| Message ID | 20230607072342.4054036-2-ardb@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp75288vqr;
Wed, 7 Jun 2023 00:37:02 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ4NU6otY4bBD7O+UzOJk8p37tmP/1c7pR+k9Qv4jWWL+VtgWrsMZ1CdVOWMPpzPZwuJmo8F
X-Received: by 2002:a05:6a20:12cf:b0:118:5d5a:f26d with SMTP id
v15-20020a056a2012cf00b001185d5af26dmr250012pzg.59.1686123422718;
Wed, 07 Jun 2023 00:37:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686123422; cv=none;
d=google.com; s=arc-20160816;
b=m9sCkJgVFKwjt0OZGzGO0BgaRp/j0kh7x0mUTUtOyaKQUPXAE6y3uRHfKZfwJIqhav
8vGtmWAIl+cGHBNM/N2tj0+MhoYp70sKMKEygYQPltDljOMqd9JhwbZNWQNa79Uum+Al
SaPH7iYFP9inaV8Ehk+ZsCW155La44GaqCi2icX7Sp2vM5ZTjSZFhxoySHusvSu6jyU2
Xak5Nn8W+46wxHIGkHxfAjMqEuWd8pvo7Hvoo6l3JX1SP/7+Fvk9kkX96wjNtr9epgg9
GwxTMBc3uKi6lVY6kJlPhPKwidZ7iqfKAFwLLQZk+DA169vsNnIIJvGKboJbNcfSi0Ol
+UqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=u8IvhatF++wRhzyU5M2j0CfkceCNheQ6ZML+xgLkmTo=;
b=TSb3abhX37OdDB1LzAg5hIg6lbXqNckSEJQhIhRyVhWlE/P/5V/CFl1agO20yyCWyr
ioTU9Jh54+YlQGt1Zb9tRmHRaK1zQTu5C1EJI1/wKEds60HqDjOKpn8usQif3iNgVxKx
ClxltQFkqdmCV3oJRc8a1TexuBtO8KepN4XeTnY4gJGYw4FdI3HJrqqYTFeIGW3cvPNq
4WnLqdcMROvYF1JgqPPsUu8pNTs2jpjdlMeH5wHQuUOXkYWdESXPSJOT5z9JXcSX9SB0
8NfcB+z8SxpSIwg3NfVQwJa3/R5GWyh2mw5N1NwY7cXjcsxDOXEx7fxJFECnXloYy2Y+
a3sQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pWwvL1E8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
5-20020a17090a018500b0024e29660f61si724444pjc.90.2023.06.07.00.36.49;
Wed, 07 Jun 2023 00:37:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pWwvL1E8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S239170AbjFGH01 (ORCPT <rfc822;literming00@gmail.com>
+ 99 others); Wed, 7 Jun 2023 03:26:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53866 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S239160AbjFGHZx (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 7 Jun 2023 03:25:53 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4B891FED;
Wed, 7 Jun 2023 00:24:45 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 2A0ED63542;
Wed, 7 Jun 2023 07:24:01 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BE859C433A0;
Wed, 7 Jun 2023 07:23:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1686122640;
bh=0wgPR8cosROASbxhizaWEh3zQ4j+H/DEB9t5hilAPDo=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=pWwvL1E8pkq/VHu7SKqTWzB5IsBgx4UbU58H2oaGOtkSndAPzouOdgkZ46eMTGO8L
gekBQ9RF8fjOVy+m7hXAmWVgYCLKNQyFbVaddTwSCU5Iaw78exac+o0Fxrngck8VEc
ikpqE/Jx6aG9KdVljqYBO3V6TQm5FPF23NdVe/IpMZup1d7Ce1xg267r9l4UuhH1ve
JOk8S+A0T/E87x2VpzCaDSSvkKaJ0UE9KIbtkoN29JU27f2wOxKpkaa+FK/0zdfSwT
OFsElmTqK0gQOdinmyHj8imQUwnxS4YL8LGxYnmZX2cbT+5mZFO2boaudaPomPzhfY
gaDmlKOTzxHwg==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Evgeniy Baskov <baskov@ispras.ru>,
Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Dave Young <dyoung@redhat.com>,
Mario Limonciello <mario.limonciello@amd.com>,
Kees Cook <keescook@chromium.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Joerg Roedel <jroedel@suse.de>
Subject: [PATCH v5 01/20] x86/efistub: Branch straight to kernel entry point
from C code
Date: Wed, 7 Jun 2023 09:23:23 +0200
Message-Id: <20230607072342.4054036-2-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230607072342.4054036-1-ardb@kernel.org>
References: <20230607072342.4054036-1-ardb@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1927; i=ardb@kernel.org;
h=from:subject; bh=0wgPR8cosROASbxhizaWEh3zQ4j+H/DEB9t5hilAPDo=;
b=owGbwMvMwCFmkMcZplerG8N4Wi2JIaXBILVkwumLTU3H5j/cIH/66+vkV6UeBj/PLN5wZM6TP
89vcTMLdpSyMIhxMMiKKbIIzP77bufpiVK1zrNkYeawMoEMYeDiFICJ3GRi+B+p8rz94KHqOPOD
idd2cLMx/C6+sVndsE9l34VujQ92byMZ/inqvZv5UkxSInIp75QN//crGk/65nbjcTpnhXpMZYS
cITcA
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
fpr=F43D03328115A198C90016883D200E9CA6329909
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768028554030479389?=
X-GMAIL-MSGID: =?utf-8?q?1768028554030479389?=
|
| Series |
efi/x86: Avoid bare metal decompressor during EFI boot
|
|
Commit Message
Ard Biesheuvel
June 7, 2023, 7:23 a.m. UTC
Instead of returning to the calling code in assembler that does nothing
more than perform an indirect call with the boot_params pointer in
register ESI/RSI, perform the jump directly from the EFI stub C code.
This will allow the asm entrypoint code to be dropped entirely in
subsequent patches.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/x86-stub.c | 21 ++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
Comments
On Wed, Jun 07, 2023 at 09:23:23AM +0200, Ard Biesheuvel wrote: > - return bzimage_addr; > + if (IS_ENABLED(CONFIG_X86_64)) > + /* add offset of startup_64() */ > + bzimage_addr += 0x200; Uh, magic. Well, there's this: arch/x86/boot/compressed/head_64.S: .code64 .org 0x200 SYM_CODE_START(startup_64) /* * 64bit entry is 0x200 and it is ABI so immutable! * We come here either from startup_32 or directly from a * 64bit bootloader. Looking at Documentation/arch/x86/boot.rst, we actually say in the xloadflags section: Bit 0 (read): XLF_KERNEL_64 - If 1, this kernel has the legacy 64-bit entry point at 0x200. and header.S sets that: xloadflags: #ifdef CONFIG_X86_64 # define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ so you checking CONFIG_X86_64 is probably ok. It might be cleaner, though, if you test XLF_KERNEL_64 directly and act accordingly, although, do I understand it correctly, that the EFI libstub goes together with the kernel it was built for so the checks would be doing the same thing...? I.e., the libstub cannot be somehow "glued" with another kernel or so, which doesn't set CONFIG_X86_64. Thx.
On Wed, 7 Jun 2023 at 20:53, Borislav Petkov <bp@alien8.de> wrote: > > On Wed, Jun 07, 2023 at 09:23:23AM +0200, Ard Biesheuvel wrote: > > - return bzimage_addr; > > + if (IS_ENABLED(CONFIG_X86_64)) > > + /* add offset of startup_64() */ > > + bzimage_addr += 0x200; > > Uh, magic. > > Well, there's this: > > arch/x86/boot/compressed/head_64.S: > > .code64 > .org 0x200 > SYM_CODE_START(startup_64) > /* > * 64bit entry is 0x200 and it is ABI so immutable! > * We come here either from startup_32 or directly from a > * 64bit bootloader. > > > Looking at Documentation/arch/x86/boot.rst, we actually say in the > xloadflags section: > > Bit 0 (read): XLF_KERNEL_64 > > - If 1, this kernel has the legacy 64-bit entry point at 0x200. > > and header.S sets that: > > xloadflags: > #ifdef CONFIG_X86_64 > # define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ > > so you checking CONFIG_X86_64 is probably ok. > > It might be cleaner, though, if you test XLF_KERNEL_64 directly and act > accordingly, although, do I understand it correctly, that the EFI > libstub goes together with the kernel it was built for so the checks > would be doing the same thing...? I.e., the libstub cannot be somehow > "glued" with another kernel or so, which doesn't set CONFIG_X86_64. > This code gets removed again later in the series, so i didn't bother with any of this. I think checking those XLF flags from code is something to avoid in any case - it is part of the file representation, and consumed by loaders. I am not sure we can assume that they are always accessible from the running code (and EFI is not guaranteed to load the first sector as this is the file header not the payload)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 220be75a5cdc1f4c..d4a730f053bdcbfa 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -803,10 +803,19 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle) return EFI_SUCCESS; } +static void __noreturn enter_kernel(unsigned long kernel_addr, + struct boot_params *boot_params) +{ + /* enter decompressed kernel with boot_params pointer in RSI/ESI */ + asm("jmp *%0"::"r"(kernel_addr), "S"(boot_params)); + + unreachable(); +} + /* - * On success, we return the address of startup_32, which has potentially been - * relocated by efi_relocate_kernel. - * On failure, we exit to the firmware via efi_exit instead of returning. + * On success, this routine will jump to the relocated image directly and never + * return. On failure, it will exit to the firmware via efi_exit() instead of + * returning. */ asmlinkage unsigned long efi_main(efi_handle_t handle, efi_system_table_t *sys_table_arg, @@ -950,7 +959,11 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, goto fail; } - return bzimage_addr; + if (IS_ENABLED(CONFIG_X86_64)) + /* add offset of startup_64() */ + bzimage_addr += 0x200; + + enter_kernel(bzimage_addr, boot_params); fail: efi_err("efi_main() failed!\n");