diff options
Diffstat (limited to 'drivers/firmware/efi')
| -rw-r--r-- | drivers/firmware/efi/Makefile | 3 | ||||
| -rw-r--r-- | drivers/firmware/efi/arm-init.c | 221 | ||||
| -rw-r--r-- | drivers/firmware/efi/arm-runtime.c | 135 | ||||
| -rw-r--r-- | drivers/firmware/efi/efi.c | 2 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/Makefile | 6 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/arm-stub.c | 40 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/arm64-stub.c | 78 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/efi-stub-helper.c | 7 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/efistub.h | 7 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/fdt.c | 14 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/random.c | 135 | 
11 files changed, 609 insertions, 39 deletions
| diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile index ec379a4164cc..f292917b00e7 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile @@ -18,3 +18,6 @@ obj-$(CONFIG_EFI_RUNTIME_MAP)		+= runtime-map.o  obj-$(CONFIG_EFI_RUNTIME_WRAPPERS)	+= runtime-wrappers.o  obj-$(CONFIG_EFI_STUB)			+= libstub/  obj-$(CONFIG_EFI_FAKE_MEMMAP)		+= fake_mem.o + +arm-obj-$(CONFIG_EFI)			:= arm-init.o arm-runtime.o +obj-$(CONFIG_ARM64)			+= $(arm-obj-y) diff --git a/drivers/firmware/efi/arm-init.c b/drivers/firmware/efi/arm-init.c new file mode 100644 index 000000000000..a76c35fc0b92 --- /dev/null +++ b/drivers/firmware/efi/arm-init.c @@ -0,0 +1,221 @@ +/* + * Extensible Firmware Interface + * + * Based on Extensible Firmware Interface Specification version 2.4 + * + * Copyright (C) 2013 - 2015 Linaro Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + */ + +#include <linux/efi.h> +#include <linux/init.h> +#include <linux/memblock.h> +#include <linux/mm_types.h> +#include <linux/of.h> +#include <linux/of_fdt.h> + +#include <asm/efi.h> + +struct efi_memory_map memmap; + +u64 efi_system_table; + +static int __init is_normal_ram(efi_memory_desc_t *md) +{ +	if (md->attribute & EFI_MEMORY_WB) +		return 1; +	return 0; +} + +/* + * Translate a EFI virtual address into a physical address: this is necessary, + * as some data members of the EFI system table are virtually remapped after + * SetVirtualAddressMap() has been called. + */ +static phys_addr_t efi_to_phys(unsigned long addr) +{ +	efi_memory_desc_t *md; + +	for_each_efi_memory_desc(&memmap, md) { +		if (!(md->attribute & EFI_MEMORY_RUNTIME)) +			continue; +		if (md->virt_addr == 0) +			/* no virtual mapping has been installed by the stub */ +			break; +		if (md->virt_addr <= addr && +		    (addr - md->virt_addr) < (md->num_pages << EFI_PAGE_SHIFT)) +			return md->phys_addr + addr - md->virt_addr; +	} +	return addr; +} + +static int __init uefi_init(void) +{ +	efi_char16_t *c16; +	void *config_tables; +	size_t table_size; +	char vendor[100] = "unknown"; +	int i, retval; + +	efi.systab = early_memremap(efi_system_table, +				    sizeof(efi_system_table_t)); +	if (efi.systab == NULL) { +		pr_warn("Unable to map EFI system table.\n"); +		return -ENOMEM; +	} + +	set_bit(EFI_BOOT, &efi.flags); +	if (IS_ENABLED(CONFIG_64BIT)) +		set_bit(EFI_64BIT, &efi.flags); + +	/* +	 * Verify the EFI Table +	 */ +	if (efi.systab->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) { +		pr_err("System table signature incorrect\n"); +		retval = -EINVAL; +		goto out; +	} +	if ((efi.systab->hdr.revision >> 16) < 2) +		pr_warn("Warning: EFI system table version %d.