From patchwork Sat May 13 22:04:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13240345 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34F8EC7EE2E for ; Sat, 13 May 2023 22:04:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 337BC900003; Sat, 13 May 2023 18:04:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2E806900002; Sat, 13 May 2023 18:04:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 16132900003; Sat, 13 May 2023 18:04:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 07B04900002 for ; Sat, 13 May 2023 18:04:52 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id D46628112F for ; Sat, 13 May 2023 22:04:51 +0000 (UTC) X-FDA: 80786612382.04.83B8D66 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf24.hostedemail.com (Postfix) with ESMTP id AEB2F180008 for ; Sat, 13 May 2023 22:04:49 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=agijOIM3; spf=none (imf24.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.88) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684015490; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZC1H+SVlO53smocewfMX3MBnMZTnTOy5PrIz8NwD1ek=; b=8H3d1RU9wkGCuR5Rzr+JD3lTUuZR8eXzw+YVoYiMdrbfOsEKnvQnFocLlF2qwXBN5Pnkqz RGtv8Cz4tihbhIbH6YMV3CKHTtrykYchxAmH6Tqi+l3FLvZOqWCdtTgexwTGKdr3CC+BIu wT86gpTC3RQbsYfsR3fybIb6CH6GAhQ= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=agijOIM3; spf=none (imf24.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.88) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684015490; a=rsa-sha256; cv=none; b=GH/NiI8AimqYfdqXPjQrB2HHpSB6Uxvp0EqlEV1kXVxYzjIq8qDNjoltCIbgfp/l4ufogg 5s+CBWiOS6aVruLaoNgdZsrGUK0X+zt2XDO9HOWdRPjQB25iRD7Ui52vnYXvcm6LCB1R5N /WrE6iXDyCADPnVJhwTsXXMWJ4Dp1x4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684015489; x=1715551489; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=74C6EjHk9vtTut2nxMktdKwMlSXxa+Ikleh1JSyXolE=; b=agijOIM3UwsRkCMkM4j3Gc3v0Pbg7sRfqGXQsT9+tOp5uZ3V1Zcxc5WG ei+KkbqeYLFzB980rop11JFk81fPyJ2fjkAFagl+VbChq/zBjW5Bq7HJZ X0TohWn/n+Z9BYv/91LF6/rg2OZkbQBM6mF+0jirwfiKg63zGxsaKzC4n JluokobdVmdcYYw7RK9pEFiP+VxXVrLrL5PSRuVfsZip1PePZdciLWl5p hNPLu1kqwEtgcdLcH34HiskdlX7deOYpLHXLFNmBRZZyGcADOpCJLTQZ/ KlSXdVpNrbAVn27wtUQmItSK6zAa4NTJiw1RMqUTCp0nVKFpvPoBpPXG9 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10709"; a="379142507" X-IronPort-AV: E=Sophos;i="5.99,273,1677571200"; d="scan'208";a="379142507" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 May 2023 15:04:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10709"; a="733429545" X-IronPort-AV: E=Sophos;i="5.99,273,1677571200"; d="scan'208";a="733429545" Received: from sorinaau-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.62.145]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 May 2023 15:04:36 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 051AE10CF7A; Sun, 14 May 2023 01:04:34 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv11 4/9] x86/boot/compressed: Handle unaccepted memory Date: Sun, 14 May 2023 01:04:13 +0300 Message-Id: <20230513220418.19357-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230513220418.19357-1-kirill.shutemov@linux.intel.com> References: <20230513220418.19357-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Stat-Signature: 3wehjxuses316zy41fzjunnmab4zfut1 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: AEB2F180008 X-Rspam-User: X-HE-Tag: 1684015489-208326 X-HE-Meta: U2FsdGVkX188BMIb+quN2/8wAOvvmwZSnnK713kxO+G1nxZ87ugAbXkXpm+I+7iXL0hl4mAUXa1ewzUklA2Z0Z7wcfCtHYitm1eVfJE7BSNNSjAUF3N0pMRBw3DLbx7puDNd3MShIPWd5xLzDdtZ2kuT6xa6BdpWFjIHuFEaT1hQj1/70bZtUHcteO9r2X+oE1mv4FDWw+lIAEPR/ca/0Lx80Zy4NNCRfrBD9OgPjBVWo9aRXXEjA6KcI/Nwj+mkQyoNKXP/EeNF7/qIp/ocXVgeVFfVyTnuU5bfhnFg+cQ+RYfVMMfw+cWRGmpm2UkcfYBPyfDtULJKoS2gpxi2cOtIfw5Ic7k4rYXC5oRFQWyIa8r2l+ZDQiQphZlsB4nQEnOrFK51f1W6QLEsWvsYzTdlo+uA/MfFoR1e4shxMhgYQndf0RT5trLSTuXoQK8qrr89woGvnrztNqL5YaaJyGVAlwwFnmA4BFwiU/mHsBR7b7j81XNVyE4fLsRQwfXi187i2dymw1XcWou7pQH4M0WkSu+3wC4UTgCIL9Vdf8uQC9GvZfgalX52w8QjbT2Enkd1s9vXaWpb2lEgrIa4N0CLX4t7ljMUNuvLinw8YxF+rd/EIK3o/58fAW4g18eK+3D0PziVwjHXbKXNWDKhYnxEowehTC/46aHPxnrmHj/YR0PLuUGV2j/wX+S5sE+s8t6twRMykOE8M3MHdh9IUdFzfuwX/PLmhKVWYXrsYQazmKGtqLaS0c5vhE2rh9ffZb4YK2F3d3QTp11VlM8NgEYlskrnaWcLAh4oLs4OEBLogoNVHjVhTa2NietP6NDaEo/0S8Vw3m08dB5qnE9qr+SzBz+mpomGrN1CUst1jfK7WJZuAKgYOdiir3hu9Rei6Lr4SqFaUUZDD7By3NBrbnEjXOLQ+coHIe/a+5bNRucQt36ot6UKPPbiJM1rWTS/ZmSgjCM6x+8sPsrlQcN qodPn5hs h2D89M4QYuknx8/gN73hlCi8hVfkYxYSdBYI1NWOLSCzccXhoZvpObcAM1lGFqRt/Uno+v9+9SP8kDVLd+En9KBtd3ht/c+8eEmniOGntyL93m+CTOWv9fqSPR/OJrpKHKnMW+rnDFAT40/0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The firmware will pre-accept the memory used to run the stub. But, the stub is responsible for accepting the memory into which it decompresses the main kernel. Accept memory just before decompression starts. The stub is also responsible for choosing a physical address in which to place the decompressed kernel image. The KASLR mechanism will randomize this physical address. Since the unaccepted memory region is relatively small, KASLR would be quite ineffective if it only used the pre-accepted area (EFI_CONVENTIONAL_MEMORY). Ensure that KASLR randomizes among the entire physical address space by also including EFI_UNACCEPTED_MEMORY. Signed-off-by: Kirill A. Shutemov Reviewed-by: Liam Merwick Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/efi.h | 1 + arch/x86/boot/compressed/kaslr.c | 35 +++++++++++++++++++++----------- arch/x86/boot/compressed/misc.c | 6 ++++++ arch/x86/boot/compressed/misc.h | 6 ++++++ 4 files changed, 36 insertions(+), 12 deletions(-) diff --git a/arch/x86/boot/compressed/efi.h b/arch/x86/boot/compressed/efi.h index 7db2f41b54cd..cf475243b6d5 100644 --- a/arch/x86/boot/compressed/efi.h +++ b/arch/x86/boot/compressed/efi.h @@ -32,6 +32,7 @@ typedef struct { } efi_table_hdr_t; #define EFI_CONVENTIONAL_MEMORY 7 +#define EFI_UNACCEPTED_MEMORY 15 #define EFI_MEMORY_MORE_RELIABLE \ ((u64)0x0000000000010000ULL) /* higher reliability */ diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 454757fbdfe5..749f0fe7e446 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -672,6 +672,28 @@ static bool process_mem_region(struct mem_vector *region, } #ifdef CONFIG_EFI + +/* + * Only EFI_CONVENTIONAL_MEMORY and EFI_UNACCEPTED_MEMORY (if supported) are + * guaranteed to be free. + * + * It is more conservative in picking free memory than the EFI spec allows: + * + * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also free memory + * and thus available to place the kernel image into, but in practice there's + * firmware where using that memory leads to crashes. + */ +static inline bool memory_type_is_free(efi_memory_desc_t *md) +{ + if (md->type == EFI_CONVENTIONAL_MEMORY) + return true; + + if (md->type == EFI_UNACCEPTED_MEMORY) + return IS_ENABLED(CONFIG_UNACCEPTED_MEMORY); + + return false; +} + /* * Returns true if we processed the EFI memmap, which we prefer over the E820 * table if it is available. @@ -716,18 +738,7 @@ process_efi_entries(unsigned long minimum, unsigned long image_size) for (i = 0; i < nr_desc; i++) { md = efi_early_memdesc_ptr(pmap, e->efi_memdesc_size, i); - /* - * Here we are more conservative in picking free memory than - * the EFI spec allows: - * - * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also - * free memory and thus available to place the kernel image into, - * but in practice there's firmware where using that memory leads - * to crashes. - * - * Only EFI_CONVENTIONAL_MEMORY is guaranteed to be free. - */ - if (md->type != EFI_CONVENTIONAL_MEMORY) + if (!memory_type_is_free(md)) continue; if (efi_soft_reserve_enabled() && diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index 014ff222bf4b..eb8df0d4ad51 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -455,6 +455,12 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, #endif debug_putstr("\nDecompressing Linux... "); + + if (IS_ENABLED(CONFIG_UNACCEPTED_MEMORY)) { + debug_putstr("Accepting memory... "); + accept_memory(__pa(output), __pa(output) + needed_size); + } + __decompress(input_data, input_len, NULL, NULL, output, output_len, NULL, error); entry_offset = parse_elf(output); diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 2f155a0e3041..9663d1839f54 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -247,4 +247,10 @@ static inline unsigned long efi_find_vendor_table(struct boot_params *bp, } #endif /* CONFIG_EFI */ +#ifdef CONFIG_UNACCEPTED_MEMORY +void accept_memory(phys_addr_t start, phys_addr_t end); +#else +static inline void accept_memory(phys_addr_t start, phys_addr_t end) {} +#endif + #endif /* BOOT_COMPRESSED_MISC_H */