Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kexec runtime services #704

Closed
wants to merge 35 commits into from
Closed

Kexec runtime services #704

wants to merge 35 commits into from

Conversation

oweisse
Copy link

@oweisse oweisse commented Jul 30, 2019

Now reaching phase 4 of Windows loading. Using original EFI runtime services

Ofir Weisse added 30 commits July 1, 2019 10:28
Modifief kexec_load syscall to support running EFI application.
c342dec 
Currently only supports extremely simple apps like HelloWorld.efi

* kexec.h - Added KEXEC_RUN_PE flag to be passed to kexec_load. This is the
* kexec.c
        - Implemented kimage_load_pe, kimage_run_pe
        - Implemented EFI hooks to generate fake EFI system table and
        fake EFI boot services.
        - Implemented naive EFI AllocatePool, FreePool
        - Implemented EFI conout to enable OutputString
Started implementing HandleProtocol to support first windows boot steps.
eda5cb7 
EFI Boot Services:
    efi_hook_HandleProtocol:
        - prints out the protocol GUID and name
        - implemented gEfiLoadedImageProtocolGuid
        - implemented gEfiDevicePathProtocolGuid

EFI Protocols:
    gEfiLoadedImageProtocolGuid:
        - Respond with a fixed EFI_LOADED_IMAGE_PROTOCOL containing a fixd boot-device and fixed LoadOptions

    gEfiLoadedImageProtocolGuid:
        - Acceplts only BOOT_DEVICE_HANDLE, replies with a fixed windows_boot_device_path
kexec_load: parsing last segment as a .reloc table
afcc8cb 
Based on https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-reloc-section-image-only
Moved kimage_load_pe function as a preparation for a bug fix
e004a45 
windows_loaded_image needs to be patched during kimage_load_pe
Patched windows_loaded_image with ImageBase, ImageSize, and SystemTable
f6f19e0
Creating 1:1 vrit-to-phys mapping when allocating memory
9576cd7 
* efi_setup_11_mapping: creates 1:1 mapping
* efi_hook_AllocatePool: now calls efi_setup_11_mapping and returns
                         "physical" address, thanks to the 1:1 mapping
* efi_hook_FreePool: Removed call to kfree, which is incompatible with
                     our new 1:1 mapping
Implemented efi_hook_AllocatePages
160520b
Managing book keeping for memory allocations
c7f16ca 
* efi_register_mem_allocation: register new memory allocation
* efi_unregister_allocation: reclaim memory and make it EfiConventionalMemory
* efi_hook_GetMemoryMap: get current memory mappings

The current bookkepping is naive and incorrect.
TODO:
1. When allocating memory, we should seearch if blocks of
   EfiConventionalMemory are available for allocation.
2. When registerring memory, we might need to split a block of
   EfiConventionalMemory
3. When unregistering memory, we need to potentially coalsce blocks of
   EfiConventionalMemory.
Modified efi_memory_mappings to be a linked list
b7af52f 
This os a preparation for smarter management of mem maps.
tarted implementing TEXT_INPUT protocol
18d08f2
Implemented runtime services hooks: set/get time
f78ff33
Modified trap_init function to make the IDT writable.
59a631d 
Windows loader sets up interrupts 0x3, 0x2C, 0x2D to empty interrupt
handlers. A good fix in the future would be to make the page temporarily.
Implemented LocateHandle boot service mock
60cf31d
Modified ParentHandle and Unload constants in LoadOptions to non-zero
2ad152b 
values
Implemented efi_runtime_set_variable
3659e35 
Also refactored CHAR16 to char conversion function
Implemented naive block-IO support for quering devices and accessing …
1f6cb27 
…them.

Implemented the following functions:

* efi_hook_LocateHandle: implemented only for gEfiBlockIoProtocolGuid. Returning 4
                         devices: raw-hard-drive and partitions 1,2,3.

* efi_handle_protocol_DevicePath: implemented for the 4 devices mentioned above

* efi_handle_protocol_BlockIO: Returns the proper EFI_BLOCK_IO_PROTOCOL, depending
                               on the handle provided. Implemented Read/write
                               callbacks whcih print log msg to screen and return
                               an erro code.

* efi_hook_CloseProtocol: empty implementation (log and return success)
Started implementing Block IO read operations
6bfabfd 
see efi_block_io_read_blocks
Implemented BlockIO WriteBlocks efi_block_io_write_blocks
440a949
Installing EFI configuration tables for ACPI20 and SMBIOS
10ae623
Added ConOut "Mode" pointer to SystemTable->ConOut
e1028cd
Mapping data pointed by ACPI table to virtual memory.
efca009 
This ensures Windows loader can access these addresses
Added logging for efi_runtime_get_variable
3dd8d4e
Modified DebugMSG to print to Serial instead of using printk
2be9674
Allocating EFI image code at executable 1:1 mapped constant address
fc7cc8f 
This is crucial to support Windows loader replacing CR3 with its own
page table
Remapping EFI system table to a 1:1 mapped area to survivce CR3 switch
f0ecc6d 
This is required to allow  Winload.efi to access the system table.

* Allocate memory in a 1:1 mapped area
* Print the memory map after every memory allocation.
Implemented a generic function to map addresses 11 + add them to MemMap
529fca5 
This is important so that the system table and other structures can be
accessible when Windows loader (either bootmg or Winload.efi) try to
access them via a Windows page table.
Added logging to efi_conin_hook_SetState
852c0dc
Map device paths and BlockIO structs into 1:1 virtual space
becec32
Patching BlockIO Media to be mapped in 1:1 area
ba8def5
Mappng structures into 1:1 area so they can be accessed via Windows
6ccf4ea 
laoder:

* fake_systab
* fake_systab->con_out
* efi_config_table
* runtime_services
Ofir Weisse added 5 commits July 25, 2019 11:17
Fixed systab->fw_vendor to be a valid CHAR16 pointer to a string
480bf6e
Finally modified register/unregister memory functions to coalsce free…
574e979 
… memory.

Also making sure the memory map is sorted
Marking ACPI reserved areas in memory map
70b211a
MemMap: coalescing memory areas with similar types, even if they are …
1d7116e 
…not free.
We now reach ntoskernel.exe (phase 4) of bootloading.
2f4be8b 
Passing the original EFI runtime services via the system table.

* Areas marked "reserved" in e820 map are marked EfiRuntimeServicesCode, as they contain runtime code.
* Modified InternalSerialPuts to be a MACRO
* Refactored memory mapping functions
@oweisse oweisse closed this Jul 30, 2019
@oweisse oweisse deleted the kexec_runtime_services branch July 30, 2019 15:36
@oweisse oweisse restored the kexec_runtime_services branch July 30, 2019 15:37
fengguang pushed a commit to 0day-ci/linux that referenced this pull request Aug 26, 2020
@liuhangbin @intel-lab-lkp
selftests/bpf: Add verifier tests for bpf arg ARG_CONST_MAP_PTR_OR_NULL
d08c71a 
Use helper bpf_redirect_map() and bpf_redirect_map_multi() to test bpf
arg ARG_CONST_MAP_PTR and ARG_CONST_MAP_PTR_OR_NULL. Make sure the
map arg could be verified correctly when it is NULL or valid map
pointer.

Add devmap and devmap_hash in struct bpf_test due to bpf_redirect_{map,
map_multi} limit.

Test result:
 ]# ./test_verifier 702 705
 torvalds#702/p ARG_CONST_MAP_PTR: null pointer OK
 torvalds#703/p ARG_CONST_MAP_PTR: valid map pointer OK
 torvalds#704/p ARG_CONST_MAP_PTR_OR_NULL: null pointer for ex_map OK
 torvalds#705/p ARG_CONST_MAP_PTR_OR_NULL: valid map pointer for ex_map OK
 Summary: 4 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
fengguang pushed a commit to 0day-ci/linux that referenced this pull request Sep 3, 2020
@liuhangbin @intel-lab-lkp
selftests/bpf: Add verifier tests for bpf arg ARG_CONST_MAP_PTR_OR_NULL
ad5c8bf 
Use helper bpf_redirect_map() and bpf_redirect_map_multi() to test bpf
arg ARG_CONST_MAP_PTR and ARG_CONST_MAP_PTR_OR_NULL. Make sure the
map arg could be verified correctly when it is NULL or valid map
pointer.

Add devmap and devmap_hash in struct bpf_test due to bpf_redirect_{map,
map_multi} limit.

Test result:
 ]# ./test_verifier 702 705
 torvalds#702/p ARG_CONST_MAP_PTR: null pointer OK
 torvalds#703/p ARG_CONST_MAP_PTR: valid map pointer OK
 torvalds#704/p ARG_CONST_MAP_PTR_OR_NULL: null pointer for ex_map OK
 torvalds#705/p ARG_CONST_MAP_PTR_OR_NULL: valid map pointer for ex_map OK
 Summary: 4 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
fengguang pushed a commit to 0day-ci/linux that referenced this pull request Sep 7, 2020
@liuhangbin @intel-lab-lkp
selftests/bpf: Add verifier tests for bpf arg ARG_CONST_MAP_PTR_OR_NULL
5d6b09c 
Use helper bpf_redirect_map() and bpf_redirect_map_multi() to test bpf
arg ARG_CONST_MAP_PTR and ARG_CONST_MAP_PTR_OR_NULL. Make sure the
map arg could be verified correctly when it is NULL or valid map
pointer.

Add devmap and devmap_hash in struct bpf_test due to bpf_redirect_{map,
map_multi} limit.

Test result:
 ]# ./test_verifier 702 705
 torvalds#702/p ARG_CONST_MAP_PTR: null pointer OK
 torvalds#703/p ARG_CONST_MAP_PTR: valid map pointer OK
 torvalds#704/p ARG_CONST_MAP_PTR_OR_NULL: null pointer for ex_map OK
 torvalds#705/p ARG_CONST_MAP_PTR_OR_NULL: valid map pointer for ex_map OK
 Summary: 4 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oweisse