From patchwork Mon Mar 4 11:19:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778954 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7388239AE4 for ; Mon, 4 Mar 2024 11:20:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551224; cv=none; b=No9UIKjBhrCORnU42Sun3eNucaQ/zCVtngGyzXv+T5SLLIX5BEqZ6COrU0AfO+xlDCrLmhX0WBp/nN75xjA+wZg87RvZuBzPCU3V8qDJ6AA1/cVQCH6zBfoB9KdrWkNSHUedXndzhqqx803Pz8y0+5EXOnhrpN/dU0DDVC+O4oQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551224; c=relaxed/simple; bh=BFiNWLCAe0jCC41FREpQH/wmzfLvfCC7xhwJrTAhOqs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Kvi+veWluoPfacordefdnVSL/OQjBDM+/LMuvumsl7nVr6oIRyiEBGu3+9I3vpjsrCa1OmzY1M4WB6THRZ07F3C3l8txI3di4NNJ8JAGmoD7FkhhEcOK/Vp+23cINV8qonermfxpa2dXkY8YcPXmTScm/8eW8P8z0YKxhz7v2CE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HY8dWX8b; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HY8dWX8b" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-412d557cea6so10571835e9.1 for ; Mon, 04 Mar 2024 03:20:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551221; x=1710156021; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Ms+JKTISnZNQdC2YUh7lwAmB+kZyLlZbk/GzbIS13s0=; b=HY8dWX8bUh1AfyBRc3YTC3qDF5ZXn85GHpl+PSxdq2/FinCeYDx1s4VUS+u4ulp/Jk oiuGMlQAPYTurv+Myc4MCe5bGFfZBpXQrDKQgyw6s9B0lk2aR4xvoduwI0BTXEos+CJF hUVRsej2UrNs9HwIDSd1h8RysxiBd744XeK2V9UGbpohnmSYJIhcocBiApBvnlYJXsAv 70KjnqVOKec0hqAZflP/ZEmzi6g1IvrVAU4oCHhWeKjEI8JQ5EDxVDLlFBCCLko4wcGX VSpZXIdC13ChGuxR6ymqYgc0xLyf8qKPCGfOylP23+0hhSayT++16bIXuWi08XWC3Kdq UyuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551221; x=1710156021; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ms+JKTISnZNQdC2YUh7lwAmB+kZyLlZbk/GzbIS13s0=; b=PFcSTvsorqvmWf5OF3SZU/96QSISaQIoEF2aqWjF0J4xGqUGEHSjmg01zr60z8hAKO 3vAwZt6uUD0DNFn9MmoeCne9RaPDR0Mqq1r9rgayQwnLDryEhgQt/gtTb4JgmxHnPLN1 a+aUwBLFA4/MHiU9Wa5q+tN2bSmyO+8J57P2kd0fuTag8d1UUfrguoCBQhjwfb1fLT8n ia8A4MZHj4dLg47s0rM2HkUVl8vOXtmDxsxFnuJMu06COU7SssbNKVYzSC2fuE5SBD/u MvamPr4dAPzbRJZv6E05is64Rkfot+y8MtKBZkHFvB8l30RhZsetDHx9jU5Aal5126U8 gp8A== X-Gm-Message-State: AOJu0YyeyxGAaDHk0EHGMUDS0mg/lP1eaujj1Sux8GnnpaiXrhkBzYF7 kbhJoqSRDOoIJpqd30NH1quEW/AIX7lKmbV1aazN+8yabw/sneVSWNSGtRmhRdueBI3UKg== X-Google-Smtp-Source: AGHT+IFO9r2f+sKEn5j5+2Hk7NZviOjP/K6hZ8dgylLJ/8KSF76c8BZdVV2oFE3f95NgCVk/JR7uB+XB X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:5029:b0:412:e84d:e4cc with SMTP id n41-20020a05600c502900b00412e84de4ccmr1383wmr.4.1709551221035; Mon, 04 Mar 2024 03:20:21 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:39 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4415; i=ardb@kernel.org; h=from:subject; bh=CjvifhxZjqj5qUKlFUVQIX+zGzeNCvbb+z3eMz88VXM=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpOq811n+fpQlEbH22Umw9i8Us/QiZWTy/88vLHt/p/ v4qb7VsRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhI7zZGhgfPz+RMZtRu2uJ9 W6rVZWebeE2y5FrT9EJdjdKK+/uXLmNkmNXEtCNl3SwVeaa7Re2f/WPmz/ht/P9mROMxvfvbdTt 5OQE= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-21-ardb+git@google.com> Subject: [PATCH stable-v6.1 01/18] arm64: efi: Limit allocations to 48-bit addressable physical region From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel From: Ard Biesheuvel [ Commit a37dac5c5dcfe0f1fd58513c16cdbc280a47f628 upstream ] The UEFI spec does not mention or reason about the configured size of the virtual address space at all, but it does mention that all memory should be identity mapped using a page size of 4 KiB. This means that a LPA2 capable system that has any system memory outside of the 48-bit addressable physical range and follows the spec to the letter may serve page allocation requests from regions of memory that the kernel cannot access unless it was built with LPA2 support and enables it at runtime. So let's ensure that all page allocations are limited to the 48-bit range. Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/efi.h | 1 + drivers/firmware/efi/libstub/alignedmem.c | 2 ++ drivers/firmware/efi/libstub/arm64-stub.c | 5 +++-- drivers/firmware/efi/libstub/efistub.h | 4 ++++ drivers/firmware/efi/libstub/mem.c | 2 ++ drivers/firmware/efi/libstub/randomalloc.c | 2 +- 6 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h index 62c846be2d76..a75c0772ecfc 100644 --- a/arch/arm64/include/asm/efi.h +++ b/arch/arm64/include/asm/efi.h @@ -103,6 +103,7 @@ static inline void free_screen_info(struct screen_info *si) } #define EFI_ALLOC_ALIGN SZ_64K +#define EFI_ALLOC_LIMIT ((1UL << 48) - 1) /* * On ARM systems, virtually remapped UEFI runtime services are set up in two diff --git a/drivers/firmware/efi/libstub/alignedmem.c b/drivers/firmware/efi/libstub/alignedmem.c index 174832661251..6b83c492c3b8 100644 --- a/drivers/firmware/efi/libstub/alignedmem.c +++ b/drivers/firmware/efi/libstub/alignedmem.c @@ -29,6 +29,8 @@ efi_status_t efi_allocate_pages_aligned(unsigned long size, unsigned long *addr, efi_status_t status; int slack; + max = min(max, EFI_ALLOC_LIMIT); + if (align < EFI_ALLOC_ALIGN) align = EFI_ALLOC_ALIGN; diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 08f46c072da5..40275c3131c8 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -191,10 +191,11 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, if (status != EFI_SUCCESS) { if (!check_image_region((u64)_text, kernel_memsize)) { efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"); - } else if (IS_ALIGNED((u64)_text, min_kimg_align)) { + } else if (IS_ALIGNED((u64)_text, min_kimg_align) && + (u64)_end < EFI_ALLOC_LIMIT) { /* * Just execute from wherever we were loaded by the - * UEFI PE/COFF loader if the alignment is suitable. + * UEFI PE/COFF loader if the placement is suitable. */ *image_addr = (u64)_text; *reserve_size = 0; diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index ab505b07e626..002f02a6d359 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -29,6 +29,10 @@ #define EFI_ALLOC_ALIGN EFI_PAGE_SIZE #endif +#ifndef EFI_ALLOC_LIMIT +#define EFI_ALLOC_LIMIT ULONG_MAX +#endif + extern bool efi_nochunk; extern bool efi_nokaslr; extern int efi_loglevel; diff --git a/drivers/firmware/efi/libstub/mem.c b/drivers/firmware/efi/libstub/mem.c index 03d147f17185..4f1fa302234d 100644 --- a/drivers/firmware/efi/libstub/mem.c +++ b/drivers/firmware/efi/libstub/mem.c @@ -89,6 +89,8 @@ efi_status_t efi_allocate_pages(unsigned long size, unsigned long *addr, efi_physical_addr_t alloc_addr; efi_status_t status; + max = min(max, EFI_ALLOC_LIMIT); + if (EFI_ALLOC_ALIGN > EFI_PAGE_SIZE) return efi_allocate_pages_aligned(size, addr, max, EFI_ALLOC_ALIGN, diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index ec44bb7e092f..1692d19ae80f 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -29,7 +29,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)ULONG_MAX); + (u64)EFI_ALLOC_LIMIT); if (region_end < size) return 0; From patchwork Mon Mar 4 11:19:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777813 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9050039FCC for ; Mon, 4 Mar 2024 11:20:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551226; cv=none; b=bXtl2fA0QxvC+fMwYDfSUcYEJ5Z+cTNgVO34YkKTgDN07sDoJKQ9VdMX8YKhael4z5Om1UOH1cByoePQoFULUPiqLE0JLBQ75+GRdQ3Fj+njMYQ2mCLdWu2z1sNyoaq19/AIuNhqb7ndzHf/RfGjj9mE6k7pw2koPhTYdDjqaTY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551226; c=relaxed/simple; bh=MZ5ZOrjFKPpiskhJjxCszA5CWhieK/cxWIrb/EKcx5M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=m9BpRFjW72KvAAStKWI9aknyOgLT2R9+xUZnQvtat/H+AGhOxhZdiy0WrOrYOTCYJiVgtSEcZ9HtC48PlBLjulcWOgnvu+k1EcceUjcM+CmzUP+fxwhU3RkhzdhM6/WILm9xwy68D4VKAzr6ggR6kojTse23EjfeTqIDQ1tx66c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=d8Sxo9qN; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="d8Sxo9qN" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dce775fa8adso7733342276.1 for ; Mon, 04 Mar 2024 03:20:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551223; x=1710156023; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=kSsHpSt5ct1OFILUVAmXpAo7GQUCPIXFS0WoT8nXgWU=; b=d8Sxo9qNaxNMrm02clmRCuuYS5D2Hc4mLwc/iZPz/U8zn8K9o/5avA7vy2KnD4Y5vR zBmIe6gAZNQvRBW6oq7UrmZKLOcH9pWK7iLyDB4+HTN6TGUrBb+ViLbXy9RCxmRb841R g0Iyvy+Q2hq1Ati0FKYLjtIQjihi0kARPF52xDheFFUOwVRHMZu+JX0FTE7GOyNeYi4W MULGHBK/D2Qms/nF0cULIAiD7URyZVWEMWbTd4T4apn0gV8Ms26phDcCvo4RkBAZG4Jz dPY6zUCLWdGQL4RfOTEybrRHupcgFyc0eYDTZ29pPi+bd+3WPGb4AP7nnDprpiCWtXfJ vTUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551223; x=1710156023; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kSsHpSt5ct1OFILUVAmXpAo7GQUCPIXFS0WoT8nXgWU=; b=qBcQ4beFAcW4zcuxVcgAi8Fzp7jGE0zTzUNHiVtB69zwoJZGAXfB4bDlc1x7y3QZzk jIvtthtz2O5uO8Ra3HUJKQ8OxkOwgxfiM4leBL8YhNBdkBboGYac9d8kpKAmlpwyo/32 wnNjfPdIeMWdv1aYl1orKNnXyhg5XG1opxEj9DoNXxfaxbx/bMCmM9xop5v50erzVm2h NbVJehBmHotOfko91eyNV8o6mT25jz+EPIEZY9fiKJQU8Yka+NbC3n2go8Kii/i2TEba H8GW+CrtKyuLl62Oz8B4CSI2gZFLIPLNSTEyR8ENEBfcTa7q5ZRb6ZDeXHuyb50GwaHb KNZQ== X-Gm-Message-State: AOJu0YzSWLdi2jBQN1MDLeFpbvU3VSpxwMzqZFnFMg2tCnVyjfU3jRc9 LdtrOlGgnSrtJ3oz6sAoCjiPuZ32W2r/TAjDk8mOa4xXzEAEHmly+6WgLE82KFOddfTbmw== X-Google-Smtp-Source: AGHT+IGfBSAd5voqXMAdKqy++G5u1p/YqXvV76rQrlY+Sfm4uyhqSdaxdbs96XZyuwEwE15bvldKvI9V X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a25:ef0c:0:b0:dc6:cafd:dce5 with SMTP id g12-20020a25ef0c000000b00dc6cafddce5mr2247355ybd.12.1709551223553; Mon, 04 Mar 2024 03:20:23 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:40 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1389; i=ardb@kernel.org; h=from:subject; bh=AqJOAwI4fG7tKpMkIMw1VDde8EUwBC2EWoPZrfUZpHA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpOu+k6l2WVcb2GktOtXhf+a+adObw7i833ZKev/bPn v7A9lpVRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIxd2MDBOTfR1eKkj/VfqU FtU0679TJLd5fbuIbO/ZTo/N9ywvazEyPJghGrmE6/Wxk7//WVkG/w7/w8y3jivzmPvZ1emHBMK DuQA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-22-ardb+git@google.com> Subject: [PATCH stable-v6.1 02/18] efi: efivars: prevent double registration From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Johan Hovold , Ard Biesheuvel From: Johan Hovold [ Commit 0217a40d7ba6e71d7f3422fbe89b436e8ee7ece7 upstream ] Add the missing sanity check to efivars_register() so that it is no longer possible to override an already registered set of efivar ops (without first deregistering them). This can help debug initialisation ordering issues where drivers have so far unknowingly been relying on overriding the generic ops. Signed-off-by: Johan Hovold Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/vars.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c index 0ba9f18312f5..4ca256bcd697 100644 --- a/drivers/firmware/efi/vars.c +++ b/drivers/firmware/efi/vars.c @@ -66,19 +66,28 @@ int efivars_register(struct efivars *efivars, const struct efivar_operations *ops, struct kobject *kobject) { + int rv; + if (down_interruptible(&efivars_lock)) return -EINTR; + if (__efivars) { + pr_warn("efivars already registered\n"); + rv = -EBUSY; + goto out; + } + efivars->ops = ops; efivars->kobject = kobject; __efivars = efivars; pr_info("Registered efivars operations\n"); - + rv = 0; +out: up(&efivars_lock); - return 0; + return rv; } EXPORT_SYMBOL_GPL(efivars_register); From patchwork Mon Mar 4 11:19:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778953 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A8FD38DFC for ; Mon, 4 Mar 2024 11:20:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551229; cv=none; b=XSBxb3ANLN7PE3tvBNjI98MC9nmm7O4+oIal/tTsWkjBw7rYncZ5jnb5+aKmpf2v0O3wvFCWWLgEpgWMfbxvrmCPoDFIEiPdpB4Gfk2Cxw+pub2+u3+ZWmgB8HcXT/D+iX+8yVzs/NTlzioNnNYnvRVSUXTXzOQcCCV6JSjC6bc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551229; c=relaxed/simple; bh=+droq8Jdwu0zvb41EKZD5kluU85OjZuAdutWJGtuKGM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=L9V9yuXTCGye6/Nkk7F7KI8WXEOTVaQOzfO3sXf3iCxCTHntgNIcHUKES2Sx2jm/nIkC6For5zcKAusmbUK0pw4lRzxbdY6DXwFb2+X0gXo75m7ECPaZD3x2WgAQilow/dlNyGqejFBZKSIS9DZqIQaxU8/VoE6UzqprilDBUFg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=niYmfPlw; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="niYmfPlw" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-412a44c72c1so23695795e9.1 for ; Mon, 04 Mar 2024 03:20:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551226; x=1710156026; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=PR+FjOeWcopv2jkkhSZLk+LBPXj7PwoORd3Uf+ara+U=; b=niYmfPlwvUewrda/qtZ3G8ESILa2y/sNilH17rufl+qOasj4/axh0z7OQrmhL+UyTJ iB4s+w21qx8rSmx6IuJCGFFOu7qzGpHiYPI6fIoa4nA+044yPeITymph60mGAS1vD665 +amAEXOi8MEeaxVQu5FFXiJpsQao7/yNx3T7VjSKNLxWko1cD2Dr2IA8j0oegfQS8zsJ O1d+9s/ktUWZ3jxZqupihrDM031VxKHip9tJDj3YSu5LZOG6ozZJ59VZosKg94Bxvl92 /nh1OWdZvZrHrMeDYu8l6NRtTV4+ksw7G4QK2mIFTezxNjw9oe95mGXttbyHrE/4i0Xi OqiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551226; x=1710156026; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PR+FjOeWcopv2jkkhSZLk+LBPXj7PwoORd3Uf+ara+U=; b=WZYsylhSn2/6QYADnII5owlUGDH79fvW5Z6PLpY5F0SoMq2snZDqhDaoj83SJzPpC7 5MOnb78mL70TV3IHSjo/8QEzLFCSwGNyygFtmlL+4eRjaOQgboCx/0bmYh99S0IPNT1+ pVNRa7zmEhK/aULC7OeUIqAw60ULZLjtWeNZW7pEd8QzE0hsMSzs8Dp0o5DDxoFkpyVh v7uBc5GMc99YqgU65Y52UrdLNet9G204wohFmM2A4Ma0mc1GvjjfxgZlXWQAe1p2Xbm4 jCC/6xOqgKhMQ7zobj9fqabH/TWzCr52sDA7K51jgQf9hvstWivoV5SjNJXe4SONkhua 6Opg== X-Gm-Message-State: AOJu0YzhKcO6KkFUT6XX09qnBH934oid//8TsiRTHtE/q3OGm1Luj54g 9nd4r4/QjuVduhVimH5dNdBoDAd2DcqXiBlHdPQImcmT0hzkfq8p9ZJnjcBpUnvExvyybA== X-Google-Smtp-Source: AGHT+IFi7fcyviiqSmmqut53aOvHJ9xWLOwvkc7VB2i86+WjICwKm+EV2IUoMAy5xZeP1NlpnauNNajB X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:3d8f:b0:412:e8a0:81c6 with SMTP id bi15-20020a05600c3d8f00b00412e8a081c6mr2073wmb.4.1709551225941; Mon, 04 Mar 2024 03:20:25 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:41 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7661; i=ardb@kernel.org; h=from:subject; bh=RsUUoeowuevtAraD64hTD4eNkgzf+j6Ug4ZkwgaBM28=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpOt+Pd0Xq9gmtPW3Mc/PlhQ+vvyjM+3JW6qwQ19qfB yyaxa+u6ShlYRDjYJAVU2QRmP333c7TE6VqnWfJwsxhZQIZwsDFKQATMT3K8L9qY0lba1RZFOsz KdOzVeeSdxw6eHVez9vzgct2v/7IbCHOyHDxwVTt0KcBx5SLF8W5PlinxuNxaTqrZ0nYzFUxTxt frWYDAA== X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-23-ardb+git@google.com> Subject: [PATCH stable-v6.1 03/18] x86/efistub: Simplify and clean up handover entry code From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit df9215f15206c2a81909ccf60f21d170801dce38 upstream ] Now that the EFI entry code in assembler is only used by the optional and deprecated EFI handover protocol, and given that the EFI stub C code no longer returns to it, most of it can simply be dropped. While at it, clarify the symbol naming, by merging efi_main() and efi_stub_entry(), making the latter the shared entry point for all different boot modes that enter via the EFI stub. The efi32_stub_entry() and efi64_stub_entry() names are referenced explicitly by the tooling that populates the setup header, so these must be retained, but can be emitted as aliases of efi_stub_entry() where appropriate. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-5-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- Documentation/x86/boot.rst | 2 +- arch/x86/boot/compressed/efi_mixed.S | 22 +++++++++++--------- arch/x86/boot/compressed/head_32.S | 11 ---------- arch/x86/boot/compressed/head_64.S | 12 ++--------- drivers/firmware/efi/libstub/x86-stub.c | 20 ++++++++++++++---- 5 files changed, 31 insertions(+), 36 deletions(-) diff --git a/Documentation/x86/boot.rst b/Documentation/x86/boot.rst index 894a19897005..bac3789f3e8f 100644 --- a/Documentation/x86/boot.rst +++ b/Documentation/x86/boot.rst @@ -1416,7 +1416,7 @@ execution context provided by the EFI firmware. The function prototype for the handover entry point looks like this:: - efi_main(void *handle, efi_system_table_t *table, struct boot_params *bp) + efi_stub_entry(void *handle, efi_system_table_t *table, struct boot_params *bp) 'handle' is the EFI image handle passed to the boot loader by the EFI firmware, 'table' is the EFI system table - these are the first two diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index 8b02e507d3bb..d05f0250bbbc 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -26,8 +26,8 @@ * When booting in 64-bit mode on 32-bit EFI firmware, startup_64_mixed_mode() * is the first thing that runs after switching to long mode. Depending on * whether the EFI handover protocol or the compat entry point was used to - * enter the kernel, it will either branch to the 64-bit EFI handover - * entrypoint at offset 0x390 in the image, or to the 64-bit EFI PE/COFF + * enter the kernel, it will either branch to the common 64-bit EFI stub + * entrypoint efi_stub_entry() directly, or via the 64-bit EFI PE/COFF * entrypoint efi_pe_entry(). In the former case, the bootloader must provide a * struct bootparams pointer as the third argument, so the presence of such a * pointer is used to disambiguate. @@ -37,21 +37,23 @@ * | efi32_pe_entry |---->| | | +-----------+--+ * +------------------+ | | +------+----------------+ | * | startup_32 |---->| startup_64_mixed_mode | | - * +------------------+ | | +------+----------------+ V - * | efi32_stub_entry |---->| | | +------------------+ - * +------------------+ +------------+ +---->| efi64_stub_entry | - * +-------------+----+ - * +------------+ +----------+ | - * | startup_64 |<----| efi_main |<--------------+ - * +------------+ +----------+ + * +------------------+ | | +------+----------------+ | + * | efi32_stub_entry |---->| | | | + * +------------------+ +------------+ | | + * V | + * +------------+ +----------------+ | + * | startup_64 |<----| efi_stub_entry |<--------+ + * +------------+ +----------------+ */ SYM_FUNC_START(startup_64_mixed_mode) lea efi32_boot_args(%rip), %rdx mov 0(%rdx), %edi mov 4(%rdx), %esi +#ifdef CONFIG_EFI_HANDOVER_PROTOCOL mov 8(%rdx), %edx // saved bootparams pointer test %edx, %edx - jnz efi64_stub_entry + jnz efi_stub_entry +#endif /* * efi_pe_entry uses MS calling convention, which requires 32 bytes of * shadow space on the stack even if all arguments are passed in diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 987ae727cf9f..8876ffe30e9a 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -150,17 +150,6 @@ SYM_FUNC_START(startup_32) jmp *%eax SYM_FUNC_END(startup_32) -#ifdef CONFIG_EFI_STUB -SYM_FUNC_START(efi32_stub_entry) - add $0x4, %esp - movl 8(%esp), %esi /* save boot_params pointer */ - call efi_main - /* efi_main returns the possibly relocated address of startup_32 */ - jmp *%eax -SYM_FUNC_END(efi32_stub_entry) -SYM_FUNC_ALIAS(efi_stub_entry, efi32_stub_entry) -#endif - .text SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 81458f77131b..b16408f715d7 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -474,19 +474,11 @@ SYM_CODE_START(startup_64) jmp *%rax SYM_CODE_END(startup_64) -#ifdef CONFIG_EFI_STUB -#ifdef CONFIG_EFI_HANDOVER_PROTOCOL +#if IS_ENABLED(CONFIG_EFI_MIXED) && IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) .org 0x390 -#endif SYM_FUNC_START(efi64_stub_entry) - and $~0xf, %rsp /* realign the stack */ - movq %rdx, %rbx /* save boot_params pointer */ - call efi_main - movq %rbx,%rsi - leaq rva(startup_64)(%rax), %rax - jmp *%rax + jmp efi_stub_entry SYM_FUNC_END(efi64_stub_entry) -SYM_FUNC_ALIAS(efi_stub_entry, efi64_stub_entry) #endif .text diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 9422fddfbc8f..9661d5a5769e 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -774,9 +774,9 @@ static void __noreturn enter_kernel(unsigned long kernel_addr, * return. On failure, it will exit to the firmware via efi_exit() instead of * returning. */ -asmlinkage unsigned long efi_main(efi_handle_t handle, - efi_system_table_t *sys_table_arg, - struct boot_params *boot_params) +void __noreturn efi_stub_entry(efi_handle_t handle, + efi_system_table_t *sys_table_arg, + struct boot_params *boot_params) { unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; @@ -919,7 +919,19 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, enter_kernel(bzimage_addr, boot_params); fail: - efi_err("efi_main() failed!\n"); + efi_err("efi_stub_entry() failed!\n"); efi_exit(handle, status); } + +#ifdef CONFIG_EFI_HANDOVER_PROTOCOL +#ifndef CONFIG_EFI_MIXED +extern __alias(efi_stub_entry) +void efi32_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, + struct boot_params *boot_params); + +extern __alias(efi_stub_entry) +void efi64_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, + struct boot_params *boot_params); +#endif +#endif From patchwork Mon Mar 4 11:19:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777812 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8897A38FBC for ; Mon, 4 Mar 2024 11:20:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551231; cv=none; b=qeiQmGc/BncDxkJnzPv6H0UsJmM+pHFBg+nLqySuY2N9KIDaNRv3/10BIyJFqJIw8b76bxWbhw2Lu1FXQtLY/a1C7b1z5heORNbBoNk9WxlmLXMp5X64+nqdG9P7eD2kH4jWyE4aci7CgPxsVbTfSm5vbzPMhW+YkLCy0r3ihVI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551231; c=relaxed/simple; bh=IRtAsKCgqioMV86j/XlQVejXr0chn7Jg2l0INTSDw3w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oE2dRsc5YGivjtqaD2k1kQUjZ4DiucqdjWsA5jF36yVttvYSu1qDuTNnuL+mu543pADFlXvnLSFf68S3JU/Av1PWpxrtrL/YaSFLSSBIZbrWCEhBrkh/nHoMyRrPOfBpZY2eyOlW08AFsewwbVFKq4vev+jc4LnAaHOnKm2TkAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wwX68OGS; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wwX68OGS" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-412db67aa46so8553815e9.3 for ; Mon, 04 Mar 2024 03:20:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551228; x=1710156028; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VpAe7eLU8mDYBt7OVARjKhlYrQq6FvvfNqe6jLhmyJE=; b=wwX68OGS2LmEYvWGwNEuude9yiT815Vj1N8qg1d75sIz8BOuWXNEqQ0hMFY2e7YYT8 b6QUE2u9qDDqAEM+jtBWOrnnnEbv3BSCnR5Lfdr/aRRXZ1T0alXLTARHJQCbce1WzuQo TfuADnF9PQsXSZQuD4j7W1GmwVmEw09ercF5oELZHpMRh72xE1/UOuTni1EI4pb7qzZe F8rSMBK4rjDRM4zlZHaJIqpRZFScDzcf7QhXaq6imySjjpImlkS6ytb2aMDMHVLi6Mfr TcHMY0x5NnIAHskkU1js/8k/iU2COia1gFX/Ent82QbIdx6dabhsGJqc3oTZ7JvuEcwx HN7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551228; x=1710156028; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VpAe7eLU8mDYBt7OVARjKhlYrQq6FvvfNqe6jLhmyJE=; b=hy5S+S6QjYqbgkF0O4vEcyFpFvsuOavexyS3HlWBFxbnIlwYxpAI3nNw2C6jopk7rC f3/+kwKAST2OKNSBwGEaW/gSrKUJyf6pJYIUqmUgo+cfbvOXoTwwpJPzTrT9CiBNKW8Q johnQPBa4b9uBWIhGHx42qOL61toO8eMS9cHcAGagP/BMlEltbNqnB4r5fBVULxhK4Zk m2XLASo8G56un0mhCTw6NJ57xmOkG8fFgoHMEVLIAUW7ZLSRlkmfiJlnunygvlKRQvdn 6i9lbcGkeZnnssiEGCEB1nvPcwgs/QcN31y+p0VSY7xGQwdbG0oK4HYHQP93t+cRK00Q FMuQ== X-Gm-Message-State: AOJu0YwD16IKnjJVT/0T5fYKHg9VLfwdEhoYStPesH2baqamPmXThMgC G/8P6t+2poqOtd3Tf2Z1OTJCWaLcTwjOnYoldRAUyu4o+ThUK83K+Xt5EI1dzqr87Y9H7w== X-Google-Smtp-Source: AGHT+IH1C52mIeaLjesQfAvO3S9jAjms5ikKy5xaCHyL/IMF+mQIS6VhBLKclxRnhGlAUkZyyWlisYAt X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:b8e:b0:412:e833:5795 with SMTP id fl14-20020a05600c0b8e00b00412e8335795mr4431wmb.1.1709551228063; Mon, 04 Mar 2024 03:20:28 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:42 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3628; i=ardb@kernel.org; h=from:subject; bh=rKgJr0A5pxS9qrIepF6LrLvgYLtlR3KeiChgONo9nD4=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpOj+Px8+a3j7wcSv9PmnSbs4S2XOKPj+XnX/3aEvp7 AjLc/48HaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiXy4wMixYcJRPvFehPWZL +Js/TpaTN86+8zf0TuWB2LNOjWUdvUkM/137dz7gVyxmnH5ttfqHbQGdetKNu6XcpDQTqlst/3r c4wQA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-24-ardb+git@google.com> Subject: [PATCH stable-v6.1 04/18] x86/decompressor: Avoid magic offsets for EFI handover entrypoint From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit 12792064587623065250069d1df980e2c9ac3e67 upstream ] The native 32-bit or 64-bit EFI handover protocol entrypoint offset relative to the respective startup_32/64 address is described in boot_params as handover_offset, so that the special Linux/x86 aware EFI loader can find it there. When mixed mode is enabled, this single field has to describe this offset for both the 32-bit and 64-bit entrypoints, so their respective relative offsets have to be identical. Given that startup_32 and startup_64 are 0x200 bytes apart, and the EFI handover entrypoint resides at a fixed offset, the 32-bit and 64-bit versions of those entrypoints must be exactly 0x200 bytes apart as well. Currently, hard-coded fixed offsets are used to ensure this, but it is sufficient to emit the 64-bit entrypoint 0x200 bytes after the 32-bit one, wherever it happens to reside. This allows this code (which is now EFI mixed mode specific) to be moved into efi_mixed.S and out of the startup code in head_64.S. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-6-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 20 +++++++++++++++++++- arch/x86/boot/compressed/head_64.S | 18 ------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index d05f0250bbbc..deb36129e3a9 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -146,6 +146,16 @@ SYM_FUNC_START(__efi64_thunk) SYM_FUNC_END(__efi64_thunk) .code32 +#ifdef CONFIG_EFI_HANDOVER_PROTOCOL +SYM_FUNC_START(efi32_stub_entry) + add $0x4, %esp /* Discard return address */ + popl %ecx + popl %edx + popl %esi + jmp efi32_entry +SYM_FUNC_END(efi32_stub_entry) +#endif + /* * EFI service pointer must be in %edi. * @@ -226,7 +236,7 @@ SYM_FUNC_END(efi_enter32) * stub may still exit and return to the firmware using the Exit() EFI boot * service.] */ -SYM_FUNC_START(efi32_entry) +SYM_FUNC_START_LOCAL(efi32_entry) call 1f 1: pop %ebx @@ -326,6 +336,14 @@ SYM_FUNC_START(efi32_pe_entry) RET SYM_FUNC_END(efi32_pe_entry) +#ifdef CONFIG_EFI_HANDOVER_PROTOCOL + .org efi32_stub_entry + 0x200 + .code64 +SYM_FUNC_START_NOALIGN(efi64_stub_entry) + jmp efi_stub_entry +SYM_FUNC_END(efi64_stub_entry) +#endif + .section ".rodata" /* EFI loaded image protocol GUID */ .balign 4 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index b16408f715d7..8bfb01510be4 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -286,17 +286,6 @@ SYM_FUNC_START(startup_32) lret SYM_FUNC_END(startup_32) -#if IS_ENABLED(CONFIG_EFI_MIXED) && IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) - .org 0x190 -SYM_FUNC_START(efi32_stub_entry) - add $0x4, %esp /* Discard return address */ - popl %ecx - popl %edx - popl %esi - jmp efi32_entry -SYM_FUNC_END(efi32_stub_entry) -#endif - .code64 .org 0x200 SYM_CODE_START(startup_64) @@ -474,13 +463,6 @@ SYM_CODE_START(startup_64) jmp *%rax SYM_CODE_END(startup_64) -#if IS_ENABLED(CONFIG_EFI_MIXED) && IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) - .org 0x390 -SYM_FUNC_START(efi64_stub_entry) - jmp efi_stub_entry -SYM_FUNC_END(efi64_stub_entry) -#endif - .text SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) From patchwork Mon Mar 4 11:19:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778952 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B33FC39FCD for ; Mon, 4 Mar 2024 11:20:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551233; cv=none; b=vBb6jZQHmfsUgUOhK2YbRCSKhaUEfY2VNnuyrRfWf33OtKvPg06lbxryMpHvhXiF50WGBxEaXd7sDUvuJVQoCJveEFxuDKzTP8AJkOPsAgMk5aZXM5Ip6Ira6kr8eTzlUTMkgGWxmve8MUCWcwHcLWxs/3J4qzvxYXfy3DNadlI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551233; c=relaxed/simple; bh=PIMBMVnRUrsYcSZxvKMo5suzVvX6xt5s+wQ5thbUD1I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kghQyP7nmJL9m7ABun9K2DyLK+tSk8ejkjPGpPYNspRjB8ckfYdzcHGs/oSjKWzo0HVuGIU0WzcbfIWHzT9zy8R2SSaspALo9YT5pBQFdBL+ApS/13+j7wdZt2Z/9sPQMh6TsxaMGkeXE/s6F1y4ryvx1YOEYbLcmlJ3hI6O4Lc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mGDQ5+Fw; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mGDQ5+Fw" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-40e4478a3afso21816355e9.1 for ; Mon, 04 Mar 2024 03:20:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551230; x=1710156030; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HlmDO7w1t4G2Y2I38OgxQ7WUNgvZu+OzH+DIdIich+s=; b=mGDQ5+FwtvJZUqRdHT3yezcPOEhbqG4FjgExBOOXMAh+k5n/C6QFOahM6r46yHu5mU iF9AqNDDQ77uLyQSpMwxOsdIPX/xRD+l2m1l+7tEVZi70pMx8vbaKY5Atcd9Ny8sKDmb +GCQHCsOZ+nccxRtBByMdwFr6Wz2bwKye1SZ1wrSrGXR77rctQSaAQXhBwZsD7s20t4x +3Rpy6WsjJyzGTct1/uM0bqyu+SoQ/Nm61FGs/n1gXHxhh4qFRUrw1ynnsVUQqehkjA9 9twlMPab4Xf7rmgqV/Z8B0i9Q7VUe4sTDgeKbmv9E54+uESFMFWJ1VYash3YEniJsgQR ywGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551230; x=1710156030; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HlmDO7w1t4G2Y2I38OgxQ7WUNgvZu+OzH+DIdIich+s=; b=ZWi9kXrecltgl+FrvWFaamXF44+37qM1ldGNT6qpyf9F9d81amPOkIdYj49FTB983M 8eJXb4wRLitqo02nJiQlhkuf9JvNoSlRNTk1G0anN1qhpH3aH8Vu+g4DkhUJnBCQLjTz Sq3pUJFN6rKwW5sx/lVm7X2RjqHDxdgOOnMChEcpWqXEMHK2Jp+dR2x7Oo8AhZn2GOaL nDmHYIBo7NXNRGlLD9NYh+tPWkZO9iGH16ljnWF4Je/chJyPLne2dyWwU3qIdgyRFunw /pC2bSNkQqfVA/bS1ALF77TpcryO3mCtJ31u9BH037NZ/7QavZ5vCx41RlX0KF/8XxR3 we4g== X-Gm-Message-State: AOJu0YzdLMb6ANhEpVTSNJ3iXWJc6wyMLWiW2cjzhmULNV4AalcoNmbI UR34JEzANGI81nmKS4FBDqu2Ejmetfnzu5UG3f5ERK7rNzYlR92JlHMraSjIiVIz3v/EHQ== X-Google-Smtp-Source: AGHT+IG2nmwouE72v++bZAgqJPellEQfcK8Fz13wIU07OT8uXVoz1Q8oBkgJVP5ljzwDkMctncc5K+Rx X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:3d93:b0:412:e80f:8efb with SMTP id bi19-20020a05600c3d9300b00412e80f8efbmr22600wmb.3.1709551230156; Mon, 04 Mar 2024 03:20:30 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:43 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3215; i=ardb@kernel.org; h=from:subject; bh=VOX29KPhh0Yo9TI3cfEO+keD2WYPXEllnu6VlFM9GBY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpOv+Or6sZV2TrM9avZBJOvuPpyVJ8v6vE+1a1p8QZe 6nCWIeOUhYGMQ4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJHDXIwMD2dulzwb01zeMnGH 5vpVTcVbQtp1nwq/lGPfrr5uU8Oyawz/S1sNe7pfZ1y9mxZ8b/WFRwFFN4t0Xz9ZdKEw5SWr6da H7AA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-25-ardb+git@google.com> Subject: [PATCH stable-v6.1 05/18] x86/efistub: Clear BSS in EFI handover protocol entrypoint From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit d7156b986d4cc0657fa6dc05c9fcf51c3d55a0fe upstream ] The so-called EFI handover protocol is value-add from the distros that permits a loader to simply copy a PE kernel image into memory and call an alternative entrypoint that is described by an embedded boot_params structure. Most implementations of this protocol do not bother to check the PE header for minimum alignment, section placement, etc, and therefore also don't clear the image's BSS, or even allocate enough memory for it. Allocating more memory on the fly is rather difficult, but at least clear the BSS region explicitly when entering in this manner, so that the EFI stub code does not get confused by global variables that were not zero-initialized correctly. When booting in mixed mode, this BSS clearing must occur before any global state is created, so clear it in the 32-bit asm entry point. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-7-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/efi_mixed.S | 14 +++++++++++++- drivers/firmware/efi/libstub/x86-stub.c | 13 +++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index deb36129e3a9..d6d1b76b594d 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -148,6 +148,18 @@ SYM_FUNC_END(__efi64_thunk) .code32 #ifdef CONFIG_EFI_HANDOVER_PROTOCOL SYM_FUNC_START(efi32_stub_entry) + call 1f +1: popl %ecx + + /* Clear BSS */ + xorl %eax, %eax + leal (_bss - 1b)(%ecx), %edi + leal (_ebss - 1b)(%ecx), %ecx + subl %edi, %ecx + shrl $2, %ecx + cld + rep stosl + add $0x4, %esp /* Discard return address */ popl %ecx popl %edx @@ -340,7 +352,7 @@ SYM_FUNC_END(efi32_pe_entry) .org efi32_stub_entry + 0x200 .code64 SYM_FUNC_START_NOALIGN(efi64_stub_entry) - jmp efi_stub_entry + jmp efi_handover_entry SYM_FUNC_END(efi64_stub_entry) #endif diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 9661d5a5769e..764bac6b58f9 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -925,12 +925,21 @@ void __noreturn efi_stub_entry(efi_handle_t handle, } #ifdef CONFIG_EFI_HANDOVER_PROTOCOL +void efi_handover_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, + struct boot_params *boot_params) +{ + extern char _bss[], _ebss[]; + + memset(_bss, 0, _ebss - _bss); + efi_stub_entry(handle, sys_table_arg, boot_params); +} + #ifndef CONFIG_EFI_MIXED -extern __alias(efi_stub_entry) +extern __alias(efi_handover_entry) void efi32_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params); -extern __alias(efi_stub_entry) +extern __alias(efi_handover_entry) void efi64_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params); #endif From patchwork Mon Mar 4 11:19:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777811 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 173D639AE4 for ; Mon, 4 Mar 2024 11:20:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551235; cv=none; b=aIJeRiZtmFHgHLYhqoMmLRJV5Ro+kXn4W36XVDdOnjopw0j8unSA/ZbzJn1k7Cxt77losR1hg8nLZgviHLDCZcTF3dDECy94YPL4TEuvKEpq8KugHQYhS1ELVSmxJwmbok3+KfBqDRLErjDSHK6iDwPj3IUCvAjnvMuGK3Qgu10= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551235; c=relaxed/simple; bh=I5f5/UK0HxqN58ceYF9AUZMiIxoGygWtkjaXaKdIyKM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lt6GWV11TMVtdMVxNRwM7Cll5Op0l+xVUcTSMnGdqBy+wF/5cB6BXFSqKiUiPL2cIVw562DrstQLIZxbTz6z4MeXO/9od3fB5q05mlELCWchIptkPhkwLtS2swj+oRVMu6kwmBBFit8RD4+wGofYi1XPF0LIO506hRkrkr3C4Cw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LrdA76Dw; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LrdA76Dw" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-33d29de76abso2127016f8f.3 for ; Mon, 04 Mar 2024 03:20:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551232; x=1710156032; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=r8rql2s0QLNWWKq3INYtoN7LFcvaQx1mxgf5kuyohcA=; b=LrdA76DwE5Sz9cUBxHICJ87bU0z7msnrb2Ggx9Wwa6DvnVEmoBwrsa8UZnx9ljvVlt qeJuCjhgQFfz6t1qYMhVnAv3uyMehnYAMMCGZ8j4TvfFwg2biU3S5sHF+wHSv3glbGCE yolC4sBh/IK0He/AtJGMZChF9zYvgojNFJQmyhU7Qthp+2TdGAQt4iVBuXeT/OV81r+H IUKMcpLS8GUU3U0CtphqICp/fWqPH97eEnBoR4lUukjCUZ1TOV127//cndCloh/G0Cxa +Oi7pxAIU488/fWnKiESjmfZebGZfUePd2jLFkIcGW8eIBAMwgyNBgR9hoVDpfUfSA1W Jq1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551232; x=1710156032; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r8rql2s0QLNWWKq3INYtoN7LFcvaQx1mxgf5kuyohcA=; b=ooV01ZNEv4OjxxQ2dlNxs6MjAuOnLlB6OuSexPO3/cOV+2qeIgzZX/lkhCzxX261jY 1kXJ95zb1VwRMsd4a/qnvv3xP1nVzzK+KRMcC+WGtUXFICnWF6jmqGEe+YGXjkBRKpHb tAGVTdWW8bUNG9hqM84g1Cj1r1UlRCWQUbU5m7Ca6VX8/QFmClD/WSdWaQRl3XhzkUfo 4hjEdejOQTCMwBttwJDhdIkH3unVXiZ+yU2ma89bD3lxm7mymx+aXXhsZcehBHCs2Lfs hDZ+NBzXOanscUSVBO7YTmqTrUWgL2gb/2NBoudPdj22ZvFvgXcsGFHX86N+qHo1bcSg IINg== X-Gm-Message-State: AOJu0YykVtQozf5vbiKrUaiIKEHJlN8ZMEuRpM2UX+J7Q7enyuskwESM mhoup7XndfSeRv3/+x6nRIswYspRzhdrVNNje2wMRCbcWEjUZ0QFlbA3NbwL+UPIcxRkFg== X-Google-Smtp-Source: AGHT+IFPvvN/eRl2/sPdN88mT9O3xdpe3ZB21qIdbR4DxENWp3cErdhDFWUVwHtx7B7exaTHgMorI5uH X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:adf:f74b:0:b0:33e:42bb:dc83 with SMTP id z11-20020adff74b000000b0033e42bbdc83mr1335wrp.6.1709551232415; Mon, 04 Mar 2024 03:20:32 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:44 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5364; i=ardb@kernel.org; h=from:subject; bh=pHaEJ+mAQr4XQr4tmKr4CczlARcwJFRffBM8x5h0oic=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpugA9ufAbvakKrwL8/3RMP161cf9WKbdzb3qn1K2x6 uA4YfOpo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEykM4CR4dOVpBtTDRb+OqCu vtpS7tsuhrvb4osuxK11FXgibvHoYx0jw5QLouVFBZ3BEk0Cspy77zXPuKK/b7uTDFPcrNqlZoI +/AA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-26-ardb+git@google.com> Subject: [PATCH stable-v6.1 06/18] x86/decompressor: Move global symbol references to C code From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit 24388292e2d7fae79a0d4183cc91716b851299cf upstream ] It is no longer necessary to be cautious when referring to global variables in the position independent decompressor code, now that it is built using PIE codegen and makes an assertion in the linker script that no GOT entries exist (which would require adjustment for the actual runtime load address of the decompressor binary). This means global variables can be referenced directly from C code, instead of having to pass their runtime addresses into C routines from asm code, which needs to happen at each call site. Do so for the code that will be called directly from the EFI stub after a subsequent patch, and avoid the need to duplicate this logic a third time. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-20-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/head_32.S | 8 -------- arch/x86/boot/compressed/head_64.S | 10 ++-------- arch/x86/boot/compressed/misc.c | 16 +++++++++------- 3 files changed, 11 insertions(+), 23 deletions(-) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 8876ffe30e9a..3af4a383615b 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -168,13 +168,7 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) */ /* push arguments for extract_kernel: */ - pushl output_len@GOTOFF(%ebx) /* decompressed length, end of relocs */ pushl %ebp /* output address */ - pushl input_len@GOTOFF(%ebx) /* input_len */ - leal input_data@GOTOFF(%ebx), %eax - pushl %eax /* input_data */ - leal boot_heap@GOTOFF(%ebx), %eax - pushl %eax /* heap area */ pushl %esi /* real mode pointer */ call extract_kernel /* returns kernel entry point in %eax */ addl $24, %esp @@ -202,8 +196,6 @@ SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end) */ .bss .balign 4 -boot_heap: - .fill BOOT_HEAP_SIZE, 1, 0 boot_stack: .fill BOOT_STACK_SIZE, 1, 0 boot_stack_end: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 8bfb01510be4..9a0d83b4d266 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -485,13 +485,9 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated) /* * Do the extraction, and jump to the new kernel.. */ - /* pass struct boot_params pointer */ + /* pass struct boot_params pointer and output target address */ movq %r15, %rdi - leaq boot_heap(%rip), %rsi /* malloc area for uncompression */ - leaq input_data(%rip), %rdx /* input_data */ - movl input_len(%rip), %ecx /* input_len */ - movq %rbp, %r8 /* output target address */ - movl output_len(%rip), %r9d /* decompressed length, end of relocs */ + movq %rbp, %rsi call extract_kernel /* returns kernel entry point in %rax */ /* @@ -649,8 +645,6 @@ SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end) */ .bss .balign 4 -SYM_DATA_LOCAL(boot_heap, .fill BOOT_HEAP_SIZE, 1, 0) - SYM_DATA_START_LOCAL(boot_stack) .fill BOOT_STACK_SIZE, 1, 0 .balign 16 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index 014ff222bf4b..e4e3e49fcc37 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -330,6 +330,11 @@ static size_t parse_elf(void *output) return ehdr.e_entry - LOAD_PHYSICAL_ADDR; } +static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); + +extern unsigned char input_data[]; +extern unsigned int input_len, output_len; + /* * The compressed kernel image (ZO), has been moved so that its position * is against the end of the buffer used to hold the uncompressed kernel @@ -347,14 +352,11 @@ static size_t parse_elf(void *output) * |-------uncompressed kernel image---------| * */ -asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, - unsigned char *input_data, - unsigned long input_len, - unsigned char *output, - unsigned long output_len) +asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) { const unsigned long kernel_total_size = VO__end - VO__text; unsigned long virt_addr = LOAD_PHYSICAL_ADDR; + memptr heap = (memptr)boot_heap; unsigned long needed_size; size_t entry_offset; @@ -412,7 +414,7 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, * entries. This ensures the full mapped area is usable RAM * and doesn't include any reserved areas. */ - needed_size = max(output_len, kernel_total_size); + needed_size = max_t(unsigned long, output_len, kernel_total_size); #ifdef CONFIG_X86_64 needed_size = ALIGN(needed_size, MIN_KERNEL_ALIGN); #endif @@ -443,7 +445,7 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, #ifdef CONFIG_X86_64 if (heap > 0x3fffffffffffUL) error("Destination address too large"); - if (virt_addr + max(output_len, kernel_total_size) > KERNEL_IMAGE_SIZE) + if (virt_addr + needed_size > KERNEL_IMAGE_SIZE) error("Destination virtual address is beyond the kernel mapping area"); #else if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff)) From patchwork Mon Mar 4 11:19:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778951 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A497F37718 for ; Mon, 4 Mar 2024 11:20:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551237; cv=none; b=IKppVB/S4EJ1I70v2HG+qgnrwAILBxFSg3NcsFYDdY8LwSzrMi8Z9QfOv3DtGSV2qtie6hqSLxnHPKGa9x7lQVHoPBbqJ38Lzc+tgSpU5huaqgeCrUU9SuKK1h0iu6vgLl5HpcbbSqyUYmbJzTK9ol+4NMIM8yI58XFWFag1Bjg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551237; c=relaxed/simple; bh=nc3yv9vSe7W8oX9ypNryMk2uuXxCuXX1190k7PyASdo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=E+aAuR3ZRhtnpNVv3+FP/kK9y/vLN11k2g40rd9vEWVLbDqWpdHEA67R3h1+reFL3W160BAd0x9ApT0GYVu6rUdf+PZjQoydmPCUnk1d8g0SccCqTcahQ1rZZzqDv8lY7TK9zkQjRWEz1fiZ4Wos+mk10PpFKMi+CsV+UzzN8qE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=njz5WTwT; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="njz5WTwT" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6099ec81e2dso22000867b3.1 for ; Mon, 04 Mar 2024 03:20:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551235; x=1710156035; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=boAOdLB13m5baTjp0KeGHT68NglbdhYPJKK+DDLhf7I=; b=njz5WTwTPirvOv7ny849ilAUr+HvJZRvM6Vq/pUPtQQtaWJbYNxNaq9+1ABEvs3wMA +QXeMSpNmfAzY8VD7kNTs1V7LVLG73RP3fIjofr7SD+bY3oVcx5zb7xw8QkvdHEgrWFG JqjhRtbeZLZBnbwX64SyF+MUzULD/ZDaD1q1zhW2+bO0Y0JrSK2nSYxHMF4HUyU+cWSX XlO+dsUqFXsaTsZerzqvGK82QOcpEJEjuZwM8q94Pz/yMAl6f7SoUw+X3UJwm5OtjAA7 rCeNiacKKlgG1bM0FctVZLUHXYv2wJy/ad4I6BbjpNUBtMnfFzHV3NKkP8E+jwXuinc6 MY/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551235; x=1710156035; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=boAOdLB13m5baTjp0KeGHT68NglbdhYPJKK+DDLhf7I=; b=WZuXQDJs7V29xKv2iWdiEfD9FTgNt05k2h6b2z0CSTW1YSUvBxAbclAASPPK687PKK 81VfdKkfqCZJx0MJdZQ5lHnHJ2Es6rHQLX1mAYhLbKxwb1qgWRAG0zNavgasNwmk3SaV HXL4cv+DePFhCTBxB5Cj+rImqTt4DXVycg1RYWjhRfxBe7TYxGvQ04o1UslC/n2ER9D/ OplzpTEub5AUc8CwhLDZFxDFJuYobB6BFfzvwZnbqp6jNl+y3WXiO3Bc45VSBCosxaBL rnZpMBJASohjngjwpYe94mrpv+pgXLmKQgQexoowN6f3CdGpH6jWJ9hTaK4/UPosz++B jHTA== X-Gm-Message-State: AOJu0YwdCEa4w2iFim/ndpbEbJzt+T32arLB7J+xYty2b1gyuejkPjKY OoO/n75APcf8kN6pLX6Tx9E0ctAKN5pUC/kSEU4gmv25bS+onzgQ3gF7h2CwbYYEr9tBww== X-Google-Smtp-Source: AGHT+IFhBHs0+QiaDmaQQa5r7u0RTJU4CL8YLKUjmhRKvmGUN2IqqWkORsqzlrkv5TrTcnj3B+cqRXlw X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a81:9949:0:b0:609:2fba:12a0 with SMTP id q70-20020a819949000000b006092fba12a0mr2621976ywg.3.1709551234793; Mon, 04 Mar 2024 03:20:34 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:45 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3758; i=ardb@kernel.org; h=from:subject; bh=3td9ZQtrGoE5RQr3hLiRl84FZti+/Le62H16smm2+LM=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpukD+vAMub74LHFzqu3OSYWBH4JmSJUcva+4v3L9D9 mLVArGijlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRR5cYGT5dbd3+jskobOs9 xy3sTv08HLYdZx59fMXBoR30X/PF1WRGhkMl1oW7Fx+/sjx4/6bcXK7tTvtY2UJsTnXP/ZkyQfp dHB8A X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-27-ardb+git@google.com> Subject: [PATCH stable-v6.1 07/18] efi/libstub: Add memory attribute protocol definitions From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Evgeniy Baskov , Mario Limonciello , Ard Biesheuvel From: Evgeniy Baskov [ Commit 79729f26b074a5d2722c27fa76cc45ef721e65cd upstream ] EFI_MEMORY_ATTRIBUTE_PROTOCOL servers as a better alternative to DXE services for setting memory attributes in EFI Boot Services environment. This protocol is better since it is a part of UEFI specification itself and not UEFI PI specification like DXE services. Add EFI_MEMORY_ATTRIBUTE_PROTOCOL definitions. Support mixed mode properly for its calls. Tested-by: Mario Limonciello Signed-off-by: Evgeniy Baskov Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 7 +++++++ drivers/firmware/efi/libstub/efistub.h | 20 ++++++++++++++++++++ include/linux/efi.h | 1 + 3 files changed, 28 insertions(+) diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 233ae6986d6f..522ff2e443b3 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -325,6 +325,13 @@ static inline u32 efi64_convert_status(efi_status_t status) #define __efi64_argmap_set_memory_space_attributes(phys, size, flags) \ (__efi64_split(phys), __efi64_split(size), __efi64_split(flags)) +/* Memory Attribute Protocol */ +#define __efi64_argmap_set_memory_attributes(protocol, phys, size, flags) \ + ((protocol), __efi64_split(phys), __efi64_split(size), __efi64_split(flags)) + +#define __efi64_argmap_clear_memory_attributes(protocol, phys, size, flags) \ + ((protocol), __efi64_split(phys), __efi64_split(size), __efi64_split(flags)) + /* * The macros below handle the plumbing for the argument mapping. To add a * mapping for a specific EFI method, simply define a macro diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 002f02a6d359..6f5a1a16db15 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -419,6 +419,26 @@ union efi_dxe_services_table { } mixed_mode; }; +typedef union efi_memory_attribute_protocol efi_memory_attribute_protocol_t; + +union efi_memory_attribute_protocol { + struct { + efi_status_t (__efiapi *get_memory_attributes)( + efi_memory_attribute_protocol_t *, efi_physical_addr_t, u64, u64 *); + + efi_status_t (__efiapi *set_memory_attributes)( + efi_memory_attribute_protocol_t *, efi_physical_addr_t, u64, u64); + + efi_status_t (__efiapi *clear_memory_attributes)( + efi_memory_attribute_protocol_t *, efi_physical_addr_t, u64, u64); + }; + struct { + u32 get_memory_attributes; + u32 set_memory_attributes; + u32 clear_memory_attributes; + } mixed_mode; +}; + typedef union efi_uga_draw_protocol efi_uga_draw_protocol_t; union efi_uga_draw_protocol { diff --git a/include/linux/efi.h b/include/linux/efi.h index 4e1bfee9675d..de6d6558a4d3 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -390,6 +390,7 @@ void efi_native_runtime_setup(void); #define EFI_RT_PROPERTIES_TABLE_GUID EFI_GUID(0xeb66918a, 0x7eef, 0x402a, 0x84, 0x2e, 0x93, 0x1d, 0x21, 0xc3, 0x8a, 0xe9) #define EFI_DXE_SERVICES_TABLE_GUID EFI_GUID(0x05ad34ba, 0x6f02, 0x4214, 0x95, 0x2e, 0x4d, 0xa0, 0x39, 0x8e, 0x2b, 0xb9) #define EFI_SMBIOS_PROTOCOL_GUID EFI_GUID(0x03583ff6, 0xcb36, 0x4940, 0x94, 0x7e, 0xb9, 0xb3, 0x9f, 0x4a, 0xfa, 0xf7) +#define EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID EFI_GUID(0xf4560cf6, 0x40ec, 0x4b4a, 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89) #define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) #define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) From patchwork Mon Mar 4 11:19:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777810 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8216A39AFC for ; Mon, 4 Mar 2024 11:20:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551240; cv=none; b=V9FfsgUlYDUl3ivpVFkEycPyX75Il6QdDwM/KmfdYZv/rJBPvx9xaUHZEN2I/aKfPOnlngWrng2WYbn1QFK1AW/a0R2zbJKdsB/i4Dr8Z73TgwsFMiO4E6yoAGA4A6/lVgh+d+JiDPTJCZ3JlGN6WhRiGlnsdsG0NlfbsnHvzM0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551240; c=relaxed/simple; bh=XIW52LFQEZnellQCQaWMZX8BbaCwoglfBUfLmgBKEeg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=je6YFVEUJkJZCW/M9aLpbiUUeStMvr15zXGVgQn/YrUuE1rzi5tM8C/g+OUBkYO7Fxl9tJMCqUlflHl8RCEg8LYbdFXxV1UsM759+tfNmr+v7JubDSUD1LoCBXt68l6UYE4zt0p4KGiMaZzRgsYxwG6vFTwNWma7mUR0gd79EUg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FRbUbdtL; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FRbUbdtL" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-412a6bdd67fso21602795e9.3 for ; Mon, 04 Mar 2024 03:20:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551237; x=1710156037; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sdvrpObpXdvwnP3J/737nekXBEQoGcd4psGPSFaX07E=; b=FRbUbdtLcKWPUe5MFkoQomFrgooFMhF2EhVZCO7p0L7A1m/iGNvZGvvXGRClRE/dwG aWnOuJw5CdbIDqC8LyZM5IoJ3TwvWRv1q6uTjKASA5b5gpIyg3eNMc4h1OAHYGZiYzc6 aFNPTzJr++1mSlkcWnwrFxByz/a+SIFuaWhlvX3uv2fR7qWiTeA9y4L0COcaS7l6F/oK AUEuTDIdD5m4P58M+qiGwhEjXmftMSDBEMuif1CBaLW5Rq4Gz0S1oxRNxADk20QCUu5X rtZ5PJhFMjhmSY6C1QAt+DkaJ9qkM0XG3hUGN6HpFfpbNN7oHg9SsWAG0FpDwLmU6jzP OTlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551237; x=1710156037; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sdvrpObpXdvwnP3J/737nekXBEQoGcd4psGPSFaX07E=; b=Un6tXQ2ESkYAukEzggBBdsqd8HCJ/oAbFeQyFds6NHZBHpZhl6ZF61aODVhmMaiiFq oPCargHhhPNYN14LQoxsVTR/CMxCnCCfaHhW1xCuwooR9YyeLgnWPeTmxntGsAQvNzg+ s9Uo0RKc68C2pW/snoGN9JNKZTS9RZwz65Bs8YHiEXKNpJGi5UASk9rZElc+S8FInpNU A4KOitIssyeEuDeAWAuZ+bOovQurx3sv/Ht4L815a/qVAL8TZNQeLhYorNJsUTIKzxHf vmyD6UD+ZU//8TdT4BJj9NLkLgbbwIGHQB/GUKh1/uaWUxtjEXl8nOCVJu8MMOO6/meE PhXw== X-Gm-Message-State: AOJu0YzaGn7oJ7xY+d9eL9P8asTKbWvNTQ6KtvXL3g0mVqhw14smMZC7 KGzAHCQo7jGJnU0ibeEE/D8TI/kxMSTzBtjag6H3W3OCUEgiz+eWk5y+PhPtaBx0ulLKhw== X-Google-Smtp-Source: AGHT+IHVDqgJu+Dz0YoV5UKKao4fBcAqWdDnFkLwScF8xv8zDNloyxkiGVP65TeW+d1r6fzaU41oZF0B X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:1d9c:b0:412:e6d5:54dc with SMTP id p28-20020a05600c1d9c00b00412e6d554dcmr26224wms.3.1709551237107; Mon, 04 Mar 2024 03:20:37 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:46 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3549; i=ardb@kernel.org; h=from:subject; bh=4qnuUcsZBAQzMf3naeYjQ0/7jE52Ujg7H78WoGtpBpQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuiABgZhZ68W2LxaaL3J1YnqHLENAhXt4pe3rZP/Hc 1cVvZ3SUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyTpGRYZOJ/jP9ybKzlC9V LPnU+yT+yvmyrxsc7xxKMCv4ym+leJjhf4INw9fd29gjfUR799yfEME5f9kLNk/zRzrPk04JSPz p4AcA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-28-ardb+git@google.com> Subject: [PATCH stable-v6.1 08/18] efi/libstub: Add limit argument to efi_random_alloc() From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit bc5ddceff4c14494d83449ad45c985e6cd353fce upstream ] x86 will need to limit the kernel memory allocation to the lowest 512 MiB of memory, to match the behavior of the existing bare metal KASLR physical randomization logic. So in preparation for that, add a limit parameter to efi_random_alloc() and wire it up. