| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2021 13:14:54 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
npmccallum@...hat.com, brijesh.ksingh@...il.com,
Brijesh Singh <brijesh.singh@....com>
Subject: [PATCH Part1 RFC v4 24/36] x86/compressed/acpi: move EFI config table access to common code
From: Michael Roth <michael.roth@....com>
Future patches for SEV-SNP-validated CPUID will also require early
parsing of the EFI configuration. Move the related code into a set of
helpers that can be re-used for that purpose.
Signed-off-by: Michael Roth <michael.roth@....com>
Signed-off-by: Brijesh Singh <brijesh.singh@....com>
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/acpi.c | 124 +++++---------
arch/x86/boot/compressed/efi-config-table.c | 180 ++++++++++++++++++++
arch/x86/boot/compressed/misc.h | 50 ++++++
4 files changed, 272 insertions(+), 83 deletions(-)
create mode 100644 arch/x86/boot/compressed/efi-config-table.c
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 431bf7f846c3..b41aecfda49c 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -100,6 +100,7 @@ endif
vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o
vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
+vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi-config-table.o
efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a
$(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE
diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 8bcbcee54aa1..e087dcaf43b3 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -24,42 +24,36 @@ struct mem_vector immovable_mem[MAX_NUMNODES*2];
* Search EFI system tables for RSDP. If both ACPI_20_TABLE_GUID and
* ACPI_TABLE_GUID are found, take the former, which has more features.
*/
+#ifdef CONFIG_EFI
+static bool
+rsdp_find_fn(efi_guid_t guid, unsigned long vendor_table, bool efi_64,
+ void *opaque)
+{
+ acpi_physical_address *rsdp_addr = opaque;
+
+ if (!(efi_guidcmp(guid, ACPI_TABLE_GUID))) {
+ *rsdp_addr = vendor_table;
+ } else if (!(efi_guidcmp(guid, ACPI_20_TABLE_GUID))) {
+ *rsdp_addr = vendor_table;
+ return false;
+ }
+
+ return true;
+}
+#endif
+
static acpi_physical_address
-__efi_get_rsdp_addr(unsigned long config_tables, unsigned int nr_tables,
+__efi_get_rsdp_addr(unsigned long config_table_pa, unsigned int config_table_len,
bool efi_64)
{
acpi_physical_address rsdp_addr = 0;
-
#ifdef CONFIG_EFI
- int i;
-
- /* Get EFI tables from systab. */
- for (i = 0; i < nr_tables; i++) {
- acpi_physical_address table;
- efi_guid_t guid;
-
- if (efi_64) {
- efi_config_table_64_t *tbl = (efi_config_table_64_t *)config_tables + i;
-
- guid = tbl->guid;
- table = tbl->table;
-
- if (!IS_ENABLED(CONFIG_X86_64) && table >> 32) {
- debug_putstr("Error getting RSDP address: EFI config table located above 4GB.\n");
- return 0;
- }
- } else {
- efi_config_table_32_t *tbl = (efi_config_table_32_t *)config_tables + i;
-
- guid = tbl->guid;
- table = tbl->table;
- }
+ int ret;
- if (!(efi_guidcmp(guid, ACPI_TABLE_GUID)))
- rsdp_addr = table;
- else if (!(efi_guidcmp(guid, ACPI_20_TABLE_GUID)))
- return table;
- }
+ ret = efi_foreach_conf_entry((void *)config_table_pa, config_table_len,
+ efi_64, rsdp_find_fn, &rsdp_addr);
+ if (ret)
