From: James Bottomley <jbottomley@odin.com>
To: "ard.biesheuvel@linaro.org" <ard.biesheuvel@linaro.org>
Cc: "matt@codeblueprint.co.uk" <matt@codeblueprint.co.uk>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"pjones@redhat.com" <pjones@redhat.com>,
"jlee@suse.com" <jlee@suse.com>, "bp@suse.de" <bp@suse.de>,
"dyoung@redhat.com" <dyoung@redhat.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"leif.lindholm@linaro.org" <leif.lindholm@linaro.org>,
"matt.fleming@intel.com" <matt.fleming@intel.com>,
"LeifLindholm@linux-rxt1.site" <LeifLindholm@linux-rxt1.site>,
"mjg59@srcf.ucam.org" <mjg59@srcf.ucam.org>
Subject: Re: [PATCH] x86/efi: Map EFI memmap entries in-order at runtime
Date: Wed, 16 Sep 2015 13:37:18 +0000 [thread overview]
Message-ID: <1442410638.2234.8.camel@Odin.com> (raw)
In-Reply-To: <CAKv+Gu-Q_g4YtbZ7X1S1g3RaMZC6HQCVza+oqv26mXbrDjTc5w@mail.gmail.com>
On Wed, 2015-09-16 at 13:25 +0200, Ard Biesheuvel wrote:
> On 16 September 2015 at 12:08, Borislav Petkov <bp@suse.de> wrote:
> > On Wed, Sep 09, 2015 at 12:21:23PM +0100, Matt Fleming wrote:
> >> On Wed, 09 Sep, at 08:33:07AM, joeyli wrote:
> >> >
> >> > Yes, the machine on my hand has EFI_PROPERTIES_TABLE enabled, and it doesn't
> >> > boot without your patch.
> >>
> >> Awesome. Could you test the following patch instead?
> >>
> >> ---
> >>
> >> From 24d324b781a3b688dcc265995949a9cf4e8af687 Mon Sep 17 00:00:00 2001
> >> From: Matt Fleming <matt.fleming@intel.com>
> >> Date: Thu, 3 Sep 2015 15:56:25 +0100
> >> Subject: [PATCH v2] x86/efi: Map EFI memmap entries in-order at runtime
> >>
> >> Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced that
> >> signals that the firmware PE/COFF loader supports splitting code and
> >> data sections of PE/COFF images into separate EFI memory map entries.
> >> This allows the kernel to map those regions with strict memory
> >> protections, e.g. EFI_MEMORY_RO for code, EFI_MEMORY_XP for data, etc.
> >>
> >> Unfortunately, an unwritten requirement of this new feature is that
> >> the regions need to be mapped with the same offsets relative to each
> >> other as observed in the EFI memory map. If this is not done crashes
> >
> > Let me get this straight: this looks like the next EFI screwup which
> > practically requires specific mapping placement in VA space just
> > because it uses relative addresses?
>
> Both relative and absolute references, currently. The latter are also
> affected since the relocation offset that is applied to all PE/COFF
> relocation entries is based on the displacement of ImageBase, and
> absolute references to symbols in .data need to be treated specially
> (since it may be shifted relative to the .text section containing
> ImageBase). This could be worked around by converting each absolute
> reference individually using ConvertPointer () [and I have a proof of
> concept that actually makes the problem go away on x86] but it would
> still be only a partial solution, since relative references are not
> tracked in the PE/COFF metadata, so even if we wanted to, it would be
> intractible to find each cross-section relative reference and do the
> fixup.
>
> > And since you say "unwritten" this
> > practically a requirement is not even in the spec?
> >
>
> No, it seems nobody thought of this when designing the feature.
To add colour: our problem is section relative references (either loads
or jumps). The PE/COFF linker is allowed not to emit relocations for
section relative references because it expects that the sections will
always be loaded at the same relative offset. It looks like it is
possible to force them to have relocation entries, so it would be
possible to add to the standard language requiring this for UEFI
compatible binaries, but that won't help with any of the existing
PE/COFF stuff in the field.
The problem is that to apply the various protections UEFI is
introducing, we're trying to relocate the sections and that's what's
causing the issue. Before this, no-one really thought of mapping the
sections at different relative addresses. It's really an unexpected
weakness in the PE/COFF spec that we can't fix, so we have to work
around it.
James
> > Can we state explicitly in the spec NOT to rely on mapping VA placement?
> > I mean, this "unwritten" requirement is seriously screwed on soo many
> > levels...
> >
>
> Several solutions and/or work arounds are currently under discussion
>
next prev parent reply other threads:[~2015-09-16 13:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-04 13:14 [PATCH] x86/efi: Map EFI memmap entries in-order at runtime Matt Fleming
2015-09-04 13:24 ` Ard Biesheuvel
[not found] ` <CAKv+Gu9bGcSVWuMkPVJGDkCPmWvFpjhh4odLWPBZ-wX3=LgGaw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-04 18:23 ` Matt Fleming
2015-09-04 18:53 ` Ard Biesheuvel
2015-09-06 14:06 ` Ard Biesheuvel
[not found] ` <CAKv+Gu-AQdgJNOtrgtEtqxsaSC_L=EANpC3pT8b6X2jmZ5qO_Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-08 13:16 ` Matt Fleming
2015-09-08 13:21 ` Ard Biesheuvel
[not found] ` <CAKv+Gu_us3Nu_gMd4GxPe7z0eqtMfM4DM_UEmGW2MTqVDxg5vA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-08 20:37 ` Matt Fleming
[not found] ` <20150908203630.GB2854-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-09-09 7:37 ` Ard Biesheuvel
2015-09-09 9:58 ` Matt Fleming
[not found] ` <20150909095806.GA4973-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-09-09 9:59 ` Ard Biesheuvel
[not found] ` <1441372447-23439-1-git-send-email-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-09-07 4:07 ` joeyli
2015-09-08 20:41 ` Matt Fleming
2015-09-09 0:33 ` joeyli
2015-09-09 11:21 ` Matt Fleming
[not found] ` <20150909112123.GB4973-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-09-10 3:38 ` joeyli
2015-09-16 10:08 ` Borislav Petkov
[not found] ` <20150916100820.GA7077-K5JNixvcfoxupOikMc4+xw@public.gmane.org>
2015-09-16 11:25 ` Ard Biesheuvel
[not found] ` <CAKv+Gu-Q_g4YtbZ7X1S1g3RaMZC6HQCVza+oqv26mXbrDjTc5w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-16 13:28 ` Borislav Petkov
2015-09-16 13:38 ` Ard Biesheuvel
2015-09-17 8:05 ` Borislav Petkov
2015-09-16 13:37 ` James Bottomley [this message]
2015-09-16 14:07 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1442410638.2234.8.camel@Odin.com \
--to=jbottomley@odin.com \
--cc=LeifLindholm@linux-rxt1.site \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@suse.de \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=jlee@suse.com \
--cc=leif.lindholm@linaro.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=matt@codeblueprint.co.uk \
--cc=mjg59@srcf.ucam.org \
--cc=pjones@redhat.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).