From patchwork Wed Jun 7 07:23:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 104304 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp75477vqr; Wed, 7 Jun 2023 00:37:26 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5yWCMJlt2mgK9qbehZjG+q8LStPD+kJ0yHFmkVsmpxi+8+0c5UAhYztn9zOcKjTNBXRqm8 X-Received: by 2002:a81:4e44:0:b0:561:d6dd:bc84 with SMTP id c65-20020a814e44000000b00561d6ddbc84mr5436881ywb.48.1686123446153; Wed, 07 Jun 2023 00:37:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686123446; cv=none; d=google.com; s=arc-20160816; b=VLgZEaHQXyJFN3N3VydUAMWW+NAAaUWRJPomsB8bh9l/m/WAXNn8ShaeYNFyzQYfhi KRx+fFmuUMd3xRvxkXUwAVIBElPAIwbbR/I8HpRb2EirPQdVo1UIDi2SvTGk5I9ujE0k lLKuAid61Y8hmHQAXWa2g1PO0I0GdEh5d+6v6YRVwSiJhvREhZk5sam5LDuLHrHaDBGa hAz3XM4OMPnliaX7FzXFtnR8Ln97IiC4Xgf1FSYU6fwCQvOhYdGVZYsvs8OBwDcVBmKg r9KtJCRJh5Iq94+P6bWoloMf6oQMgPeLgk97SutE1ULT96t5XVr9Go6SBd+k53whEL+c z3JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IQL49+wkBQCrsk56hKhP7yDvFPKBFHJ/K6FeWsnjjXc=; b=TrNckW3E7RvLIgTlU0wQ2/iNWn4tHFnFBNhKgpwfNqEM2T+CDgGlaq3mzR2DmRgMIs p+5qtC9S8KEXkEDqtR7639Ygkg+vihe0IlIFJelPHZgG5/UxUNvygwiX+vruD5kVIVsT DDQcZAg0qKBspP0Do5DbaYwVO5afOone+fKkJkP2NiYCcyatxeqzYBlOilYi5N7x2YTf K5ZYbvKgPZYiOGNAkBePthHWBAD5E2fd4uHBwANNxvcQLMavMrJh2tiel77+Q/YEQ1VW s0eGM3tG0vXfL21QrC3sFPgEZG6RjMGlGigbY8kyrrTrNBTJruQHmsizGuFrMqNOGEMx p9DA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Wm1NqZL1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g19-20020a633753000000b00543a6b76430si5055050pgn.481.2023.06.07.00.37.13; Wed, 07 Jun 2023 00:37:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Wm1NqZL1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239218AbjFGH2l (ORCPT + 99 others); Wed, 7 Jun 2023 03:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239121AbjFGH05 (ORCPT ); Wed, 7 Jun 2023 03:26:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F74D271C; Wed, 7 Jun 2023 00:25:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4C771633AD; Wed, 7 Jun 2023 07:25:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3386C4339E; Wed, 7 Jun 2023 07:25:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686122712; bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Wm1NqZL1ZMBk78SzRLrKdyPbegO9VprXxcWayVhd2l9t+3p/xcHmYK6xy2phDWJxd M6yue+9OZnQgHFuPgHzHqkFD6/E7uhPuNLgRpj2iQV7vDpO4qyaAZJMRW9k2xpqBd4 boLjV0DQZ+L9P18rLqiVzelLs9a+tm+es3TcFatlp0KaEu6jQ42guZrLLP3rve7hK8 SWo/0ojIZYqbdE4jWuht5Kw7kUcRHIP0w6MrlfZNIPtDWeAOhy8ysTMATncYyr77zw 73S7xdY41F7Cs+Atw13l3CUnBgewgGFsKwKSwYKQS11KIalRqJ5+4M4hmv/lDGcHXP piM3bVFz/uZ9g== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v5 18/20] efi/libstub: Add limit argument to efi_random_alloc() Date: Wed, 7 Jun 2023 09:23:40 +0200 Message-Id: <20230607072342.4054036-19-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230607072342.4054036-1-ardb@kernel.org> References: <20230607072342.4054036-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3943; i=ardb@kernel.org; h=from:subject; bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIaXBoHqJcu2dUB2rs1yvj98/8c2t+udkxtvMqoJCfGLbi nedlzbqKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABPJmcXI8NrO/v22yzKzdlke /pZ0/6vbrgkpM+9PWx94fWKdbX5jRhnD/0rtHOnbUw7b8Rz7/E7g7V/OWsZQwYXN/HOnfO6YfCt AjQEA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768028578339599725?= X-GMAIL-MSGID: =?utf-8?q?1768028578339599725?= x86 will need to limit the kernel memory allocation to the lowest 512 MiB of memory, to match the behavior of the existing bare metal KASLR physical randomization logic. So in preparation for that, add a limit parameter to efi_random_alloc() and wire it up. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++---- drivers/firmware/efi/libstub/zboot.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 770b8ecb73984c61..8c40fc89f5f99209 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -106,7 +106,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE); + EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 06b7abc92ced9e18..9823f6fb3e01f718 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -956,7 +956,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type); + int memory_type, unsigned long alloc_limit); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index 32c7a54923b4c127..674a064b8f7adc68 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -16,7 +16,8 @@ */ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, - unsigned long align_shift) + unsigned long align_shift, + u64 alloc_limit) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)EFI_ALLOC_LIMIT); + alloc_limit); if (region_end < size) return 0; @@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type) + int memory_type, + unsigned long alloc_limit) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align)); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index e5d7fa1f1d8fd160..bdb17eac0cb401be 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -119,7 +119,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) } status = efi_random_alloc(alloc_size, min_kimg_align, &image_base, - seed, EFI_LOADER_CODE); + seed, EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) { efi_err("Failed to allocate memory\n"); goto free_cmdline;