+ debug_putstr("Error getting RSDP address.\n");
#endif
return rsdp_addr;
}
@@ -87,7 +81,9 @@ static acpi_physical_address kexec_get_rsdp_addr(void)
efi_system_table_64_t *systab;
struct efi_setup_data *esd;
struct efi_info *ei;
+ bool efi_64;
char *sig;
+ int ret;
esd = (struct efi_setup_data *)get_kexec_setup_data_addr();
if (!esd)
@@ -98,18 +94,16 @@ static acpi_physical_address kexec_get_rsdp_addr(void)
return 0;
}
- ei = &boot_params->efi_info;
- sig = (char *)&ei->efi_loader_signature;
- if (strncmp(sig, EFI64_LOADER_SIGNATURE, 4)) {
+ /* Get systab from boot params. */
+ ret = efi_bp_get_system_table(boot_params, (unsigned long *)&systab, &efi_64);
+ if (ret)
+ error("EFI system table not found in kexec boot_params.");
+
+ if (!efi_64) {
debug_putstr("Wrong kexec EFI loader signature.\n");
return 0;
}
- /* Get systab from boot params. */
- systab = (efi_system_table_64_t *) (ei->efi_systab | ((__u64)ei->efi_systab_hi << 32));
- if (!systab)
- error("EFI system table not found in kexec boot_params.");
-
return __efi_get_rsdp_addr((unsigned long)esd->tables, systab->nr_tables, true);
}
#else
@@ -119,54 +113,18 @@ static acpi_physical_address kexec_get_rsdp_addr(void) { return 0; }
static acpi_physical_address efi_get_rsdp_addr(void)
{
#ifdef CONFIG_EFI
- unsigned long systab, config_tables;
- unsigned int nr_tables;
- struct efi_info *ei;
+ unsigned long config_table_pa = 0;
+ unsigned int config_table_len;
bool efi_64;
- char *sig;
-
- ei = &boot_params->efi_info;
- sig = (char *)&ei->efi_loader_signature;
-
- if (!strncmp(sig, EFI64_LOADER_SIGNATURE, 4)) {
- efi_64 = true;
- } else if (!strncmp(sig, EFI32_LOADER_SIGNATURE, 4)) {
- efi_64 = false;
- } else {
- debug_putstr("Wrong EFI loader signature.\n");
- return 0;
- }
-
- /* Get systab from boot params. */
-#ifdef CONFIG_X86_64
- systab = ei->efi_systab | ((__u64)ei->efi_systab_hi << 32);
-#else
- if (ei->efi_systab_hi || ei->efi_memmap_hi) {
- debug_putstr("Error getting RSDP address: EFI system table located above 4GB.\n");
- return 0;
- }
- systab = ei->efi_systab;
-#endif
- if (!systab)
- error("EFI system table not found.");
-
- /* Handle EFI bitness properly */
- if (efi_64) {
- efi_system_table_64_t *stbl = (efi_system_table_64_t *)systab;
-
- config_tables = stbl->tables;
- nr_tables = stbl->nr_tables;
- } else {
- efi_system_table_32_t *stbl = (efi_system_table_32_t *)systab;
-
- config_tables = stbl->tables;
- nr_tables = stbl->nr_tables;
- }
+ int ret;
- if (!config_tables)
- error("EFI config tables not found.");
+ ret = efi_bp_get_conf_table(boot_params, &config_table_pa,
+ &config_table_len, &efi_64);
+ if (ret || !config_table_pa)
+ error("EFI config table not found.");
- return __efi_get_rsdp_addr(config_tables, nr_tables, efi_64);
+ return __efi_get_rsdp_addr(config_table_pa, config_table_len,
+ efi_64);
#else
return 0;
#endif
diff --git a/arch/x86/boot/compressed/efi-config-table.c b/arch/x86/boot/compressed/efi-config-table.c
new file mode 100644
index 000000000000..d1a34aa7cefd
--- /dev/null
+++ b/arch/x86/boot/compressed/efi-config-table.c
@@ -0,0 +1,180 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Helpers for early access to EFI configuration table
+ *
+ * Copyright (C) 2021 Advanced Micro Devices, Inc.
+ *
+ * Author: Michael Roth <michael.roth@....com>
+ */
+
+#include "misc.h"
+#include <linux/efi.h>
+#include <asm/efi.h>
+
+/* Get vendor table address/guid from EFI config table at the given index */
+static int get_vendor_table(void *conf_table, unsigned int idx,
+ unsigned long *vendor_table_pa,
+ efi_guid_t *vendor_table_guid,
+ bool efi_64)
+{
+ if (efi_64) {
+ efi_config_table_64_t *table_entry =
+ (efi_config_table_64_t *)conf_table + idx;
+
+ if (!IS_ENABLED(CONFIG_X86_64) &&
+ table_entry->table >> 32) {
+ debug_putstr("Error: EFI config table entry located above 4GB.\n");
+ return -EINVAL;
+ }
+
+ *vendor_table_pa = table_entry->table;
+ *vendor_table_guid = table_entry->guid;
+
+ } else {
+ efi_config_table_32_t *table_entry =
+ (efi_config_table_32_t *)conf_table + idx;
+
+ *vendor_table_pa = table_entry->table;
+ *vendor_table_guid = table_entry->guid;
+ }
+
+ return 0;
+}
+
+/*
+ * Iterate through the entries in the EFI configuration table and pass the
+ * associated GUID/physical address of each entry on the provided callback
+ * function.
+ *
+ * @conf_table: pointer to EFI configuration table
+ * @conf_table_len: number of entries in EFI configuration table
+ * @efi_64: true if using 64-bit EFI
+ * @fn: callback function that returns true if iteration
+ * should continue
+ * @opaque: optional caller-provided data structure to pass to
+ * callback function on each iteration
+ *
+ * Returns 0 on success.
+ */
+int
+efi_foreach_conf_entry(void *conf_table, unsigned int conf_table_len,
+ bool efi_64, bool (*fn)(efi_guid_t vendor_table_guid,
+ unsigned long vendor_table_pa,
+ bool efi_64,
+ void *opaque),
+ void *opaque)
+{
+ unsigned int i;
+
+ for (i = 0; i < conf_table_len; i++) {
+ unsigned long vendor_table_pa;
+ efi_guid_t vendor_table_guid;
+
+ if (get_vendor_table(conf_table, i, &vendor_table_pa,
+ &vendor_table_guid, efi_64))
+ return -EINVAL;
+
+ if (!fn(vendor_table_guid, vendor_table_pa, efi_64, opaque))
+ break;
+ }
+
+ return 0;
+}
+
+/*
+ * Given boot_params, retrieve the physical address of EFI system table.
+ *
+ * @boot_params: pointer to boot_params
+ * @sys_table_pa: location to store physical address of system table
+ * @is_efi_64: location to store whether using 64-bit EFI or not
+ *
+ * Returns 0 on success. On error, return params are left unchanged.
+ */
+int
+efi_bp_get_system_table(struct boot_params *boot_params,
+ unsigned long *sys_table_pa, bool *is_efi_64)
+{
+ unsigned long sys_table;
+ struct efi_info *ei;
+ bool efi_64;
+ char *sig;
+
+ if (!sys_table_pa || !is_efi_64)
+ return -EINVAL;
+
+ ei = &boot_params->efi_info;
+ sig = (char *)&ei->efi_loader_signature;
+
+ if (!strncmp(sig, EFI64_LOADER_SIGNATURE, 4)) {
+ efi_64 = true;
+ } else if (!strncmp(sig, EFI32_LOADER_SIGNATURE, 4)) {
+ efi_64 = false;
+ } else {
+ debug_putstr("Wrong EFI loader signature.\n");
+ return -ENOENT;
+ }
+
+ /* Get systab from boot params. */
+#ifdef CONFIG_X86_64
+ sys_table = ei->efi_systab | ((__u64)ei->efi_systab_hi << 32);
+#else
+ if (ei->efi_systab_hi || ei->efi_memmap_hi) {
+ debug_putstr("Error: EFI system table located above 4GB.\n");
+ return -EINVAL;
+ }
+ sys_table = ei->efi_systab;
+#endif
+ if (!sys_table) {
+ debug_putstr("EFI system table not found.");
+ return -ENOENT;
+ }
+
+ *sys_table_pa = sys_table;
+ *is_efi_64 = efi_64;
+ return 0;
+}
+
+/*
+ * Given boot_params, locate EFI system table from it and return the physical
+ * address EFI configuration table.
