From patchwork Fri Jun 2 10:13:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 102445 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp924774vqr; Fri, 2 Jun 2023 03:29:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4gsi5y0AFH9F+5Wagp6BYsyEHr01pyggj8cdRqIJVL73toU6ueZDQtYnpF7Dm2PLiBqfVH X-Received: by 2002:a25:ab28:0:b0:ba8:29f6:5899 with SMTP id u37-20020a25ab28000000b00ba829f65899mr3074547ybi.16.1685701748650; Fri, 02 Jun 2023 03:29:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685701748; cv=none; d=google.com; s=arc-20160816; b=ZiJnLs09wwjR+kAMN66OVd3hPPSH6yPfn+uMyUKDY4FJ7+n74Nzv86de3dxh10LsQ0 pL40Vh0WrmE87V/cYF5023HV35Mbb6NySju7ZFpakH8wfwVjGekW2mAJBONdgYXf0C1B cpykt2G1wNxcumpXV++ndtAYtqkEIZGEFANVQ87C9w0xol0uzLd2nh5bzDMarc0WHyoB IJgUVjZtAvEoheDdDOG5tivd4QsLLKoeHTUi3VNvRpuYdSk146e9TzAr25XQIsrAmgGy xUvMaQLsGci9POpnc6MMBLNVW+hFo5Yel9UVRMVYgfGE8ScEcBPo6B34kuGtAYsBcTz8 05HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fS8HBZQZyn7l0eLJNE+h5YRvuXpBYFpZHU223rS3V8Q=; b=C+ysGvavGh4Hf5VqThYT4rSeIA7RvuC3FybMuebisR1hjrNLQk8Q6BW3akNiMc1cdu CSoXSANwDmbezxQr/7J7SIblj9VjvZ6i4aubrjtV2SglVgXcJc/PtSMEYwVHY2oFs1nN VpdpYfX169vTNMRFi26TDwzSs0PMWNIvxTqAwvApo/OywTPShUhRTIoN1pnC0LXo5igh iV4IWdiFwbNJVQU56kHoDWKmjFCtOkxDOiPZbOimV/MDAt0RCOUFqOnbNQhQzyBMfEBu vDPPXU96GRNzVn4C5bZufLDMShzDNenPaYFlF7Lh5VfNcoi4sXUrhGrGRoaJXG3ZydEm yMQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W02pzc04; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v11-20020a170902b7cb00b0019e2bd0fea8si708894plz.143.2023.06.02.03.28.54; Fri, 02 Jun 2023 03:29:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W02pzc04; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235380AbjFBKY3 (ORCPT + 99 others); Fri, 2 Jun 2023 06:24:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235353AbjFBKXq (ORCPT ); Fri, 2 Jun 2023 06:23:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BFF710E0; Fri, 2 Jun 2023 03:23:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3AB7564D72; Fri, 2 Jun 2023 10:23:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AF6D6C4339C; Fri, 2 Jun 2023 10:23:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685701388; bh=ILOYseVDB35z5GQ5Qwen/Xris3QVBcVN/ymf61ysRYw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W02pzc04ErlYysGiY4iN2FSYtKQ1szh/aHdjkX82grtpZn+Jg6s+ctlE72YdTMaeX 2yi/5H4XPP+qlAZe2v0I94rT5sCOXQpz65tAXOkA5AWBT20lCOVviL2g/HGj3FDhPl MqKzO9ldIkIRUtBtvx7U8WxWiHfFCP7Sh02wpaAJ84J6DMa0LpFW+fLUkGZInh5M5I pt5J/2YKHN7n08ZQe2X3zeapqlHDITDXsWWc5RYt1UJvYd0lklToxtAUpxdGKW6Ew1 FcUAjrak44D1VAl/KJgoccKRnYeZTJvByOv2gPbifU/ZwrDOCS2cTofOxeuNC2izfq 6RLK8qMx237Gg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v4 14/21] x86/efistub: Prefer EFI memory attributes protocol over DXE services Date: Fri, 2 Jun 2023 12:13:06 +0200 Message-Id: <20230602101313.3557775-15-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230602101313.3557775-1-ardb@kernel.org> References: <20230602101313.3557775-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3307; i=ardb@kernel.org; h=from:subject; bh=ILOYseVDB35z5GQ5Qwen/Xris3QVBcVN/ymf61ysRYw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIaXywIaABb6yz/Z+ZPMSMXkxSV5dfOv+sJwzdbtvLp3Ef m6eOHNDRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZiI4wpGhpkWfmmvej89nlIp s7J9caeN7I2V5eFtD++6tXsfevOdo5WR4eSOc5ctPJ1aKqRaOrLNNzRu2eX9zCFivdSWK3Lzjr9 3ZAIA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767586396383266515?= X-GMAIL-MSGID: =?utf-8?q?1767586396383266515?= Currently, the EFI stub relies on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index c55c028cf911bce0..2d3282d2ed6eb756 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) @@ -222,12 +223,18 @@ void efi_adjust_memory_range_protection(unsigned long start, unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -766,6 +773,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -777,13 +785,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n");