[PATCH 2/2] arm*: efi: drop writable mapping of the UEFI System table

Ard Biesheuvel ard.biesheuvel at linaro.org
Tue Mar 22 08:08:24 PDT 2016 

On 26 February 2016 at 16:01, Matt Fleming <matt at codeblueprint.co.uk> wrote:
> On Fri, 26 Feb, at 03:20:35PM, Ard Biesheuvel wrote:
>> Commit 2eec5dedf770 ("efi/arm-init: Use read-only early mappings")
>> updated the early ARM UEFI init code to create the temporary, early
>> mapping of the UEFI System table using read-only attributes, as a
>> hardening measure against inadvertent modification.
>>
>> However, this still leaves the permanent, writable mapping of the UEFI
>> System table, which is only ever referenced during invocations of UEFI
>> Runtime Services, at which time the UEFI virtual mapping is available,
>> which also covers the system table. (This is guaranteed by the fact that
>> SetVirtualAddressMap(), which is a runtime service itself, converts
>> various entries in the table to their virtual equivalents, which implies
>> that the table must be covered by a RuntimeServicesData region that has
>> the EFI_MEMORY_RUNTIME attribute.)
>>
>> So instead of creating this permanent mapping, record the virtual address
>> of the system table inside the UEFI virtual mapping, and dereference that
>> when accessing the table. This protects the contents of the system table
>> from inadvertent (or deliberate) modification when no UEFI Runtime
>> Services calls are in progress.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
>> ---
>>  drivers/firmware/efi/arm-init.c    |  2 ++
>>  drivers/firmware/efi/arm-runtime.c | 27 ++++++++++++++++-----------
>>  2 files changed, 18 insertions(+), 11 deletions(-)
>
> Looks like a nice cleanup. Applied.

This patch causes a warning I hadn't spotted before sending it out.
Could you fold this in please?

diff --git a/drivers/firmware/efi/arm-runtime.c
b/drivers/firmware/efi/arm-runtime.c
index 6c97d4884fc7..fe749da9997e 100644
--- a/drivers/firmware/efi/arm-runtime.c
+++ b/drivers/firmware/efi/arm-runtime.c
@@ -72,8 +72,8 @@ static bool __init efi_virtmap_init(void)
                 */
                if (efi_system_table >= phys &&
                    efi_system_table < phys + (md->num_pages * EFI_PAGE_SIZE)) {
-                       efi.systab = (void *)(efi_system_table - phys +
-                                             md->virt_addr);
+                       efi.systab = (void *)(unsigned long)(efi_system_table -
+                                                         phys + md->virt_addr);
                        systab_found = true;
                }
        }

Thanks,
Ard.

More information about the linux-arm-kernel mailing list