+ *
+ * @boot_params: pointer to boot_params
+ * @conf_table_pa: location to store physical address of config table
+ * @conf_table_len: location to store number of config table entries
+ * @is_efi_64: location to store whether using 64-bit EFI or not
+ *
+ * Returns 0 on success. On error, return params are left unchanged.
+ */
+int
+efi_bp_get_conf_table(struct boot_params *boot_params,
+ unsigned long *conf_table_pa,
+ unsigned int *conf_table_len,
+ bool *is_efi_64)
+{
+ unsigned long sys_table_pa = 0;
+ int ret;
+
+ if (!conf_table_pa || !conf_table_len || !is_efi_64)
+ return -EINVAL;
+
+ ret = efi_bp_get_system_table(boot_params, &sys_table_pa, is_efi_64);
+ if (ret)
+ return ret;
+
+ /* Handle EFI bitness properly */
+ if (*is_efi_64) {
+ efi_system_table_64_t *stbl =
+ (efi_system_table_64_t *)sys_table_pa;
+
+ *conf_table_pa = stbl->tables;
+ *conf_table_len = stbl->nr_tables;
+ } else {
+ efi_system_table_32_t *stbl =
+ (efi_system_table_32_t *)sys_table_pa;
+
+ *conf_table_pa = stbl->tables;
+ *conf_table_len = stbl->nr_tables;
+ }
+
+ return 0;
+}
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 822e0c254b9a..522baf8ff04a 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -21,6 +21,7 @@
#include <linux/screen_info.h>
#include <linux/elf.h>
#include <linux/io.h>
+#include <linux/efi.h>
#include <asm/page.h>
#include <asm/boot.h>
#include <asm/bootparam.h>
@@ -174,4 +175,53 @@ void boot_stage2_vc(void);
unsigned long sev_verify_cbit(unsigned long cr3);
+#ifdef CONFIG_EFI
+/* helpers for early EFI config table access */
+int efi_foreach_conf_entry(void *conf_table, unsigned int conf_table_len,
+ bool efi_64,
+ bool (*fn)(efi_guid_t guid,
+ unsigned long vendor_table_pa,
+ bool efi_64,
+ void *opaque),
+ void *opaque);
+
+int efi_bp_get_system_table(struct boot_params *boot_params,
+ unsigned long *sys_table_pa,
+ bool *is_efi_64);
+
+int efi_bp_get_conf_table(struct boot_params *boot_params,
+ unsigned long *conf_table_pa,
+ unsigned int *conf_table_len,
+ bool *is_efi_64);
+#else
+static inline int
+efi_foreach_conf_entry(void *conf_table, unsigned int conf_table_len,
+ bool efi_64,
+ bool (*fn)(efi_guid_t guid,
+ unsigned long vendor_table_pa,
+ bool efi_64,
+ void *opaque),
+ void *opaque);
+{
+ return -ENOENT;
+}
+
+static inline int
+efi_bp_get_system_table(struct boot_params *boot_params,
+ unsigned long *sys_table_pa,
+ bool *is_efi_64)
+{
+ return -ENOENT;
+}
+
+static inline int
+efi_bp_get_conf_table(struct boot_params *boot_params,
+ unsigned long *conf_table_pa,
+ unsigned int *conf_table_len,
+ bool *is_efi_64)
+{
+ return -ENOENT;
+}
+#endif /* CONFIG_EFI */
+
#endif /* BOOT_COMPRESSED_MISC_H */
--
2.17.1
Powered by blists - more mailing lists