diff options
| author | Ricardo Neri <ricardo.neri-calderon@linux.intel.com> | 2014-08-19 11:56:02 -0700 |
|---|---|---|
| committer | Matt Fleming <matt.fleming@intel.com> | 2014-08-19 22:39:29 +0100 |
| commit | 2bdf42e7ee5839b505f792384804988cc4d048ae (patch) | |
| tree | 1618fff4b0e9beb7965f67be3d3bc690d8799e27 | |
| parent | a988a7a5abd1edb76782962437ddd99dcc3de85b (diff) | |
| download | gpt-stable.tar.gz | |
x86/efi: Introduce EFI_BOOT_SERVICES_WARNstable
There may exist buggy implementations of UEFI firmaware that access the
EFI_BOOT_SERVICES_* memory regions after the call to ExitBootServices()
(e.g., when calling SetVirtualAddressMap()). This is in direct violation
of the UEFI specification.
If selected, this debug option will print a warning message if the UEFI
firmware tries to access the aforementioned memory regions. Along with
the warning, the EFI platform code will fixup the page fault so that the
firmware can proceed further.
If not selected, EFI_BOOT_SERVICES_CODE/DATA memory regions will be
mapped along with the runtime memory regions so that the buggy firmware
does not cause any page faults when trying to accessing such memory
regions. This is the approach from Matthew Garrett in commit 916f676f8dc0
("x86, efi: Retain boot service code until after switching to virtual
mode").
However, firmware developers are less likely to find and avoid such
illegal access as the kernel silently works around their bug.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
| -rw-r--r-- | arch/x86/Kconfig | 12 | ||||
| -rw-r--r-- | arch/x86/platform/efi/efi.c | 2 |
2 files changed, 13 insertions, 1 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 25d2c6f7325e8..b7c9d9e87cb37 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1535,6 +1535,18 @@ config EFI_MIXED If unsure, say N. +config EFI_BOOT_SERVICES_WARN + bool "Warn about illegal accesses to BOOT_SERVICES memory" + depends on EFI + ---help--- + Enable this debug feature to make the kernel issue a warning if + memory regions marked as EFI_BOOT_SERVICES_CODE/DATA are + accessed after the kernel calls ExitBootServices() on the + firmware. Please see the UEFI specification for details on + the expectations of memory usage. + + If unsure, say N. + config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index ff82bd75d243b..dbaaa6629c3c0 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -981,7 +981,7 @@ static void * __init efi_map_regions(int *count, int *pg_shift) for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) { md = p; if (!(md->attribute & EFI_MEMORY_RUNTIME)) { -#ifdef CONFIG_X86_64 +#if defined(CONFIG_X86_64) && !defined(CONFIG_EFI_BOOT_SERVICES_WARN) if (md->type != EFI_BOOT_SERVICES_CODE && md->type != EFI_BOOT_SERVICES_DATA) #endif |