[PATCH RFC 8/8] x86/efi: Introduce EFI_WARN_ON_ILLEGAL_ACCESSES

Sat, 21 Jul 2018 22:42:32 -0700 

From: Sai Praneeth <sai.praneeth.prak...@intel.com>

There may exist some buggy UEFI firmware implementations that access efi
memory regions other than EFI_RUNTIME_SERVICES_<CODE/DATA> even after
kernel has assumed control of the platform. This violates UEFI
specification.

If selected, this debug option will print a warning message if the UEFI
firmware tries to access any memory regions which it shouldn't. Along
with the warning, the kernel will also try to fixup/recover from the
page fault triggered by firmware so that the machine doesn't hang.

Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prak...@intel.com>
Suggested-by: Matt Fleming <m...@codeblueprint.co.uk>
Based-on-code-from: Ricardo Neri <ricardo.n...@intel.com>
Cc: Al Stone <ast...@redhat.com>
Cc: Lee Chun-Yi <j...@suse.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Bhupesh Sharma <bhsha...@redhat.com>
Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
 arch/x86/Kconfig | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f1dbb4ee19d7..9ff11ec65232 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1957,6 +1957,23 @@ config EFI_MIXED
 
           If unsure, say N.
 
+config EFI_WARN_ON_ILLEGAL_ACCESSES
+       bool "Warn about illegal memory accesses by firmware"
+       depends on EFI
+       help
+         Enable this debug feature so that the kernel can detect illegal
+         memory accesses by firmware and issue a warning. Also,
+         1. If the illegally accessed region is EFI_BOOT_SERVICES_<CODE/DATA>,
+         the kernel fixes it up by mapping the requested region.
+         2. If the illegally accessed region is any other region (Eg:
+         EFI_CONVENTIONAL_MEMORY or EFI_LOADER_<CODE/DATA>), then kernel
+         exits firmware context and disables EFI Runtime Services, so that
+         it will never again call buggy firmware.
+         Please see the UEFI specification for details on the expectations
+         of memory usage.
+
+         If unsure, say N.
+
 config SECCOMP
        def_bool y
        prompt "Enable seccomp to safely compute untrusted bytecode"
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to