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-22-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 40275c3131c8..16377b452119 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -181,7 +181,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE); + EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 6f5a1a16db15..8a343ea1231a 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -905,7 +905,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type); + int memory_type, unsigned long alloc_limit); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index 1692d19ae80f..ed6f6087a9ea 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -16,7 +16,8 @@ */ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, - unsigned long align_shift) + unsigned long align_shift, + u64 alloc_limit) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)EFI_ALLOC_LIMIT); + alloc_limit); if (region_end < size) return 0; @@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type) + int memory_type, + unsigned long alloc_limit) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align)); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) From patchwork Mon Mar 4 11:19:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778950 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1312239AF1 for ; Mon, 4 Mar 2024 11:20:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551241; cv=none; b=CnX/6UhNQe587Tian+prAncgNDdPLa3MjBIHJ8HgFIJ87/2fhS1cjj8kpIksCZYBDOFDsLzzRVzYHm2xDNfsxmgTYe6ZOC70VmY24X0m+UR/2Wus31cHildkYe2cR2wLxeih3pHUsv0uNvzrLOlbC0Z1oGnri4snTfD+P9WfevY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551241; c=relaxed/simple; bh=iRL6np5k4d+Bf7baxUvZa7p9P2Ly29KLBbODhnqFh2o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=B2zKQgWJmAkjqJ+SfF/c10ERW8UqAJ7pyWLvTdQqlqI1RAUgRdW2zuQ/gcdQF8SrV+y4so6GubNBJ2LjwlMaDgxx2xO62pDNT5tcDWqVIEUdMQutDErDYzBLqCCUA1IjbPzkpLj0BqfbJ15fVHK+JIt2Z5Xwo/9a9MNlNrLxYds= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yUvVkDRE; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yUvVkDRE" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-608d6ffc64eso61815677b3.0 for ; Mon, 04 Mar 2024 03:20:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551239; x=1710156039; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=oxFJcYYxv2mnVbKlENPG/29RiTYOkUYXIbV8nHbWhTQ=; b=yUvVkDREBuK5o9U5MSna+AzCS/lW2H0efSqM6FgFVwMM9FPzCutCxVTf71HUuEWTH0 T1gs2d7f4MnobnCRHAGupp0KbgbecYETrdcebMZMSu4E0s0pJitwdYqtrej2azO57Bxk TnVGTqnyxUjKWcUnnZiIG7UCeeq76PqTW0fQ/6EXWILu49vKTCR2saVsMli/GA+2OG01 plEnzH9ApwVDTxBevZMux0gRF77MojEvKwScPbfuJuK5NqrQwi+wtQRFhLyZ3ObImd7S /GOwGHC67PxIFlcQbafQhqoUvYzwjAe+jj5cn0FDekd1qGW3pZZakdna0RjYgia+NkOf 23ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551239; x=1710156039; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oxFJcYYxv2mnVbKlENPG/29RiTYOkUYXIbV8nHbWhTQ=; b=r1axs2T7N6M4PzdX6tuer/P97gYckUFuTh/0x9APm1x0Ve2Ax1/eVgevdDPI73VmsD Wo4lt72C9W6TZ5u3ihs89VjPMPlrDk+hc3Ymd2j6FN5pp2hiz7rwraJAbwx0DjgP/6+m ltAxqT5MZjQhmnaBiJX3gVNcNp8WjSZkH0q2VFH1yYzvVmVy5NnWQJWQzqn5oqyM/IL8 R/H3TMIHfRyPXxXbJQ7MUcYtS9yL38EJuWopPrUgilqr2vdKqKXSzXBCoMiN5oS4aCXZ Me5BFp+wNpAJLVDeFKamZz5JwNzshiq7TqNfTPuLycHWAkkgBPDQPWhorpfAoEjxzrXK 3ahg== X-Gm-Message-State: AOJu0YxDB0hnpg5vT8S6Z8AmEgEdT9CnuKMuYLdMyc5fydD/oKRK9CWz ZDjaKw0jkkWGUH9PmJIl70RIXvW5hxF6VNn6PPEmm60Ph2xg20j6XeidTYewjX/UsBz3hQ== X-Google-Smtp-Source: AGHT+IHM9GIsIo8y1dnzlKk7Xx2DlCLZmKykLs6qNYY4xKYXJECTRHIGBMoCjf8cYzAXCpVkcIGoujOF X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a81:b720:0:b0:609:3a1f:e852 with SMTP id v32-20020a81b720000000b006093a1fe852mr1948331ywh.2.1709551239364; Mon, 04 Mar 2024 03:20:39 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:47 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=10082; i=ardb@kernel.org; h=from:subject; bh=94ckf9ZcKLXEkniML2q2Y3R7jH1pA+me1d1VmFQ4DfQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpumDPhuAVy9idbGs/XxQ0+J+0wXxNVfDmkobGbXO/8 Ie1aIV2lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIkUOjP8j2BaUneBlbv8x5/3 cxKCDPPLGBY6Hdyx0GTv9nsWigdNXzEyzA1VYuZdkHPlWXs0a9hJ247JV+cXX/vs+GxjxqUrCx9 KsgIA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-29-ardb+git@google.com> Subject: [PATCH stable-v6.1 09/18] x86/efistub: Perform 4/5 level paging switch from the stub From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , "Kirill A . Shutemov" From: Ard Biesheuvel [ Commit cb380000dd23cbbf8bd7d023b51896804c1f7e68 upstream ] In preparation for updating the EFI stub boot flow to avoid the bare metal decompressor code altogether, implement the support code for switching between 4 and 5 levels of paging before jumping to the kernel proper. This reuses the newly refactored trampoline that the bare metal decompressor uses, but relies on EFI APIs to allocate 32-bit addressable memory and remap it with the appropriate permissions. Given that the bare metal decompressor will no longer call into the trampoline if the number of paging levels is already set correctly, it is no longer needed to remove NX restrictions from the memory range where this trampoline may end up. Acked-by: Kirill A. Shutemov Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/efi-stub-helper.c | 2 + drivers/firmware/efi/libstub/efistub.h | 1 + drivers/firmware/efi/libstub/x86-5lvl.c | 95 ++++++++++++++++++++ drivers/firmware/efi/libstub/x86-stub.c | 40 +++------ drivers/firmware/efi/libstub/x86-stub.h | 17 ++++ 6 files changed, 130 insertions(+), 26 deletions(-) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index b6e1dcb98a64..473ef18421db 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -84,6 +84,7 @@ lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o string.o intrinsics.o systable.o lib-$(CONFIG_ARM) += arm32-stub.o lib-$(CONFIG_ARM64) += arm64-stub.o smbios.o lib-$(CONFIG_X86) += x86-stub.o +lib-$(CONFIG_X86_64) += x86-5lvl.o lib-$(CONFIG_RISCV) += riscv-stub.o lib-$(CONFIG_LOONGARCH) += loongarch-stub.o diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 3d9b2469a0df..97744822dd95 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -216,6 +216,8 @@ efi_status_t efi_parse_options(char const *cmdline) efi_loglevel = CONSOLE_LOGLEVEL_QUIET; } else if (!strcmp(param, "noinitrd")) { efi_noinitrd = true; + } else if (IS_ENABLED(CONFIG_X86_64) && !strcmp(param, "no5lvl")) { + efi_no5lvl = true; } else if (!strcmp(param, "efi") && val) { efi_nochunk = parse_option_str(val, "nochunk"); efi_novamap |= parse_option_str(val, "novamap"); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 8a343ea1231a..4b4055877f3d 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -33,6 +33,7 @@ #define EFI_ALLOC_LIMIT ULONG_MAX #endif +extern bool efi_no5lvl; extern bool efi_nochunk; extern bool efi_nokaslr; extern int efi_loglevel; diff --git a/drivers/firmware/efi/libstub/x86-5lvl.c b/drivers/firmware/efi/libstub/x86-5lvl.c new file mode 100644 index 000000000000..479dd445acdc --- /dev/null +++ b/drivers/firmware/efi/libstub/x86-5lvl.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include + +#include +#include +#include + +#include "efistub.h" +#include "x86-stub.h" + +bool efi_no5lvl; + +static void (*la57_toggle)(void *cr3); + +static const struct desc_struct gdt[] = { + [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff), + [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff), +}; + +/* + * Enabling (or disabling) 5 level paging is tricky, because it can only be + * done from 32-bit mode with paging disabled. This means not only that the + * code itself must be running from 32-bit addressable physical memory, but + * also that the root page table must be 32-bit addressable, as programming + * a 64-bit value into CR3 when running in 32-bit mode is not supported. + */ +efi_status_t efi_setup_5level_paging(void) +{ + u8 tmpl_size = (u8 *)&trampoline_ljmp_imm_offset - (u8 *)&trampoline_32bit_src; + efi_status_t status; + u8 *la57_code; + + if (!efi_is_64bit()) + return EFI_SUCCESS; + + /* check for 5 level paging support */ + if (native_cpuid_eax(0) < 7 || + !(native_cpuid_ecx(7) & (1 << (X86_FEATURE_LA57 & 31)))) + return EFI_SUCCESS; + + /* allocate some 32-bit addressable memory for code and a page table */ + status = efi_allocate_pages(2 * PAGE_SIZE, (unsigned long *)&la57_code, + U32_MAX); + if (status != EFI_SUCCESS) + return status; + + la57_toggle = memcpy(la57_code, trampoline_32bit_src, tmpl_size); + memset(la57_code + tmpl_size, 0x90, PAGE_SIZE - tmpl_size); + + /* + * To avoid the need to allocate a 32-bit addressable stack, the + * trampoline uses a LJMP instruction to switch back to long mode. + * LJMP takes an absolute destination address, which needs to be + * fixed up at runtime. + */ + *(u32 *)&la57_code[trampoline_ljmp_imm_offset] += (unsigned long)la57_code; + + efi_adjust_memory_range_protection((unsigned long)la57_toggle, PAGE_SIZE); + + return EFI_SUCCESS; +} + +void efi_5level_switch(void) +{ + bool want_la57 = IS_ENABLED(CONFIG_X86_5LEVEL) && !efi_no5lvl; + bool have_la57 = native_read_cr4() & X86_CR4_LA57; + bool need_toggle = want_la57 ^ have_la57; + u64 *pgt = (void *)la57_toggle + PAGE_SIZE; + u64 *cr3 = (u64 *)__native_read_cr3(); + u64 *new_cr3; + + if (!la57_toggle || !need_toggle) + return; + + if (!have_la57) { + /* + * 5 level paging will be enabled, so a root level page needs + * to be allocated from the 32-bit addressable physical region, + * with its first entry referring to the existing hierarchy. + */ + new_cr3 = memset(pgt, 0, PAGE_SIZE); + new_cr3[0] = (u64)cr3 | _PAGE_TABLE_NOENC; + } else { + /* take the new root table pointer from the current entry #0 */ + new_cr3 = (u64 *)(cr3[0] & PAGE_MASK); + + /* copy the new root table if it is not 32-bit addressable */ + if ((u64)new_cr3 > U32_MAX) + new_cr3 = memcpy(pgt, new_cr3, PAGE_SIZE); + } + + native_load_gdt(&(struct desc_ptr){ sizeof(gdt) - 1, (u64)gdt }); + + la57_toggle(new_cr3); +} diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 764bac6b58f9..adaddd38d97d 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -17,6 +17,7 @@ #include #include "efistub.h" +#include "x86-stub.h" /* Maximum physical address for 64-bit kernel with 4-level paging */ #define MAXMEM_X86_64_4LEVEL (1ull << 46) @@ -212,8 +213,8 @@ static void retrieve_apple_device_properties(struct boot_params *boot_params) } } -static void -adjust_memory_range_protection(unsigned long start, unsigned long size) +void efi_adjust_memory_range_protection(unsigned long start, + unsigned long size) { efi_status_t status; efi_gcd_memory_space_desc_t desc; @@ -267,35 +268,14 @@ adjust_memory_range_protection(unsigned long start, unsigned long size) } } -/* - * Trampoline takes 2 pages and can be loaded in first megabyte of memory - * with its end placed between 128k and 640k where BIOS might start. - * (see arch/x86/boot/compressed/pgtable_64.c) - * - * We cannot find exact trampoline placement since memory map - * can be modified by UEFI, and it can alter the computed address. - */ - -#define TRAMPOLINE_PLACEMENT_BASE ((128 - 8)*1024) -#define TRAMPOLINE_PLACEMENT_SIZE (640*1024 - (128 - 8)*1024) - extern const u8 startup_32[], startup_64[]; static void setup_memory_protection(unsigned long image_base, unsigned long image_size) { - /* - * Allow execution of possible trampoline used - * for switching between 4- and 5-level page tables - * and relocated kernel image. - */ - - adjust_memory_range_protection(TRAMPOLINE_PLACEMENT_BASE, - TRAMPOLINE_PLACEMENT_SIZE); - #ifdef CONFIG_64BIT if (image_base != (unsigned long)startup_32) - adjust_memory_range_protection(image_base, image_size); + efi_adjust_memory_range_protection(image_base, image_size); #else /* * Clear protection flags on a whole range of possible @@ -305,8 +285,8 @@ setup_memory_protection(unsigned long image_base, unsigned long image_size) * need to remove possible protection on relocated image * itself disregarding further relocations. */ - adjust_memory_range_protection(LOAD_PHYSICAL_ADDR, - KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR); + efi_adjust_memory_range_protection(LOAD_PHYSICAL_ADDR, + KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR); #endif } @@ -796,6 +776,12 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_dxe_table = NULL; } + status = efi_setup_5level_paging(); + if (status != EFI_SUCCESS) { + efi_err("efi_setup_5level_paging() failed!\n"); + goto fail; + } + /* * If the kernel isn't already loaded at a suitable address, * relocate it. @@ -914,6 +900,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle, goto fail; } + efi_5level_switch(); + if (IS_ENABLED(CONFIG_X86_64)) bzimage_addr += startup_64 - startup_32; diff --git a/drivers/firmware/efi/libstub/x86-stub.h b/drivers/firmware/efi/libstub/x86-stub.h new file mode 100644 index 000000000000..37c5a36b9d8c --- /dev/null +++ b/drivers/firmware/efi/libstub/x86-stub.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include + +extern void trampoline_32bit_src(void *, bool); +extern const u16 trampoline_ljmp_imm_offset; + +void efi_adjust_memory_range_protection(unsigned long start, + unsigned long size); + +#ifdef CONFIG_X86_64 +efi_status_t efi_setup_5level_paging(void); +void efi_5level_switch(void); +#else +static inline efi_status_t efi_setup_5level_paging(void) { return EFI_SUCCESS; } +static inline void efi_5level_switch(void) {} +#endif From patchwork Mon Mar 4 11:19:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777809 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B28F39FDC for ; Mon, 4 Mar 2024 11:20:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551244; cv=none; b=qTGfnxggH37eGVqEGkEO9G+/oXdbciTKg8Np6Q8pgCx5woawauIUuz/cnKz6KQbwR1yVrzAQh7zkUOlqt90JFSrXtB3MF0BYefhbZ5Gkggt4ESH/tpnZ43YY/rDmupnftsR5gfprGUo7sEa8w/HnKY6zw1ulA1d2ZlOLKYumzK8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551244; c=relaxed/simple; bh=9v4Efw2z8SB3Tc4ArfJlBWi1Eg90T646DeIvlN39qmc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pP4jepHMIPbFdBN1mM0BRSCMz4vkgZZweMM0x/8jzOJ/IhgXyLbwQU00x5DSFeyNjHel/nW0BdopQajKdaeStRUIVwaekTnIeOtMNVih0dGzVK+urCqk+0+E0NvifT/q+azHf2WehuVGuwYzsnpVn9EDHWLYrF/qKq7yvkW6K8w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=c72v3JVb; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="c72v3JVb" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6092bf785d7so80509047b3.0 for ; Mon, 04 Mar 2024 03:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551242; x=1710156042; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gLgfIvqok1SsDmyZ/SdqBU3eBRlX3u5Je2bvoxghFv0=; b=c72v3JVbXZpKLkd/zWec7ghBqMcubYncruI3uICdjDXNcokR18HjVbA7EKzff1az/7 +7mkHvwx6ZN0FcmdWDPPNZoYQzFSQ+0cg7B772G4kHly7KCnQjxEwhPHWL1dsLbx2Xmw /7s5pOfKN8kKXTuh+lLcru3OYalShkwJn533XiJhtB8VWFCnqPdYCbqyPbsMZspwntW0 ri2xTiIA4Dmz9JMMyiS18CkZ7e1RJYkBAxmLQFpGzchLG3mWhchZ3WX3W9IX+8nM3iVv VWqR/G2iJXCmAFoRE4znu88yFWmF/nqsjc6JQmfHzQu0HuNYIe8SvUUT4e9XVvUKuzsA TkeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551242; x=1710156042; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gLgfIvqok1SsDmyZ/SdqBU3eBRlX3u5Je2bvoxghFv0=; b=sKJCp5efNT+vMdEl03vukgnIINiqqusWIJL/LJXnNiUNsYBnos8NwZ8dWFzpNiX2aK 8vKXcIYRqEy1f7KM5q2f5kuDfZJQtKr6a0c+WvRiGTe5BcQZxJkV5NQdjIICtGUmokgQ 4WJdqlOaZKwrnpYFzN2mZ1cAKZS5tRsX15sEfTvYzrjWoqDrx5yZHDCHfacIGxACeDTe caFO6/Rt8TMUSTckIxsSiawq5e/1qMIuiNlnNooYQ3RKLcyBWQ0MiSJcjjR9jyHZZruq uG50ewpcx7kzTKWLIPG7Ejz1LBzUbyd595Oy1PnVfG9Jid8IEPoSXVpov5edzDTky7UK lpiQ== X-Gm-Message-State: AOJu0YyG2wrKktBYpDF8j7x41im/9TT741xjBWvYVMYHtvjitEq8iizt ecDpqOFqJKbZdiJfaV58fLZrBsi1UclhIEbfCH90gagvbsp96mq+UWx3HSaFN0ne828zvQ== X-Google-Smtp-Source: AGHT+IFasKJ6Z68qaeCaukFCF6DRkwqJkno3BBevyuI5tKr5w/FKowjXFh+E9j4Hv6vnekr3UMfzrJFg X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:3504:b0:608:769c:d72a with SMTP id fq4-20020a05690c350400b00608769cd72amr2772758ywb.5.1709551241815; Mon, 04 Mar 2024 03:20:41 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:48 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3205; i=ardb@kernel.org; h=from:subject; bh=vBybC5CFAcbRqTd0/RmU7gK/sMqPpIdkZgsnDcKzfeU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuhBBr7k9u+JWHX1y92+4HsehzQu3TnpyUsLzV7Z7d eXPKNGqjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR1DUM/3TC8uwntNzP2nS9 YXmoxeKauXpL785a/mXymtDJWvf2/3Vj+Cu5JuePQkNBrvt7lZbwwBubtTg5pF6LBKTbMcxp8ns xjQsA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-30-ardb+git@google.com> Subject: [PATCH stable-v6.1 10/18] x86/decompressor: Factor out kernel decompression and relocation From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit 83381519352d6b5b3e429bf72aaab907480cb6b6 upstream ] Factor out the decompressor sequence that invokes the decompressor, parses the ELF and applies the relocations so that it can be called directly from the EFI stub. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-21-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/misc.c | 29 ++++++++++++++++---- arch/x86/include/asm/boot.h | 8 ++++++ 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index e4e3e49fcc37..fb55ac18af6f 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -330,11 +330,33 @@ static size_t parse_elf(void *output) return ehdr.e_entry - LOAD_PHYSICAL_ADDR; } +const unsigned long kernel_total_size = VO__end - VO__text; + static u8 boot_heap[BOOT_HEAP_SIZE] __aligned(4); extern unsigned char input_data[]; extern unsigned int input_len, output_len; +unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_addr, + void (*error)(char *x)) +{ + unsigned long entry; + + if (!free_mem_ptr) { + free_mem_ptr = (unsigned long)boot_heap; + free_mem_end_ptr = (unsigned long)boot_heap + sizeof(boot_heap); + } + + if (__decompress(input_data, input_len, NULL, NULL, outbuf, output_len, + NULL, error) < 0) + return ULONG_MAX; + + entry = parse_elf(outbuf); + handle_relocations(outbuf, output_len, virt_addr); + + return entry; +} + /* * The compressed kernel image (ZO), has been moved so that its position * is against the end of the buffer used to hold the uncompressed kernel @@ -354,7 +376,6 @@ extern unsigned int input_len, output_len; */ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) { - const unsigned long kernel_total_size = VO__end - VO__text; unsigned long virt_addr = LOAD_PHYSICAL_ADDR; memptr heap = (memptr)boot_heap; unsigned long needed_size; @@ -457,10 +478,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) #endif debug_putstr("\nDecompressing Linux... "); - __decompress(input_data, input_len, NULL, NULL, output, output_len, - NULL, error); - entry_offset = parse_elf(output); - handle_relocations(output, output_len, virt_addr); + + entry_offset = decompress_kernel(output, virt_addr, error); debug_putstr("done.