From patchwork Mon Apr 24 16:57:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 87116 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2889201vqo; Mon, 24 Apr 2023 10:08:48 -0700 (PDT) X-Google-Smtp-Source: AKy350as8kOY0kShOIuDh9jbW8hm8Ojb37NBVB3pC2kcBB1Algr8o/4ATSSP1MIxWBqtXnfgJ1lo X-Received: by 2002:a17:902:c949:b0:1a6:6fe3:df9e with SMTP id i9-20020a170902c94900b001a66fe3df9emr18263985pla.47.1682356128350; Mon, 24 Apr 2023 10:08:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682356128; cv=none; d=google.com; s=arc-20160816; b=X1kqqBF6pEhaas3q+YbqEgz08wJMThc88WyPrjjOPurfGAF7lFFPtTqoTTgNXQKQfB 3QZ9EiVUf1M+8K5IsaXzRCds1CrvhZvofIzkMe8sJM/EbrAIRcLhbCW36DQ98a9sJ+Cj wJk2klniRYh4Atc379GbwnkHU1mdQCe2t5sStJ/kbtChRsS0OPmriBUGN5c7RBqaORpZ sD/6/vqPy6luwjhgXxpXKRdYVj96ysyHTA0EqJtS8DQP4FvWBKrDqucrlLS2j+vay+GP wTA6Q0zyqSHnQjqLWTqz0IPCr/KrPlPL6oyrZwjkxxkQoNDcet8lGwI4xxd3XwCbJQ7C MUpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=a+Awx9tzNdNRl1Jrjwq6w8o5BD8AK+a293paqQnwgjU=; b=olzBlTMUMZBm6PqtlajUC1y59NWZUTY2v3R71Elrj5kwtkL/jYfGd6Zqe7YgHx9R6e lQDHR+7XowFMOmH2K19ZsRMToA3HI85puURkuv5qzp3qifxxJdci8f79J4zNAXvaD72L EUhuinQw68mlsZkIN1RDrmgu2yeyGQwTH/5yuWRzHQ3Tlc3NJkx813j1tSb3kYUvipuc uve8qf0wXD3t6ff9jnVwqwo6vjc+ppnvBDPBIuLjvg12j9nuff1WVXN+pj9NWer0sTzs RHjzpME0L2hX3ZrX4EyGrruRU2b05MUlelAqQCHAVuLs4VmBe4zeN80Jxg16efeSCt4i HNzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p06tU5UC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u6-20020a170903124600b001a5264640cesi12486086plh.534.2023.04.24.10.08.32; Mon, 24 Apr 2023 10:08:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p06tU5UC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232318AbjDXQ6S (ORCPT + 99 others); Mon, 24 Apr 2023 12:58:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232222AbjDXQ6D (ORCPT ); Mon, 24 Apr 2023 12:58:03 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B644A7D89; Mon, 24 Apr 2023 09:57:57 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2D55862209; Mon, 24 Apr 2023 16:57:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 296C8C4339C; Mon, 24 Apr 2023 16:57:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1682355476; bh=+UAx1b4wALU5+iWX8voL/AzXHT4rT38dEfcqRFfOVjw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p06tU5UCRqKvj2ttM49GPkKyGllkbg+S7TjvhD4H3NoTsw6Pc5usF0D1J7UG1YvPo tXeNFlCeU4Gpu2bP6nSaUiJXJGDbOqOkFpv+fJLKFC+r4msnfvdy2hbJfL2Ak3bkEt Sl2XIt7Q/KteAWoQjxunBZVMiHpK8WTW2sIlDSR3DqQA54CNL3zBrkuvkzlJYGvxW2 v1svK4pCCw7/PyzsaPDFc7wEdIjyBWw7Q2HBDbZUsSgoVgiPn0rWIkE/UkF8RS8p+D Q5CpVHDh37Mx7gJ4HxftpNu+FOKTtKPCWuyqqFUNdjlGvEuLkT0/cRAHXYy0Cz4cFX c+u3Ur2VHjcpw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds Subject: [PATCH 5/6] x86: efistub: Prefer EFI memory attributes protocol over DXE services Date: Mon, 24 Apr 2023 18:57:25 +0200 Message-Id: <20230424165726.2245548-6-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230424165726.2245548-1-ardb@kernel.org> References: <20230424165726.2245548-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2947; i=ardb@kernel.org; h=from:subject; bh=+UAx1b4wALU5+iWX8voL/AzXHT4rT38dEfcqRFfOVjw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIcVtyxddNYUPXzIfuR9fYxqd/Kk4QSEinuNH7O6y+sUvf +S1T47uKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABM5OofhD1cCx4WPZ002xDtb FZStWOyw/Di74UfTCQ8ZZnTHf72uN5Phr+yU/vTIpuSDHBxn4x6qMM4tWBUrqO0x7WpwvzW3c0g NHwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764078259831478297?= X-GMAIL-MSGID: =?utf-8?q?1764078259831478297?= Currently, we rely on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 28 ++++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 7b8717cbb96a1246..ea4024a6a04e507f 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -25,6 +25,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) @@ -221,12 +222,18 @@ adjust_memory_range_protection(unsigned long start, unsigned long size) unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -913,13 +920,18 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + if (!boot_params->acpi_rsdp_addr) boot_params->acpi_rsdp_addr = (unsigned long) (get_efi_config_table(ACPI_20_TABLE_GUID) ?: