Message ID | 20200626155832.2323789-3-ardb@kernel.org (mailing list archive) |
---|---|
State | Mainlined |
Commit | 325f5585ec36953a3fe2e000451f690440fe1bf5 |
Headers | show |
Series | arm64/acpi: restrict AML opregion memory access | expand |
Hi Ard, On Fri, Jun 26, 2020 at 05:58:32PM +0200, Ard Biesheuvel wrote: > Given that the contents of EFI runtime code and data regions are > provided by the firmware, as well as the DSDT, it is not unimaginable > that AML code exists today that accesses EFI runtime code regions using > a SystemMemory OpRegion. There is nothing fundamentally wrong with that, > but since we take great care to ensure that executable code is never > mapped writeable and executable at the same time, we should not permit > AML to create writable mapping. > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> I'm booting Lenovo Flex 5G laptop with ACPI, and seeing this change causes a memory abort[1] when upgrading ACPI tables via initrd[2]. Dropping this change seems to fix the issue for me. But does that looks like a correct fix to you? Shawn [1] https://fileserver.linaro.org/s/iDe9SaZeNNkyNxG [2] Documentation/admin-guide/acpi/initrd_table_override.rst > --- > arch/arm64/kernel/acpi.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c > index 01b861e225b0..455966401102 100644 > --- a/arch/arm64/kernel/acpi.c > +++ b/arch/arm64/kernel/acpi.c > @@ -301,6 +301,15 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size) > pr_warn(FW_BUG "requested region covers kernel memory @ %pa\n", &phys); > return NULL; > > + case EFI_RUNTIME_SERVICES_CODE: > + /* > + * This would be unusual, but not problematic per se, > + * as long as we take care not to create a writable > + * mapping for executable code. > + */ > + prot = PAGE_KERNEL_RO; > + break; > + > case EFI_ACPI_RECLAIM_MEMORY: > /* > * ACPI reclaim memory is used to pass firmware tables > -- > 2.27.0
On Sat, 6 Feb 2021 at 04:11, Shawn Guo <shawn.guo@linaro.org> wrote: > > Hi Ard, > > On Fri, Jun 26, 2020 at 05:58:32PM +0200, Ard Biesheuvel wrote: > > Given that the contents of EFI runtime code and data regions are > > provided by the firmware, as well as the DSDT, it is not unimaginable > > that AML code exists today that accesses EFI runtime code regions using > > a SystemMemory OpRegion. There is nothing fundamentally wrong with that, > > but since we take great care to ensure that executable code is never > > mapped writeable and executable at the same time, we should not permit > > AML to create writable mapping. > > > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > I'm booting Lenovo Flex 5G laptop with ACPI, and seeing this change > causes a memory abort[1] when upgrading ACPI tables via initrd[2]. > Dropping this change seems to fix the issue for me. But does that > looks like a correct fix to you? > > Shawn > > [1] https://fileserver.linaro.org/s/iDe9SaZeNNkyNxG > [2] Documentation/admin-guide/acpi/initrd_table_override.rst > Can you check whether reverting 32cf1a12cad43358e47dac8014379c2f33dfbed4 fixes the issue too? If it does, please report this as a regression. The OS should not modify firmware provided tables in-place, regardless of how they were delivered. BTW I recently started using my Yoga C630 with Debian, and I am quite happy with it! Thanks a lot for spending the time on the installer etc. I have observed some issues while using mine - I'm happy to share them, on a mailing list or anywhere else. > > --- > > arch/arm64/kernel/acpi.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c > > index 01b861e225b0..455966401102 100644 > > --- a/arch/arm64/kernel/acpi.c > > +++ b/arch/arm64/kernel/acpi.c > > @@ -301,6 +301,15 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size) > > pr_warn(FW_BUG "requested region covers kernel memory @ %pa\n", &phys); > > return NULL; > > > > + case EFI_RUNTIME_SERVICES_CODE: > > + /* > > + * This would be unusual, but not problematic per se, > > + * as long as we take care not to create a writable > > + * mapping for executable code. > > + */ > > + prot = PAGE_KERNEL_RO; > > + break; > > + > > case EFI_ACPI_RECLAIM_MEMORY: > > /* > > * ACPI reclaim memory is used to pass firmware tables > > -- > > 2.27.0
