * executable, everything else can be mapped with the XN bits
> + * set. Also take the new (optional) RO/XP bits into account.
> + */
> +static __init pgprot_t efimem_to_pgprot_map(efi_memory_desc_t *md)
> +{
> +       u64 attr = md->attribute;
> +       u32 type = md->type;
> +
> +       if (type == EFI_MEMORY_MAPPED_IO)
> +               return PAGE_KERNEL;
> +
> +       if (WARN_ONCE(!PAGE_ALIGNED(md->phys_addr),
> +                     "UEFI Runtime regions are not aligned to page size -- buggy firmware?"))
> +               /*
> +                * If the region is not aligned to the page size of the OS, we
> +                * can not use strict permissions, since that would also affect
> +                * the mapping attributes of the adjacent regions.
> +                */
> +               return PAGE_EXEC;
> +
> +       /* R-- */
> +       if ((attr & (EFI_MEMORY_XP | EFI_MEMORY_RO)) ==
> +           (EFI_MEMORY_XP | EFI_MEMORY_RO))
> +               return PAGE_KERNEL_READ;
> +
> +       /* R-X */
> +       if (attr & EFI_MEMORY_RO)
> +               return PAGE_KERNEL_READ_EXEC;
> +
> +       /* RW- */
> +       if (((attr & (EFI_MEMORY_RP | EFI_MEMORY_WP | EFI_MEMORY_XP)) ==
> +            EFI_MEMORY_XP) ||
> +           type != EFI_RUNTIME_SERVICES_CODE)
> +               return PAGE_KERNEL;
> +
> +       /* RWX */
> +       return PAGE_KERNEL_EXEC;
> +}
> +
> +int __init efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md)
> +{
> +       pgprot_t prot = __pgprot(pgprot_val(efimem_to_pgprot_map(md)) &
> +                               ~(_PAGE_GLOBAL));
> +       int i;
> +
> +       /* RISC-V maps one page at a time */
> +       for (i = 0; i < md->num_pages; i++)
> +               create_pgd_mapping(mm->pgd, md->virt_addr + i * PAGE_SIZE,
> +                                  md->phys_addr + i * PAGE_SIZE,
> +                                  PAGE_SIZE, prot);
> +       return 0;
> +}
> +
> +static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data)
> +{
> +       efi_memory_desc_t *md = data;
> +       pte_t pte = READ_ONCE(*ptep);
> +       unsigned long val;
> +
> +       if (md->attribute & EFI_MEMORY_RO) {
> +               val = pte_val(pte) & ~_PAGE_WRITE;
> +               val = pte_val(pte) | _PAGE_READ;
> +               pte = __pte(val);
> +       }
> +       if (md->attribute & EFI_MEMORY_XP) {
> +               val = pte_val(pte) & ~_PAGE_EXEC;
> +               pte = __pte(val);
> +       }
> +       set_pte(ptep, pte);
> +
> +       return 0;
> +}
> +
> +int __init efi_set_mapping_permissions(struct mm_struct *mm,
> +                                      efi_memory_desc_t *md)
> +{
> +       BUG_ON(md->type != EFI_RUNTIME_SERVICES_CODE &&
> +              md->type != EFI_RUNTIME_SERVICES_DATA);
> +
> +       /*
> +        * Calling apply_to_page_range() is only safe on regions that are
> +        * guaranteed to be mapped down to pages. Since we are only called
> +        * for regions that have been mapped using efi_create_mapping() above
> +        * (and this is checked by the generic Memory Attributes table parsing
> +        * routines), there is no need to check that again here.
