From patchwork Wed Jun 7 07:23:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 104292 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp73512vqr; Wed, 7 Jun 2023 00:32:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ558xVjxxrd8F6vbrtcjD9EkXGndoxAh3HpKcQDCmQo8BAiKig6nX7GLi3uI5grfD/BeV+I X-Received: by 2002:a05:6870:8227:b0:195:f440:40fa with SMTP id n39-20020a056870822700b00195f44040famr4146823oae.41.1686123157575; Wed, 07 Jun 2023 00:32:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686123157; cv=none; d=google.com; s=arc-20160816; b=GIZVFBLWSzX6UQ7eO/Vv1xx9Fo4j2FX7muzHdvKrzRvXtNDFTu4M8DO91NP49LoLyS I+WlJFcGwyfA0GS6m2YNFhi0jMVSW5Xp3b0yocIsF7VG+9NA8my8/9mkX5zUiL9FG1wK +Re/vFUfAG18M/vNLxNen8HQe+/AmBL4dQp4QJC1K67g+xFC4H+lklEGtfRiSP5jYeEh EZa7PmOF+DAkrf2sBAiZN0nd+6w6E8mIzyr32EkRs7DhTeGvFN+c6a8H2EZxn5x3boQm ew8I8bAJomTd6UTCtgd9GzUSNnTW0/ODzb2Iq3hrvvF0ySgS/sr2R3Vi2+ZyuyCdTCUz Yp3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Nq0sabK8Oe4c1g62yHC/Z0qz2ZiDvtB18DCc4/BFfhg=; b=NFWMk1tXuvJh2RvA4+mZ6KQi7lzNhvfonuW3UtYaPmo++BV/O57XEe8VylKfxpJooA oe3bbLeOMYq95eeNITC0mmZLor8fDUddR1gEqvNkSDlBKWYSOKMRAL0sTYxO9NClzica 5WiKROeXQOZnxqdJqKVbg+MnPoVDUDVh9zrHKz8PProL8nZSGJ94qJ04BVIm/iYU9h8B TtyJEN6CBCqRAn8GNFgPQVNSILNJ+pOM/o982OdyrzYu1Rteh/ohyNaGPsqly3LPuoa3 L29XW5CFQG7gOB3SMWabnBaM7KL/Dv1CXASsyt46RxjK+vKRS15MpD0h16qlStgwKA7x QPoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s4/EYgFd"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y9-20020a17090322c900b001b231cb6f51si2652618plg.150.2023.06.07.00.32.23; Wed, 07 Jun 2023 00:32:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s4/EYgFd"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233896AbjFGH0Z (ORCPT + 99 others); Wed, 7 Jun 2023 03:26:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239159AbjFGHZx (ORCPT ); Wed, 7 Jun 2023 03:25:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB2022114; Wed, 7 Jun 2023 00:24:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4FF1363A8C; Wed, 7 Jun 2023 07:24:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E97D9C4339C; Wed, 7 Jun 2023 07:24:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686122695; bh=Pxc47KrrrsEBit8kTu0GOtEy/tpcGOklzRJpkQn39Y8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s4/EYgFdfjtIzQr8yP0jJgCBjOtdFWT/UO3ocuWZPAWZ/D3wWDLFy9FuM/L7bt+GC wBQ/dSV7INcCqA6rmO4Q43naX5ZtpU43WGVrF5Io8ITV4hHR6+gpVvG0wIZhZdXOI1 DD86kzwbVG573B9nBbEU6rZZJ/4rOF2UdEXYyu7mdU9NvFGoxNrKidYbVaGKxz+7H8 KUFrEUNd/As06wURitXLr7SoM8T7S/otVfnj/xu/Q4jDKPfT/M4D7SkJ6zAf5AmOqZ hGmb4I5j2TK5zq4lF4aWDfYgMLKXp0pDIjmK+2ZV+8OAns4A2fW4lngT8SSJyvFs5K bO6t2fkKk1Tng== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v5 14/20] x86/efistub: Prefer EFI memory attributes protocol over DXE services Date: Wed, 7 Jun 2023 09:23:36 +0200 Message-Id: <20230607072342.4054036-15-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230607072342.4054036-1-ardb@kernel.org> References: <20230607072342.4054036-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3324; i=ardb@kernel.org; h=from:subject; bh=Pxc47KrrrsEBit8kTu0GOtEy/tpcGOklzRJpkQn39Y8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIaXBoOz034gVyw6flmTJ+t7ddUx6iu3Xx57bZnhesgk9l nz/7AGpjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRxUIM/5TfFSw73Sx2+fj/ S3b82w2OdOp7JThnMwY9qmKbX19rl83IsNdg+uF/E+9WO0/2XSrQsa8w4o3sU9733/VVjghdfu/ LwwUA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768028276038552110?= X-GMAIL-MSGID: =?utf-8?q?1768028276038552110?= Currently, the EFI stub relies on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index f48a2e795d885af8..abcd5703e9f3f980 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t; union sev_memory_acceptance_protocol { @@ -233,12 +234,18 @@ void efi_adjust_memory_range_protection(unsigned long start, unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -801,6 +808,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -812,13 +820,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n");