\nBooting the kernel (entry_offset: 0x"); debug_puthex(entry_offset); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 215d37f7dde8..b3a7cfb0d99e 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -79,4 +79,12 @@ # define BOOT_STACK_SIZE 0x1000 #endif +#ifndef __ASSEMBLY__ +extern unsigned int output_len; +extern const unsigned long kernel_total_size; + +unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_addr, + void (*error)(char *x)); +#endif + #endif /* _ASM_X86_BOOT_H */ From patchwork Mon Mar 4 11:19:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778949 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C10937157 for ; Mon, 4 Mar 2024 11:20:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551247; cv=none; b=n6yjE2HFh43LsjYhLI1TG9xuJigHE05Fsqwbd6QpZ29A9TWViOwgrazsVOODyWtu0QyTbS7uWHZjnnxlPLRKpelhln4YDR7jYyRXAWXdFMOVhSHRGaIMW1REkla82AZKTfpsGEWRvsPN144x1unOgWLU0iDgjrbxWI/JAa931Js= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551247; c=relaxed/simple; bh=2YRqf7C7z8liqqmWEbngC2mjZ4UbBAhViA0W1TkZKn0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r80nOgF6J76mq6ZkFYZxgDYHd43s6yDX0M08u1+K8lXk2ni5J/7m8U6Q7xwW56UvU5t27DkHUnDB0wa92DRMRsE7E0pigecVjBI8bklBQd4MCCCec1m25DleuO0XybUqlZMZAoecbZF3UKPbVRIuKqlE7rBScRnWTwMspp9dRSE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3eYZKraX; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3eYZKraX" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-412c9e3c9b9so13390455e9.0 for ; Mon, 04 Mar 2024 03:20:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551244; x=1710156044; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=h+mDWGDNfb7c6RNZ5sMw7NZUyybd0XgmzdynTa9PTho=; b=3eYZKraXR1YpJWh7gc0FDbaZ30mk5a5qwdcl4YiwRpmaxld5dYsiwprgM/YEJkiTv8 1W264Uf1julcWeU7S3bh9Pm3hhjMH0roBqBlC1K41ddATO8sgOIH1UzmsfMa24HvEpjB Ig0K86GXr+j24Br+npuPVATrqlWcK5mC4SVhXngASpspthgBjKeCS+HY4uFnoGl1Wx99 dS6+nvPfi9q/dab/wmldO1pJJTfBSOgAiSVnYnN8+vhUUk1cUbuu25c2Dea37FFIkd+E OoN3CW0WIvauc1rEcdHvjpo19XuUc5RJ1ff0i1hqdj0+eJQXNCvE5Z0Z4+4gA2tGBVuS UX4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551244; x=1710156044; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=h+mDWGDNfb7c6RNZ5sMw7NZUyybd0XgmzdynTa9PTho=; b=cg+y5MY6MBSDRsoaPDbjcncR/dpxN+QvLtZleho7vGsMELE6inVQoNtaIwCIQ6yhV2 1nT5FuodE1aHJJJqD0Pm+aVzu4hAQaRmgj00n3FXFMv1E3Lkj1zkw5Z212ywOcXcFr3V D+4Ya25eadSiF7uGHwjR1CG96vF4YOgeE7AbXVNXiZzElwYed41FMCSZgVY7BeqAAJ4y f//sZiAfFL6yuybb77o/ipawBoxXrO3zPJbZ/pmPO2g7dbPMzlBCCKlcRxczeTPr7z6U Rj/KMWEboDj6lHImjOZBy3ahQP5IvkFJczVg97jAveRwpWY6qOY1fFnSdGC3F5QxBp7Q Bbng== X-Gm-Message-State: AOJu0Yy8INFREhSrgTkwiB0o+Q3oxA3/VpwYGIe3+uyLj2USTwxHaX/P OcnmWZd0to5Ph3ddthHEuYjVUXmVkGEZ6zAmKO/KuGDSYz4/UtngYeO6mB7XHPBUT86qFQ== X-Google-Smtp-Source: AGHT+IFHvnkqE+udJAl+Z7DWwseV2RuAWWKME5rPAqMPXaoEvR5I7YVSSsS2AsF67NWjx1vt5sGImlUK X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:21d1:b0:412:e55e:290a with SMTP id x17-20020a05600c21d100b00412e55e290amr42899wmj.1.1709551244062; Mon, 04 Mar 2024 03:20:44 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:49 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3560; i=ardb@kernel.org; h=from:subject; bh=l1viORQ4TuoNJ3blqVcyO9JUifcv9cebCbX/oNGqapc=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpulDP/zcts/iidfm3B97Z8/2Q5vz2c99WSlsvtgoWi 5f5souvo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwkZyHD/yoPzSsB2/4fUDJt Ppk/Yc+TqLNbJux4FP32wYvJ1ep3v4QyMny63q+54EpQe+mOfyx+crEm2z29S3qehVXOvVyzXT7 1Gz8A X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-31-ardb+git@google.com> Subject: [PATCH stable-v6.1 11/18] x86/efistub: Prefer EFI memory attributes protocol over DXE services From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit 11078876b7a6a1b7226344fecab968945c806832 upstream ] Currently, the EFI stub relies on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-18-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index adaddd38d97d..01af018b9315 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) @@ -222,12 +223,18 @@ void efi_adjust_memory_range_protection(unsigned long start, unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -758,6 +765,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -769,13 +777,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n"); From patchwork Mon Mar 4 11:19:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777808 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E00238DE6 for ; Mon, 4 Mar 2024 11:20:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551248; cv=none; b=byzWeJEI4jN40shY/jm7f7g09IXOSuEK3ocT1QkYPT7odyT1LDDGrU1YO5bmnd3NKt9LVtSFzcVYJUq8ixev4Q+Bxs4CZmIubHakJTbAtsM69/yEILVvBoTAfHsqklWM806WoWslLJPoAGIlFVq4Uj0frv23L7F6WonGW1vT00E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551248; c=relaxed/simple; bh=MPjG+81at1ckc7jlgy4H92kTOlHwGNwT7cArqw8ofCk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AA2KalLW5PHSgQS/nzfmsXawSa3jMxG+oTPDWViVnOjtp4GChhJwfh+yoRxziiOiwcqDA6JumjvGL85BEMLBNBjtkOcldJx4v2JakzkmG/WShQzX9mOped0JdbLXvaMODm7KlqDRVm1lN+61b/CWUONCsjfHzeuSY7G3p4xi3Bw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BhTKS5LJ; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BhTKS5LJ" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-608852fc324so62681967b3.2 for ; Mon, 04 Mar 2024 03:20:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551246; x=1710156046; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mQEOl+zFHutZjuVUfqmQ3HrmxCFhMCilSMNU7sG1cos=; b=BhTKS5LJTG/58px8rU6SlUhsyLCHs5qYA/AeMry5Ilf+1elNuTQQ/9BnPdaiBjfUCO QdhpCdm4PQA6m4SMz0W4SbfL2vyJBw2mBrrC5GTkaxyofd/ief+04SM51Y2eR5ngtTVp KJwYEaygEgO7HJa/pt/4DbKZdteZgOBZIKT7woE5Qd2TgZJ+ocMqAQ81J/cSZV41sXyV srs4Uaspom5pPlrkCccdvMJxCrCuk7+zmn1LzctxR+4koFcP7eQUcEWNq5x3z2A7fOX6 uFUrmw5dO+tGhS1Vpu/st1kdy9ZFKYwDAyUF4i+zEofwyBQONf9//fyNcb45t2s5bc/o eeYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551246; x=1710156046; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mQEOl+zFHutZjuVUfqmQ3HrmxCFhMCilSMNU7sG1cos=; b=PkZ3DjuGZ0IAmhGwrz9nKiVS7L4rLW24iTYlGS54MYl+Q4EyNqrznfeQfcI+it6/gN 3UntJvQd9nzCSaQbQYpHVsOh/mzIV+herC7Yp61ya7tJt+TYEWjx03FurG63fSmRy374 YMgWi0g32gzDUJ3m0aluy9OHA3113EovfEoyPIVpVjeGkWFCH2xXlRB+8rQFvxddxMwI A864lNQBKmrK2MADDyXchUUPqdl2rjAaKCeL7Lw3HPRu0lMRQN4oAKvV8i353blRIw45 VIIN6EBsZ/OerLGkWSSnW4/z4tBACDnLXAdpxPEDHIgvJ8vMcn3kQP7ZEuzDCm7tr7jZ cOqA== X-Gm-Message-State: AOJu0YyRKgdrfZqutjFLC8b4yAZEjVQn3hLUOQblr2O8jUSXTnCGL0iw okNuDQlPnpKZVDEBla0l2pCAn/fhJiRnK1qO9d7qY/B4LwkKLmRuzqsMoJGgeWi/+q4E9g== X-Google-Smtp-Source: AGHT+IFGB6giO5Ze4dV9T1NHIdN/QLerdM5tPY4C7V4SF7DAhcR55OWFVMPbQeMhnNQkJe2VDWHIsumx X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:110a:b0:dbd:b165:441 with SMTP id o10-20020a056902110a00b00dbdb1650441mr2270477ybu.0.1709551246410; Mon, 04 Mar 2024 03:20:46 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:50 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=8077; i=ardb@kernel.org; h=from:subject; bh=Cz4GkNTDeebiqFwn4gZLKTQjPsXyvhZTNZmHVYzdE48=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpurASmwWLeeybzyceVWrk8JlUMelr13qVWdPUFB0WH L7z4VdaRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIziyGv2L/58v+vsfD/cqd M+3IzcMh7WVcK4xbHjx+6zl/Spp3SxjDX/EqRm/n2cYWOpN11wTs2n9e3Tj+3zWz7ownK066dEQ IMgIA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-32-ardb+git@google.com> Subject: [PATCH stable-v6.1 12/18] x86/efistub: Perform SNP feature test while running in the firmware From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit 31c77a50992e8dd136feed7b67073bb5f1f978cc upstream ] Before refactoring the EFI stub boot flow to avoid the legacy bare metal decompressor, duplicate the SNP feature check in the EFI stub before handing over to the kernel proper. The SNP feature check can be performed while running under the EFI boot services, which means it can force the boot to fail gracefully and return an error to the bootloader if the loaded kernel does not implement support for all the features that the hypervisor enabled. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-23-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/sev.c | 112 ++++++++++++-------- arch/x86/include/asm/sev.h | 5 + drivers/firmware/efi/libstub/x86-stub.c | 17 +++ 3 files changed, 88 insertions(+), 46 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 9c91cc40f456..8b21c57bc470 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -327,20 +327,25 @@ static void enforce_vmpl0(void) */ #define SNP_FEATURES_PRESENT (0) +u64 snp_get_unsupported_features(u64 status) +{ + if (!(status & MSR_AMD64_SEV_SNP_ENABLED)) + return 0; + + return status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT; +} + void snp_check_features(void) { u64 unsupported; - if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) - return; - /* * Terminate the boot if hypervisor has enabled any feature lacking * guest side implementation. Pass on the unsupported features mask through * EXIT_INFO_2 of the GHCB protocol so that those features can be reported * as part of the guest boot failure. */ - unsupported = sev_status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT; + unsupported = snp_get_unsupported_features(sev_status); if (unsupported) { if (ghcb_version < 2 || (!boot_ghcb && !early_setup_ghcb())) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); @@ -350,35 +355,22 @@ void snp_check_features(void) } } -void sev_enable(struct boot_params *bp) +/* + * sev_check_cpu_support - Check for SEV support in the CPU capabilities + * + * Returns < 0 if SEV is not supported, otherwise the position of the + * encryption bit in the page table descriptors. + */ +static int sev_check_cpu_support(void) { unsigned int eax, ebx, ecx, edx; - struct msr m; - bool snp; - - /* - * bp->cc_blob_address should only be set by boot/compressed kernel. - * Initialize it to 0 to ensure that uninitialized values from - * buggy bootloaders aren't propagated. - */ - if (bp) - bp->cc_blob_address = 0; - - /* - * Do an initial SEV capability check before snp_init() which - * loads the CPUID page and the same checks afterwards are done - * without the hypervisor and are trustworthy. - * - * If the HV fakes SEV support, the guest will crash'n'burn - * which is good enough. - */ /* Check for the SME/SEV support leaf */ eax = 0x80000000; ecx = 0; native_cpuid(&eax, &ebx, &ecx, &edx); if (eax < 0x8000001f) - return; + return -ENODEV; /* * Check for the SME/SEV feature: @@ -393,6 +385,35 @@ void sev_enable(struct boot_params *bp) native_cpuid(&eax, &ebx, &ecx, &edx); /* Check whether SEV is supported */ if (!(eax & BIT(1))) + return -ENODEV; + + return ebx & 0x3f; +} + +void sev_enable(struct boot_params *bp) +{ + struct msr m; + int bitpos; + bool snp; + + /* + * bp->cc_blob_address should only be set by boot/compressed kernel. + * Initialize it to 0 to ensure that uninitialized values from + * buggy bootloaders aren't propagated. + */ + if (bp) + bp->cc_blob_address = 0; + + /* + * Do an initial SEV capability check before snp_init() which + * loads the CPUID page and the same checks afterwards are done + * without the hypervisor and are trustworthy. + * + * If the HV fakes SEV support, the guest will crash'n'burn + * which is good enough. + */ + + if (sev_check_cpu_support() < 0) return; /* @@ -403,26 +424,8 @@ void sev_enable(struct boot_params *bp) /* Now repeat the checks with the SNP CPUID table. */ - /* Recheck the SME/SEV support leaf */ - eax = 0x80000000; - ecx = 0; - native_cpuid(&eax, &ebx, &ecx, &edx); - if (eax < 0x8000001f) - return; - - /* - * Recheck for the SME/SEV feature: - * CPUID Fn8000_001F[EAX] - * - Bit 0 - Secure Memory Encryption support - * - Bit 1 - Secure Encrypted Virtualization support - * CPUID Fn8000_001F[EBX] - * - Bits 5:0 - Pagetable bit position used to indicate encryption - */ - eax = 0x8000001f; - ecx = 0; - native_cpuid(&eax, &ebx, &ecx, &edx); - /* Check whether SEV is supported */ - if (!(eax & BIT(1))) { + bitpos = sev_check_cpu_support(); + if (bitpos < 0) { if (snp) error("SEV-SNP support indicated by CC blob, but not CPUID."); return; @@ -454,7 +457,24 @@ void sev_enable(struct boot_params *bp) if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) error("SEV-SNP supported indicated by CC blob, but not SEV status MSR."); - sme_me_mask = BIT_ULL(ebx & 0x3f); + sme_me_mask = BIT_ULL(bitpos); +} + +/* + * sev_get_status - Retrieve the SEV status mask + * + * Returns 0 if the CPU is not SEV capable, otherwise the value of the + * AMD64_SEV MSR. + */ +u64 sev_get_status(void) +{ + struct msr m; + + if (sev_check_cpu_support() < 0) + return 0; + + boot_rdmsr(MSR_AMD64_SEV, &m); + return m.q; } /* Search for Confidential Computing blob in the EFI config table. */ diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 7ca5c9ec8b52..e231638ba19a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -202,6 +202,8 @@ void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); +u64 snp_get_unsupported_features(u64 status); +u64 sev_get_status(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -225,6 +227,9 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in { return -ENOTTY; } + +static inline u64 snp_get_unsupported_features(u64 status) { return 0; } +static inline u64 sev_get_status(void) { return 0; } #endif #endif diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 01af018b9315..8d3ce383bcbb 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "efistub.h" #include "x86-stub.h" @@ -747,6 +748,19 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle) return EFI_SUCCESS; } +static bool have_unsupported_snp_features(void) +{ + u64 unsupported; + + unsupported = snp_get_unsupported_features(sev_get_status()); + if (unsupported) { + efi_err("Unsupported SEV-SNP features detected: 0x%llx\n", + unsupported); + return true; + } + return false; +} + static void __noreturn enter_kernel(unsigned long kernel_addr, struct boot_params *boot_params) { @@ -777,6 +791,9 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); + if (have_unsupported_snp_features()) + efi_exit(handle, EFI_UNSUPPORTED); + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); if (efi_dxe_table && From patchwork Mon Mar 4 11:19:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778948 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFA7038DE6 for ; Mon, 4 Mar 2024 11:20:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551251; cv=none; b=DPyOyKMe1Uaewwll7dXMs24OitLCVTrsHlHU045J94otqxHVLye5FwPqnU70iBtIN0jShug5vi80q1RAYBNTQxZB/DhZs44Ro+Hs4DztDshsHWySNR+MaczZaPyc8Pm5CroLqQgaUS7ZwbInW0lHFq5tp07+uZo14nxjpllx7A8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551251; c=relaxed/simple; bh=1hnt7HmBmSM6MEyPU6x43sYmUBDHIfgNeOo2zLyk2xg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DSKHDkKQ750kflKQXNq1IY43o3Elc9xkwtbSxbNzNvdgRmbQp/sG3gK8y1Rv2+N/fEz5D81Qt8ylQG2b8YWJqIC0C6GU3NM30nxZ5jHLHm1L8I/H4tKF7lpnd41FzlJ3DUMR5++5t+6MdOM3ILs01yHwSwIsEkrJ9i4cc62oiuw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iEYbMluU; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iEYbMluU" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dcc58cddb50so7447278276.0 for ; Mon, 04 Mar 2024 03:20:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551249; x=1710156049; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Pt9KXbPdYtpSNAoxQGZeBkZRIgyEiTvsrae5R+y6R40=; b=iEYbMluUxUoNKOfHxyUB7wcKYGeyAcAF3rrRXNK6D0Jq+/iTGsHfKIcy96Mnbw9Kq7 F6Oe9r4FVGJEtvDwoSTyoCjyEPNUK7UNviyMmRMNyiDLgp+1qmUtQCpv8ijzgOlMwrzQ lDYDW11Of5m1EnAJqi4PS479n0/XvrcN1f9Z/4+8hX6QEysChOaO5KE12beoNGj82mpo hY7SkLPBGssTRh3ma3fZkvbCiPFcnor5BdYIsrL2ulR/3Xd+dHhpHC08fUYUeVHMiixY eoNvZWsD5bx0cIyA8Lw20/iDV8i8TWp7/0bTxYaJpQZDPGpYLuqOFf8aMgrKlgYdRZNc 5NVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551249; x=1710156049; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Pt9KXbPdYtpSNAoxQGZeBkZRIgyEiTvsrae5R+y6R40=; b=swEj77zLfKCUZgXBi207en04mQ412/AQu8/+lSnEY7BrxzxfH5oLCcWg6ooHQW/6y1 fElqgAP1VYPwAMB70R4VKx22791Dn85V2ZmtN7h+1dNmYQ7P0RzAQq3gTNl16qXf9dXZ bgP+s1exf8Wx1xbEjRsH/j7rauu03LuCviYOcbObyHeEjOBWw5o01+NvGYZKsfVeeDVz 04S7BQZJ7gsWNgItXhkrRz26DlPFobD7bGc28VYoSDBaW9ZODUxmoIw5dW9m3AE9+9tY hFFq+SAI+BnhbN1cOIM6YZ0HQKWpuuDby2ZIf/xxBaOGLVHBtTrj9qWJyZFIEz3rjw6I et+w== X-Gm-Message-State: AOJu0YyPdUBMfC7mBjSmlx8Ak9R+7dWFdELNjhbefPgIV/fDBWg1/PSI B0Ngb9d5hu8rSFB6xL5KH5XNTo6XFlhfDER8e3R/ee7MwCceE1REkajIMZ6w+CMIvFJbpQ== X-Google-Smtp-Source: AGHT+IGvUyYjSTPamb+WoPFj8AvLmkNJBIOFe2Cq6mO+qGK5XbGO3645/V13Yd+ZsgkAX+mTHxnOWTD7 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:1004:b0:dc2:3441:897f with SMTP id w4-20020a056902100400b00dc23441897fmr2257433ybt.6.1709551248832; Mon, 04 Mar 2024 03:20:48 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:51 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=19492; i=ardb@kernel.org; h=from:subject; bh=SxF88NmdyFvphtD4aIT5NZNOTXhvVzBIS7v+e9ZS6/I=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuogPSYan5LTMz6/xWj4hK6NibY3FsvRNa8s7DDxtY iWy/cw7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwERCZRj+BzWX3s62q4n4P/O9 fOv3rlfvpOetnrStRiBG7J3ftd6FxowMfRmcE64yG4dqJ0V5Tb4n8sxmldrVMytFKlO9Tl06crO VGQA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-33-ardb+git@google.com> Subject: [PATCH stable-v6.1 13/18] x86/efistub: Avoid legacy decompressor when doing EFI boot From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Borislav Petkov From: Ard Biesheuvel [ Commit a1b87d54f4e45ff5e0d081fb1d9db3bf1a8fb39a upstream ] The bare metal decompressor code was never really intended to run in a hosted environment such as the EFI boot services, and does a few things that are becoming problematic in the context of EFI boot now that the logo requirements are getting tighter: EFI executables will no longer be allowed to consist of a single executable section that is mapped with read, write and execute permissions if they are intended for use in a context where Secure Boot is enabled (and where Microsoft's set of certificates is used, i.e., every x86 PC built to run Windows). To avoid stepping on reserved memory before having inspected the E820 tables, and to ensure the correct placement when running a kernel build that is non-relocatable, the bare metal decompressor moves its own executable image to the end of the allocation that was reserved for it, in order to perform the decompression in place. This means the region in question requires both write and execute permissions, which either need to be given upfront (which EFI will no longer permit), or need to be applied on demand using the existing page fault handling framework. However, the physical placement of the kernel is usually randomized anyway, and even if it isn't, a dedicated decompression output buffer can be allocated anywhere in memory using EFI APIs when still running in the boot services, given that EFI support already implies a relocatable kernel. This means that decompression in place is never necessary, nor is moving the compressed image from one end to the other. Since EFI already maps all of memory 1:1, it is also unnecessary to create new page tables or handle page faults when decompressing the kernel. That means there is also no need to replace the special exception handlers for SEV. Generally, there is little need to do any of the things that the decompressor does beyond - initialize SEV encryption, if needed, - perform the 4/5 level paging switch, if needed, - decompress the kernel - relocate the kernel So do all of this from the EFI stub code, and avoid the bare metal decompressor altogether. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230807162720.545787-24-ardb@kernel.org Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 5 + arch/x86/boot/compressed/efi_mixed.S | 55 ------- arch/x86/boot/compressed/head_32.S | 13 -- arch/x86/boot/compressed/head_64.S | 27 ---- arch/x86/include/asm/efi.h | 7 +- arch/x86/include/asm/sev.h | 2 + drivers/firmware/efi/libstub/x86-stub.c | 166 +++++++++----------- 7 files changed, 84 insertions(+), 191 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 0c9ebf74fac5..3965b2c9efee 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -74,6 +74,11 @@ LDFLAGS_vmlinux += -z noexecstack ifeq ($(CONFIG_LD_IS_BFD),y) LDFLAGS_vmlinux += $(call ld-option,--no-warn-rwx-segments) endif +ifeq ($(CONFIG_EFI_STUB),y) +# ensure that the static EFI stub library will be pulled in, even if it is +# never referenced explicitly from the startup code +LDFLAGS_vmlinux += -u efi_pe_entry +endif LDFLAGS_vmlinux += -T hostprogs := mkpiggy diff --git a/arch/x86/boot/compressed/efi_mixed.S b/arch/x86/boot/compressed/efi_mixed.S index d6d1b76b594d..8232c5b2a9bf 100644 --- a/arch/x86/boot/compressed/efi_mixed.S +++ b/arch/x86/boot/compressed/efi_mixed.S @@ -275,10 +275,6 @@ SYM_FUNC_START_LOCAL(efi32_entry) jmp startup_32 SYM_FUNC_END(efi32_entry) -#define ST32_boottime 60 // offsetof(efi_system_table_32_t, boottime) -#define BS32_handle_protocol 88 // offsetof(efi_boot_services_32_t, handle_protocol) -#define LI32_image_base 32 // offsetof(efi_loaded_image_32_t, image_base) - /* * efi_status_t efi32_pe_entry(efi_handle_t image_handle, * efi_system_table_32_t *sys_table) @@ -286,8 +282,6 @@ SYM_FUNC_END(efi32_entry) SYM_FUNC_START(efi32_pe_entry) pushl %ebp movl %esp, %ebp - pushl %eax // dummy push to allocate loaded_image - pushl %ebx // save callee-save registers pushl %edi @@ -296,48 +290,8 @@ SYM_FUNC_START(efi32_pe_entry) movl $0x80000003, %eax // EFI_UNSUPPORTED jnz 2f - call 1f -1: pop %ebx - - /* Get the loaded image protocol pointer from the image handle */ - leal -4(%ebp), %eax - pushl %eax // &loaded_image - leal (loaded_image_proto - 1b)(%ebx), %eax - pushl %eax // pass the GUID address - pushl 8(%ebp) // pass the image handle - - /* - * Note the alignment of the stack frame. - * sys_table - * handle <-- 16-byte aligned on entry by ABI - * return address - * frame pointer - * loaded_image <-- local variable - * saved %ebx <-- 16-byte aligned here - * saved %edi - * &loaded_image - * &loaded_image_proto - * handle <-- 16-byte aligned for call to handle_protocol - */ - - movl 12(%ebp), %eax // sys_table - movl ST32_boottime(%eax), %eax // sys_table->boottime - call *BS32_handle_protocol(%eax) // sys_table->boottime->handle_protocol - addl $12, %esp // restore argument space - testl %eax, %eax - jnz 2f - movl 8(%ebp), %ecx // image_handle movl 12(%ebp), %edx // sys_table - movl -4(%ebp), %esi // loaded_image - movl LI32_image_base(%esi), %esi // loaded_image->image_base - leal (startup_32 - 1b)(%ebx), %ebp // runtime address of startup_32 - /* - * We need to set the image_offset variable here since startup_32() will - * use it before we get to the 64-bit efi_pe_entry() in C code. - */ - subl %esi, %ebp // calculate image_offset - movl %ebp, (image_offset - 1b)(%ebx) // save image_offset xorl %esi, %esi jmp efi32_entry // pass %ecx, %edx, %esi // no other registers remain live @@ -356,15 +310,6 @@ SYM_FUNC_START_NOALIGN(efi64_stub_entry) SYM_FUNC_END(efi64_stub_entry) #endif - .section ".rodata" - /* EFI loaded image protocol GUID */ - .balign 4 -SYM_DATA_START_LOCAL(loaded_image_proto) - .long 0x5b1b31a1 - .word 0x9562, 0x11d2 - .byte 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b -SYM_DATA_END(loaded_image_proto) - .data .balign 8 SYM_DATA_START_LOCAL(efi32_boot_gdt) diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 3af4a383615b..1cfe9802a42f 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -84,19 +84,6 @@ SYM_FUNC_START(startup_32) #ifdef CONFIG_RELOCATABLE leal startup_32@GOTOFF(%edx), %ebx - -#ifdef CONFIG_EFI_STUB -/* - * If we were loaded via the EFI LoadImage service, startup_32() will be at an - * offset to the start of the space allocated for the image. efi_pe_entry() will - * set up image_offset to tell us where the image actually starts, so that we - * can use the full available buffer. - * image_offset = startup_32 - image_base - * Otherwise image_offset will be zero and has no effect on the calculations. - */ - subl image_offset@GOTOFF(%edx), %ebx -#endif - movl BP_kernel_alignment(%esi), %eax decl %eax addl %eax, %ebx diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 9a0d83b4d266..0d7aef10b19a 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -138,19 +138,6 @@ SYM_FUNC_START(startup_32) #ifdef CONFIG_RELOCATABLE movl %ebp, %ebx - -#ifdef CONFIG_EFI_STUB -/* - * If we were loaded via the EFI LoadImage service, startup_32 will be at an - * offset to the start of the space allocated for the image. efi_pe_entry will - * set up image_offset to tell us where the image actually starts, so that we - * can use the full available buffer. - * image_offset = startup_32 - image_base - * Otherwise image_offset will be zero and has no effect on the calculations. - */ - subl rva(image_offset)(%ebp), %ebx -#endif - movl BP_kernel_alignment(%esi), %eax decl %eax addl %eax, %ebx @@ -327,20 +314,6 @@ SYM_CODE_START(startup_64) /* Start with the delta to where the kernel will run at. */ #ifdef CONFIG_RELOCATABLE leaq startup_32(%rip) /* - $startup_32 */, %rbp - -#ifdef CONFIG_EFI_STUB -/* - * If we were loaded via the EFI LoadImage service, startup_32 will be at an - * offset to the start of the space allocated for the image. efi_pe_entry will - * set up image_offset to tell us where the image actually starts, so that we - * can use the full available buffer. - * image_offset = startup_32 - image_base - * Otherwise image_offset will be zero and has no effect on the calculations. - */ - movl image_offset(%rip), %eax - subq %rax, %rbp -#endif - movl BP_kernel_alignment(%rsi), %eax decl %eax addq %rax, %rbp diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 522ff2e443b3..e601264b1a24 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -88,6 +88,8 @@ static inline void efi_fpu_end(void) } #ifdef CONFIG_X86_32 +#define EFI_X86_KERNEL_ALLOC_LIMIT (SZ_512M - 1) + #define arch_efi_call_virt_setup() \ ({ \ efi_fpu_begin(); \ @@ -101,8 +103,7 @@ static inline void efi_fpu_end(void) }) #else /* !CONFIG_X86_32 */ - -#define EFI_LOADER_SIGNATURE "EL64" +#define EFI_X86_KERNEL_ALLOC_LIMIT EFI_ALLOC_LIMIT extern asmlinkage u64 __efi_call(void *fp, ...); @@ -214,6 +215,8 @@ efi_status_t efi_set_virtual_address_map(unsigned long memory_map_size, #ifdef CONFIG_EFI_MIXED +#define EFI_ALLOC_LIMIT (efi_is_64bit() ? ULONG_MAX : U32_MAX) + #define ARCH_HAS_EFISTUB_WRAPPERS static inline bool efi_is_64bit(void) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index e231638ba19a..cf98fc28601f 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -157,6 +157,7 @@ static __always_inline void sev_es_nmi_complete(void) __sev_es_nmi_complete(); } extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd); +extern void sev_enable(struct boot_params *bp); static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { @@ -210,6 +211,7 @@ static inline void sev_es_ist_exit(void) { } static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; } static inline void sev_es_nmi_complete(void) { } static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; } +static inline void sev_enable(struct boot_params *bp) { } static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { return 0; } static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { return 0; } static inline void setup_ghcb(void) { } diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 8d3ce383bcbb..61017921f9ca 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -15,17 +15,14 @@ #include #include #include +#include #include #include "efistub.h" #include "x86-stub.h" -/* Maximum physical address for 64-bit kernel with 4-level paging */ -#define MAXMEM_X86_64_4LEVEL (1ull << 46) - const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; -u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; static efi_memory_attribute_protocol_t *memattr; @@ -276,33 +273,9 @@ void efi_adjust_memory_range_protection(unsigned long start, } } -extern const u8 startup_32[], startup_64[]; - -static void -setup_memory_protection(unsigned long image_base, unsigned long image_size) -{ -#ifdef CONFIG_64BIT - if (image_base != (unsigned long)startup_32) - efi_adjust_memory_range_protection(image_base, image_size); -#else - /* - * Clear protection flags on a whole range of possible - * addresses used for KASLR. We don't need to do that - * on x86_64, since KASLR/extraction is performed after - * dedicated identity page tables are built and we only - * need to remove possible protection on relocated image - * itself disregarding further relocations. - */ - efi_adjust_memory_range_protection(LOAD_PHYSICAL_ADDR, - KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR); -#endif -} - static const efi_char16_t apple[] = L"Apple"; -static void setup_quirks(struct boot_params *boot_params, - unsigned long image_base, - unsigned long image_size) +static void setup_quirks(struct boot_params *boot_params) { efi_char16_t *fw_vendor = (efi_char16_t *)(unsigned long) efi_table_attr(efi_system_table, fw_vendor); @@ -311,9 +284,6 @@ static void setup_quirks(struct boot_params *boot_params, if (IS_ENABLED(CONFIG_APPLE_PROPERTIES)) retrieve_apple_device_properties(boot_params); } - - if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) - setup_memory_protection(image_base, image_size); } /* @@ -466,7 +436,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, } image_base = efi_table_attr(image, image_base); - image_offset = (void *)startup_32 - image_base; status = efi_allocate_pages(sizeof(struct boot_params), (unsigned long *)&boot_params, ULONG_MAX); @@ -761,6 +730,61 @@ static bool have_unsupported_snp_features(void) return false; } +static void efi_get_seed(void *seed, int size) +{ + efi_get_random_bytes(size, seed); + + /* + * This only updates seed[0] when running on 32-bit, but in that case, + * seed[1] is not used anyway, as there is no virtual KASLR on 32-bit. + */ + *(unsigned long *)seed ^= kaslr_get_random_long("EFI"); +} + +static void error(char *str) +{ + efi_warn("Decompression failed: %s\n", str); +} + +static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) +{ + unsigned long virt_addr = LOAD_PHYSICAL_ADDR; + unsigned long addr, alloc_size, entry; + efi_status_t status; + u32 seed[2] = {}; + + /* determine the required size of the allocation */ + alloc_size = ALIGN(max_t(unsigned long, output_len, kernel_total_size), + MIN_KERNEL_ALIGN); + + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && !efi_nokaslr) { + u64 range = KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR - kernel_total_size; + + efi_get_seed(seed, sizeof(seed)); + + virt_addr += (range * seed[1]) >> 32; + virt_addr &= ~(CONFIG_PHYSICAL_ALIGN - 1); + } + + status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr, + seed[0], EFI_LOADER_CODE, + EFI_X86_KERNEL_ALLOC_LIMIT); + if (status != EFI_SUCCESS) + return status; + + entry = decompress_kernel((void *)addr, virt_addr, error); + if (entry == ULONG_MAX) { + efi_free(alloc_size, addr); + return EFI_LOAD_ERROR; + } + + *kernel_entry = addr + entry; + + efi_adjust_memory_range_protection(addr, kernel_total_size); + + return EFI_SUCCESS; +} + static void __noreturn enter_kernel(unsigned long kernel_addr, struct boot_params *boot_params) { @@ -780,10 +804,9 @@ void __noreturn efi_stub_entry(efi_handle_t handle, struct boot_params *boot_params) { efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; - unsigned long bzimage_addr = (unsigned long)startup_32; - unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; const struct linux_efi_initrd *initrd = NULL; + unsigned long kernel_entry; efi_status_t status; efi_system_table = sys_table_arg; @@ -812,60 +835,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle, goto fail; } - /* - * If the kernel isn't already loaded at a suitable address, - * relocate it. - * - * It must be loaded above LOAD_PHYSICAL_ADDR. - * - * The maximum address for 64-bit is 1 << 46 for 4-level paging. This - * is defined as the macro MAXMEM, but unfortunately that is not a - * compile-time constant if 5-level paging is configured, so we instead - * define our own macro for use here. - * - * For 32-bit, the maximum address is complicated to figure out, for - * now use KERNEL_IMAGE_SIZE, which will be 512MiB, the same as what - * KASLR uses. - * - * Also relocate it if image_offset is zero, i.e. the kernel wasn't - * loaded by LoadImage, but rather by a bootloader that called the - * handover entry. The reason we must always relocate in this case is - * to handle the case of systemd-boot booting a unified kernel image, - * which is a PE executable that contains the bzImage and an initrd as - * COFF sections. The initrd section is placed after the bzImage - * without ensuring that there are at least init_size bytes available - * for the bzImage, and thus the compressed kernel's startup code may - * overwrite the initrd unless it is moved out of the way. - */ - - buffer_start = ALIGN(bzimage_addr - image_offset, - hdr->kernel_alignment); - buffer_end = buffer_start + hdr->init_size; - - if ((buffer_start < LOAD_PHYSICAL_ADDR) || - (IS_ENABLED(CONFIG_X86_32) && buffer_end > KERNEL_IMAGE_SIZE) || - (IS_ENABLED(CONFIG_X86_64) && buffer_end > MAXMEM_X86_64_4LEVEL) || - (image_offset == 0)) { - extern char _bss[]; - - status = efi_relocate_kernel(&bzimage_addr, - (unsigned long)_bss - bzimage_addr, - hdr->init_size, - hdr->pref_address, - hdr->kernel_alignment, - LOAD_PHYSICAL_ADDR); - if (status != EFI_SUCCESS) { - efi_err("efi_relocate_kernel() failed!\n"); - goto fail; - } - /* - * Now that we've copied the kernel elsewhere, we no longer - * have a set up block before startup_32(), so reset image_offset - * to zero in case it was set earlier. - */ - image_offset = 0; - } - #ifdef CONFIG_CMDLINE_BOOL status = efi_parse_options(CONFIG_CMDLINE); if (status != EFI_SUCCESS) { @@ -883,6 +852,12 @@ void __noreturn efi_stub_entry(efi_handle_t handle, } } + status = efi_decompress_kernel(&kernel_entry); + if (status != EFI_SUCCESS) { + efi_err("Failed to decompress kernel\n"); + goto fail; + } + /* * At this point, an initrd may already have been loaded by the * bootloader and passed via bootparams. We permit an initrd loaded @@ -922,7 +897,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, setup_efi_pci(boot_params); - setup_quirks(boot_params, bzimage_addr, buffer_end - buffer_start); + setup_quirks(boot_params); status = exit_boot(boot_params, handle); if (status != EFI_SUCCESS) { @@ -930,12 +905,15 @@ void __noreturn efi_stub_entry(efi_handle_t handle, goto fail; } - efi_5level_switch(); + /* + * Call the SEV init code while still running with the firmware's + * GDT/IDT, so #VC exceptions will be handled by EFI. + */ + sev_enable(boot_params); - if (IS_ENABLED(CONFIG_X86_64)) - bzimage_addr += startup_64 - startup_32; + efi_5level_switch(); - enter_kernel(bzimage_addr, boot_params); + enter_kernel(kernel_entry, boot_params); fail: efi_err("efi_stub_entry() failed!