%02d, expected 2.00 or greater\n", +			efi.systab->hdr.revision >> 16, +			efi.systab->hdr.revision & 0xffff); + +	/* Show what we know for posterity */ +	c16 = early_memremap(efi_to_phys(efi.systab->fw_vendor), +			     sizeof(vendor) * sizeof(efi_char16_t)); +	if (c16) { +		for (i = 0; i < (int) sizeof(vendor) - 1 && *c16; ++i) +			vendor[i] = c16[i]; +		vendor[i] = '\0'; +		early_memunmap(c16, sizeof(vendor) * sizeof(efi_char16_t)); +	} + +	pr_info("EFI v%u.%.02u by %s\n", +		efi.systab->hdr.revision >> 16, +		efi.systab->hdr.revision & 0xffff, vendor); + +	table_size = sizeof(efi_config_table_64_t) * efi.systab->nr_tables; +	config_tables = early_memremap(efi_to_phys(efi.systab->tables), +				       table_size); +	if (config_tables == NULL) { +		pr_warn("Unable to map EFI config table array.\n"); +		retval = -ENOMEM; +		goto out; +	} +	retval = efi_config_parse_tables(config_tables, efi.systab->nr_tables, +					 sizeof(efi_config_table_t), NULL); + +	early_memunmap(config_tables, table_size); +out: +	early_memunmap(efi.systab,  sizeof(efi_system_table_t)); +	return retval; +} + +/* + * Return true for RAM regions we want to permanently reserve. + */ +static __init int is_reserve_region(efi_memory_desc_t *md) +{ +	switch (md->type) { +	case EFI_LOADER_CODE: +	case EFI_LOADER_DATA: +	case EFI_BOOT_SERVICES_CODE: +	case EFI_BOOT_SERVICES_DATA: +	case EFI_CONVENTIONAL_MEMORY: +	case EFI_PERSISTENT_MEMORY: +		return 0; +	default: +		break; +	} +	return is_normal_ram(md); +} + +static __init void reserve_regions(void) +{ +	efi_memory_desc_t *md; +	u64 paddr, npages, size; + +	if (efi_enabled(EFI_DBG)) +		pr_info("Processing EFI memory map:\n"); + +	for_each_efi_memory_desc(&memmap, md) { +		paddr = md->phys_addr; +		npages = md->num_pages; + +		if (efi_enabled(EFI_DBG)) { +			char buf[64]; + +			pr_info("  0x%012llx-0x%012llx %s", +				paddr, paddr + (npages << EFI_PAGE_SHIFT) - 1, +				efi_md_typeattr_format(buf, sizeof(buf), md)); +		} + +		memrange_efi_to_native(&paddr, &npages); +		size = npages << PAGE_SHIFT; + +		if (is_normal_ram(md)) +			early_init_dt_add_memory_arch(paddr, size); + +		if (is_reserve_region(md)) { +			memblock_mark_nomap(paddr, size); +			if (efi_enabled(EFI_DBG)) +				pr_cont("*"); +		} + +		if (efi_enabled(EFI_DBG)) +			pr_cont("\n"); +	} + +	set_bit(EFI_MEMMAP, &efi.flags); +} + +void __init efi_init(void) +{ +	struct efi_fdt_params params; + +	/* Grab UEFI information placed in FDT by stub */ +	if (!efi_get_fdt_params(¶ms)) +		return; + +	efi_system_table = params.system_table; + +	memmap.phys_map = params.mmap; +	memmap.map = early_memremap(params.mmap, params.mmap_size); +	if (memmap.map == NULL) { +		/* +		* If we are booting via UEFI, the UEFI memory map is the only +		* description of memory we have, so there is little point in +		* proceeding if we cannot access it. +		*/ +		panic("Unable to map EFI memory map.\n"); +	} +	memmap.map_end = memmap.map + params.mmap_size; +	memmap.desc_size = params.desc_size; +	memmap.desc_version = params.desc_ver; + +	if (uefi_init() < 0) +		return; + +	reserve_regions(); +	early_memunmap(memmap.map, params.mmap_size); + +	if (IS_ENABLED(CONFIG_ARM)) { +		/* +		 * ARM currently does not allow ioremap_cache() to be called on +		 * memory regions that are covered by struct page. So remove the +		 * UEFI memory map from the linear mapping. +		 */ +		memblock_mark_nomap(params.mmap & PAGE_MASK, +				    PAGE_ALIGN(params.mmap_size + +					       (params.mmap & ~PAGE_MASK))); +	} else { +		memblock_reserve(params.mmap & PAGE_MASK, +				 PAGE_ALIGN(params.mmap_size + +					    (params.mmap & ~PAGE_MASK))); +	} +} diff --git a/drivers/firmware/efi/arm-runtime.c b/drivers/firmware/efi/arm-runtime.c new file mode 100644 index 000000000000..6ae21e41a429 --- /dev/null +++ b/drivers/firmware/efi/arm-runtime.c @@ -0,0 +1,135 @@ +/* + * Extensible Firmware Interface + * + * Based on Extensible Firmware Interface Specification version 2.4 + * + * Copyright (C) 2013, 2014 Linaro Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + */ + +#include <linux/efi.h> +#include <linux/io.h> +#include <linux/memblock.h> +#include <linux/mm_types.h> +#include <linux/preempt.h> +#include <linux/rbtree.h> +#include <linux/rwsem.h> +#include <linux/sched.h> +#include <linux/slab.h> +#include <linux/spinlock.h> + +#include <asm/cacheflush.h> +#include <asm/efi.h> +#include <asm/mmu.h> +#include <asm/pgalloc.h> +#include <asm/pgtable.h> + +extern u64 efi_system_table; + +static struct mm_struct efi_mm = { +	.mm_rb			= RB_ROOT, +	.mm_users		= ATOMIC_INIT(2), +	.mm_count		= ATOMIC_INIT(1), +	.mmap_sem		= __RWSEM_INITIALIZER(efi_mm.mmap_sem), +	.page_table_lock	= __SPIN_LOCK_UNLOCKED(efi_mm.page_table_lock), +	.mmlist			= LIST_HEAD_INIT(efi_mm.mmlist), +}; + +static bool __init efi_virtmap_init(void) +{ +	efi_memory_desc_t *md; + +	efi_mm.pgd = pgd_alloc(&efi_mm); +	init_new_context(NULL, &efi_mm); + +	for_each_efi_memory_desc(&memmap, md) { +		phys_addr_t phys = md->phys_addr; +		int ret; + +		if (!(md->attribute & EFI_MEMORY_RUNTIME)) +			continue; +		if (md->virt_addr == 0) +			return false; + +		ret = efi_create_mapping(&efi_mm, md); +		if  (!ret) { +			pr_info("  EFI remap %pa => %p\n", +				&phys, (void *)(unsigned long)md->virt_addr); +		} else { +			pr_warn("  EFI remap %pa: failed to create mapping (%d)\n", +				&phys, ret); +			return false; +		} +	} +	return true; +} + +/* + * Enable the UEFI Runtime Services if all prerequisites are in place, i.e., + * non-early mapping of the UEFI system table and virtual mappings for all + * EFI_MEMORY_RUNTIME regions. + */ +static int __init arm_enable_runtime_services(void) +{ +	u64 mapsize; + +	if (!efi_enabled(EFI_BOOT)) { +		pr_info("EFI services will not be available.\n"); +		return 0; +	} + +	if (efi_runtime_disabled()) { +		pr_info("EFI runtime services will be disabled.\n"); +		return 0; +	} + +	pr_info("Remapping and enabling EFI services.\n"); + +	mapsize = memmap.map_end - memmap.map; +	memmap.map = (__force void *)ioremap_cache(memmap.phys_map, +						   mapsize); +	if (!memmap.map) { +		pr_err("Failed to remap EFI memory map\n"); +		return -ENOMEM; +	} +	memmap.map_end = memmap.map + mapsize; +	efi.memmap = &memmap; + +	efi.systab = (__force void *)ioremap_cache(efi_system_table, +						   sizeof(efi_system_table_t)); +	if (!efi.systab) { +		pr_err("Failed to remap EFI System Table\n"); +		return -ENOMEM; +	} +	set_bit(EFI_SYSTEM_TABLES, &efi.flags); + +	if (!efi_virtmap_init()) { +		pr_err("No UEFI virtual mapping was installed -- runtime services will not be available\n"); +		return -ENOMEM; +	} + +	/* Set up runtime services function pointers */ +	efi_native_runtime_setup(); +	set_bit(EFI_RUNTIME_SERVICES, &efi.flags); + +	efi.runtime_version = efi.systab->hdr.revision; + +	return 0; +} +early_initcall(arm_enable_runtime_services); + +void efi_virtmap_load(void) +{ +	preempt_disable(); +	efi_set_pgd(&efi_mm); +} + +void efi_virtmap_unload(void) +{ +	efi_set_pgd(current->active_mm); +	preempt_enable(); +} diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 3b52677f459a..c51f3b2fe3c0 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -25,6 +25,8 @@  #include <linux/io.h>  #include <linux/platform_device.h> +#include <asm/early_ioremap.h> +  struct efi __read_mostly efi = {  	.mps			= EFI_INVALID_TABLE_ADDR,  	.acpi			= EFI_INVALID_TABLE_ADDR, diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 3c0467d3688c..68bdd9f23e13 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -8,7 +8,7 @@ cflags-$(CONFIG_X86_32)		:= -march=i386  cflags-$(CONFIG_X86_64)		:= -mcmodel=small  cflags-$(CONFIG_X86)		+= -m$(BITS) -D__KERNEL__ $(LINUX_INCLUDE) -O2 \  				   -fPIC -fno-strict-aliasing -mno-red-zone \ -				   -mno-mmx -mno-sse -DDISABLE_BRANCH_PROFILING +				   -mno-mmx -mno-sse  cflags-$(CONFIG_ARM64)		:= $(subst -pg,,$(KBUILD_CFLAGS))  cflags-$(CONFIG_ARM)		:= $(subst -pg,,$(KBUILD_CFLAGS)) \ @@ -16,7 +16,7 @@ cflags-$(CONFIG_ARM)		:= $(subst -pg,,$(KBUILD_CFLAGS)) \  cflags-$(CONFIG_EFI_ARMSTUB)	+= -I$(srctree)/scripts/dtc/libfdt -KBUILD_CFLAGS			:= $(cflags-y) \ +KBUILD_CFLAGS			:= $(cflags-y) -DDISABLE_BRANCH_PROFILING \  				   $(call cc-option,-ffreestanding) \  				   $(call cc-option,-fno-stack-protector) @@ -34,7 +34,7 @@ $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE  lib-$(CONFIG_EFI_ARMSTUB)	+= arm-stub.o fdt.o string.o \  				   $(patsubst %.c,lib-%.o,$(arm-deps)) -lib-$(CONFIG_ARM64)		+= arm64-stub.o +lib-$(CONFIG_ARM64)		+= arm64-stub.o random.o  CFLAGS_arm64-stub.o 		:= -DTEXT_OFFSET=$(TEXT_OFFSET)  # diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index 950c87f5d279..d5aa1d16154f 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -18,6 +18,8 @@  #include "efistub.h" +bool __nokaslr; +  static int efi_secureboot_enabled(efi_system_table_t *sys_table_arg)  {  	static efi_guid_t const var_guid = EFI_GLOBAL_VARIABLE_GUID; @@ -207,14 +209,6 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,  		pr_efi_err(sys_table, "Failed to find DRAM base\n");  		goto fail;  	} -	status = handle_kernel_image(sys_table, image_addr, &image_size, -				     &reserve_addr, -				     &reserve_size, -				     dram_base, image); -	if (status != EFI_SUCCESS) { -		pr_efi_err(sys_table, "Failed to relocate kernel\n"); -		goto fail; -	}  	/*  	 * Get the command line from EFI, using the LOADED_IMAGE @@ -224,7 +218,28 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,  	cmdline_ptr = efi_convert_cmdline(sys_table, image, &cmdline_size);  	if (!cmdline_ptr) {  		pr_efi_err(sys_table, "getting command line via LOADED_IMAGE_PROTOCOL\n"); -		goto fail_free_image; +		goto fail; +	} + +	/* check whether 'nokaslr' was passed on the command line */ +	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { +		static const u8 default_cmdline[] = CONFIG_CMDLINE; +		const u8 *str, *cmdline = cmdline_ptr; + +		if (IS_ENABLED(CONFIG_CMDLINE_FORCE)) +			cmdline = default_cmdline; +		str = strstr(cmdline, "nokaslr"); +		if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) +			__nokaslr = true; +	} + +	status = handle_kernel_image(sys_table, image_addr, &image_size, +				     &reserve_addr, +				     &reserve_size, +				     dram_base, image); +	if (status != EFI_SUCCESS) { +		pr_efi_err(sys_table, "Failed to relocate kernel\n"); +		goto fail_free_cmdline;  	}  	status = efi_parse_options(cmdline_ptr); @@ -244,7 +259,7 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,  		if (status != EFI_SUCCESS) {  			pr_efi_err(sys_table, "Failed to load device tree!\n"); -			goto fail_free_cmdline; +			goto fail_free_image;  		}  	} @@ -286,12 +301,11 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,  	efi_free(sys_table, initrd_size, initrd_addr);  	efi_free(sys_table, fdt_size, fdt_addr); -fail_free_cmdline: -	efi_free(sys_table, cmdline_size, (unsigned long)cmdline_ptr); -  fail_free_image:  	efi_free(sys_table, image_size, *image_addr);  	efi_free(sys_table, reserve_size, reserve_addr); +fail_free_cmdline: +	efi_free(sys_table, cmdline_size, (unsigned long)cmdline_ptr);  fail:  	return EFI_ERROR;  } diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 78dfbd34b6bf..e0e6b74fef8f 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -13,6 +13,10 @@  #include <asm/efi.h>  #include <asm/sections.h> +#include "efistub.h" + +extern bool __nokaslr; +  efi_status_t __init handle_kernel_image(efi_system_table_t *sys_table_arg,  					unsigned long *image_addr,  					unsigned long *image_size, @@ -23,26 +27,52 @@ efi_status_t __init handle_kernel_image(efi_system_table_t *sys_table_arg,  {  	efi_status_t status;  	unsigned long kernel_size, kernel_memsize = 0; -	unsigned long nr_pages;  	void *old_image_addr = (void *)*image_addr;  	unsigned long preferred_offset; +	u64 phys_seed = 0; + +	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { +		if (!__nokaslr) { +			status = efi_get_random_bytes(sys_table_arg, +						      sizeof(phys_seed), +						      (u8 *)&phys_seed); +			if (status == EFI_NOT_FOUND) { +				pr_efi(sys_table_arg, "EFI_RNG_PROTOCOL unavailable, no randomness supplied\n"); +			} else if (status != EFI_SUCCESS) { +				pr_efi_err(sys_table_arg, "efi_get_random_bytes() failed\n"); +				return status; +			} +		} else { +			pr_efi(sys_table_arg, "KASLR disabled on kernel command line\n"); +		} +	}  	/*  	 * The preferred offset of the kernel Image is TEXT_OFFSET bytes beyond  	 * a 2 MB aligned base, which itself may be lower than dram_base, as  	 * long as the resulting offset equals or exceeds it.  	 */ -	preferred_offset = round_down(dram_base, SZ_2M) + TEXT_OFFSET; +	preferred_offset = round_down(dram_base, MIN_KIMG_ALIGN) + TEXT_OFFSET;  	if (preferred_offset < dram_base) -		preferred_offset += SZ_2M; +		preferred_offset += MIN_KIMG_ALIGN; -	/* Relocate the image, if required. */  	kernel_size = _edata - _text; -	if (*image_addr != preferred_offset) { -		kernel_memsize = kernel_size + (_end - _edata); +	kernel_memsize = kernel_size + (_end - _edata); + +	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && phys_seed != 0) { +		/* +		 * If KASLR is enabled, and we have some randomness available, +		 * locate the kernel at a randomized offset in physical memory. +		 */ +		*reserve_size = kernel_memsize + TEXT_OFFSET; +		status = efi_random_alloc(sys_table_arg, *reserve_size, +					  MIN_KIMG_ALIGN, reserve_addr, +					  phys_seed); +		*image_addr = *reserve_addr + TEXT_OFFSET; +	} else {  		/* -		 * First, try a straight allocation at the preferred offset. +		 * Else, try a straight allocation at the preferred offset.  		 * This will work around the issue where, if dram_base == 0x0,  		 * efi_low_alloc() refuses to allocate at 0x0 (to prevent the  		 * address of the allocation to be mistaken for a FAIL return @@ -52,27 +82,31 @@ efi_status_t __init handle_kernel_image(efi_system_table_t *sys_table_arg,  		 * Mustang), we can still place the kernel at the address  		 * 'dram_base + TEXT_OFFSET'.  		 */ +		if (*image_addr == preferred_offset) +			return EFI_SUCCESS; +  		*image_addr = *reserve_addr = preferred_offset; -		nr_pages = round_up(kernel_memsize, EFI_ALLOC_ALIGN) / -			   EFI_PAGE_SIZE; +		*reserve_size = round_up(kernel_memsize, EFI_ALLOC_ALIGN); +  		status = efi_call_early(allocate_pages, EFI_ALLOCATE_ADDRESS, -					EFI_LOADER_DATA, nr_pages, +					EFI_LOADER_DATA, +					*reserve_size / EFI_PAGE_SIZE,  					(efi_physical_addr_t *)reserve_addr); -		if (status != EFI_SUCCESS) { -			kernel_memsize += TEXT_OFFSET; -			status = efi_low_alloc(sys_table_arg, kernel_memsize, -					       SZ_2M, reserve_addr); +	} -			if (status != EFI_SUCCESS) { -				pr_efi_err(sys_table_arg, "Failed to relocate kernel\n"); -				return status; -			} -			*image_addr = *reserve_addr + TEXT_OFFSET; +	if (status != EFI_SUCCESS) { +		*reserve_size = kernel_memsize + TEXT_OFFSET; +		status = efi_low_alloc(sys_table_arg, *reserve_size, +				       MIN_KIMG_ALIGN, reserve_addr); + +		if (status != EFI_SUCCESS) { +			pr_efi_err(sys_table_arg, "Failed to relocate kernel\n"); +			*reserve_size = 0; +			return status;  		} -		memcpy((void *)*image_addr, old_image_addr, kernel_size); -		*reserve_size = kernel_memsize; +		*image_addr = *reserve_addr + TEXT_OFFSET;  	} - +	memcpy((void *)*image_addr, old_image_addr, kernel_size);  	return EFI_SUCCESS;  } diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index f07d4a67fa76..29ed2f9b218c 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -649,6 +649,10 @@ static u8 *efi_utf16_to_utf8(u8 *dst, const u16 *src, int n)  	return dst;  } +#ifndef MAX_CMDLINE_ADDRESS +#define MAX_CMDLINE_ADDRESS	ULONG_MAX +#endif +  /*   * Convert the unicode UEFI command line to ASCII to pass to kernel.   * Size of memory allocated return in *cmd_line_len. @@ -684,7 +688,8 @@ char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,  	options_bytes++;	/* NUL termination */ -	status = efi_low_alloc(sys_table_arg, options_bytes, 0, &cmdline_addr); +	status = efi_high_alloc(sys_table_arg, options_bytes, 0, +				&cmdline_addr, MAX_CMDLINE_ADDRESS);  	if (status != EFI_SUCCESS)  		return NULL; diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 6b6548fda089..5ed3d3f38166 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -43,4 +43,11 @@ void efi_get_virtmap(efi_memory_desc_t *memory_map, unsigned long map_size,  		     unsigned long desc_size, efi_memory_desc_t *runtime_map,  		     int *count); +efi_status_t efi_get_random_bytes(efi_system_table_t *sys_table, +				  unsigned long size, u8 *out); + +efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, +			      unsigned long size, unsigned long align, +			      unsigned long *addr, unsigned long random_seed); +  #endif diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c index b62e2f5dcab3..b1c22cf18f7d 100644 --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c @@ -147,6 +147,20 @@ efi_status_t update_fdt(efi_system_table_t *sys_table, void *orig_fdt,  	if (status)  		goto fdt_set_fail; +	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { +		efi_status_t efi_status; + +		efi_status = efi_get_random_bytes(sys_table, sizeof(fdt_val64), +						  (u8 *)&fdt_val64); +		if (efi_status == EFI_SUCCESS) { +			status = fdt_setprop(fdt, node, "kaslr-seed", +					     &fdt_val64, sizeof(fdt_val64)); +			if (status) +				goto fdt_set_fail; +		} else if (efi_status != EFI_NOT_FOUND) { +			return efi_status; +		} +	}  	return EFI_SUCCESS;  fdt_set_fail: diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c new file mode 100644 index 000000000000..53f6d3fe6d86 --- /dev/null +++ b/drivers/firmware/efi/libstub/random.c @@ -0,0 +1,135 @@ +/* + * Copyright (C) 2016 Linaro Ltd;  <ard.biesheuvel@linaro.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + */ + +#include <linux/efi.h> +#include <asm/efi.h> + +#include "efistub.h" + +struct efi_rng_protocol { +	efi_status_t (*get_info)(struct efi_rng_protocol *, +				 unsigned long *, efi_guid_t *); +	efi_status_t (*get_rng)(struct efi_rng_protocol *, +				efi_guid_t *, unsigned long, u8 *out); +}; + +efi_status_t efi_get_random_bytes(efi_system_table_t *sys_table_arg, +				  unsigned long size, u8 *out) +{ +	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; +	efi_status_t status; +	struct efi_rng_protocol *rng; + +	status = efi_call_early(locate_protocol, &rng_proto, NULL, +				(void **)&rng); +	if (status != EFI_SUCCESS) +		return status; + +	return rng->get_rng(rng, NULL, size, out); +} + +/* + * Return the number of slots covered by this entry, i.e., the number of + * addresses it covers that are suitably aligned and supply enough room + * for the allocation. + */ +static unsigned long get_entry_num_slots(efi_memory_desc_t *md, +					 unsigned long size, +					 unsigned long align) +{ +	u64 start, end; + +	if (md->type != EFI_CONVENTIONAL_MEMORY) +		return 0; + +	start = round_up(md->phys_addr, align); +	end = round_down(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - size, +			 align); + +	if (start > end) +		return 0; + +	return (end - start + 1) / align; +} + +/* + * The UEFI memory descriptors have a virtual address field that is only used + * when installing the virtual mapping using SetVirtualAddressMap(). Since it + * is unused here, we can reuse it to keep track of each descriptor's slot + * count. + */ +#define MD_NUM_SLOTS(md)	((md)->virt_addr) + +efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, +			      unsigned long size, +			      unsigned long align, +			      unsigned long *addr, +			      unsigned long random_seed) +{ +	unsigned long map_size, desc_size, total_slots = 0, target_slot; +	efi_status_t status; +	efi_memory_desc_t *memory_map; +	int map_offset; + +	status = efi_get_memory_map(sys_table_arg, &memory_map, &map_size, +				    &desc_size, NULL, NULL); +	if (status != EFI_SUCCESS) +		return status; + +	if (align < EFI_ALLOC_ALIGN) +		align = EFI_ALLOC_ALIGN; + +	/* count the suitable slots in each memory map entry */ +	for (map_offset = 0; map_offset < map_size; map_offset += desc_size) { +		efi_memory_desc_t *md = (void *)memory_map + map_offset; +		unsigned long slots; + +		slots = get_entry_num_slots(md, size, align); +		MD_NUM_SLOTS(md) = slots; +		total_slots += slots; +	} + +	/* find a random number between 0 and total_slots */ +	target_slot = (total_slots * (u16)random_seed) >> 16; + +	/* +	 * target_slot is now a value in the range [0, total_slots), and so +	 * it corresponds with exactly one of the suitable slots we recorded +	 * when iterating over the memory map the first time around. +	 * +	 * So iterate over the memory map again, subtracting the number of +	 * slots of each entry at each iteration, until we have found the entry +	 * that covers our chosen slot. Use the residual value of target_slot +	 * to calculate the randomly chosen address, and allocate it directly +	 * using EFI_ALLOCATE_ADDRESS. +	 */ +	for (map_offset = 0; map_offset < map_size; map_offset += desc_size) { +		efi_memory_desc_t *md = (void *)memory_map + map_offset; +		efi_physical_addr_t target; +		unsigned long pages; + +		if (target_slot >= MD_NUM_SLOTS(md)) { +			target_slot -= MD_NUM_SLOTS(md); +			continue; +		} + +		target = round_up(md->phys_addr, align) + target_slot * align; +		pages = round_up(size, EFI_PAGE_SIZE) / EFI_PAGE_SIZE; + +		status = efi_call_early(allocate_pages, EFI_ALLOCATE_ADDRESS, +					EFI_LOADER_DATA, pages, &target); +		if (status == EFI_SUCCESS) +			*addr = target; +		break; +	} + +	efi_call_early(free_pool, memory_map); + +	return status; +} | 
