From patchwork Mon May 22 07:14:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 97118 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1265483vqo; Mon, 22 May 2023 00:26:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6UpXhY3zSnO+y3fNpGxq0mBQBz4fbVCbNkJkQ1b2r3znz+e6Z+mi1sS07Nr7z1FaQtxDoo X-Received: by 2002:a17:90a:2e12:b0:253:3ce4:b421 with SMTP id q18-20020a17090a2e1200b002533ce4b421mr9180801pjd.1.1684740388390; Mon, 22 May 2023 00:26:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684740388; cv=none; d=google.com; s=arc-20160816; b=u9c/XGbeVRtSceiFh94NmWkxaWAjKoz1KEaZMGHPoFaeMybjD12iulEbqv0Q/MiK6m tuuTivXBPBCVLD+TpE1x1aR78TzIUi5SjGYXMDHFQZ75yx75G6Na51doQZ1yHMUBUI+O QeyU8FfppnWmhqOR4qyM71/RBEI9QutXWvqlg/A4iDrWkJ7PYOA7F+8sCrTpl7wTWSZZ +MPL2OynSa+yL9zBgIhPHZudC/1oxNPvMCNXXSZZcIypKIFv3lblAO0rHODaRmNSil4q WSK0nN7ja+8cRrTwDu0O+LWCsKOFmqawQ+jQiJf5yHGa9JA0PDJcgttWNLkctCYP+f/f K8HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U22TslAsOouX8iihIejwgc+OY0cfIU4IwzZif0GRiQ4=; b=OVZhqT1YlPU4/RSS9BfOiNUFX4QoasSMJM8RtkZr6Km7qjXn0cNMB3h592IlG4Mnau QQBuoW7VuGZiVdSDXGjr8IIU6oYP2Ep9QSS5AOdDSufwGUWeYt5zB791Z6B0vFR1O5Co zwf4EpXhykJdzD+dm9+8ZBGqn1IxcJC4k+MCnwYIpGSDyg9NRDUisTKgbell2I7qsV0X 2HkfMBesEO9S+qRevhOcDAbXx9xU6OWaWbd8xXHuWSj066Z8w93xRI/iOiSbABGxR7a4 mvz0skzlXqKhhdXNGPcVfUbXHk5TKRqdLNOiPywFfnfb7Ivaio6O9lp6HVDiLn71tHDN tMlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=E2wFUzID; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g20-20020a17090ace9400b002528393e899si6293697pju.164.2023.05.22.00.26.13; Mon, 22 May 2023 00:26:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=E2wFUzID; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232582AbjEVHRc (ORCPT + 99 others); Mon, 22 May 2023 03:17:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232556AbjEVHQ7 (ORCPT ); Mon, 22 May 2023 03:16:59 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBFBA1992; Mon, 22 May 2023 00:15:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 96A0661DF3; Mon, 22 May 2023 07:15:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 468FBC433D2; Mon, 22 May 2023 07:15:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684739753; bh=H6tv4XyD73jIrY44u3Vc1zagcnctlaNlh/vBGAcqcQA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E2wFUzIDAOR6QyayDFrUO9ggUdmGt8ky4ywfcVIHBcYq8msVT7NL6QpGGGDVSh/RI 20HsTn93M0lS/Sd3lh0s2r2VTrLh6WeGNHXsMWsiGH7NTvS1vn5PyVGFE3C9/jJZdO fYqUB4ZbL2zsYDUnZqnLXW2LVjXn6cdb2M37BnJGPqZiLw4XQgXiXrZ8Jmijgn76x3 NDuukC4smqAgp+wmFMzDcPc3TCmyXgZ18a6A5y+p23h8+ZZCn9tU3dwia71EwobFg7 t82HPs86YGhxv7MBiGF4EE7xI+SEuB3vwjuy9skQ7VDfJt5ZktoEWiMT3ZZd0EHOrA Dgf/JRaW1/qLg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds Subject: [PATCH v3 19/21] efi/libstub: Add limit argument to efi_random_alloc() Date: Mon, 22 May 2023 09:14:13 +0200 Message-Id: <20230522071415.501717-20-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230522071415.501717-1-ardb@kernel.org> References: <20230522071415.501717-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3943; i=ardb@kernel.org; h=from:subject; bh=H6tv4XyD73jIrY44u3Vc1zagcnctlaNlh/vBGAcqcQA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JISVbzGXyAoneQ88jpqsqesR/2Hfc/2GR9mzPD9eXB70w3 6Mkrruvo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzErY6RYSlPlnbe9/Kw6zyn 1D/uEP7OpRwSLrroaS6brFLgiY1xAowMH04Kzs8+xefMxCDU96iR7ZeaykI32cdSsc+u/JVR/GX OCwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766578337600744942?= X-GMAIL-MSGID: =?utf-8?q?1766578337600744942?= x86 will need to limit the kernel memory allocation to the lowest 512 MiB of memory, to match the behavior of the existing bare metal KASLR physical randomization logic. So in preparation for that, add a limit parameter to efi_random_alloc() and wire it up. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++---- drivers/firmware/efi/libstub/zboot.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 770b8ecb73984c61..8c40fc89f5f99209 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -106,7 +106,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE); + EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 191698e8489d82e7..e90b8d1d5c7e8fd4 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -956,7 +956,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type); + int memory_type, unsigned long alloc_limit); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index 32c7a54923b4c127..674a064b8f7adc68 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -16,7 +16,8 @@ */ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, - unsigned long align_shift) + unsigned long align_shift, + u64 alloc_limit) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)EFI_ALLOC_LIMIT); + alloc_limit); if (region_end < size) return 0; @@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type) + int memory_type, + unsigned long alloc_limit) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align)); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index e5d7fa1f1d8fd160..bdb17eac0cb401be 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -119,7 +119,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) } status = efi_random_alloc(alloc_size, min_kimg_align, &image_base, - seed, EFI_LOADER_CODE); + seed, EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) { efi_err("Failed to allocate memory\n"); goto free_cmdline;