* [PATCHv2 1/2] efi: Fix reservation of unaccepted memory table
2026-02-17 10:49 [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Kiryl Shutsemau (Meta)
@ 2026-02-17 10:49 ` Kiryl Shutsemau (Meta)
2026-02-17 10:49 ` [PATCHv2 2/2] efi: Align unaccepted memory range to page boundary Kiryl Shutsemau (Meta)
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Kiryl Shutsemau (Meta) @ 2026-02-17 10:49 UTC (permalink / raw)
To: Ard Biesheuvel, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen, Tom Lendacky
Cc: x86, linux-efi, linux-mm, linux-kernel, Moritz Sanft,
Mike Rapoport, Kiryl Shutsemau (Meta)
The reserve_unaccepted() function incorrectly calculates the size of the
memblock reservation for the unaccepted memory table. It aligns the
size of the table, but fails to account for cases where the table's
starting physical address (efi.unaccepted) is not page-aligned.
If the table starts at an offset within a page and its end crosses into
a subsequent page that the aligned size does not cover, the end of the
table will not be reserved. This can lead to the table being overwritten
or inaccessible, causing a kernel panic in accept_memory().
This issue was observed when starting Intel TDX VMs with specific memory
sizes (e.g., > 64GB).
Fix this by calculating the end address first (including the unaligned
start) and then aligning it up, ensuring the entire range is covered
by the reservation.
Fixes: 8dbe33956d96 ("efi/unaccepted: Make sure unaccepted table is mapped")
Reported-by: Moritz Sanft <ms@edgeless.systems>
Signed-off-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
---
drivers/firmware/efi/efi.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 111e87a618e5..56e9d73412fa 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -692,13 +692,13 @@ static __init int match_config_table(const efi_guid_t *guid,
static __init void reserve_unaccepted(struct efi_unaccepted_memory *unaccepted)
{
- phys_addr_t start, size;
+ phys_addr_t start, end;
start = PAGE_ALIGN_DOWN(efi.unaccepted);
- size = PAGE_ALIGN(sizeof(*unaccepted) + unaccepted->size);
+ end = PAGE_ALIGN(efi.unaccepted + sizeof(*unaccepted) + unaccepted->size);
- memblock_add(start, size);
- memblock_reserve(start, size);
+ memblock_add(start, end - start);
+ memblock_reserve(start, end - start);
}
int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
--
2.51.2
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCHv2 2/2] efi: Align unaccepted memory range to page boundary
2026-02-17 10:49 [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Kiryl Shutsemau (Meta)
2026-02-17 10:49 ` [PATCHv2 1/2] efi: Fix reservation of unaccepted memory table Kiryl Shutsemau (Meta)
@ 2026-02-17 10:49 ` Kiryl Shutsemau (Meta)
2026-02-17 10:58 ` [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Ard Biesheuvel
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Kiryl Shutsemau (Meta) @ 2026-02-17 10:49 UTC (permalink / raw)
To: Ard Biesheuvel, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen, Tom Lendacky
Cc: x86, linux-efi, linux-mm, linux-kernel, Moritz Sanft,
Mike Rapoport, Kiryl Shutsemau (Meta)
The accept_memory() and range_contains_unaccepted_memory() functions
employ a "guard page" logic to prevent crashes with load_unaligned_zeropad().
This logic extends the range to be accepted (or checked) by one unit_size
if the end of the range is aligned to a unit_size boundary.
However, if the caller passes a range that is not page-aligned, the
'end' of the range might not be numerically aligned to unit_size, even
if it covers the last page of a unit. This causes the "if (!(end % unit_size))"
check to fail, skipping the necessary extension and leaving the next
unit unaccepted, which can lead to a kernel panic when accessed by
load_unaligned_zeropad().
Align the start address down and the size up to the nearest page
boundary before performing the unit_size alignment check. This ensures
that the guard unit is correctly added when the range effectively ends
on a unit boundary.
Signed-off-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
---
drivers/firmware/efi/unaccepted_memory.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/unaccepted_memory.c b/drivers/firmware/efi/unaccepted_memory.c
index c2c067eff634..4a8ec8d6a571 100644
--- a/drivers/firmware/efi/unaccepted_memory.c
+++ b/drivers/firmware/efi/unaccepted_memory.c
@@ -35,14 +35,17 @@ void accept_memory(phys_addr_t start, unsigned long size)
struct efi_unaccepted_memory *unaccepted;
unsigned long range_start, range_end;
struct accept_range range, *entry;
- phys_addr_t end = start + size;
unsigned long flags;
+ phys_addr_t end;
u64 unit_size;
unaccepted = efi_get_unaccepted_table();
if (!unaccepted)
return;
+ end = PAGE_ALIGN(start + size);
+ start = PAGE_ALIGN_DOWN(start);
+
unit_size = unaccepted->unit_size;
/*
@@ -160,15 +163,18 @@ void accept_memory(phys_addr_t start, unsigned long size)
bool range_contains_unaccepted_memory(phys_addr_t start, unsigned long size)
{
struct efi_unaccepted_memory *unaccepted;
- phys_addr_t end = start + size;
unsigned long flags;
bool ret = false;
+ phys_addr_t end;
u64 unit_size;
unaccepted = efi_get_unaccepted_table();
if (!unaccepted)
return false;
+ end = PAGE_ALIGN(start + size);
+ start = PAGE_ALIGN_DOWN(start);
+
unit_size = unaccepted->unit_size;
/*
--
2.51.2
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code
2026-02-17 10:49 [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Kiryl Shutsemau (Meta)
2026-02-17 10:49 ` [PATCHv2 1/2] efi: Fix reservation of unaccepted memory table Kiryl Shutsemau (Meta)
2026-02-17 10:49 ` [PATCHv2 2/2] efi: Align unaccepted memory range to page boundary Kiryl Shutsemau (Meta)
@ 2026-02-17 10:58 ` Ard Biesheuvel
2026-02-17 12:09 ` Mike Rapoport
2026-02-17 13:56 ` Tom Lendacky
4 siblings, 0 replies; 7+ messages in thread
From: Ard Biesheuvel @ 2026-02-17 10:58 UTC (permalink / raw)
To: Kiryl Shutsemau (Meta),
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
Tom Lendacky
Cc: x86, linux-efi, linux-mm, linux-kernel, Moritz Sanft, Mike Rapoport
On Tue, 17 Feb 2026, at 11:49, Kiryl Shutsemau (Meta) wrote:
> This series addresses two issues related to unaligned physical addresses
> and sizes when handling EFI unaccepted memory. These issues were
> identified as potential sources of kernel panics in Intel TDX
> environments due to incomplete memory reservation or missing "guard page"
> extensions.
>
> The first patch fixes the reservation of the unaccepted memory table
> itself in efi_config_parse_tables(). It ensures the entire page range
> covering the table is reserved even if the table doesn't start on a
> page boundary.
>
> The second patch ensures that memory acceptance requests in
> accept_memory() and range_contains_unaccepted_memory() are page-aligned
> before performing the unit_size alignment check. This prevents skipping
> the necessary "guard page" extension for unaligned ranges, which is
> required to avoid crashes with load_unaligned_zeropad().
>
> v2:
> - Fix 'end' calculation in the second patch (Tom)
>
> Kiryl Shutsemau (Meta) (2):
> efi: Fix reservation of unaccepted memory table
> efi: Align unaccepted memory range to page boundary
>
> drivers/firmware/efi/efi.c | 8 ++++----
> drivers/firmware/efi/unaccepted_memory.c | 10 ++++++++--
> 2 files changed, 12 insertions(+), 6 deletions(-)
>
This looks fine to me. If other folks are happy too, I'll queue it up and get it to Linus by the end of the week.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code
2026-02-17 10:49 [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Kiryl Shutsemau (Meta)
` (2 preceding siblings ...)
2026-02-17 10:58 ` [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Ard Biesheuvel
@ 2026-02-17 12:09 ` Mike Rapoport
2026-02-17 13:56 ` Tom Lendacky
4 siblings, 0 replies; 7+ messages in thread
From: Mike Rapoport @ 2026-02-17 12:09 UTC (permalink / raw)
To: Kiryl Shutsemau (Meta)
Cc: Ard Biesheuvel, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen, Tom Lendacky, x86, linux-efi, linux-mm,
linux-kernel, Moritz Sanft
On Tue, Feb 17, 2026 at 10:49:55AM +0000, Kiryl Shutsemau (Meta) wrote:
> This series addresses two issues related to unaligned physical addresses
> and sizes when handling EFI unaccepted memory. These issues were
> identified as potential sources of kernel panics in Intel TDX
> environments due to incomplete memory reservation or missing "guard page"
> extensions.
>
> The first patch fixes the reservation of the unaccepted memory table
> itself in efi_config_parse_tables(). It ensures the entire page range
> covering the table is reserved even if the table doesn't start on a
> page boundary.
>
> The second patch ensures that memory acceptance requests in
> accept_memory() and range_contains_unaccepted_memory() are page-aligned
> before performing the unit_size alignment check. This prevents skipping
> the necessary "guard page" extension for unaligned ranges, which is
> required to avoid crashes with load_unaligned_zeropad().
>
> v2:
> - Fix 'end' calculation in the second patch (Tom)
>
> Kiryl Shutsemau (Meta) (2):
> efi: Fix reservation of unaccepted memory table
> efi: Align unaccepted memory range to page boundary
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> drivers/firmware/efi/efi.c | 8 ++++----
> drivers/firmware/efi/unaccepted_memory.c | 10 ++++++++--
> 2 files changed, 12 insertions(+), 6 deletions(-)
>
> --
> 2.51.2
>
--
Sincerely yours,
Mike.
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code
2026-02-17 10:49 [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code Kiryl Shutsemau (Meta)
` (3 preceding siblings ...)
2026-02-17 12:09 ` Mike Rapoport
@ 2026-02-17 13:56 ` Tom Lendacky
2026-02-19 9:26 ` Ard Biesheuvel
4 siblings, 1 reply; 7+ messages in thread
From: Tom Lendacky @ 2026-02-17 13:56 UTC (permalink / raw)
To: Kiryl Shutsemau (Meta),
Ard Biesheuvel, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen
Cc: x86, linux-efi, linux-mm, linux-kernel, Moritz Sanft, Mike Rapoport
On 2/17/26 04:49, Kiryl Shutsemau (Meta) wrote:
> This series addresses two issues related to unaligned physical addresses
> and sizes when handling EFI unaccepted memory. These issues were
> identified as potential sources of kernel panics in Intel TDX
> environments due to incomplete memory reservation or missing "guard page"
> extensions.
>
> The first patch fixes the reservation of the unaccepted memory table
> itself in efi_config_parse_tables(). It ensures the entire page range
> covering the table is reserved even if the table doesn't start on a
> page boundary.
>
> The second patch ensures that memory acceptance requests in
> accept_memory() and range_contains_unaccepted_memory() are page-aligned
> before performing the unit_size alignment check. This prevents skipping
> the necessary "guard page" extension for unaligned ranges, which is
> required to avoid crashes with load_unaligned_zeropad().
>
> v2:
> - Fix 'end' calculation in the second patch (Tom)
>
> Kiryl Shutsemau (Meta) (2):
> efi: Fix reservation of unaccepted memory table
> efi: Align unaccepted memory range to page boundary
>
> drivers/firmware/efi/efi.c | 8 ++++----
> drivers/firmware/efi/unaccepted_memory.c | 10 ++++++++--
> 2 files changed, 12 insertions(+), 6 deletions(-)
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCHv2 0/2] efi: Fix alignenment issues in unaccepted memory code
2026-02-17 13:56 ` Tom Lendacky
@ 2026-02-19 9:26 ` Ard Biesheuvel
0 siblings, 0 replies; 7+ messages in thread
From: Ard Biesheuvel @ 2026-02-19 9:26 UTC (permalink / raw)
To: Tom Lendacky, Kiryl Shutsemau (Meta),
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen
Cc: x86, linux-efi, linux-mm, linux-kernel, Moritz Sanft, Mike Rapoport
On Tue, 17 Feb 2026, at 14:56, Tom Lendacky wrote:
> On 2/17/26 04:49, Kiryl Shutsemau (Meta) wrote:
>> This series addresses two issues related to unaligned physical addresses
>> and sizes when handling EFI unaccepted memory. These issues were
>> identified as potential sources of kernel panics in Intel TDX
>> environments due to incomplete memory reservation or missing "guard page"
>> extensions.
>>
>> The first patch fixes the reservation of the unaccepted memory table
>> itself in efi_config_parse_tables(). It ensures the entire page range
>> covering the table is reserved even if the table doesn't start on a
>> page boundary.
>>
>> The second patch ensures that memory acceptance requests in
>> accept_memory() and range_contains_unaccepted_memory() are page-aligned
>> before performing the unit_size alignment check. This prevents skipping
>> the necessary "guard page" extension for unaligned ranges, which is
>> required to avoid crashes with load_unaligned_zeropad().
>>
>> v2:
>> - Fix 'end' calculation in the second patch (Tom)
>>
>> Kiryl Shutsemau (Meta) (2):
>> efi: Fix reservation of unaccepted memory table
>> efi: Align unaccepted memory range to page boundary
>>
>> drivers/firmware/efi/efi.c | 8 ++++----
>> drivers/firmware/efi/unaccepted_memory.c | 10 ++++++++--
>> 2 files changed, 12 insertions(+), 6 deletions(-)
>
> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
>
Thanks - I've queued this up now.
^ permalink raw reply [flat|nested] 7+ messages in thread