Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1243614pxj; Fri, 4 Jun 2021 09:24:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3MF2ziSJFS2l7arE5o1iaJayJD5KE8cVcxtMV/EHmo2zSEc4JRuD+T2LJNv5TfcDu0J8f X-Received: by 2002:a17:906:ccd9:: with SMTP id ot25mr4906649ejb.386.1622823851809; Fri, 04 Jun 2021 09:24:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622823851; cv=none; d=google.com; s=arc-20160816; b=Nwzi1DWJiXuBZ7Wg2l9kbb+7cLt6nTDSCdkgXziJjoKxhP+adSp+fyHasNj/22TS2L wi2vewZMutMgRuaKz43lSxIIQK0OSx/hq34ASRRCdpfJJz5M4dhuLn1/IA72S9xKcG1H NzFRtvw7Pzp3XNqPjQol/L7lCpyxiL5SQ4UmmyBzbW0xIAi9kEeGBa+uYNgsbrWYL08k Lp+IBlf4zBZhMAJBmu0TAtAAKBkX9/C14g9/IwVBwuSU0/K7m0fSl2SxMojWFzQ10X4q k9d09Eic+o0gyEohuXt5x6PctUXfSA0CaHZ9ZpeJ1uOxeu3Rzrt4R6+eWMd6a/rieWBI QexQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=DWkSJZMU0jJ4U3M7Q4kNvKbwEg9Yw2LhUG+i/ThvObI=; b=d+GFVLj6FJILtZkmjpDFOGtHwbuVp5HLa33RtJuRJ5KSy9rSN5HP9F2qtgBuCXo99H g8svnXfWeOZhQ0wUsDdoRU8aGMUuTVRn2aL8s0D+CohOo4CF0J/aqCdHCVPpVpD3UWnz QpIBDLCLAXNQJMCdDUeQ/LyKGRFnqZVLe7xOtBhM6s95+ZVUzCqIZBPD6cm2DIrp7+wS BAHeprutfJbryQDpcleNzKEatB6EuBXeoI0WgxE47S+Ux7t/bBgDfMsz6qttg5YA6yYN p0gcLvVzkm61rmmNTWtto6Py20VbPKh3d/OwGnXVNl3NS38NHoImchuWPJt4s3At8L08 WI3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j15si5086689ejx.635.2021.06.04.09.23.40; Fri, 04 Jun 2021 09:24:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230410AbhFDQWb (ORCPT + 99 others); Fri, 4 Jun 2021 12:22:31 -0400 Received: from foss.arm.com ([217.140.110.172]:42454 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229809AbhFDQWa (ORCPT ); Fri, 4 Jun 2021 12:22:30 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EB7851063; Fri, 4 Jun 2021 09:20:43 -0700 (PDT) Received: from [192.168.0.14] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 459693F73D; Fri, 4 Jun 2021 09:20:41 -0700 (PDT) Subject: Re: [PATCH v2 1/5] arm64: kexec_file: Forbid non-crash kernels To: Marc Zyngier , kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Catalin Marinas , Will Deacon , Ard Biesheuvel , Mark Rutland , Lorenzo Pieralisi , Hanjun Guo , Sudeep Holla , Eric Biederman , Bhupesh SHARMA , AKASHI Takahiro , Dave Young , Andrew Morton , Moritz Fischer , kernel-team@android.com, stable@vger.kernel.org References: <20210531095720.77469-1-maz@kernel.org> <20210531095720.77469-2-maz@kernel.org> From: James Morse Message-ID: Date: Fri, 4 Jun 2021 17:20:36 +0100 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <20210531095720.77469-2-maz@kernel.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 31/05/2021 10:57, Marc Zyngier wrote: > It has been reported that kexec_file doesn't really work on arm64. > It completely ignores any of the existing reservations, which results > in the secondary kernel being loaded where the GICv3 LPI tables live, > or even corrupting the ACPI tables. I'd like to know how the ACPI tables bit happens. ACPI tables should be in EFI_ACPI_RECLAIM_MEMORY or EFI_ACPI_MEMORY_NVS (which isn't treated as usable). EFI's reserve_regions() does this: | if (!is_usable_memory(md)) | memblock_mark_nomap(paddr, size); | | /* keep ACPI reclaim memory intact for kexec etc. */ | if (md->type == EFI_ACPI_RECLAIM_MEMORY) | memblock_reserve(paddr, size); which is called via efi_init(), and all those regions end up listed as reserved in /proc/iomem. (this is why arm64 doesn't call acpi_reserve_initial_tables()) If your firmware puts ACPI tables are in EFI_CONVENTIONAL_MEMORY, you have bigger problems as the kernel could get relocated over the top of them during boot, and even if it doesn't, nothing stops that memory being allocated for user-space. Even acpi_table_upgrade() calls memblock_reserve() and happens early enough not to be a problem. Please share ... enjoyment, optional. (boot with efi=debug and post the EFI memory map and the 'ACPI: FOO 0xphysicaladdress' stuff at the top of the boot log) Thanks, James > Since only crash kernels are imune to this as they use a reserved > memory region, disable the non-crash kernel use case. Further > patches will try and restore the functionality.