> +        */
> +       return apply_to_page_range(mm, md->virt_addr,
> +                                  md->num_pages << EFI_PAGE_SHIFT,
> +                                  set_permissions, md);
> +}
> diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c
> index c71788e6aff4..7f2a0d6dca7d 100644
> --- a/arch/riscv/kernel/setup.c
> +++ b/arch/riscv/kernel/setup.c
> @@ -17,6 +17,7 @@
>  #include <linux/sched/task.h>
>  #include <linux/swiotlb.h>
>  #include <linux/smp.h>
> +#include <linux/efi.h>
>
>  #include <asm/clint.h>
>  #include <asm/cpu_ops.h>
> @@ -26,11 +27,12 @@
>  #include <asm/tlbflush.h>
>  #include <asm/thread_info.h>
>  #include <asm/kasan.h>
> +#include <asm/efi.h>
>
>  #include "head.h"
>
> -#ifdef CONFIG_DUMMY_CONSOLE
> -struct screen_info screen_info = {
> +#if defined(CONFIG_DUMMY_CONSOLE) || defined(CONFIG_EFI)
> +struct screen_info screen_info __section(.data) = {
>         .orig_video_lines       = 30,
>         .orig_video_cols        = 80,
>         .orig_video_mode        = 0,
> @@ -75,6 +77,7 @@ void __init setup_arch(char **cmdline_p)
>         early_ioremap_setup();
>         parse_early_param();
>
> +       efi_init();
>         setup_bootmem();
>         paging_init();
>  #if IS_ENABLED(CONFIG_BUILTIN_DTB)
> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
> index d238cdc501ee..9fb2fe2f4a3e 100644
> --- a/arch/riscv/mm/init.c
> +++ b/arch/riscv/mm/init.c
> @@ -390,7 +390,7 @@ static void __init create_pmd_mapping(pmd_t *pmdp,
>  #define fixmap_pgd_next                fixmap_pte
>  #endif
>
> -static void __init create_pgd_mapping(pgd_t *pgdp,
> +void __init create_pgd_mapping(pgd_t *pgdp,
>                                       uintptr_t va, phys_addr_t pa,
>                                       phys_addr_t sz, pgprot_t prot)
>  {
> diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
> index 61fd1e8b26fb..4d628081bb2f 100644
> --- a/drivers/firmware/efi/Makefile
> +++ b/drivers/firmware/efi/Makefile
> @@ -35,6 +35,8 @@ fake_map-$(CONFIG_X86)                        += x86_fake_mem.o
>  arm-obj-$(CONFIG_EFI)                  := efi-init.o arm-runtime.o
>  obj-$(CONFIG_ARM)                      += $(arm-obj-y)
>  obj-$(CONFIG_ARM64)                    += $(arm-obj-y)
> +riscv-obj-$(CONFIG_EFI)                        := efi-init.o riscv-runtime.o
> +obj-$(CONFIG_RISCV)                    += $(riscv-obj-y)
>  obj-$(CONFIG_EFI_CAPSULE_LOADER)       += capsule-loader.o
>  obj-$(CONFIG_EFI_EARLYCON)             += earlycon.o
>  obj-$(CONFIG_UEFI_CPER_ARM)            += cper-arm.o
> diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
> index a5a405d8ab44..5c26725d8fd0 100644
> --- a/drivers/firmware/efi/libstub/efi-stub.c
> +++ b/drivers/firmware/efi/libstub/efi-stub.c
> @@ -17,7 +17,10 @@
>
>  /*
>   * This is the base address at which to start allocating virtual memory ranges
> - * for UEFI Runtime Services. This is in the low TTBR0 range so that we can use
> + * for UEFI Runtime Services.
> + *
> + * For ARM/ARM64:
> + * This is in the low TTBR0 range so that we can use
>   * any allocation we choose, and eliminate the risk of a conflict after kexec.
>   * The value chosen is the largest non-zero power of 2 suitable for this purpose
>   * both on 32-bit and 64-bit ARM CPUs, to maximize the likelihood that it can
> @@ -25,6 +28,12 @@
>   * Since 32-bit ARM could potentially execute with a 1G/3G user/kernel split,
>   * map everything below 1 GB. (512 MB is a reasonable upper bound for the
>   * entire footprint of the UEFI runtime services memory regions)
> + *
> + * For RISC-V:
> + * There is no specific reason for which, this address (512MB) can't be used
> + * EFI runtime virtual address for RISC-V. It also helps to use EFI runtime
> + * services on both RV32/RV64. Keep the same runtime virtual address for RISC-V
> + * as well to minimize the code churn.
>   */
>  #define EFI_RT_VIRTUAL_BASE    SZ_512M
>  #define EFI_RT_VIRTUAL_SIZE    SZ_512M
> diff --git a/drivers/firmware/efi/riscv-runtime.c b/drivers/firmware/efi/riscv-runtime.c
> new file mode 100644
> index 000000000000..d28e715d2bcc
> --- /dev/null
> +++ b/drivers/firmware/efi/riscv-runtime.c
> @@ -0,0 +1,143 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Extensible Firmware Interface
> + *
> + * Copyright (C) 2020 Western Digital Corporation or its affiliates.
