From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23670C433EF for ; Fri, 6 May 2022 01:07:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5B51E6B0071; Thu, 5 May 2022 21:07:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 563B76B0073; Thu, 5 May 2022 21:07:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 42BA06B0074; Thu, 5 May 2022 21:07:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 33AF46B0071 for ; Thu, 5 May 2022 21:07:07 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E902C9AD for ; Fri, 6 May 2022 01:07:06 +0000 (UTC) X-FDA: 79433529252.28.6C68993 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf18.hostedemail.com (Postfix) with ESMTP id B6F7D1C0088 for ; Fri, 6 May 2022 01:06:55 +0000 (UTC) Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4KvXQ81GcdzGpLt; Fri, 6 May 2022 09:04:00 +0800 (CST) Received: from dggpemm500001.china.huawei.com (7.185.36.107) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 6 May 2022 09:06:44 +0800 Received: from [10.174.177.243] (10.174.177.243) by dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 6 May 2022 09:06:43 +0800 Message-ID: <6dc8c5e1-2b85-ac4c-8dee-443e94e9a534@huawei.com> Date: Fri, 6 May 2022 09:06:43 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1 Subject: Re: [PATCH] efi: stub: prefer mirrored memory for randomized allocations Content-Language: en-US From: Kefeng Wang To: Ard Biesheuvel , CC: , , References: <20220503152131.263711-1-ardb@kernel.org> <9472d1d5-7f03-eaaf-2846-a4340163d5c0@huawei.com> In-Reply-To: <9472d1d5-7f03-eaaf-2846-a4340163d5c0@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.177.243] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500001.china.huawei.com (7.185.36.107) X-CFilter-Loop: Reflected X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: B6F7D1C0088 X-Stat-Signature: udahk5xzmf6t1fr9gp9c8kq9fjpgzkyg Authentication-Results: imf18.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf18.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com X-HE-Tag: 1651799215-88292 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/5/5 21:43, Kefeng Wang wrote: > > On 2022/5/3 23:21, Ard Biesheuvel wrote: >> If the system exposes memory regions with the EFI_MORE_RELIABLE >> attribute, it is implied that it is intended to be used for allocations >> that are relatively important, such as the kernel's static image. >> >> Since efi_random_alloc() is mostly (only) used for allocating space for >> the kernel image, let's update it to take this into account, and >> disregard all memory without the EFI_MORE_RELIABLE attribute if there is >> sufficient memory available that does have this attribute. >> >> Note that this change only affects booting with randomization enabled. >> In other cases, the EFI stub runs the kernel image in place unless its >> placement is unsuitable for some reason (i.e., misaligned, or its BSS >> overlaps with another allocation), and it is left to the bootloader to >> ensure that the kernel was loaded into EFI_MORE_RELIABLE memory if this >> is desired. >> >> Signed-off-by: Ard Biesheuvel >> --- >>   drivers/firmware/efi/libstub/randomalloc.c | 11 +++++++++++ >>   1 file changed, 11 insertions(+) >> >> diff --git a/drivers/firmware/efi/libstub/randomalloc.c >> b/drivers/firmware/efi/libstub/randomalloc.c >> index 724155b9e10d..07a762910312 100644 >> --- a/drivers/firmware/efi/libstub/randomalloc.c >> +++ b/drivers/firmware/efi/libstub/randomalloc.c >> @@ -56,6 +56,7 @@ efi_status_t efi_random_alloc(unsigned long size, >>                     unsigned long random_seed) >>   { >>       unsigned long map_size, desc_size, total_slots = 0, target_slot; >> +    unsigned long total_mirrored_slots = 0; >>       unsigned long buff_size; >>       efi_status_t status; >>       efi_memory_desc_t *memory_map; >> @@ -86,8 +87,14 @@ efi_status_t efi_random_alloc(unsigned long size, >>           slots = get_entry_num_slots(md, size, ilog2(align)); >>           MD_NUM_SLOTS(md) = slots; >>           total_slots += slots; >> +        if (md->attribute & EFI_MEMORY_MORE_RELIABLE) >> +            total_mirrored_slots += slots; >>       } >>   +    /* only consider mirrored slots for randomization if any exist */ >> +    if (total_mirrored_slots > 0) >> +        total_slots = total_mirrored_slots; >> + > > The kernel will check 4G lower limit to enable kernelcore=mirror feature. Please ignore this, the kernel only check whether the memory below 4G are all mirrored memory or not. > > Do we need some fallback mechanism in case of small mirror slots which > > leads to fail allocation for Image? > > >>       /* find a random number between 0 and total_slots */ >>       target_slot = (total_slots * (u64)(random_seed & U32_MAX)) >> 32; >>   @@ -107,6 +114,10 @@ efi_status_t efi_random_alloc(unsigned long size, >>           efi_physical_addr_t target; >>           unsigned long pages; >>   +        if (total_mirrored_slots > 0 && >> +            !(md->attribute & EFI_MEMORY_MORE_RELIABLE)) >> +            continue; >> + >>           if (target_slot >= MD_NUM_SLOTS(md)) { >>               target_slot -= MD_NUM_SLOTS(md); >>               continue;