Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 2016 Linaro Ltd. <ard.biesheuvel@linaro.org>
4 */
5
6#define pr_fmt(fmt) "efi: memattr: " fmt
7
8#include <linux/efi.h>
9#include <linux/init.h>
10#include <linux/io.h>
11#include <linux/memblock.h>
12
13#include <asm/early_ioremap.h>
14
15static int __initdata tbl_size;
16unsigned long __ro_after_init efi_mem_attr_table = EFI_INVALID_TABLE_ADDR;
17
18/*
19 * Reserve the memory associated with the Memory Attributes configuration
20 * table, if it exists.
21 */
22int __init efi_memattr_init(void)
23{
24 efi_memory_attributes_table_t *tbl;
25
26 if (efi_mem_attr_table == EFI_INVALID_TABLE_ADDR)
27 return 0;
28
29 tbl = early_memremap(efi_mem_attr_table, sizeof(*tbl));
30 if (!tbl) {
31 pr_err("Failed to map EFI Memory Attributes table @ 0x%lx\n",
32 efi_mem_attr_table);
33 return -ENOMEM;
34 }
35
36 if (tbl->version > 1) {
37 pr_warn("Unexpected EFI Memory Attributes table version %d\n",
38 tbl->version);
39 goto unmap;
40 }
41
42 tbl_size = sizeof(*tbl) + tbl->num_entries * tbl->desc_size;
43 memblock_reserve(efi_mem_attr_table, tbl_size);
44 set_bit(EFI_MEM_ATTR, &efi.flags);
45
46unmap:
47 early_memunmap(tbl, sizeof(*tbl));
48 return 0;
49}
50
51/*
52 * Returns a copy @out of the UEFI memory descriptor @in if it is covered
53 * entirely by a UEFI memory map entry with matching attributes. The virtual
54 * address of @out is set according to the matching entry that was found.
55 */
56static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out)
57{
58 u64 in_paddr = in->phys_addr;
59 u64 in_size = in->num_pages << EFI_PAGE_SHIFT;
60 efi_memory_desc_t *md;
61
62 *out = *in;
63
64 if (in->type != EFI_RUNTIME_SERVICES_CODE &&
65 in->type != EFI_RUNTIME_SERVICES_DATA) {
66 pr_warn("Entry type should be RuntimeServiceCode/Data\n");
67 return false;
68 }
69
70 if (!(in->attribute & (EFI_MEMORY_RO | EFI_MEMORY_XP))) {
71 pr_warn("Entry attributes invalid: RO and XP bits both cleared\n");
72 return false;
73 }
74
75 if (PAGE_SIZE > EFI_PAGE_SIZE &&
76 (!PAGE_ALIGNED(in->phys_addr) ||
77 !PAGE_ALIGNED(in->num_pages << EFI_PAGE_SHIFT))) {
78 /*
79 * Since arm64 may execute with page sizes of up to 64 KB, the
80 * UEFI spec mandates that RuntimeServices memory regions must
81 * be 64 KB aligned. We need to validate this here since we will
82 * not be able to tighten permissions on such regions without
83 * affecting adjacent regions.
84 */
85 pr_warn("Entry address region misaligned\n");
86 return false;
87 }
88
89 for_each_efi_memory_desc(md) {
90 u64 md_paddr = md->phys_addr;
91 u64 md_size = md->num_pages << EFI_PAGE_SHIFT;
92
93 if (!(md->attribute & EFI_MEMORY_RUNTIME))
94 continue;
95 if (md->virt_addr == 0 && md->phys_addr != 0) {
96 /* no virtual mapping has been installed by the stub */
97 break;
98 }
99
100 if (md_paddr > in_paddr || (in_paddr - md_paddr) >= md_size)
101 continue;
102
103 /*
104 * This entry covers the start of @in, check whether
105 * it covers the end as well.
106 */
107 if (md_paddr + md_size < in_paddr + in_size) {
108 pr_warn("Entry covers multiple EFI memory map regions\n");
109 return false;
110 }
111
112 if (md->type != in->type) {
113 pr_warn("Entry type deviates from EFI memory map region type\n");
114 return false;
115 }
116
117 out->virt_addr = in_paddr + (md->virt_addr - md_paddr);
118
119 return true;
120 }
121
122 pr_warn("No matching entry found in the EFI memory map\n");
123 return false;
124}
125
126/*
127 * To be called after the EFI page tables have been populated. If a memory
128 * attributes table is available, its contents will be used to update the
129 * mappings with tightened permissions as described by the table.