> + *
> + * Based on Extensible Firmware Interface Specification version 2.4
> + * Adapted from drivers/firmware/efi/arm-runtime.c
> + *
> + */
> +
> +#include <linux/dmi.h>
> +#include <linux/efi.h>
> +#include <linux/io.h>
> +#include <linux/memblock.h>
> +#include <linux/mm_types.h>
> +#include <linux/preempt.h>
> +#include <linux/rbtree.h>
> +#include <linux/rwsem.h>
> +#include <linux/sched.h>
> +#include <linux/slab.h>
> +#include <linux/spinlock.h>
> +#include <linux/pgtable.h>
> +
> +#include <asm/cacheflush.h>
> +#include <asm/efi.h>
> +#include <asm/mmu.h>
> +#include <asm/pgalloc.h>
> +
> +static bool __init efi_virtmap_init(void)
> +{
> +       efi_memory_desc_t *md;
> +
> +       efi_mm.pgd = pgd_alloc(&efi_mm);
> +       mm_init_cpumask(&efi_mm);
> +       init_new_context(NULL, &efi_mm);
> +
> +       for_each_efi_memory_desc(md) {
> +               phys_addr_t phys = md->phys_addr;
> +               int ret;
> +
> +               if (!(md->attribute & EFI_MEMORY_RUNTIME))
> +                       continue;
> +               if (md->virt_addr == 0)
> +                       return false;
> +
> +               ret = efi_create_mapping(&efi_mm, md);
> +               if (ret) {
> +                       pr_warn("  EFI remap %pa: failed to create mapping (%d)\n",
> +                               &phys, ret);
> +                       return false;
> +               }
> +       }
> +
> +       if (efi_memattr_apply_permissions(&efi_mm, efi_set_mapping_permissions))
> +               return false;
> +
> +       return true;
> +}
> +
> +/*
> + * Enable the UEFI Runtime Services if all prerequisites are in place, i.e.,
> + * non-early mapping of the UEFI system table and virtual mappings for all
> + * EFI_MEMORY_RUNTIME regions.
> + */
> +static int __init riscv_enable_runtime_services(void)
> +{
> +       u64 mapsize;
> +
> +       if (!efi_enabled(EFI_BOOT)) {
> +               pr_info("EFI services will not be available.\n");
> +               return 0;
> +       }
> +
> +       efi_memmap_unmap();
> +
> +       mapsize = efi.memmap.desc_size * efi.memmap.nr_map;
> +
> +       if (efi_memmap_init_late(efi.memmap.phys_map, mapsize)) {
> +               pr_err("Failed to remap EFI memory map\n");
> +               return 0;
> +       }
> +
> +       if (efi_soft_reserve_enabled()) {
> +               efi_memory_desc_t *md;
> +
> +               for_each_efi_memory_desc(md) {
> +                       int md_size = md->num_pages << EFI_PAGE_SHIFT;
> +                       struct resource *res;
> +
> +                       if (!(md->attribute & EFI_MEMORY_SP))
> +                               continue;
> +
> +                       res = kzalloc(sizeof(*res), GFP_KERNEL);
> +                       if (WARN_ON(!res))
> +                               break;
> +
> +                       res->start      = md->phys_addr;
> +                       res->end        = md->phys_addr + md_size - 1;
> +                       res->name       = "Soft Reserved";
> +                       res->flags      = IORESOURCE_MEM;
> +                       res->desc       = IORES_DESC_SOFT_RESERVED;
> +
> +                       insert_resource(&iomem_resource, res);
> +               }
> +       }
> +
> +       if (efi_runtime_disabled()) {
> +               pr_info("EFI runtime services will be disabled.\n");
> +               return 0;
> +       }
> +
> +       if (efi_enabled(EFI_RUNTIME_SERVICES)) {
> +               pr_info("EFI runtime services access via paravirt.\n");
> +               return 0;
> +       }
> +
> +       pr_info("Remapping and enabling EFI services.\n");
> +
> +       if (!efi_virtmap_init()) {
> +               pr_err("UEFI virtual mapping missing or invalid -- runtime services will not be available\n");
> +               return -ENOMEM;
> +       }
> +
> +       /* Set up runtime services function pointers */
> +       efi_native_runtime_setup();
> +       set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
> +
> +       return 0;
> +}
> +early_initcall(riscv_enable_runtime_services);
> +
> +void efi_virtmap_load(void)
> +{
> +       preempt_disable();
> +       switch_mm(current->active_mm, &efi_mm, NULL);
> +}
> +
> +void efi_virtmap_unload(void)
> +{
> +       switch_mm(&efi_mm, current->active_mm, NULL);
> +       preempt_enable();
> +}
> --
> 2.24.0
>

Powered by blists - more mailing lists