On Sat, 6 Feb 2021 at 09:10, Ard Biesheuvel <ardb@kernel.org> wrote: > > On Sat, 6 Feb 2021 at 04:11, Shawn Guo <shawn.guo@linaro.org> wrote: > > > > Hi Ard, > > > > On Fri, Jun 26, 2020 at 05:58:32PM +0200, Ard Biesheuvel wrote: > > > Given that the contents of EFI runtime code and data regions are > > > provided by the firmware, as well as the DSDT, it is not unimaginable > > > that AML code exists today that accesses EFI runtime code regions using > > > a SystemMemory OpRegion. There is nothing fundamentally wrong with that, > > > but since we take great care to ensure that executable code is never > > > mapped writeable and executable at the same time, we should not permit > > > AML to create writable mapping. > > > > > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > > > I'm booting Lenovo Flex 5G laptop with ACPI, and seeing this change > > causes a memory abort[1] when upgrading ACPI tables via initrd[2]. > > Dropping this change seems to fix the issue for me. But does that > > looks like a correct fix to you? > > > > Shawn > > > > [1] https://fileserver.linaro.org/s/iDe9SaZeNNkyNxG > > [2] Documentation/admin-guide/acpi/initrd_table_override.rst > > > > Can you check whether reverting > > 32cf1a12cad43358e47dac8014379c2f33dfbed4 > > fixes the issue too? > > If it does, please report this as a regression. The OS should not > modify firmware provided tables in-place, regardless of how they were > delivered. > That patch modifies firmware provided tables in-place, which invalidates checksums and TPM measurements, so it needs to be reverted in any case, and I have already sent out the patch for doing so.
On Sat, Feb 06, 2021 at 09:10:19AM +0100, Ard Biesheuvel wrote: > On Sat, 6 Feb 2021 at 04:11, Shawn Guo <shawn.guo@linaro.org> wrote: > > > > Hi Ard, > > > > On Fri, Jun 26, 2020 at 05:58:32PM +0200, Ard Biesheuvel wrote: > > > Given that the contents of EFI runtime code and data regions are > > > provided by the firmware, as well as the DSDT, it is not unimaginable > > > that AML code exists today that accesses EFI runtime code regions using > > > a SystemMemory OpRegion. There is nothing fundamentally wrong with that, > > > but since we take great care to ensure that executable code is never > > > mapped writeable and executable at the same time, we should not permit > > > AML to create writable mapping. > > > > > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > > > I'm booting Lenovo Flex 5G laptop with ACPI, and seeing this change > > causes a memory abort[1] when upgrading ACPI tables via initrd[2]. > > Dropping this change seems to fix the issue for me. But does that > > looks like a correct fix to you? > > > > Shawn > > > > [1] https://fileserver.linaro.org/s/iDe9SaZeNNkyNxG > > [2] Documentation/admin-guide/acpi/initrd_table_override.rst > > > > Can you check whether reverting > > 32cf1a12cad43358e47dac8014379c2f33dfbed4 > > fixes the issue too? Yes, it does. > If it does, please report this as a regression. The OS should not > modify firmware provided tables in-place, regardless of how they were > delivered. > > BTW I recently started using my Yoga C630 with Debian, and I am quite > happy with it! Thanks a lot for spending the time on the installer > etc. Cool, glad to hear that! Shawn
diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c index 01b861e225b0..455966401102 100644 --- a/arch/arm64/kernel/acpi.c +++ b/arch/arm64/kernel/acpi.c @@ -301,6 +301,15 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size) pr_warn(FW_BUG "requested region covers kernel memory @ %pa\n", &phys); return NULL; + case EFI_RUNTIME_SERVICES_CODE: + /* + * This would be unusual, but not problematic per se, + * as long as we take care not to create a writable + * mapping for executable code. + */ + prot = PAGE_KERNEL_RO; + break; + case EFI_ACPI_RECLAIM_MEMORY: /* * ACPI reclaim memory is used to pass firmware tables
Given that the contents of EFI runtime code and data regions are provided by the firmware, as well as the DSDT, it is not unimaginable that AML code exists today that accesses EFI runtime code regions using a SystemMemory OpRegion. There is nothing fundamentally wrong with that, but since we take great care to ensure that executable code is never mapped writeable and executable at the same time, we should not permit AML to create writable mapping. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- arch/arm64/kernel/acpi.c | 9 +++++++++ 1 file changed, 9 insertions(+)