Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1480449pxv; Fri, 16 Jul 2021 10:14:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwB4x2LRQmk8e/FJqYbh2ElYrIvyFyF32vNutSn7LAvx9k9za7pV0xW1v6yCDt4lus0MOgS X-Received: by 2002:a05:6402:3450:: with SMTP id l16mr16209982edc.358.1626455665518; Fri, 16 Jul 2021 10:14:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626455665; cv=none; d=google.com; s=arc-20160816; b=tnUpmC1Kg2JKEVBWDTSHWfgfjYkHq4oAZwXSB37nn3nLKvbRBK7Sfi/26TWsg/t04I HpCqylDVvWwwcf+1O8v4t92PPgcsYEPu1nqr0jZf0blb4MMASAwQrEifmOcHjF7IjdkH QlYMATaTt+lMIVhq4HO32t8V7uJWfM4S+/POyT1ZcuvsNoayrpEgbcAZyVOiO0dtIO0U y9HbUayXaVECoiLXYbs+Z1ZYYVDXf0RpoJyUOhYE305fNjsBChhh1KOkDyBFQNXKSK+J Z9b//N3EJF4SLDKckV/UF0PnsyYeMjqhfVCQclypMppqE5nHan5l3X/1V/ZiorVuSkCE +Ing== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=X3KsO3lzM+woLD6ztGzrpYjjQPJYeamj47TCYmhRHEQ=; b=MOMvpLgXYxlWP7d6AduyYFdeJ8D1mfdIlINkelWKNwsgm1jtbFRjmcmwJ1PnaReOpn 2McE4NLGeCKrcKZaJdkSE2gWgd1CGog4E0Qogmqa+cxAo5r09QbsVwjcGn4fXVgqJ5kR 6frOK9wiZA1nh3lBild5Ve/oChlwbtg7+2trBdR0tyTrpmeYvkjd96EpaIM0Unn3Njw/ C5SbJJuhQt1XGIa7D0KsK6vyINvj0lngZPySQyi57nN293ghEbOEVPh6CPUCv4cztj5c C2bpb/1NfrZn9k/3v50bCQMSsswZYKTSpmzZvP/GcvPbYh3EeaH6Y16fsnPw5lgareU+ XMIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TKqja2jh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jg9si13643584ejc.230.2021.07.16.10.14.01; Fri, 16 Jul 2021 10:14:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TKqja2jh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229937AbhGPRN3 (ORCPT + 99 others); Fri, 16 Jul 2021 13:13:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:54020 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229462AbhGPRN2 (ORCPT ); Fri, 16 Jul 2021 13:13:28 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 65634613F3; Fri, 16 Jul 2021 17:10:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1626455429; bh=8tHBLJthmsy9VAY9wET51UFI2vK1cDPaeKFdnxf+KQ8=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=TKqja2jhf2NveJ1m8iL1vGtkzUbLFo4447UQpEycH71r8XFBJO92bmthODR4bUxbh MPEOV2wR/xBIT/XayKT1MOej3JBKZE3N8qx5ypKLoejI/fTAE8N+9hO1tDSavBu4xf zl6oGefdOci1zl/pTOYIA7iBbCXJ27w+wUJrTCA2cgCcKhltnwU/7foKlZHLDHLJz6 Wa2NgwkO1oI9ZTeaEkVfw2Bw1fslhHTbA3LHPg7Bv1/6Ml+UfBckfEVb4bu6ic5hsV qHHc1QMoxW/WHCPI9pvwCh3xCzD1q+o09lFeMxyn8e77wMJRX+1eD/jRhoQGWlhBRu MUqm27NoTDZTA== Received: by mail-ot1-f43.google.com with SMTP id h24-20020a9d64180000b029036edcf8f9a6so10581329otl.3; Fri, 16 Jul 2021 10:10:29 -0700 (PDT) X-Gm-Message-State: AOAM532hFM3x14wtRkB4Bj+haKdoa9+ogxdpfcecs+DRmVXRMtsBJeq/ MCkAh+SBLH+JRUVZPwZuQBQevJC/KR3Njy3SvCQ= X-Received: by 2002:a05:6830:3494:: with SMTP id c20mr2516657otu.108.1626455428797; Fri, 16 Jul 2021 10:10:28 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Fri, 16 Jul 2021 19:10:17 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH] efi/mokvar: Reserve the table only if it is in boot services data To: Borislav Petkov Cc: Lenny Szubowicz , Gary Lin , =?UTF-8?B?SsO2cmcgUsO2ZGVs?= , Tom Lendacky , linux-efi , lkml Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 30 Jun 2021 at 10:44, Borislav Petkov wrote: > > Hi guys, > > so below is what we've been staring at recently, please doublecheck me > whether I'm even making sense here. > > Thx! > > --- > From: Borislav Petkov > > One of the SUSE QA tests triggered: > > localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000 > > which comes from x86's version of efi_arch_mem_reserve() trying to > reserve a memory region. Usually, that function expects > EFI_BOOT_SERVICES_DATA memory descriptors but the above case is for the > MOKvar table which is allocated in the EFI shim as runtime services. > > That lead to a fix changing the allocation of that table to boot services. > > However, that fix broke booting SEV guests with that shim leading to > this kernel fix > > 8d651ee9c71b ("x86/ioremap: Map EFI-reserved memory as encrypted for SEV") > > which extended the ioremap hint to map reserved EFI boot services as > decrypted too. > > However, all that wasn't needed, IMO, because that error message in > efi_arch_mem_reserve() was innocuous in this case - if the MOKvar table > is not in boot services, then it doesn't need to be reserved in the > first place because it is, well, in runtime services which *should* be > reserved anyway. > > So do that reservation for the MOKvar table only if it is allocated > in boot services data. I couldn't find any requirement about where > that table should be allocated in, unlike the ESRT which allocation is > mandated to be done in boot services data by the UEFI spec. > > Signed-off-by: Borislav Petkov Acked-by: Ard Biesheuvel Would you like me to queue this as a fix? > --- > drivers/firmware/efi/mokvar-table.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c > index d8bc01340686..38722d2009e2 100644 > --- a/drivers/firmware/efi/mokvar-table.c > +++ b/drivers/firmware/efi/mokvar-table.c > @@ -180,7 +180,10 @@ void __init efi_mokvar_table_init(void) > pr_err("EFI MOKvar config table is not valid\n"); > return; > } > - efi_mem_reserve(efi.mokvar_table, map_size_needed); > + > + if (md.type == EFI_BOOT_SERVICES_DATA) > + efi_mem_reserve(efi.mokvar_table, map_size_needed); > + > efi_mokvar_table_size = map_size_needed; > } > > -- > 2.29.2 > > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette