public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Roman Kisel <romank@linux.microsoft.com>,
	akpm@linux-foundation.org, bhe@redhat.com, bp@alien8.de,
	dave.hansen@linux.intel.com, kai.huang@intel.com,
	kirill.shutemov@linux.intel.com, mingo@redhat.com,
	pbonzini@redhat.com, tglx@linutronix.de, x86@kernel.org,
	linux-kernel@vger.kernel.org, apais@microsoft.com,
	benhill@microsoft.com, ssengar@microsoft.com,
	sunilmut@microsoft.com, vdso@hexbites.dev
Subject: Re: [PATCH] x86/reboot: Don't corrupt memory on non-BIOS systems
Date: Tue, 25 Feb 2025 21:39:59 +0100	[thread overview]
Message-ID: <Z74qn-iQDPb3NrXS@gmail.com> (raw)
In-Reply-To: <03D69594-6E5E-47B1-ACF7-B0222F642DE5@zytor.com>


* H. Peter Anvin <hpa@zytor.com> wrote:

> On February 25, 2025 12:25:12 PM PST, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >* Roman Kisel <romank@linux.microsoft.com> wrote:
> >
> >> native_machine_emergency_restart() writes unconditionally
> >> to the physical address of 0x472 to pass the warm reboot
> >> flags to BIOS. The BIOS reads this on booting to bypass memory
> >> test and do the warm boot. On the non-BIOS systems, other
> >> means have to be employed, and this write is a memory corruption.
> >> 
> >> Fix that by moving the offending write into the case where
> >> the machine is rebooted via BIOS.
> >> 
> >> Signed-off-by: Roman Kisel <romank@linux.microsoft.com>
> >> ---
> >>  arch/x86/kernel/reboot.c | 4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)
> >> 
> >> diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
> >> index 615922838c51..6eec8653493f 100644
> >> --- a/arch/x86/kernel/reboot.c
> >> +++ b/arch/x86/kernel/reboot.c
> >> @@ -637,9 +637,8 @@ static void native_machine_emergency_restart(void)
> >>  
> >>  	tboot_shutdown(TB_SHUTDOWN_REBOOT);
> >>  
> >> -	/* Tell the BIOS if we want cold or warm reboot */
> >> +	/* Tell the firmware if we want cold or warm reboot */
> >>  	mode = reboot_mode == REBOOT_WARM ? 0x1234 : 0;
> >> -	*((unsigned short *)__va(0x472)) = mode;
> >>  
> >>  	/*
> >>  	 * If an EFI capsule has been registered with the firmware then
> >> @@ -681,6 +680,7 @@ static void native_machine_emergency_restart(void)
> >>  			break;
> >>  
> >>  		case BOOT_BIOS:
> >> +			*((unsigned short *)__va(0x472)) = mode;
> >>  			machine_real_restart(MRR_BIOS);
> >
> >If the value of 0x472 is only meaningful in the legacy 'BOOT_BIOS' 
> >case, then at minimum the whole block should be moved to that case, not 
> >just the setting.
> >
> >Thanks,
> >
> >	Ingo
> 
> Does the memory corruption actually matter, though?

I presume the issue came up by auditing & reviewing host writes to a 
barebones non-legacy VM?

I'd argue that we shouldn't be writing random values into random legacy 
addresses, especially if that special address doesnt seem to be covered 
by any modern spec? Basic defensive coding practices and such.

Thanks,

	Ingo

  reply	other threads:[~2025-02-25 20:40 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-09 20:43 [PATCH] x86/reboot: Don't corrupt memory on non-BIOS systems Roman Kisel
2025-01-10  3:23 ` H. Peter Anvin
2025-01-10 20:51   ` Roman Kisel
2025-01-10  3:25 ` H. Peter Anvin
2025-01-10 21:05   ` Roman Kisel
2025-02-25 20:25 ` Ingo Molnar
2025-02-25 20:28   ` H. Peter Anvin
2025-02-25 20:39     ` Ingo Molnar [this message]
2025-02-25 20:46       ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z74qn-iQDPb3NrXS@gmail.com \
    --to=mingo@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=apais@microsoft.com \
    --cc=benhill@microsoft.com \
    --cc=bhe@redhat.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=kai.huang@intel.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=romank@linux.microsoft.com \
    --cc=ssengar@microsoft.com \
    --cc=sunilmut@microsoft.com \
    --cc=tglx@linutronix.de \
    --cc=vdso@hexbites.dev \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox