Bring in fix for very incorrect EFI firmware

2 files changed, 68 insertions, 0 deletions

diff --git a/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch b/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch
new file mode 100644
index 000000000..55baf9b52
--- /dev/null
+++ b/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch
@@ -0,0 +1,64 @@
+From fb1d9d3f95654f00c4156129f3cd90d3efe32d26 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Wed, 25 Jan 2017 20:52:33 +0100
+Subject: [PATCH] x86/efi: always map first physical page into EFI pagetables
+
+Commit 129766708 ("x86/efi: Only map RAM into EFI page tables if in
+mixed-mode") stopped creating 1:1 mapping for all RAM in case of running
+in native 64bit mode.
+
+It turns out though that there are 64bit EFI implementations in the wild
+(this particular problem has been reported on Lenovo Yoga 710-11IKB) which
+still make use of first physical page for their own private use (which is
+what legacy BIOS used to do, but EFI specification doesn't grant any such
+right to EFI BIOS ... oh well).
+
+In case there is no mapping for this particular frame in EFI pagetables,
+as soon as firmware tries to make use of it, triple fault occurs and the
+system reboots (in case of Yoga 710-11IKB this is very early during boot).
+
+Fix that by always mapping the first page of physical memory into EFI
+pagetables.
+
+Note: just reverting 129766708 is not enough on v4.9-rc1+ to fix the
+regression on affected hardware, as commit ab72a27da ("x86/efi:
+Consolidate region mapping logic") later made the first physical frame not
+to be mapped anyway.
+
+Fixes: 129766708 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode")
+Cc: stable@kernel.org # v4.8+
+Cc: Waiman Long <waiman.long@hpe.com>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Laura Abbott <labbott@redhat.com>
+Cc: Vojtech Pavlik <vojtech@ucw.cz>
+Reported-by: Hanka Pavlikova <hanka@ucw.cz>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+---
+ arch/x86/platform/efi/efi_64.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
+index 319148bd4b05..02ae2abe8b8e 100644
+--- a/arch/x86/platform/efi/efi_64.c
++++ b/arch/x86/platform/efi/efi_64.c
+@@ -269,6 +269,17 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+ 	efi_scratch.use_pgd = true;
+ 
+ 	/*
++	 * Certain firmware versions are way too sentimental and still believe
++	 * they are exclusive and unquestionable owners of first physical page.
++	 * Create 1:1 mapping for this page to avoid triple faults during early
++	 * boot with such firmware.
++	 */
++	if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, _PAGE_RW)) {
++		pr_err("Failed to create 1:1 mapping of first page\n");
++		return 1;
++	}
++
++	/*
+ 	 * When making calls to the firmware everything needs to be 1:1
+ 	 * mapped and addressable with 32-bit pointers. Map the kernel
+ 	 * text and allocate a new stack because we can't rely on the
+-- 
+2.11.0
+
diff --git a/kernel.spec b/kernel.spec
index a18eee3ff..7688cba9f 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -632,6 +632,9 @@ Patch852: nouveau-add-maxwell-to-backlight-init.patch
 #CVE-2017-5576 CVE-2017-5577 rhbz 1416436 1416437 1416439
 Patch853: drm_vc4_Fix_an_integer_overflow_in_temporary_allocation_layout.patch
 
+#The saddest EFI firmware bug
+Patch854: 0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2163,6 +2166,7 @@ fi
 %changelog
 * Thu Jan 26 2017 Laura Abbott <labbott@redhat.com> - 4.9.6-100
 - Linux v4.9.6
+- Bring in fix for bogus EFI firmware
 
 * Wed Jan 25 2017 Justin M. Forbes <jforbes@fedoraproject.org>
 - CVE-2017-5576 CVE-2017-5577 vc4 overflows (rhbz 1416436 1416437 1416439)