\n"); From patchwork Mon Mar 4 11:19:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777807 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 194F738DF7 for ; Mon, 4 Mar 2024 11:20:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551253; cv=none; b=LchorshjEbFUeXEe46z8ffPg2brTLPWHWzCO+898yeLQTvQSw8aj1KF40UbudGqXTSNQkeKsPYQFt7PPEWd6Z7JvOqYWbqBmHuaPwdMBvhBi23w7NHIBgiLUVJTaRNo2yKuApoPwmxH24gfkNCT4CRbxGs5UtYJjUUgD96ywWm4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551253; c=relaxed/simple; bh=8OWldvukvmZpWOq8P7oUlDuHoHdvrpus0wKOSakpwtQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oG4TPv+XKlzZJDLneZ+aQFw2Sc7a/S+adQum+8xY1W1bIjo0Drv/rZ38vQptfNK94s6ggWTgJf7rmRO3Dy0w9RlPo3+59mF8onVSIrtGnCrHNTnXLaNusiszNhSXGFdbBTFhRVfgFBDUTYAmKvvaKGAm0YRZtfPVHZCou7e4i/s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UJbn31KO; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UJbn31KO" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-607c9677a91so71433037b3.2 for ; Mon, 04 Mar 2024 03:20:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551251; x=1710156051; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2VMwItLsTNQ1/Piu0UnveJwXB3eNhUp/z91rraupBN4=; b=UJbn31KOEoUVHy0AhWG5Hm9OCtYVdab2wgC+mCSe8njAZEse3l8YyY8shThU8RIksi X1GymZEoJ5t44oUqrs1TH/1ErZgB6RfMCM0SV7yTk1hvgS2TtniFHNwPSBW2aQfkXeVt oPDo2ITIB06QYU6uGR6+MhmBQw/QuEQv4xfzDwlenYze0oXR/iuSIPJ9vOE48oV78Pvm VLDoq8ywIyMUkM8WboZbLuDis2Bld4/W41a9QfXj/w5/YAXzIPYj+v1OuBpnxdctTwLD b/OdI1dZ/Os0NZCsF3jsqMMWopXaZZEU0tlEdR8M7NpgeNI/X/WPuGgUaC3vwxA9J6rO Gvjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551251; x=1710156051; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2VMwItLsTNQ1/Piu0UnveJwXB3eNhUp/z91rraupBN4=; b=XlVCCZynd0z/vF7s+jpKPSaKO0eoN/GX0g74girIRbp4KAhUK6uU2qKB01X0EyS5b0 l9DlDIsyNkMfd74X9PnWmW/449kaMb0hu7rfcJVbNIt9qlSjJpRbSmgN6JzSFmeEJO/n YV1iOG9OR+gWn78msfoRaKzfMh+DQLC3JwW0+DEq6t653MSjGL7VavE2TEzrqdrRCmlm O6QQ0dfxxPjPCQ7YePKvtqnilrynRRQGTz4KLpv4oQjpH3wY9JE/7BMCrpYh/fTfGsJR jYTDlQP6sNiwf3PbiusLGWwakr/nkTUztUwVXaWQmwnWRXkukULoOhjI3lfQONBuiGWu Te4g== X-Gm-Message-State: AOJu0YzfTHBukO5k48uj00UYPqXqIQ5FP34IJWnLgf9/weh5r332A/VL o0djscTPKTBRJxBmO55GPT4AiW6ldN1HvRwAZinqUP7kUytLuVpnCXnW/pxbPt9e3/fUJQ== X-Google-Smtp-Source: AGHT+IHSHHdFcPDmBUGEGULbdTc1D0bjggDzywnPnpvbnxWw1FbeUWwEctW4kLK3Ceug3jmNDavXCmwo X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:fcd:b0:609:33af:cca8 with SMTP id dg13-20020a05690c0fcd00b0060933afcca8mr2555248ywb.2.1709551251233; Mon, 04 Mar 2024 03:20:51 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:52 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3359; i=ardb@kernel.org; h=from:subject; bh=P8OiDo3hIcD2caoAHpBhOy8GahGPOEMqbPhF5JV0ZE4=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpusiHU7apaVlW7nrDOJPjpd0SBUkttUUbFlZuWNvm7 Njc8ulyRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZhIrSzDP43+ZreO8DOGfzm6 prb2JZgaSCttqZ//+FiP3EGze6Jcsxl+sycvDf+Z9NOc+9KNg4wVYYf3+c+Y1x6/3+lS87JqoWc XGAE= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-34-ardb+git@google.com> Subject: [PATCH stable-v6.1 14/18] efi/x86: Avoid physical KASLR on older Dell systems From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel From: Ard Biesheuvel [ Commit 50d7cdf7a9b1ab6f4f74a69c84e974d5dc0c1bf1 upstream ] River reports boot hangs with v6.6 and v6.7, and the bisect points to commit a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") which moves the memory allocation and kernel decompression from the legacy decompressor (which executes *after* ExitBootServices()) to the EFI stub, using boot services for allocating the memory. The memory allocation succeeds but the subsequent call to decompress_kernel() never returns, resulting in a failed boot and a hanging system. As it turns out, this issue only occurs when physical address randomization (KASLR) is enabled, and given that this is a feature we can live without (virtual KASLR is much more important), let's disable the physical part of KASLR when booting on AMI UEFI firmware claiming to implement revision v2.0 of the specification (which was released in 2006), as this is the version these systems advertise. Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218173 Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 31 +++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 61017921f9ca..47ebc85c0d22 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -273,17 +273,20 @@ void efi_adjust_memory_range_protection(unsigned long start, } } +static efi_char16_t *efistub_fw_vendor(void) +{ + unsigned long vendor = efi_table_attr(efi_system_table, fw_vendor); + + return (efi_char16_t *)vendor; +} + static const efi_char16_t apple[] = L"Apple"; static void setup_quirks(struct boot_params *boot_params) { - efi_char16_t *fw_vendor = (efi_char16_t *)(unsigned long) - efi_table_attr(efi_system_table, fw_vendor); - - if (!memcmp(fw_vendor, apple, sizeof(apple))) { - if (IS_ENABLED(CONFIG_APPLE_PROPERTIES)) - retrieve_apple_device_properties(boot_params); - } + if (IS_ENABLED(CONFIG_APPLE_PROPERTIES) && + !memcmp(efistub_fw_vendor(), apple, sizeof(apple))) + retrieve_apple_device_properties(boot_params); } /* @@ -759,11 +762,25 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && !efi_nokaslr) { u64 range = KERNEL_IMAGE_SIZE - LOAD_PHYSICAL_ADDR - kernel_total_size; + static const efi_char16_t ami[] = L"American Megatrends"; efi_get_seed(seed, sizeof(seed)); virt_addr += (range * seed[1]) >> 32; virt_addr &= ~(CONFIG_PHYSICAL_ALIGN - 1); + + /* + * Older Dell systems with AMI UEFI firmware v2.0 may hang + * while decompressing the kernel if physical address + * randomization is enabled. + * + * https://bugzilla.kernel.org/show_bug.cgi?id=218173 + */ + if (efi_system_table->hdr.revision <= EFI_2_00_SYSTEM_TABLE_REVISION && + !memcmp(efistub_fw_vendor(), ami, sizeof(ami))) { + efi_debug("AMI firmware v2.0 or older detected - disabling physical KASLR\n"); + seed[0] = 0; + } } status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr, From patchwork Mon Mar 4 11:19:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778947 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D117838FA9 for ; Mon, 4 Mar 2024 11:20:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551256; cv=none; b=C1s5p+z4xOlqp4A1gn71MFv5QKZSi8ht/YtcIVSqrOpHMOPaKHAaGiKr/yEmEPgs6b+PPwBY3BKS8TSZ047lk26bE581YtVBe1MSGGVe6Jqoyvbku5wsuylzr9ET4LvHjwCqYtE3vbejuvHolFjY6Yb23ueHaTBj757oBSOKCbQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551256; c=relaxed/simple; bh=Per68CQai+Xxn0L865kRZlAQEqWfbghnDKgpM0J0Z2Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YyAvphBreSayuISY9C5SiJ6ECU3+h2F3RIi+9umMtgiknfbiVDC0N6QvJAYvlMuU1VN1h2/pXVsvMjT7XnYXqygEVwuXkb2rtR0Z+rcOBkSbpfcDDQd3b+jFpXROZFoNKyHmauwndZCS69GMPkvB1bSaJ7rW35oWxkKWemd1ZBw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZUEJh9y+; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZUEJh9y+" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-40e4478a3afso21818285e9.1 for ; Mon, 04 Mar 2024 03:20:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551253; x=1710156053; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5NeNAFg50HmtrCQt/PisL3d49xdgdApCb/sQmOQhS1s=; b=ZUEJh9y+qnMbH/U8+YTJKWqGKsEKSSVgGuGvAeeNV5oBDZ/eMOH+rrjr/CPvHaCA0U J55D2SZok8Th+3zoEMmRfh3VVwC/cWxZefOwNvv1KDe9kduzDKAH3eICanSnaXhF2Wnl r1o1RUj5hTvBEOs9mcRVLq2i3pU76RjAmTtiapqNOcdr7TNdLGvmgR/IeD08L1ctehck RBdBmjP6ruUYKn3XZOyPra2bL8CyUSewH0s/brDT3W5ySL3+AEAn8c2PfeT5aZ4P4Ppp ToRnckKlywXq5xBYa5Art+vMgr8jYtfibFogJSbMErNxf8df9QUsbE2Uuu1OFzeexLs/ yeOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551253; x=1710156053; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5NeNAFg50HmtrCQt/PisL3d49xdgdApCb/sQmOQhS1s=; b=i00Dz0nD3FO3o1wQise77W0xylCBAZ7ntWyiyYLjb0BO1SLAI+kv2ZYanKMmDOl/Yc 8O51DQfE8r+1dIA1Em+WYlgyi6V8xpmhXe/ZCC36etYY6tpre0NEenM94ICidmDEJVme cXuk4uihUU4qXJZhHbiVsDCysMcAY5Bvx2pQfyXFi71uJ8bfDtBTIvp8MKUdtlWLGgzJ fupWQzCuQXMOafctK1/AynMtB7RCobjuE/4hCOBr7wZKm9BV0SQ6s77qcfyBZuGYkxlK eWPY0VB8FldrUd0mCS0k8s7EgWIOw5EX4ey6pr7El+70ouiV+ioii+sdDVKu5Kt9Au5T aqhg== X-Gm-Message-State: AOJu0Yz7yN1Qa9Zoxfut8Zj5is79NnGMFCrc3SJNVHXEm9nSk9STIQMe A7kNCeospqQ6TjUv6TBT0PccjirpES35UbEtqK/jj0H/q9TKMKc7km7z/WoyufLnyjcb3Q== X-Google-Smtp-Source: AGHT+IFiguM/J3Dv2lwiXmuUxrqk1kYqDcOjIMNw43F31n5XIgbHco39X/WSrt7KJo4tK4C8oVpyvk/0 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:600c:35c4:b0:412:913:54c7 with SMTP id r4-20020a05600c35c400b00412091354c7mr137456wmq.4.1709551253445; Mon, 04 Mar 2024 03:20:53 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:53 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5123; i=ardb@kernel.org; h=from:subject; bh=mxcQdW9uBvIFkQoofAnf0NS1G1nd57HK1gT1qIwIw8E=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuqg9cdWfWk9eOb+RY9+VsgxGp+Y/TCdv3PtopOMo7 sXrJbCqo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExkoyHDP4Mze9lWuuw6WFd4 c+aLnV33A+1z1Qwvs+as87q6kteS/zbDf0fxQh/b2G+Waxovigs9WO2Qbdvr0OHBanutvdnyy72 DbAA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-35-ardb+git@google.com> Subject: [PATCH stable-v6.1 15/18] x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Tom Englund From: Ard Biesheuvel [ Commit 2f77465b05b1270c832b5e2ee27037672ad2a10a upstream ] The EFI stub's kernel placement logic randomizes the physical placement of the kernel by taking all available memory into account, and picking a region at random, based on a random seed. When KASLR is disabled, this seed is set to 0x0, and this results in the lowest available region of memory to be selected for loading the kernel, even if this is below LOAD_PHYSICAL_ADDR. Some of this memory is typically reserved for the GFP_DMA region, to accommodate masters that can only access the first 16 MiB of system memory. Even if such devices are rare these days, we may still end up with a warning in the kernel log, as reported by Tom: swapper/0: page allocation failure: order:10, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0 Fix this by tweaking the random allocation logic to accept a low bound on the placement, and set it to LOAD_PHYSICAL_ADDR. Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") Reported-by: Tom Englund Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218404 Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 3 ++- drivers/firmware/efi/libstub/randomalloc.c | 12 +++++++----- drivers/firmware/efi/libstub/x86-stub.c | 1 + 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 16377b452119..16f15e36f9a7 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -181,7 +181,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE, EFI_ALLOC_LIMIT); + EFI_LOADER_CODE, 0, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 4b4055877f3d..6741f3d900c5 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -906,7 +906,8 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type, unsigned long alloc_limit); + int memory_type, unsigned long alloc_min, + unsigned long alloc_max); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index ed6f6087a9ea..7ba05719a53b 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -17,7 +17,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, unsigned long align_shift, - u64 alloc_limit) + u64 alloc_min, u64 alloc_max) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -30,11 +30,11 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - alloc_limit); + alloc_max); if (region_end < size) return 0; - first_slot = round_up(md->phys_addr, align); + first_slot = round_up(max(md->phys_addr, alloc_min), align); last_slot = round_down(region_end - size + 1, align); if (first_slot > last_slot) @@ -56,7 +56,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long *addr, unsigned long random_seed, int memory_type, - unsigned long alloc_limit) + unsigned long alloc_min, + unsigned long alloc_max) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -78,7 +79,8 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_min, + alloc_max); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 47ebc85c0d22..c1dcc86fcc3d 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -785,6 +785,7 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr, seed[0], EFI_LOADER_CODE, + LOAD_PHYSICAL_ADDR, EFI_X86_KERNEL_ALLOC_LIMIT); if (status != EFI_SUCCESS) return status; From patchwork Mon Mar 4 11:19:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777806 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CF2B39AC2 for ; Mon, 4 Mar 2024 11:20:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551259; cv=none; b=hFhPHdh99tc7P+DEesLdYkxMxILbm6xYrSUOQLxgyxpfSdIgis4XhFWmGwXvCBdg6MUs+OZiD8CkegQe6lXQoPKBECrW2TnnypzUtulv7XAhD8/Hl22HPH2MQ4XEAofXBtp3K9MkWzjxDqMjYfBmKAp9g9RCxJjpC1zMYYTJgjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551259; c=relaxed/simple; bh=Jz67+JEiKEReNjWXBgcarIUERet82pRma4C4oDy0ujc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pnNUtjwD/AaSVYoxMu79aBBQhpVWj2VbIESpKwTKDrbVqcwcXSbWDkdWbOe/ZWClZTXmAM/OikXlIsllhjkUFX1X6CpGo7h4MfmueYbSmCNnt9MrJJR6a7KB3Da5BFUz7aq68PWnOFc7npxNMsXt/i67DemJvfLbizNzO7q5zEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Faz4RMQ6; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Faz4RMQ6" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-608ab197437so67124417b3.1 for ; Mon, 04 Mar 2024 03:20:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551255; x=1710156055; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1Mbyma8/KP5wEZaCDaEOQxoiD8I4arAwr0LaDUz/Co4=; b=Faz4RMQ6NcvYbkgSyYevuQHBnUK8ImDaKLsvt9Pgo7rPvsFPo1YBVMg2Pk1LkoC6KU Q5kn6JDgEtamNzx5xEqtJsmois0lAiC10c+wbYh5rdE6dWR0aEzY9gE/Mnue9U/IB/0/ ZO0UkZCX2wLtkDeoiVhYbzWotiwlMIsZpIK7+1r6KBQUS/n/dif53l3yKCEDxeMd7SAh 6paw1J1XB5FH3sUIS7sI/0SKmPXWsi8P7arwNsk0pUygUixD98NJnSOi+PAOegXhUQA8 8CGLgRzzSZluYPJwgjj8ky++BscFeAhdT5MJx4SZDeSAKqAnJjwFwg6FAAPVtfoZiYfG TbUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551255; x=1710156055; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1Mbyma8/KP5wEZaCDaEOQxoiD8I4arAwr0LaDUz/Co4=; b=B3GhudrQ1HujyAvUVuvRJAHDO1pfm+l2d+S1jJ16XXRJ2sd38XcoI/ag2HhZA487w3 0Q494r1T/gE3jwtphuVET8DFV18d+/MuKisSdabtXEgd4fjRpZaUPSW/0w2eXkdlCKX8 D1DTUzRxwwB4g/ZYySzJCgVG24sQhF2ZCsPmX4sIQ7SF3Zu8XMYYHYJ+p+rOWrTNfI4E F7vtEJiDooOXrFm0uP6rlDBKgPqqfxQ9n1B7EWnhjyST8VtZOWrxUMU7w6HGAZkXqEYz 7ZjmXT4PZZE8wvxy/aTWMHw0qltWZAe8T4hdSS19BvpEBOTwV8nVi9qSvpBfd33Oc6BG mPDw== X-Gm-Message-State: AOJu0Yyu37PjoY6VYxnXoSAGwfPMqx9x4ujicnfJdMQJHAwiSheO3ETS 1ovMzcBq6da71ukGF3nm3BZsQ6g/LCOAljt4QCLSZekVhFb7SoL4EqMNbtQOdIj/NGZo6A== X-Google-Smtp-Source: AGHT+IH0LRo3dJbNlVcHL2OZ5In7Mp0oVIvo0CNJULXlsylwV7KPJYyYmtbPzWJXYRLyrukKklyVogpA X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:e18:b0:609:247a:bdc5 with SMTP id cp24-20020a05690c0e1800b00609247abdc5mr2551289ywb.4.1709551255803; Mon, 04 Mar 2024 03:20:55 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:54 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=15046; i=ardb@kernel.org; h=from:subject; bh=60gR4FFIIa0N29jT7BBoE3saS/ywlXcpD4PmOLhcPHo=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuuj+m99dLmlFcEzo2ek1+6LDY96Q5PJVc3YtyORW9 d0sUpvRUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACaSupORYfuVbSXRN2Y4f2d3 dD1yLoG11eNJ9QLN+/FeO1uL2SqFchkZWieeOBIbo3t7tmuby7HuW573BTZwGZxjXhU+uftJ8Cl ZVgA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-36-ardb+git@google.com> Subject: [PATCH stable-v6.1 16/18] x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Ingo Molnar From: Ard Biesheuvel [ Commit b9e909f78e7e4b826f318cfe7bedf3ce229920e6 upstream ] The x86 decompressor is built and linked as a separate executable, but it shares components with the kernel proper, which are either #include'd as C files, or linked into the decompresor as a static library (e.g, the EFI stub) Both the kernel itself and the decompressor define a global symbol 'boot_params' to refer to the boot_params struct, but in the former case, it refers to the struct directly, whereas in the decompressor, it refers to a global pointer variable referring to the struct boot_params passed by the bootloader or constructed from scratch. This ambiguity is unfortunate, and makes it impossible to assign this decompressor variable from the x86 EFI stub, given that declaring it as extern results in a clash. So rename the decompressor version (whose scope is limited) to boot_params_ptr. [ mingo: Renamed 'boot_params_p' to 'boot_params_ptr' for clarity ] Signed-off-by: Ard Biesheuvel Signed-off-by: Ingo Molnar Signed-off-by: Ard Biesheuvel --- arch/x86/boot/compressed/acpi.c | 14 +++++------ arch/x86/boot/compressed/cmdline.c | 4 +-- arch/x86/boot/compressed/ident_map_64.c | 7 +++--- arch/x86/boot/compressed/kaslr.c | 26 ++++++++++---------- arch/x86/boot/compressed/misc.c | 24 +++++++++--------- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 9 +++---- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/include/asm/boot.h | 2 ++ 9 files changed, 45 insertions(+), 44 deletions(-) diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c index 9caf89063e77..55c98fdd67d2 100644 --- a/arch/x86/boot/compressed/acpi.c +++ b/arch/x86/boot/compressed/acpi.c @@ -30,13 +30,13 @@ __efi_get_rsdp_addr(unsigned long cfg_tbl_pa, unsigned int cfg_tbl_len) * Search EFI system tables for RSDP. Preferred is ACPI_20_TABLE_GUID to * ACPI_TABLE_GUID because it has more features. */ - rsdp_addr = efi_find_vendor_table(boot_params, cfg_tbl_pa, cfg_tbl_len, + rsdp_addr = efi_find_vendor_table(boot_params_ptr, cfg_tbl_pa, cfg_tbl_len, ACPI_20_TABLE_GUID); if (rsdp_addr) return (acpi_physical_address)rsdp_addr; /* No ACPI_20_TABLE_GUID found, fallback to ACPI_TABLE_GUID. */ - rsdp_addr = efi_find_vendor_table(boot_params, cfg_tbl_pa, cfg_tbl_len, + rsdp_addr = efi_find_vendor_table(boot_params_ptr, cfg_tbl_pa, cfg_tbl_len, ACPI_TABLE_GUID); if (rsdp_addr) return (acpi_physical_address)rsdp_addr; @@ -56,15 +56,15 @@ static acpi_physical_address efi_get_rsdp_addr(void) enum efi_type et; int ret; - et = efi_get_type(boot_params); + et = efi_get_type(boot_params_ptr); if (et == EFI_TYPE_NONE) return 0; - systab_pa = efi_get_system_table(boot_params); + systab_pa = efi_get_system_table(boot_params_ptr); if (!systab_pa) error("EFI support advertised, but unable to locate system table."); - ret = efi_get_conf_table(boot_params, &cfg_tbl_pa, &cfg_tbl_len); + ret = efi_get_conf_table(boot_params_ptr, &cfg_tbl_pa, &cfg_tbl_len); if (ret || !cfg_tbl_pa) error("EFI config table not found."); @@ -156,7 +156,7 @@ acpi_physical_address get_rsdp_addr(void) { acpi_physical_address pa; - pa = boot_params->acpi_rsdp_addr; + pa = boot_params_ptr->acpi_rsdp_addr; if (!pa) pa = efi_get_rsdp_addr(); @@ -210,7 +210,7 @@ static unsigned long get_acpi_srat_table(void) rsdp = (struct acpi_table_rsdp *)get_cmdline_acpi_rsdp(); if (!rsdp) rsdp = (struct acpi_table_rsdp *)(long) - boot_params->acpi_rsdp_addr; + boot_params_ptr->acpi_rsdp_addr; if (!rsdp) return 0; diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/cmdline.c index f1add5d85da9..c1bb180973ea 100644 --- a/arch/x86/boot/compressed/cmdline.c +++ b/arch/x86/boot/compressed/cmdline.c @@ -14,9 +14,9 @@ static inline char rdfs8(addr_t addr) #include "../cmdline.c" unsigned long get_cmd_line_ptr(void) { - unsigned long cmd_line_ptr = boot_params->hdr.cmd_line_ptr; + unsigned long cmd_line_ptr = boot_params_ptr->hdr.cmd_line_ptr; - cmd_line_ptr |= (u64)boot_params->ext_cmd_line_ptr << 32; + cmd_line_ptr |= (u64)boot_params_ptr->ext_cmd_line_ptr << 32; return cmd_line_ptr; } diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c index d34222816c9f..b8c42339bc35 100644 --- a/arch/x86/boot/compressed/ident_map_64.c +++ b/arch/x86/boot/compressed/ident_map_64.c @@ -167,8 +167,9 @@ void initialize_identity_maps(void *rmode) * or does not touch all the pages covering them. */ kernel_add_identity_map((unsigned long)_head, (unsigned long)_end); - boot_params = rmode; - kernel_add_identity_map((unsigned long)boot_params, (unsigned long)(boot_params + 1)); + boot_params_ptr = rmode; + kernel_add_identity_map((unsigned long)boot_params_ptr, + (unsigned long)(boot_params_ptr + 1)); cmdline = get_cmd_line_ptr(); kernel_add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE); @@ -176,7 +177,7 @@ void initialize_identity_maps(void *rmode) * Also map the setup_data entries passed via boot_params in case they * need to be accessed by uncompressed kernel via the identity mapping. */ - sd = (struct setup_data *)boot_params->hdr.setup_data; + sd = (struct setup_data *)boot_params_ptr->hdr.setup_data; while (sd) { unsigned long sd_addr = (unsigned long)sd; diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index e476bcbd9b42..9794d9174795 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -63,7 +63,7 @@ static unsigned long get_boot_seed(void) unsigned long hash = 0; hash = rotate_xor(hash, build_str, sizeof(build_str)); - hash = rotate_xor(hash, boot_params, sizeof(*boot_params)); + hash = rotate_xor(hash, boot_params_ptr, sizeof(*boot_params_ptr)); return hash; } @@ -383,7 +383,7 @@ static void handle_mem_options(void) static void mem_avoid_init(unsigned long input, unsigned long input_size, unsigned long output) { - unsigned long init_size = boot_params->hdr.init_size; + unsigned long init_size = boot_params_ptr->hdr.init_size; u64 initrd_start, initrd_size; unsigned long cmd_line, cmd_line_size; @@ -395,10 +395,10 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input; /* Avoid initrd. */ - initrd_start = (u64)boot_params->ext_ramdisk_image << 32; - initrd_start |= boot_params->hdr.ramdisk_image; - initrd_size = (u64)boot_params->ext_ramdisk_size << 32; - initrd_size |= boot_params->hdr.ramdisk_size; + initrd_start = (u64)boot_params_ptr->ext_ramdisk_image << 32; + initrd_start |= boot_params_ptr->hdr.ramdisk_image; + initrd_size = (u64)boot_params_ptr->ext_ramdisk_size << 32; + initrd_size |= boot_params_ptr->hdr.ramdisk_size; mem_avoid[MEM_AVOID_INITRD].start = initrd_start; mem_avoid[MEM_AVOID_INITRD].size = initrd_size; /* No need to set mapping for initrd, it will be handled in VO. */ @@ -413,8 +413,8 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, } /* Avoid boot parameters. */ - mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params; - mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params); + mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params_ptr; + mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params_ptr); /* We don't need to set a mapping for setup_data. */ @@ -447,7 +447,7 @@ static bool mem_avoid_overlap(struct mem_vector *img, } /* Avoid all entries in the setup_data linked list. */ - ptr = (struct setup_data *)(unsigned long)boot_params->hdr.setup_data; + ptr = (struct setup_data *)(unsigned long)boot_params_ptr->hdr.setup_data; while (ptr) { struct mem_vector avoid; @@ -679,7 +679,7 @@ static bool process_mem_region(struct mem_vector *region, static bool process_efi_entries(unsigned long minimum, unsigned long image_size) { - struct efi_info *e = &boot_params->efi_info; + struct efi_info *e = &boot_params_ptr->efi_info; bool efi_mirror_found = false; struct mem_vector region; efi_memory_desc_t *md; @@ -761,8 +761,8 @@ static void process_e820_entries(unsigned long minimum, struct boot_e820_entry *entry; /* Verify potential e820 positions, appending to slots list. */ - for (i = 0; i < boot_params->e820_entries; i++) { - entry = &boot_params->e820_table[i]; + for (i = 0; i < boot_params_ptr->e820_entries; i++) { + entry = &boot_params_ptr->e820_table[i]; /* Skip non-RAM entries. */ if (entry->type != E820_TYPE_RAM) continue; @@ -836,7 +836,7 @@ void choose_random_location(unsigned long input, return; } - boot_params->hdr.loadflags |= KASLR_FLAG; + boot_params_ptr->hdr.loadflags |= KASLR_FLAG; if (IS_ENABLED(CONFIG_X86_32)) mem_limit = KERNEL_IMAGE_SIZE; diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index fb55ac18af6f..8ae7893d712f 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -46,7 +46,7 @@ void *memmove(void *dest, const void *src, size_t n); /* * This is set up by the setup-routine at boot-time */ -struct boot_params *boot_params; +struct boot_params *boot_params_ptr; struct port_io_ops pio_ops; @@ -132,8 +132,8 @@ void __putstr(const char *s) if (lines == 0 || cols == 0) return; - x = boot_params->screen_info.orig_x; - y = boot_params->screen_info.orig_y; + x = boot_params_ptr->screen_info.orig_x; + y = boot_params_ptr->screen_info.orig_y; while ((c = *s++) != '\0') { if (c == '\n') { @@ -154,8 +154,8 @@ void __putstr(const char *s) } } - boot_params->screen_info.orig_x = x; - boot_params->screen_info.orig_y = y; + boot_params_ptr->screen_info.orig_x = x; + boot_params_ptr->screen_info.orig_y = y; pos = (x + cols * y) * 2; /* Update cursor position */ outb(14, vidport); @@ -382,14 +382,14 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) size_t entry_offset; /* Retain x86 boot parameters pointer passed from startup_32/64. */ - boot_params = rmode; + boot_params_ptr = rmode; /* Clear flags intended for solely in-kernel use. */ - boot_params->hdr.loadflags &= ~KASLR_FLAG; + boot_params_ptr->hdr.loadflags &= ~KASLR_FLAG; - sanitize_boot_params(boot_params); + sanitize_boot_params(boot_params_ptr); - if (boot_params->screen_info.orig_video_mode == 7) { + if (boot_params_ptr->screen_info.orig_video_mode == 7) { vidmem = (char *) 0xb0000; vidport = 0x3b4; } else { @@ -397,8 +397,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) vidport = 0x3d4; } - lines = boot_params->screen_info.orig_video_lines; - cols = boot_params->screen_info.orig_video_cols; + lines = boot_params_ptr->screen_info.orig_video_lines; + cols = boot_params_ptr->screen_info.orig_video_cols; init_default_io_ops(); @@ -417,7 +417,7 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output) * so that early debugging output from the RSDP parsing code can be * collected. */ - boot_params->acpi_rsdp_addr = get_rsdp_addr(); + boot_params_ptr->acpi_rsdp_addr = get_rsdp_addr(); debug_putstr("early console in extract_kernel\n"); diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index b6e46435b90b..254acd76efde 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -52,7 +52,6 @@ extern memptr free_mem_ptr; extern memptr free_mem_end_ptr; void *malloc(int size); void free(void *where); -extern struct boot_params *boot_params; void __putstr(const char *s); void __puthex(unsigned long value); #define error_putstr(__x) __putstr(__x) diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index 7939eb6e6ce9..51f957b24ba7 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -28,7 +28,6 @@ static char trampoline_save[TRAMPOLINE_32BIT_SIZE]; */ unsigned long *trampoline_32bit __section(".data"); -extern struct boot_params *boot_params; int cmdline_find_option_bool(const char *option); static unsigned long find_trampoline_placement(void) @@ -49,7 +48,7 @@ static unsigned long find_trampoline_placement(void) * * Only look for values in the legacy ROM for non-EFI system. */ - signature = (char *)&boot_params->efi_info.efi_loader_signature; + signature = (char *)&boot_params_ptr->efi_info.efi_loader_signature; if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) && strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) { ebda_start = *(unsigned short *)0x40e << 4; @@ -65,10 +64,10 @@ static unsigned long find_trampoline_placement(void) bios_start = round_down(bios_start, PAGE_SIZE); /* Find the first usable memory region under bios_start. */ - for (i = boot_params->e820_entries - 1; i >= 0; i--) { + for (i = boot_params_ptr->e820_entries - 1; i >= 0; i--) { unsigned long new = bios_start; - entry = &boot_params->e820_table[i]; + entry = &boot_params_ptr->e820_table[i]; /* Skip all entries above bios_start. */ if (bios_start <= entry->addr) @@ -107,7 +106,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable) bool l5_required = false; /* Initialize boot_params. Required for cmdline_find_option_bool(). */ - boot_params = bp; + boot_params_ptr = bp; /* * Check if LA57 is desired and supported. diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 8b21c57bc470..d07e665bb265 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -565,7 +565,7 @@ void sev_prep_identity_maps(unsigned long top_level_pgt) * accessed after switchover. */ if (sev_snp_enabled()) { - unsigned long cc_info_pa = boot_params->cc_blob_address; + unsigned long cc_info_pa = boot_params_ptr->cc_blob_address; struct cc_blob_sev_info *cc_info; kernel_add_identity_map(cc_info_pa, cc_info_pa + sizeof(*cc_info)); diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index b3a7cfb0d99e..a38cc0afc90a 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -85,6 +85,8 @@ extern const unsigned long kernel_total_size; unsigned long decompress_kernel(unsigned char *outbuf, unsigned long virt_addr, void (*error)(char *x)); + +extern struct boot_params *boot_params_ptr; #endif #endif /* _ASM_X86_BOOT_H */ From patchwork Mon Mar 4 11:19:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 778946 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D99238F9D for ; Mon, 4 Mar 2024 11:20:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551260; cv=none; b=ovFoNXPvrCNe4f5xAEs/FsoI3wF0eCoJdkf0Sb9ocs2oj8ibQuZkk+tnhmOGehrQvNuNOELb7QACMfUowFec7nGpNUmiwgAKY/NQboY8L0VJO87Z/lUmvzAcwTSyB9KKyon5/zs+lhZ63aVELhfhtHLs4JxIDkNk8VS1qUlM+d0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551260; c=relaxed/simple; bh=kvVb9rM/zWIaYsKZQGAbxcSbYx2xXmqrEd/H/nkI1SY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=K/J8sHYYIBSHaXQa3ci4GnaHe4rVlUuEROpZwY21xEfDXKaDVDaOZ0mif5EsF+o3RHOj72pEudiYGeG/5GO6Ro+pupwpX6l/MiUx/FqzR8Xg63/TCGEdyl8l/ik8F4GfxpBgU5WFr/uG8qSCFemRnj5KsLdbQPDDMrjJTYapbLo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xhee1bmY; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xhee1bmY" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-608dc99b401so74193637b3.0 for ; Mon, 04 Mar 2024 03:20:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551258; x=1710156058; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2LhOwOzHkxHuVhWTs2btQdkfA3eV3msZyzNfgIjErYs=; b=xhee1bmYBYF/EqDR3SIeyW5eVpeDkcLXcnx9N5JcxL0qrkhro5nEM8GdV5zSrJgMQy H66YYvcgFopCgHpYLnWKQ2rDa7+dZJlEJ326gUwyc/98sg/MGPweZkeRQD5Zx4wUukcE 3M0ApWoFBSotg+BiTMJ/Gu9VpOfXG1bkvzj1wC3UwNbX7QWfITEcLesDapkCg70erXYI wVPTJuYo0Rr1fd0iLcTJjp4+Zc8VFqq9Ga6Zi8R5/TQV4tSZ/GXnRL1TZ3kfzj2PuJZJ sR3K3qMhQcd9hOTRtbyWBXpSBv6kCPffqNREo+6aHaQZ/SHR3lmwV38qW7CnIaI9UeFK nQgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551258; x=1710156058; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2LhOwOzHkxHuVhWTs2btQdkfA3eV3msZyzNfgIjErYs=; b=SWZudjCodhYTLpZUitPmNOGTUcSJASy74JzaH03sC+LfGxzW3Gcfo9XwPYiYRnUDA/ +iL2L0j6Slme0xzdmTPj+/s4DMyybvGawr9f1PWbe7tKciljg1BN43byhyX6lVp1TZ3b yBALGOOfaNjjybIUc8tjFPu+yQ7mrlqwCKMyydmzKg9OZtDYuBAQDrG4xXHqmCjLmQhT qqD3hqJAMxaYUa+3cI8+axQCKb96gC4X/4qXpkcNDwiAStMG4Tb2HmXetINpdW0xLl08 llb5Ff6LGfIq4mORy3juuYH9oiBZOaA5tEBaavAGgpnZ9vgk7Au9+XNoSexRv67erune IbrA== X-Gm-Message-State: AOJu0Yyr2fTbF7JkAxGOpCbWzdeqpFmbDU6A1VWdtIFqt9PShZ96e6ZC 8/s9DQfm5itPAf5D5ahcl00qniiEqtx/GIXBSJYM8e+juf+gPm+cgxhSU8ej/f4tzai1lA== X-Google-Smtp-Source: AGHT+IGpxFebHuPRrnrKutY6UaBRxHlLnZEUfA2P6Ez5usPEiMTlBTuYRNv1+Le8qQNmx8QM08We7VBz X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:1101:b0:dc6:c2e4:5126 with SMTP id o1-20020a056902110100b00dc6c2e45126mr2359837ybu.12.1709551258241; Mon, 04 Mar 2024 03:20:58 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:55 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1102; i=ardb@kernel.org; h=from:subject; bh=3MvQwDOg8k0kEsWziCH2fXQbR+gICBNnYrHiUwxP/7c=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpupiVE61FXquncPxOiU5UuxSl+c/iqveX3PqoDb6nO Ve4Z+h2lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInIrWFkWBV07CvDIw2lN1+3 3IoRDmSoPxD+kk3GZX+YsYbWvO+ruRn+GbcsOsS4IaxzhtejhCWSn5adjmoW9px/0d9DX+lIoPs EFgA= X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-37-ardb+git@google.com> Subject: [PATCH stable-v6.1 17/18] x86/boot: efistub: Assign global boot_params variable From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Ingo Molnar From: Ard Biesheuvel [ Commit 50dcc2e0d62e3c4a54f39673c4dc3dcde7c74d52 upstream ] Now that the x86 EFI stub calls into some APIs exposed by the decompressor (e.g., kaslr_get_random_long()), it is necessary to ensure that the global boot_params variable is set correctly before doing so. Signed-off-by: Ard Biesheuvel Signed-off-by: Ingo Molnar Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index c1dcc86fcc3d..b183b40195ee 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -827,6 +827,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle, unsigned long kernel_entry; efi_status_t status; + boot_params_ptr = boot_params; + efi_system_table = sys_table_arg; /* Check if we were booted by the EFI firmware */ if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) From patchwork Mon Mar 4 11:19:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 777805 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D98738F9D for ; Mon, 4 Mar 2024 11:21:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551262; cv=none; b=FqDacmcRoAy3sKPbu8OYDf7OTPCuzkQ4YialIN3lY659FAO0kT8MNFxHpBBBvZw9zpgkDnVFyX/x7PJq/NPFYLL/7sfIM13pQh1nM2rKOKo6NV7oXOpys5VYhFMqEDZAPOD9AD/lPFrGXxeYrzpNePcub/Cy46O6WAT31bP07Ac= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709551262; c=relaxed/simple; bh=SiRuBvFXfWgYRGWDK2UFAk0wMNPUXFduDrIgBf9pIvI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cEhxX/EwFO19PhKFZqapCK06LhpA8X4ybNdWuyS5FbuI3p0AVgiKdWUmfE/5spZvGOfCaaYtEZinilJ26rg3D3mR+xOuTjJJHJfFBduZQn7ENiMCKkqVJv1ip9JfvnfAB3QcXIZU8MIv5CPkl4KFNKbsnbZMn1ffbYvSNqm4ySs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mz5id7zi; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mz5id7zi" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc6b269686aso6405775276.1 for ; Mon, 04 Mar 2024 03:21:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709551260; x=1710156060; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=tpha/KNJyQv84fGNiqeVwTYqNX49SKaHmnMYJdTq9Kk=; b=mz5id7zi005oycD8f8pRuAwKf+tuTwdgMIHt+6q4s74Iy27hk1hHCvgPLMN8DYGRAw oFoLYFfl+4CLlKTvBVjE/Qh367YKf0NoKx4NUafmi6oMmMoj7aCjgxR+5SOvbvMWnfir h4f3JSuUowqiDTFQWU0YHSwOa7XX7+ZP/uaUetJtOGrdb3KZpbuc8tn8jxNtewC4Fh9T gT6+PA3G/tPDcOZ9285leyuntugZP+Nva8/iej9io89G/cYNth8mmVKttvYxgwDhun5s GNPiUp/mz8A/FmA3EwHII4gfaivrLjH4zxgLmqxkM1QNw3vqPfBMivFFo1/j+jE52S6T BQJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709551260; x=1710156060; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tpha/KNJyQv84fGNiqeVwTYqNX49SKaHmnMYJdTq9Kk=; b=O7Mn01HwQxY+uZOyPqyvQXgJRmddPA/XoZQBDrc+WL0w6mEUI139G1glizYEilYueB rMJVb6WVD3NTUvSe45RmnBVFqMGnxL0Gu4qC09fsYTQ2NE7uUYhOkKnDWRZaFI8lp3lx aub/oX98YK7orAihnqeovPAjkql1SKcy7VK2BE6lMy049hKK/DmVkK9BUZOtvsAr4d19 A9jbVYpYJ903RUbd864aJc7Xi/1Wkg5jVfSrKjgJOHFXeHo8vk6PYN+Uc1EtKWS264Nj 2DxQl3S4q5JaqKeTvF5X6sUTKaonzqfpqQ7sqCE+Y7fXVYeMPElk6Tcuq0i0HunnB3gQ 5Snw== X-Gm-Message-State: AOJu0YxJ2d/uni/rXmoeb/yRCdqOk5WMatB/ssXifT4HNXm8jNh0yaDW LsEBqKPg5W0Gz9IIGeHRN7DYmQX8aef33e7Sg5xkRRO5/LKZ9kNL5cXQhjz5sjIKRVjKRQ== X-Google-Smtp-Source: AGHT+IFMkKU6+kKDgecabJjeHlyNqB7f1kpMXpC+Zq3+zXKd60t0b6dX8VgyMLn59VRAHqIJaGy46Mcu X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:6902:1549:b0:dc6:e647:3fae with SMTP id r9-20020a056902154900b00dc6e6473faemr349799ybu.2.1709551260684; Mon, 04 Mar 2024 03:21:00 -0800 (PST) Date: Mon, 4 Mar 2024 12:19:56 +0100 In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240304111937.2556102-20-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1435; i=ardb@kernel.org; h=from:subject; bh=CvB/yLkFluxJVLLHov5wL1+Mp1biqu25YHg1tyI0nLg=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXpuliDhjUrxG5tlzpbd42zYON0XrZzq1rPfy14LbKyW GNTk8uDjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR3R8YGTaXHv6+PTw/1Wum qkvMzeM3LCRuNAeWTz3zUv6Zd97975kM//Ma1q66O3Vj/X9+j2/O+ROW7HU2VEgNrrWef7hs09I YZxYA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240304111937.2556102-38-ardb+git@google.com> Subject: [PATCH stable-v6.1 18/18] efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags From: Ard Biesheuvel To: stable@vger.kernel.org Cc: linux-efi@vger.kernel.org, Yuntao Wang , Ard Biesheuvel From: Yuntao Wang [ Commit 01638431c465741e071ab34acf3bef3c2570f878 upstream ] When KASLR is enabled, the KASLR_FLAG bit in boot_params->hdr.loadflags should be set to 1 to propagate KASLR status from compressed kernel to kernel, just as the choose_random_location() function does. Currently, when the kernel is booted via the EFI stub, the KASLR_FLAG bit in boot_params->hdr.loadflags is not set, even though it should be. This causes some functions, such as kernel_randomize_memory(), not to execute as expected. Fix it. Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") Signed-off-by: Yuntao Wang [ardb: drop 'else' branch clearing KASLR_FLAG] Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index b183b40195ee..a0757a37b482 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -781,6 +781,8 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) efi_debug("AMI firmware v2.0 or older detected - disabling physical KASLR\n"); seed[0] = 0; } + + boot_params_ptr->hdr.loadflags |= KASLR_FLAG; } status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr,