Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp22183063ybl; Mon, 6 Jan 2020 20:27:02 -0800 (PST) X-Google-Smtp-Source: APXvYqw53cbiEuLa7NcOm9I5SbJoh8PfjKuIp01gw+ruhjANaNRiLcuQQUFkjuWOH/XNYwlf7v/E X-Received: by 2002:a9d:7e99:: with SMTP id m25mr114618561otp.212.1578371221821; Mon, 06 Jan 2020 20:27:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578371221; cv=none; d=google.com; s=arc-20160816; b=SyXEyIk/JdjRXBx0TBFd3PwlL0eB9KG5UE2mLTANJKu/lS9kjtH/s+trF+BxTF4yGC OKnuIEbXkpgH7u+Wn0vgxTTQ5kfrPMVvOrhOb6ti09zW4ypb7WSlmM+Ix7iQh1+xI8J3 UjwANgSyVx/Azk+w0vj8inQaYrSSycMiFhis1dN0YC/cUoSpKo++mom0aK1XfznvK+NQ aSzpuR07pHGdjh10qhFvzy4fusIqvgH5ovf+g8RHnHsowVFmyAddpYUdXLz0S+wQ8MuH vqGZ/14DTFsYJK1Lnp7LEFcEte7tjd3aNAL1q0t/0s4bjKNoVNfowDEMbO/6AhzFbYDL Ty3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=rpRVgkQrP+H8glvNMQeoSS2IHkaJmEZmOMYgHcv4/Sk=; b=m1dHkIIvpB6yOPGzxTwLv8rc3wsZ9NCChWdmDjA6dkiTgq7x+uMXekojtvqiphC3Si Y7mxwip7k2mSFmPiL0mTSSc3/zOf6ThzZ1BkIKdOBOVl2v33ljJBeEfB1ntLohqPh5U5 sbdnAqAzbZ23kmC+Ewz9PGHMIT6ES42lwBrtawiSEY2idk+6BlavQrTuAHS47u5cyf6K iUKzzpcOjJ5g754V+CPZVNUy8DYhXAaSBHvZy3xdghY92c5uzFN1yKaHRGQfQFGMc5ox 6zElYX3WVczWPv/UqFjYeUqj81Zdaa6AXvuvLCWrY5I+N2z7VuqIIHaw4dPLXfMTn4gG dqzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=hMwCZTFo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p16si7359049otr.134.2020.01.06.20.26.49; Mon, 06 Jan 2020 20:27:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=hMwCZTFo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727569AbgAGEYo (ORCPT + 99 others); Mon, 6 Jan 2020 23:24:44 -0500 Received: from mail-ot1-f65.google.com ([209.85.210.65]:36441 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727558AbgAGEYo (ORCPT ); Mon, 6 Jan 2020 23:24:44 -0500 Received: by mail-ot1-f65.google.com with SMTP id 19so62145172otz.3 for ; Mon, 06 Jan 2020 20:24:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rpRVgkQrP+H8glvNMQeoSS2IHkaJmEZmOMYgHcv4/Sk=; b=hMwCZTFotL92VhgJnQOx+5zKXeoHFoSDwxyQeDkGA7LL1xJ/5I1qifpHD05tGEJ/k1 D81lbVKvMM5wqPFXLh61rQyjbKeBSH5Fvnn0a/5n9Yj/TpAk3Pj0GP1I+sfNM0VmwXVH T9SVgNr3TPjwmBBxcbMTev/tuMSNk+LWI0YsAS4v1EPSUGxuxQo/3h+UYuZlAUBRmir+ cilRI/wWpV+b0C/e78M1pw8nlm8AZ/iKLvy3lHo3u1ZPcZLcPhj36PonE0fXHE5FebIw 1H04+KlDDlAkwaMukRX/ufRxoF1bmBJoRoWyjdZAxuB28KEJGfld5brUc0sgJ20yz7fV NLlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rpRVgkQrP+H8glvNMQeoSS2IHkaJmEZmOMYgHcv4/Sk=; b=fOES3ooRzk1NhAzZOtbiCm8gdzZelg9iF2/TE8rcCWtOQjAgkB14DknxNOpH70bGNl RTHFcx8Sb/DFKOobaFYODzotX+drQ/bA48w+eLH8YVQT8nGapl5cCDfgUhVrvzJkGcPE gU+MBrXUAyqjI3WhaKMz9zCrDU4Zv+wkUTTCqQTaMrhU2UELoc8pGxw7cNHpk7nr42Gl q7S+4clQ7SVsUPQJeM40lpII5qP6hO7/WPg4fLAnLp9cL4YHj/1J2HlLGIfpk+ORp7Uv qxAM8P2YQ19A0j2/aZd/Jhmg3xo9Movo3+vQ7wCC1Cq6Ie6ICuY1h4DtEU1NQWJ5NWe1 Auig== X-Gm-Message-State: APjAAAWsAi3uMWqRartxuAMwni47wPDvQQmFqZLs03w9llrsmWSmigmg VxORYQlgb+JclVpSuht9FHIYwe8fX1RMMX0UZ5nduQ== X-Received: by 2002:a9d:4e99:: with SMTP id v25mr123180121otk.363.1578371083582; Mon, 06 Jan 2020 20:24:43 -0800 (PST) MIME-Version: 1.0 References: <157835762222.1456824.290100196815539830.stgit@dwillia2-desk3.amr.corp.intel.com> <157835763783.1456824.4013634516855823659.stgit@dwillia2-desk3.amr.corp.intel.com> <20200107035824.GA19080@dhcp-128-65.nay.redhat.com> In-Reply-To: <20200107035824.GA19080@dhcp-128-65.nay.redhat.com> From: Dan Williams Date: Mon, 6 Jan 2020 20:24:32 -0800 Message-ID: Subject: Re: [PATCH v4 3/4] efi: Fix efi_memmap_alloc() leaks To: Dave Young Cc: Ingo Molnar , Taku Izumi , Ard Biesheuvel , linux-efi , X86 ML , Linux Kernel Mailing List , Kexec Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 6, 2020 at 7:58 PM Dave Young wrote: > > On 01/06/20 at 04:40pm, Dan Williams wrote: > > With efi_fake_memmap() and efi_arch_mem_reserve() the efi table may be > > updated and replaced multiple times. When that happens a previous > > dynamically allocated efi memory map can be garbage collected. Use the > > new EFI_MEMMAP_{SLAB,MEMBLOCK} flags to detect when a dynamically > > allocated memory map is being replaced. > > > > Debug statements in efi_memmap_free() reveal: > > > > efi: __efi_memmap_free:37: phys: 0x23ffdd580 size: 2688 flags: 0x2 > > efi: __efi_memmap_free:37: phys: 0x9db00 size: 2640 flags: 0x2 > > efi: __efi_memmap_free:37: phys: 0x9e580 size: 2640 flags: 0x2 > > > > ...a savings of 7968 bytes on a qemu boot with 2 entries specified to > > efi_fake_mem=. > > > > Cc: Taku Izumi > > Cc: Ard Biesheuvel > > Signed-off-by: Dan Williams > > --- > > drivers/firmware/efi/memmap.c | 24 ++++++++++++++++++++++++ > > 1 file changed, 24 insertions(+) > > > > diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c > > index 04dfa56b994b..bffa320d2f9a 100644 > > --- a/drivers/firmware/efi/memmap.c > > +++ b/drivers/firmware/efi/memmap.c > > @@ -29,6 +29,28 @@ static phys_addr_t __init __efi_memmap_alloc_late(unsigned long size) > > return PFN_PHYS(page_to_pfn(p)); > > } > > > > +static void __init __efi_memmap_free(u64 phys, unsigned long size, unsigned long flags) > > +{ > > + if (flags & EFI_MEMMAP_MEMBLOCK) { > > + if (slab_is_available()) > > + memblock_free_late(phys, size); > > + else > > + memblock_free(phys, size); > > + } else if (flags & EFI_MEMMAP_SLAB) { > > + struct page *p = pfn_to_page(PHYS_PFN(phys)); > > + unsigned int order = get_order(size); > > + > > + free_pages((unsigned long) page_address(p), order); > > + } > > +} > > + > > +static void __init efi_memmap_free(void) > > +{ > > + __efi_memmap_free(efi.memmap.phys_map, > > + efi.memmap.desc_size * efi.memmap.nr_map, > > + efi.memmap.flags); > > +} > > + > > /** > > * efi_memmap_alloc - Allocate memory for the EFI memory map > > * @num_entries: Number of entries in the allocated map. > > @@ -100,6 +122,8 @@ static int __init __efi_memmap_init(struct efi_memory_map_data *data) > > return -ENOMEM; > > } > > > > + efi_memmap_free(); > > + > > This seems still not safe, see below function: > arch/x86/platform/efi/efi.c: > static void __init efi_clean_memmap(void) > It use same memmap for both old and new, and filter out those invalid > ranges in place, if the memory is freed then .. In the efi_clean_memmap() case flags are 0, so efi_memmap_free() is a nop. Would you feel better with an explicit? WARN_ON(efi.memmap.phys_map == data->phys_map && (data->flags & (EFI_MEMMAP_SLAB | EFI_MEMMAP_MEMBLOCK)) ...not sure it's worth it. > > > map.phys_map = data->phys_map; > > map.nr_map = data->size / data->desc_size; > > map.map_end = map.map + data->size; > >