From patchwork Mon May 8 07:03:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 90977 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1965215vqo; Mon, 8 May 2023 00:11:24 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7P3KPCwkSXqO0UKkUmIvWL7WdRsaOWp5XjA20FdPk+/ysdyRy42g7YnkdnOx/DIFJqGVeP X-Received: by 2002:a17:902:e549:b0:1a6:bb04:a020 with SMTP id n9-20020a170902e54900b001a6bb04a020mr12671321plf.46.1683529884337; Mon, 08 May 2023 00:11:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683529884; cv=none; d=google.com; s=arc-20160816; b=rxKAp1IiUJRuzg/tMKUd7igdfrmWKA/WnSmNxOYk1wQAWuRHCqy9BB35i2a1JojNYQ 216FZDp6BEQDDimc7fPLXB/PZ2DjbJAXLyxEzp8SIuZHQWqzhpcelfUkGYxurSPsDMcL DeFuKt+gNdQtvB3pahYzr6QD34n9vcZIAhAqjXz8c5H8Ey1AH/LADbjX2tC9QL+A+CLv MN9NEvJKneYP7/mfAh38dN8yLgk8DEhWT+IvX4zbD07mj1YYFCE0G7skfGXrKPdZYOLi Ha0mDgZSGlV0U4FH2RS7afcJizDgaVJUJlJk4ljIchPZ8SThoIFFOAqR1KQB0XVR3IyM B2LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/A/BtuNQWAa+ViiFo7NpQbTkZDcm+jCTUM7zON3DLno=; b=jCbZaoJSASsMpRA0nUdie3UscCZbjavN29HNn4AANT2+cDqpYdoB4zOpHOdNL2dsuz 4TUjpJKSo3fzAJQTarwzTVrXzatooldpXotCyh1eWMSC8pPse2wJwBSDDzItzJDTvxIn VEIGqgEwaNDPKMuNNWo1NIMS/YERUBV70hjJxPVNUAtxAwnuKmuws87IBpkVYF9hNI/R 4eX1Wx0skLnWaceIb50HBs49tWVVOvXhbycRrYCx1zRchYsK8rNjHghgHz1Sq1ajxGbA 4GPoqN3T1ds4KuOcmBIQFxsWZYGGPnlrg5UUBL7Q6cxqMfTErgLuVm/CHJxQqqfuLBbJ JjKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGG8NyGj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t2-20020a170902e84200b0019ccffb3fd3si7799654plg.509.2023.05.08.00.11.09; Mon, 08 May 2023 00:11:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGG8NyGj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232949AbjEHHFa (ORCPT + 99 others); Mon, 8 May 2023 03:05:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233267AbjEHHFA (ORCPT ); Mon, 8 May 2023 03:05:00 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B7751E987; Mon, 8 May 2023 00:04:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 070AF61F88; Mon, 8 May 2023 07:04:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A7EC3C433EF; Mon, 8 May 2023 07:04:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683529462; bh=gkBM0ParWTIOIX3agXXl7pVKn11FNRtW92FgScbL5xQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OGG8NyGj5znQYhIMlMU/p9vUWyXyS9VMx4MiWr+opEEKHHjRiVI8o6LrXVPAVnAVX FoSgFssVRcFDFVLwuetKIcASm36Yx8RfkQTvFBz+ZKrVJ58IEssCcvPWpN0KQhHgOZ zK1t/b7Mz7G2SsTOcu9uVdhK6j8YUmYOlbzWDFmd0BiExgvhda7Zz34GCKCvSLy6cf FaiIaAjx2V2P20jMc96TfCv6zXg/Xe3wzFD0kuvxV5mt5sKGwyzG5BYmQTLxXTsZXP 1xtjUXoY/a6qSS8d3ilUafDmrs900lCvWrPCcUx1V+3Owl3h61WDHksKihb4z063n1 xamyCEzuiJuaQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds Subject: [PATCH v2 10/20] x86: efistub: Prefer EFI memory attributes protocol over DXE services Date: Mon, 8 May 2023 09:03:20 +0200 Message-Id: <20230508070330.582131-11-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230508070330.582131-1-ardb@kernel.org> References: <20230508070330.582131-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3304; i=ardb@kernel.org; h=from:subject; bh=gkBM0ParWTIOIX3agXXl7pVKn11FNRtW92FgScbL5xQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JISVi3tYnz/gWzCoT49m797dZf8HuwijftT/58neYvHk2Z 9rNib47O0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEzsxj+O/B+n2jWqTIzXYD keDz8btUplgYh8ffeOZzZu2zG66Z6yUZGf5uydbpeS4jPeGtbHlvp5uz/0njj1rfgpvZFiw9fED Ghg8A X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1765309032178866582?= X-GMAIL-MSGID: =?utf-8?q?1765309032178866582?= Currently, we rely on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index fb83a72ad905ad6e..ce8434fce0c37982 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -25,6 +25,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) @@ -221,12 +222,18 @@ adjust_memory_range_protection(unsigned long start, unsigned long size) unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -838,6 +845,7 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -849,13 +857,18 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n");