130 * This requires the UEFI memory map to have already been populated with
131 * virtual addresses.
132 */
133int __init efi_memattr_apply_permissions(struct mm_struct *mm,
134 efi_memattr_perm_setter fn)
135{
136 efi_memory_attributes_table_t *tbl;
137 int i, ret;
138
139 if (tbl_size <= sizeof(*tbl))
140 return 0;
141
142 /*
143 * We need the EFI memory map to be setup so we can use it to
144 * lookup the virtual addresses of all entries in the of EFI
145 * Memory Attributes table. If it isn't available, this
146 * function should not be called.
147 */
148 if (WARN_ON(!efi_enabled(EFI_MEMMAP)))
149 return 0;
150
151 tbl = memremap(efi_mem_attr_table, tbl_size, MEMREMAP_WB);
152 if (!tbl) {
153 pr_err("Failed to map EFI Memory Attributes table @ 0x%lx\n",
154 efi_mem_attr_table);
155 return -ENOMEM;
156 }
157
158 if (efi_enabled(EFI_DBG))
159 pr_info("Processing EFI Memory Attributes table:\n");
160
161 for (i = ret = 0; ret == 0 && i < tbl->num_entries; i++) {
162 efi_memory_desc_t md;
163 unsigned long size;
164 bool valid;
165 char buf[64];
166
167 valid = entry_is_valid((void *)tbl->entry + i * tbl->desc_size,
168 &md);
169 size = md.num_pages << EFI_PAGE_SHIFT;
170 if (efi_enabled(EFI_DBG) || !valid)
171 pr_info("%s 0x%012llx-0x%012llx %s\n",
172 valid ? "" : "!", md.phys_addr,
173 md.phys_addr + size - 1,
174 efi_md_typeattr_format(buf, sizeof(buf), &md));
175
176 if (valid) {
177 ret = fn(mm, &md);
178 if (ret)
179 pr_err("Error updating mappings, skipping subsequent md's\n");
180 }
181 }
182 memunmap(tbl);
183 return ret;
184}
1/*
2 * Copyright (C) 2016 Linaro Ltd. <ard.biesheuvel@linaro.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#define pr_fmt(fmt) "efi: memattr: " fmt
10
11#include <linux/efi.h>
12#include <linux/init.h>
13#include <linux/io.h>
14#include <linux/memblock.h>
15
16#include <asm/early_ioremap.h>
17
18static int __initdata tbl_size;
19
20/*
21 * Reserve the memory associated with the Memory Attributes configuration
22 * table, if it exists.
23 */
24int __init efi_memattr_init(void)
25{
26 efi_memory_attributes_table_t *tbl;
27
28 if (efi.mem_attr_table == EFI_INVALID_TABLE_ADDR)
29 return 0;
30
31 tbl = early_memremap(efi.mem_attr_table, sizeof(*tbl));
32 if (!tbl) {
33 pr_err("Failed to map EFI Memory Attributes table @ 0x%lx\n",
34 efi.mem_attr_table);
35 return -ENOMEM;
36 }
37
38 if (tbl->version > 1) {
39 pr_warn("Unexpected EFI Memory Attributes table version %d\n",
40 tbl->version);
41 goto unmap;
42 }
43
44 tbl_size = sizeof(*tbl) + tbl->num_entries * tbl->desc_size;
45 memblock_reserve(efi.mem_attr_table, tbl_size);
46
47unmap:
48 early_memunmap(tbl, sizeof(*tbl));
49 return 0;
50}
51
52/*
53 * Returns a copy @out of the UEFI memory descriptor @in if it is covered
54 * entirely by a UEFI memory map entry with matching attributes. The virtual
55 * address of @out is set according to the matching entry that was found.
56 */
57static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out)
58{
59 u64 in_paddr = in->phys_addr;
60 u64 in_size = in->num_pages << EFI_PAGE_SHIFT;
61 efi_memory_desc_t *md;
62
63 *out = *in;
64
65 if (in->type != EFI_RUNTIME_SERVICES_CODE &&
66 in->type != EFI_RUNTIME_SERVICES_DATA) {
67 pr_warn("Entry type should be RuntimeServiceCode/Data\n");
68 return false;
69 }
70
71 if (!(in->attribute & (EFI_MEMORY_RO | EFI_MEMORY_XP))) {
72 pr_warn("Entry attributes invalid: RO and XP bits both cleared\n");
73 return false;
74 }
75
76 if (PAGE_SIZE > EFI_PAGE_SIZE &&
77 (!PAGE_ALIGNED(in->phys_addr) ||
78 !PAGE_ALIGNED(in->num_pages << EFI_PAGE_SHIFT))) {
79 /*
80 * Since arm64 may execute with page sizes of up to 64 KB, the
81 * UEFI spec mandates that RuntimeServices memory regions must
82 * be 64 KB aligned. We need to validate this here since we will
83 * not be able to tighten permissions on such regions without
84 * affecting adjacent regions.
85 */
86 pr_warn("Entry address region misaligned\n");
87 return false;
88 }
89
90 for_each_efi_memory_desc(md) {
91 u64 md_paddr = md->phys_addr;
92 u64 md_size = md->num_pages << EFI_PAGE_SHIFT;
93
94 if (!(md->attribute & EFI_MEMORY_RUNTIME))
95 continue;
96 if (md->virt_addr == 0) {
97 /* no virtual mapping has been installed by the stub */
98 break;
99 }
100
101 if (md_paddr > in_paddr || (in_paddr - md_paddr) >= md_size)
102 continue;
103
104 /*
105 * This entry covers the start of @in, check whether
106 * it covers the end as well.
107 */
108 if (md_paddr + md_size < in_paddr + in_size) {
109 pr_warn("Entry covers multiple EFI memory map regions\n");
110 return false;
111 }
112
113 if (md->type != in->type) {
114 pr_warn("Entry type deviates from EFI memory map region type\n");
115 return false;
116 }
117
118 out->virt_addr = in_paddr + (md->virt_addr - md_paddr);
119
120 return true;
121 }
122
123 pr_warn("No matching entry found in the EFI memory map\n");
124 return false;
125}
126
127/*
128 * To be called after the EFI page tables have been populated. If a memory
129 * attributes table is available, its contents will be used to update the
130 * mappings with tightened permissions as described by the table.
131 * This requires the UEFI memory map to have already been populated with
132 * virtual addresses.
133 */
134int __init efi_memattr_apply_permissions(struct mm_struct *mm,
135 efi_memattr_perm_setter fn)
136{
137 efi_memory_attributes_table_t *tbl;
138 int i, ret;
139
140 if (tbl_size <= sizeof(*tbl))
141 return 0;
142
143 /*
144 * We need the EFI memory map to be setup so we can use it to
145 * lookup the virtual addresses of all entries in the of EFI
146 * Memory Attributes table. If it isn't available, this
147 * function should not be called.
148 */
149 if (WARN_ON(!efi_enabled(EFI_MEMMAP)))
150 return 0;
151
152 tbl = memremap(efi.mem_attr_table, tbl_size, MEMREMAP_WB);
153 if (!tbl) {
154 pr_err("Failed to map EFI Memory Attributes table @ 0x%lx\n",
155 efi.mem_attr_table);
156 return -ENOMEM;
157 }
158
159 if (efi_enabled(EFI_DBG))
160 pr_info("Processing EFI Memory Attributes table:\n");
161
162 for (i = ret = 0; ret == 0 && i < tbl->num_entries; i++) {
163 efi_memory_desc_t md;
164 unsigned long size;
165 bool valid;
166 char buf[64];
167
168 valid = entry_is_valid((void *)tbl->entry + i * tbl->desc_size,
169 &md);
170 size = md.num_pages << EFI_PAGE_SHIFT;
171 if (efi_enabled(EFI_DBG) || !valid)
172 pr_info("%s 0x%012llx-0x%012llx %s\n",
173 valid ? "" : "!", md.phys_addr,
174 md.phys_addr + size - 1,
175 efi_md_typeattr_format(buf, sizeof(buf), &md));
176
177 if (valid)
178 ret = fn(mm, &md);
179 }
180 memunmap(tbl);
181 return ret;
182}