From: Liam Merwick <liam.merwick@oracle.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@intel.com>,
Sean Christopherson <seanjc@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Joerg Roedel <jroedel@suse.de>, Ard Biesheuvel <ardb@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Vlastimil Babka <vbabka@suse.cz>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>,
Dario Faggioli <dfaggioli@suse.com>,
Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@redhat.com>,
Mel Gorman <mgorman@techsingularity.net>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
aarcange@redhat.com, peterx@redhat.com, x86@kernel.org,
linux-mm@kvack.org, linux-coco@lists.linux.dev,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCHv11 4/9] x86/boot/compressed: Handle unaccepted memory
Date: Tue, 16 May 2023 18:09:18 +0100 [thread overview]
Message-ID: <cf64d118-391c-dc40-5895-4f492b52ac7d@oracle.com> (raw)
In-Reply-To: <20230513220418.19357-5-kirill.shutemov@linux.intel.com>
On 13/05/2023 23:04, Kirill A. Shutemov wrote:
> The firmware will pre-accept the memory used to run the stub. But, the
> stub is responsible for accepting the memory into which it decompresses
> the main kernel. Accept memory just before decompression starts.
>
> The stub is also responsible for choosing a physical address in which to
> place the decompressed kernel image. The KASLR mechanism will randomize
> this physical address. Since the unaccepted memory region is relatively
Reading this sentence, should "unaccepted" be "accepted" here?
(i.e. most memory at the start is unaccepted and the accepted region is
the smaller one).
> small, KASLR would be quite ineffective if it only used the pre-accepted
> area (EFI_CONVENTIONAL_MEMORY). Ensure that KASLR randomizes among the
> entire physical address space by also including EFI_UNACCEPTED_MEMORY.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Otherwise
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
> ---
> arch/x86/boot/compressed/efi.h | 1 +
> arch/x86/boot/compressed/kaslr.c | 35 +++++++++++++++++++++-----------
> arch/x86/boot/compressed/misc.c | 6 ++++++
> arch/x86/boot/compressed/misc.h | 6 ++++++
> 4 files changed, 36 insertions(+), 12 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/efi.h b/arch/x86/boot/compressed/efi.h
> index 7db2f41b54cd..cf475243b6d5 100644
> --- a/arch/x86/boot/compressed/efi.h
> +++ b/arch/x86/boot/compressed/efi.h
> @@ -32,6 +32,7 @@ typedef struct {
> } efi_table_hdr_t;
>
> #define EFI_CONVENTIONAL_MEMORY 7
> +#define EFI_UNACCEPTED_MEMORY 15
>
> #define EFI_MEMORY_MORE_RELIABLE \
> ((u64)0x0000000000010000ULL) /* higher reliability */
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 454757fbdfe5..749f0fe7e446 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -672,6 +672,28 @@ static bool process_mem_region(struct mem_vector *region,
> }
>
> #ifdef CONFIG_EFI
> +
> +/*
> + * Only EFI_CONVENTIONAL_MEMORY and EFI_UNACCEPTED_MEMORY (if supported) are
> + * guaranteed to be free.
> + *
> + * It is more conservative in picking free memory than the EFI spec allows:
> + *
> + * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also free memory
> + * and thus available to place the kernel image into, but in practice there's
> + * firmware where using that memory leads to crashes.
> + */
> +static inline bool memory_type_is_free(efi_memory_desc_t *md)
> +{
> + if (md->type == EFI_CONVENTIONAL_MEMORY)
> + return true;
> +
> + if (md->type == EFI_UNACCEPTED_MEMORY)
> + return IS_ENABLED(CONFIG_UNACCEPTED_MEMORY);
> +
> + return false;
> +}
> +
> /*
> * Returns true if we processed the EFI memmap, which we prefer over the E820
> * table if it is available.
> @@ -716,18 +738,7 @@ process_efi_entries(unsigned long minimum, unsigned long image_size)
> for (i = 0; i < nr_desc; i++) {
> md = efi_early_memdesc_ptr(pmap, e->efi_memdesc_size, i);
>
> - /*
> - * Here we are more conservative in picking free memory than
> - * the EFI spec allows:
> - *
> - * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also
> - * free memory and thus available to place the kernel image into,
> - * but in practice there's firmware where using that memory leads
> - * to crashes.
> - *
> - * Only EFI_CONVENTIONAL_MEMORY is guaranteed to be free.
> - */
> - if (md->type != EFI_CONVENTIONAL_MEMORY)
> + if (!memory_type_is_free(md))
> continue;
>
> if (efi_soft_reserve_enabled() &&
> diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
> index 014ff222bf4b..eb8df0d4ad51 100644
> --- a/arch/x86/boot/compressed/misc.c
> +++ b/arch/x86/boot/compressed/misc.c
> @@ -455,6 +455,12 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
> #endif
>
> debug_putstr("\nDecompressing Linux... ");
> +
> + if (IS_ENABLED(CONFIG_UNACCEPTED_MEMORY)) {
> + debug_putstr("Accepting memory... ");
> + accept_memory(__pa(output), __pa(output) + needed_size);
> + }
> +
> __decompress(input_data, input_len, NULL, NULL, output, output_len,
> NULL, error);
> entry_offset = parse_elf(output);
> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
> index 2f155a0e3041..9663d1839f54 100644
> --- a/arch/x86/boot/compressed/misc.h
> +++ b/arch/x86/boot/compressed/misc.h
> @@ -247,4 +247,10 @@ static inline unsigned long efi_find_vendor_table(struct boot_params *bp,
> }
> #endif /* CONFIG_EFI */
>
> +#ifdef CONFIG_UNACCEPTED_MEMORY
> +void accept_memory(phys_addr_t start, phys_addr_t end);
> +#else
> +static inline void accept_memory(phys_addr_t start, phys_addr_t end) {}
> +#endif
> +
> #endif /* BOOT_COMPRESSED_MISC_H */
next prev parent reply other threads:[~2023-05-16 17:10 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-13 22:04 [PATCHv11 0/9] mm, x86/cc, efi: Implement support for " Kirill A. Shutemov
2023-05-13 22:04 ` [PATCHv11 1/9] mm: Add " Kirill A. Shutemov
2023-05-16 19:44 ` Tom Lendacky
2023-05-16 21:32 ` Kirill A. Shutemov
2023-05-13 22:04 ` [PATCHv11 2/9] efi/x86: Get full memory map in allocate_e820() Kirill A. Shutemov
2023-05-16 19:52 ` Tom Lendacky
2023-05-13 22:04 ` [PATCHv11 3/9] efi/libstub: Implement support for unaccepted memory Kirill A. Shutemov
2023-05-14 5:08 ` Mika Penttilä
2023-05-14 21:13 ` Kirill A. Shutemov
2023-05-16 18:01 ` Ard Biesheuvel
2023-05-16 18:06 ` Ard Biesheuvel
2023-05-13 22:04 ` [PATCHv11 4/9] x86/boot/compressed: Handle " Kirill A. Shutemov
2023-05-16 17:09 ` Liam Merwick [this message]
2023-05-17 15:52 ` Tom Lendacky
2023-05-13 22:04 ` [PATCHv11 5/9] efi: Provide helpers for " Kirill A. Shutemov
2023-05-16 12:06 ` [PATCHv11.1 5/9] efi: Add unaccepted memory support Kirill A. Shutemov
2023-05-16 17:25 ` Ard Biesheuvel
2023-05-17 15:58 ` Tom Lendacky
2023-05-13 22:04 ` [PATCHv11 6/9] efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory Kirill A. Shutemov
2023-05-16 18:08 ` Ard Biesheuvel
2023-05-16 18:27 ` Dave Hansen
2023-05-16 18:35 ` Ard Biesheuvel
2023-05-16 19:15 ` Kirill A. Shutemov
2023-05-16 20:03 ` Dave Hansen
2023-05-16 21:52 ` Kirill A. Shutemov
2023-05-16 21:59 ` Dave Hansen
2023-05-16 22:15 ` Ard Biesheuvel
2023-05-16 18:33 ` Kirill A. Shutemov
2023-05-16 23:04 ` Dave Hansen
2023-05-17 16:07 ` Tom Lendacky
2023-05-13 22:04 ` [PATCHv11 7/9] x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub Kirill A. Shutemov
2023-05-13 22:04 ` [PATCHv11 8/9] x86/tdx: Refactor try_accept_one() Kirill A. Shutemov
2023-05-13 22:04 ` [PATCHv11 9/9] x86/tdx: Add unaccepted memory support Kirill A. Shutemov
2023-05-16 22:41 ` [PATCHv11 0/9] mm, x86/cc, efi: Implement support for unaccepted memory Tom Lendacky
2023-05-16 23:22 ` Kirill A. Shutemov
2023-05-17 14:32 ` Tom Lendacky
2023-05-17 18:36 ` Kirill A. Shutemov
2023-05-17 18:50 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf64d118-391c-dc40-5895-4f492b52ac7d@oracle.com \
--to=liam.merwick@oracle.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=dfaggioli@suse.com \
--cc=jroedel@suse.de \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mgorman@techsingularity.net \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=peterz@infradead.org \
--cc=philip.cox@canonical.com \
--cc=rientjes@google.com \
--cc=rppt@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.gardner@canonical.com \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox