From patchwork Fri Jun 2 10:13:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 102458 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp927229vqr; Fri, 2 Jun 2023 03:34:10 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5YkV36YtwDeN8XQZk/utCwMgJUf89PrnRrZ2s4uRXux9IoE4T+xFEE2AxteswP8d6NXE3x X-Received: by 2002:a25:6d85:0:b0:bab:8ecf:3377 with SMTP id i127-20020a256d85000000b00bab8ecf3377mr2363428ybc.14.1685702050396; Fri, 02 Jun 2023 03:34:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685702050; cv=none; d=google.com; s=arc-20160816; b=S24BYt9n/TGqT+HZAGSgzgJJ0qsW+sQzNTMKX6VZ8lLZ2oQKrjAEWhzlHD5sDtMkL4 w4O2XzrB7IbJRQ5JPbFwx466FfVfKWZnK4B7ue9kVOpYKWGoi4A490WwCTxmBFhx24g2 BKh8kaYqFwb4H2TexelJ3mO6EXeCGZytro0/BVXvLIqS1/Apu7sof4QbZtnYMtF3KYyw IGVgfxw3H1wDpXHF9lu3pfsz0nWhQZI5z2aD68PXgLSYjUiuWgAnt5J8hvku3TnpfCfT Aacr29VX2aUu1X16Ug0XYxd3KJf+7wgDCa3OyK6kclgcchaHyNksMDBraKCjWnNPKEMN gsVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U22TslAsOouX8iihIejwgc+OY0cfIU4IwzZif0GRiQ4=; b=Y5Sduqjs80c660ycbUhANiveBNsOW/jl/p4IxmUQtj+H/PLFdevYNknONJYHyOSA3t mP6jvDMBNZCEqAJRqDsEkQOlB5jcgPgKkV9NJqVhgY/Os+11d0k7SxoKXMNqpBW6Fk4H +q0/RhmUkUFG73HUjtwNHY56DsT9NCIcVVZRFzTn3ANy4HHOdwkScAUonmUZ51jOYJ2x KNUt4t2xJBaL4AnacIDrwRKzFZEpgerMiI/WPexwLJzGsecxau357tMtU5B3lMTislLs 5FXc4Mxh7GtiEgBEBidTN6WtFiBJHw63rS93ltH4NNlWu7E5E/C2ekQmigKuEEPycpi4 HpWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="P/gwLBIz"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k26-20020a637b5a000000b005301151503esi806717pgn.186.2023.06.02.03.33.55; Fri, 02 Jun 2023 03:34:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="P/gwLBIz"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235466AbjFBKZY (ORCPT + 99 others); Fri, 2 Jun 2023 06:25:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235530AbjFBKYH (ORCPT ); Fri, 2 Jun 2023 06:24:07 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 902951709; Fri, 2 Jun 2023 03:23:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2433A64E6C; Fri, 2 Jun 2023 10:23:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A6B6C433D2; Fri, 2 Jun 2023 10:23:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685701410; bh=H6tv4XyD73jIrY44u3Vc1zagcnctlaNlh/vBGAcqcQA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P/gwLBIzNH+NElYX2XCXlc0mfqavS4Z9lEpjyRWc4yupGqJalLdp/xVB2IIta23p7 iCXQZa1XpC2u93fYEToTQBUhyYpw6uY0QK8mXpv/sXc0wW4Lpo7kM3ilZATRgSxxNK oJ/vP8O5iG+LNoBBD9BiP3zezS5nKcFR/xcZ5lL5v6Uz1JUCg1VWpSZr15qSrme4+i ZoSHamEkcbGlYsigt+cHNCtb4WHkcwYsUaHUHA2dEKgMHD/zDqZZS9ayeAxC1aMIJ0 +CE3OaNoxNbgsFsF5sDryALj4lGaC1pUhfX2D2NkDF9PBUwgsLHpcjuCAezof+S0P8 A/0bXSf6bmf6w== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v4 19/21] efi/libstub: Add limit argument to efi_random_alloc() Date: Fri, 2 Jun 2023 12:13:11 +0200 Message-Id: <20230602101313.3557775-20-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230602101313.3557775-1-ardb@kernel.org> References: <20230602101313.3557775-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3943; i=ardb@kernel.org; h=from:subject; bh=H6tv4XyD73jIrY44u3Vc1zagcnctlaNlh/vBGAcqcQA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIaXywLbJCyR6Dz2PmK6q6BH/Yd9x/4dF2rM9P1xfHvTCf I+SuO6+jlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjAR79sMf0VZTnhx6DbIbfMU 847K2bdpk6G63bwpixfOFvH0EfXl/cDIsLJOmMmluPuNttwtxf6nz7bd5hM6oHRSTnyZuNWHCd6 iPAA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767586713331111802?= X-GMAIL-MSGID: =?utf-8?q?1767586713331111802?= x86 will need to limit the kernel memory allocation to the lowest 512 MiB of memory, to match the behavior of the existing bare metal KASLR physical randomization logic. So in preparation for that, add a limit parameter to efi_random_alloc() and wire it up. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++---- drivers/firmware/efi/libstub/zboot.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 770b8ecb73984c61..8c40fc89f5f99209 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -106,7 +106,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE); + EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 191698e8489d82e7..e90b8d1d5c7e8fd4 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -956,7 +956,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type); + int memory_type, unsigned long alloc_limit); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index 32c7a54923b4c127..674a064b8f7adc68 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -16,7 +16,8 @@ */ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, - unsigned long align_shift) + unsigned long align_shift, + u64 alloc_limit) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)EFI_ALLOC_LIMIT); + alloc_limit); if (region_end < size) return 0; @@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type) + int memory_type, + unsigned long alloc_limit) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align)); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index e5d7fa1f1d8fd160..bdb17eac0cb401be 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -119,7 +119,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) } status = efi_random_alloc(alloc_size, min_kimg_align, &image_base, - seed, EFI_LOADER_CODE); + seed, EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) { efi_err("Failed to allocate memory\n"); goto free_cmdline;