From 78ff8fa07f6b227ff9a98df7aa572521d808db52 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Thu, 26 Jan 2017 10:46:06 +0100 Subject: Bring in fix for very incorrect EFI firmware --- ...ays-map-first-physical-page-into-EFI-page.patch | 64 ++++++++++++++++++++++ kernel.spec | 4 ++ 2 files changed, 68 insertions(+) create mode 100644 0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch diff --git a/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch b/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch new file mode 100644 index 000000000..55baf9b52 --- /dev/null +++ b/0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch @@ -0,0 +1,64 @@ +From fb1d9d3f95654f00c4156129f3cd90d3efe32d26 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina +Date: Wed, 25 Jan 2017 20:52:33 +0100 +Subject: [PATCH] x86/efi: always map first physical page into EFI pagetables + +Commit 129766708 ("x86/efi: Only map RAM into EFI page tables if in +mixed-mode") stopped creating 1:1 mapping for all RAM in case of running +in native 64bit mode. + +It turns out though that there are 64bit EFI implementations in the wild +(this particular problem has been reported on Lenovo Yoga 710-11IKB) which +still make use of first physical page for their own private use (which is +what legacy BIOS used to do, but EFI specification doesn't grant any such +right to EFI BIOS ... oh well). + +In case there is no mapping for this particular frame in EFI pagetables, +as soon as firmware tries to make use of it, triple fault occurs and the +system reboots (in case of Yoga 710-11IKB this is very early during boot). + +Fix that by always mapping the first page of physical memory into EFI +pagetables. + +Note: just reverting 129766708 is not enough on v4.9-rc1+ to fix the +regression on affected hardware, as commit ab72a27da ("x86/efi: +Consolidate region mapping logic") later made the first physical frame not +to be mapped anyway. + +Fixes: 129766708 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode") +Cc: stable@kernel.org # v4.8+ +Cc: Waiman Long +Cc: Borislav Petkov +Cc: Laura Abbott +Cc: Vojtech Pavlik +Reported-by: Hanka Pavlikova +Signed-off-by: Jiri Kosina +--- + arch/x86/platform/efi/efi_64.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c +index 319148bd4b05..02ae2abe8b8e 100644 +--- a/arch/x86/platform/efi/efi_64.c ++++ b/arch/x86/platform/efi/efi_64.c +@@ -269,6 +269,17 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + efi_scratch.use_pgd = true; + + /* ++ * Certain firmware versions are way too sentimental and still believe ++ * they are exclusive and unquestionable owners of first physical page. ++ * Create 1:1 mapping for this page to avoid triple faults during early ++ * boot with such firmware. ++ */ ++ if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, _PAGE_RW)) { ++ pr_err("Failed to create 1:1 mapping of first page\n"); ++ return 1; ++ } ++ ++ /* + * When making calls to the firmware everything needs to be 1:1 + * mapped and addressable with 32-bit pointers. Map the kernel + * text and allocate a new stack because we can't rely on the +-- +2.11.0 + diff --git a/kernel.spec b/kernel.spec index a18eee3ff..7688cba9f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -632,6 +632,9 @@ Patch852: nouveau-add-maxwell-to-backlight-init.patch #CVE-2017-5576 CVE-2017-5577 rhbz 1416436 1416437 1416439 Patch853: drm_vc4_Fix_an_integer_overflow_in_temporary_allocation_layout.patch +#The saddest EFI firmware bug +Patch854: 0001-x86-efi-always-map-first-physical-page-into-EFI-page.patch + # END OF PATCH DEFINITIONS %endif @@ -2163,6 +2166,7 @@ fi %changelog * Thu Jan 26 2017 Laura Abbott - 4.9.6-100 - Linux v4.9.6 +- Bring in fix for bogus EFI firmware * Wed Jan 25 2017 Justin M. Forbes - CVE-2017-5576 CVE-2017-5577 vc4 overflows (rhbz 1416436 1416437 1416439) -- cgit