kexec_load_file() relies on the memblock infrastructure to avoid
stamping over regions of memory that are essential to the survival
of the system.
However, nobody seems to agree how to flag these regions as reserved,
and (for example) EFI only publishes its reservations in /proc/iomem
for the benefit of the traditional, userspace based kexec tool.
On arm64 platforms with GICv3, this can result in the payload being
placed at the location of the LPI tables. Shock, horror!
Let's augment the EFI reservation code with a memblock_reserve() call,
protecting our dear tables from the secondary kernel invasion.
Reported-by: Moritz Fischer <[email protected]>
Tested-by: Moritz Fischer <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
Cc: [email protected]
Cc: Ard Biesheuvel <[email protected]>
Cc: James Morse <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Will Deacon <[email protected]>
---
drivers/firmware/efi/efi.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 4b7ee3fa9224..847f33ffc4ae 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -896,6 +896,7 @@ static int __init efi_memreserve_map_root(void)
static int efi_mem_reserve_iomem(phys_addr_t addr, u64 size)
{
struct resource *res, *parent;
+ int ret;
res = kzalloc(sizeof(struct resource), GFP_ATOMIC);
if (!res)
@@ -908,7 +909,17 @@ static int efi_mem_reserve_iomem(phys_addr_t addr, u64 size)
/* we expect a conflict with a 'System RAM' region */
parent = request_resource_conflict(&iomem_resource, res);
- return parent ? request_resource(parent, res) : 0;
+ ret = parent ? request_resource(parent, res) : 0;
+
+ /*
+ * Given that efi_mem_reserve_iomem() can be called at any
+ * time, only call memblock_reserve() if the architecture
+ * keeps the infrastructure around.
+ */
+ if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK) && !ret)
+ memblock_reserve(addr, size);
+
+ return ret;
}
int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size)
--
2.30.2
On Tue, 13 Jul 2021 at 20:43, Marc Zyngier <[email protected]> wrote:
>
> kexec_load_file() relies on the memblock infrastructure to avoid
> stamping over regions of memory that are essential to the survival
> of the system.
>
> However, nobody seems to agree how to flag these regions as reserved,
> and (for example) EFI only publishes its reservations in /proc/iomem
> for the benefit of the traditional, userspace based kexec tool.
>
> On arm64 platforms with GICv3, this can result in the payload being
> placed at the location of the LPI tables. Shock, horror!
>
> Let's augment the EFI reservation code with a memblock_reserve() call,
> protecting our dear tables from the secondary kernel invasion.
>
> Reported-by: Moritz Fischer <[email protected]>
> Tested-by: Moritz Fischer <[email protected]>
> Signed-off-by: Marc Zyngier <[email protected]>
> Cc: [email protected]
> Cc: Ard Biesheuvel <[email protected]>
> Cc: James Morse <[email protected]>
> Cc: Catalin Marinas <[email protected]>
> Cc: Will Deacon <[email protected]>
Thanks, I'll queue this as a fix.
> ---
> drivers/firmware/efi/efi.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 4b7ee3fa9224..847f33ffc4ae 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -896,6 +896,7 @@ static int __init efi_memreserve_map_root(void)
> static int efi_mem_reserve_iomem(phys_addr_t addr, u64 size)
> {
> struct resource *res, *parent;
> + int ret;
>
> res = kzalloc(sizeof(struct resource), GFP_ATOMIC);
> if (!res)
> @@ -908,7 +909,17 @@ static int efi_mem_reserve_iomem(phys_addr_t addr, u64 size)
>
> /* we expect a conflict with a 'System RAM' region */
> parent = request_resource_conflict(&iomem_resource, res);
> - return parent ? request_resource(parent, res) : 0;
> + ret = parent ? request_resource(parent, res) : 0;
> +
> + /*
> + * Given that efi_mem_reserve_iomem() can be called at any
> + * time, only call memblock_reserve() if the architecture
> + * keeps the infrastructure around.
> + */
> + if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK) && !ret)
> + memblock_reserve(addr, size);
> +
> + return ret;
> }
>
> int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size)
> --
> 2.30.2
>