Re: [PATCH] x86/efi: Avoid triple faults during EFI mixed mode calls

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>
To: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
Cc: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
	linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	Matt Fleming
	<matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH] x86/efi: Avoid triple faults during EFI mixed mode calls
Date: Tue, 3 Feb 2015 20:08:29 +0100	[thread overview]
Message-ID: <20150203190829.GA18734@pd.tnic> (raw)
In-Reply-To: <1422375124-21265-1-git-send-email-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>

On Tue, Jan 27, 2015 at 04:12:04PM +0000, Matt Fleming wrote:
> From: Matt Fleming <matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> 
> Andy pointed out that if an NMI or MCE is received while we're in the
> middle of an EFI mixed mode call a triple fault will occur. This can
> happen, for example, when issuing an EFI mixed mode call while running
> perf.
> 
> The reason for the triple fault is that we execute the mixed mode call
> in 32-bit mode with paging disabled but with 64-bit kernel IDT handlers
> installed throughout the call.
> 
> At Andy's suggestion, stop playing the games we currently do at runtime,
> such as disabling paging and installing a 32-bit GDT for __KERNEL_CS. We
> can simply switch to the __KERNEL32_CS descriptor before invoking
> firmware services, and run in compatibility mode. This way, if an
> NMI/MCE does occur the kernel IDT handler will execute correctly, since
> it'll jump to __KERNEL_CS automatically.
> 
> However, this change is only possible post-ExitBootServices(). Before
> then the firmware "owns" the machine and expects for its 32-bit IDT
> handlers to be left intact to service interrupts, etc.
> 
> So, we now need to distinguish between early boot and runtime
> invocations of EFI services. During early boot, we need to restore the
> GDT that the firmware expects to be present. We can only jump to the
> __KERNEL32_CS code segment for mixed mode calls after ExitBootServices()
> has been invoked.
> 
> A liberal sprinkling of comments in the thunking code should make the
> differences in early and late environments more apparent.
> 
> Reported-by: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
> Cc: Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>
> Signed-off-by: Matt Fleming <matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>

Boots fine on my Dell box.

Tested-by: Borislav Petkov <bp-l3A5Bk7waGM@public.gmane.org>

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--

WARNING: multiple messages have this Message-ID (diff)

From: Borislav Petkov <bp@alien8.de>
To: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@amacapital.net>,
	linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
	Matt Fleming <matt.fleming@intel.com>
Subject: Re: [PATCH] x86/efi: Avoid triple faults during EFI mixed mode calls
Date: Tue, 3 Feb 2015 20:08:29 +0100	[thread overview]
Message-ID: <20150203190829.GA18734@pd.tnic> (raw)
In-Reply-To: <1422375124-21265-1-git-send-email-matt@codeblueprint.co.uk>

On Tue, Jan 27, 2015 at 04:12:04PM +0000, Matt Fleming wrote:
> From: Matt Fleming <matt.fleming@intel.com>
> 
> Andy pointed out that if an NMI or MCE is received while we're in the
> middle of an EFI mixed mode call a triple fault will occur. This can
> happen, for example, when issuing an EFI mixed mode call while running
> perf.
> 
> The reason for the triple fault is that we execute the mixed mode call
> in 32-bit mode with paging disabled but with 64-bit kernel IDT handlers
> installed throughout the call.
> 
> At Andy's suggestion, stop playing the games we currently do at runtime,
> such as disabling paging and installing a 32-bit GDT for __KERNEL_CS. We
> can simply switch to the __KERNEL32_CS descriptor before invoking
> firmware services, and run in compatibility mode. This way, if an
> NMI/MCE does occur the kernel IDT handler will execute correctly, since
> it'll jump to __KERNEL_CS automatically.
> 
> However, this change is only possible post-ExitBootServices(). Before
> then the firmware "owns" the machine and expects for its 32-bit IDT
> handlers to be left intact to service interrupts, etc.
> 
> So, we now need to distinguish between early boot and runtime
> invocations of EFI services. During early boot, we need to restore the
> GDT that the firmware expects to be present. We can only jump to the
> __KERNEL32_CS code segment for mixed mode calls after ExitBootServices()
> has been invoked.
> 
> A liberal sprinkling of comments in the thunking code should make the
> differences in early and late environments more apparent.
> 
> Reported-by: Andy Lutomirski <luto@amacapital.net>
> Cc: Borislav Petkov <bp@alien8.de>
> Signed-off-by: Matt Fleming <matt.fleming@intel.com>

Boots fine on my Dell box.

Tested-by: Borislav Petkov <bp@suse.de>

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--

next prev parent reply	other threads:[~2015-02-03 19:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-27 16:12 [PATCH] x86/efi: Avoid triple faults during EFI mixed mode calls Matt Fleming
2015-01-27 16:12 ` Matt Fleming
     [not found] ` <1422375124-21265-1-git-send-email-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-02-03 19:08   ` Borislav Petkov [this message]
2015-02-03 19:08     ` Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150203190829.GA18734@pd.tnic \
    --to=bp-gina5biwoiwzqb+pc5nmwq@public.gmane.org \
    --cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
    --cc=matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org \
    --cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.