From patchwork Mon Feb 6 12:49:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13129822 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A761FC05027 for ; Mon, 6 Feb 2023 12:51:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=P/VZHUpgnYY/e924AVPij6d/XlCZ+sPydivduJTjXy8=; b=xeU8i437gi82j9 rcPXuhFIGHYuJn2tEiiemGQ/mxjIxpsmUIRpsTJW9I9NXFgiurKPiEW7EMBoPcqX6BKaDwPWCoewH 6mRCr93Sbc1J+3e9FLo09breW8j/o2yQQRlP1fTWwF+27PjVy/h+VbOJtstsKghQrGr66/ZI+pKIF 4uFw9hEvQLuE0ZRWV72SQj7XYl2tAkZyYrVNsr09uOj0QfvcKjvbV65P6nUOHfdW8C3ms3UhCgf4S N7aJdFo0gjYDyABzJqUP4I9WWTbgwKh89NxI1r5MtLad6wGcrJF4upoUJFnMsT+pskyrvz22rKfqy I7VZ56jYssCNxwGivS9w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pP0wg-008WdN-Se; Mon, 06 Feb 2023 12:50:07 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pP0wV-008WXz-8T for linux-arm-kernel@lists.infradead.org; Mon, 06 Feb 2023 12:49:57 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id AA58EB8100F; Mon, 6 Feb 2023 12:49:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0AAE7C4339B; Mon, 6 Feb 2023 12:49:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1675687792; bh=IAL+pyfoXhXmgoxqxIVL+RHhIgd+a/xg78zxfOh6js8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KHgObYG1983YEkn2WpX9MLJNsVgoBr1huXTcgOb60NyNNZPeagzOi+fToiYBobdf5 QB0U9VOdFZ7kzP9uzUkbgwnwbr5lV7Z9wADlMrPtS+SxI5oryykriXACt1y/r7P3XR MqiwRd4YHxcLWlchfagdlgqKxbtCvbkN1RIl1t0EwYKjeVjD+ReY08w7sgpDDqLg4c AXExiANxIVV1sC/VVIACWbilcdrsallfgqxw53yh3nn0lWlnHGi40KK3T2YupUxQyV eXVr9fyAMzK3VcV+v14qVk9kpxlExFmU7Qobl0Q+esjmZGgdt0vhKr+rgRVMpJpIN3 N1rT5/QFAWz+A== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Catalin Marinas , Will Deacon , Kees Cook , Mark Rutland , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen Subject: [PATCH v2 2/3] efi: arm64: Wire up BTI annotation in memory attributes table Date: Mon, 6 Feb 2023 13:49:37 +0100 Message-Id: <20230206124938.272988-3-ardb@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230206124938.272988-1-ardb@kernel.org> References: <20230206124938.272988-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2919; i=ardb@kernel.org; h=from:subject; bh=IAL+pyfoXhXmgoxqxIVL+RHhIgd+a/xg78zxfOh6js8=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBj4PdgBcM69q4ZgV9oBMnKOIQvX9UQ3M+1JdiBQ BJDjWLmv5WJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCY+D3YAAKCRDDTyI5ktmP JEKAC/wLQYTaKY56agma250TeBbtIzcObQl0Lz5neU2J38P/NY9AQ/dMKjxx29L44HQdBRT5hpJ inmju3b/pFpSxXE1AwEUcGOpkOq5Jdgfq+CWuMPZUqh2XGQyht8HgqliKgs76vVqyoCFpBUmMq5 KmZi5H0pOaAT8beaTCXTaXEBKHVMVhtKHH2Z/30YPBHfr/lJl5ViF1xKkRNh5tG9iCd3HSis8Rw ohFwcLSZS2wHB71j4CMQlHabse+6z3Q5R86uHQ+vETM+XYN8+bSbEqGxDqvMzNx+8HvUAmZIkZx 3og5mQDIvz6eXxx772p6+Mc/KZx6kY2cbqwyp8eXI5UfJOirebyyib51va3vlrVaWqlA6k/+Vmr IQs3UyzmYDPP0b3vkBPyb0eUStPjbemQtE0wjXx452uN7NM06zj5c/9F7zuzCuC4u8f3bgK9FBw R5pie/mKThyv6dN6kc60HJ8T0t0SU7G8YZWKbv27Ell5xczOICcmjqJmRyLm569rfwYNc= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230206_044955_620849_15CD6343 X-CRM114-Status: GOOD ( 16.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org UEFI v2.10 extends the EFI memory attributes table with a flag that indicates whether or not all RuntimeServicesCode regions were constructed with BTI landing pads, permitting the OS to map these regions with BTI restrictions enabled. So let's take this into account on arm64. Signed-off-by: Ard Biesheuvel Reviewed-by: Kees Cook Acked-by: Mark Rutland Reviewed-by: Will Deacon --- arch/arm64/kernel/efi.c | 14 ++++++++++++-- arch/arm64/kernel/traps.c | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c index 78ffd5aaddcbbaee..99971cd349f36310 100644 --- a/arch/arm64/kernel/efi.c +++ b/arch/arm64/kernel/efi.c @@ -96,15 +96,23 @@ int __init efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md) return 0; } +struct set_perm_data { + const efi_memory_desc_t *md; + bool has_bti; +}; + static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data) { - efi_memory_desc_t *md = data; + struct set_perm_data *spd = data; + const efi_memory_desc_t *md = spd->md; pte_t pte = READ_ONCE(*ptep); if (md->attribute & EFI_MEMORY_RO) pte = set_pte_bit(pte, __pgprot(PTE_RDONLY)); if (md->attribute & EFI_MEMORY_XP) pte = set_pte_bit(pte, __pgprot(PTE_PXN)); + else if (system_supports_bti() && spd->has_bti) + pte = set_pte_bit(pte, __pgprot(PTE_GP)); set_pte(ptep, pte); return 0; } @@ -113,6 +121,8 @@ int __init efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md, bool has_bti) { + struct set_perm_data data = { md, has_bti }; + BUG_ON(md->type != EFI_RUNTIME_SERVICES_CODE && md->type != EFI_RUNTIME_SERVICES_DATA); @@ -128,7 +138,7 @@ int __init efi_set_mapping_permissions(struct mm_struct *mm, */ return apply_to_page_range(mm, md->virt_addr, md->num_pages << EFI_PAGE_SHIFT, - set_permissions, md); + set_permissions, &data); } /* diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 4c0caa589e12de2a..1f366b94ea8e233a 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -33,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -492,6 +494,10 @@ void do_el0_bti(struct pt_regs *regs) void do_el1_bti(struct pt_regs *regs, unsigned long esr) { + if (efi_runtime_fixup_exception(regs, "BTI violation")) { + regs->pstate &= ~PSR_BTYPE_MASK; + return; + } die("Oops - BTI", regs, esr); }