Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp476832pxt; Fri, 6 Aug 2021 06:36:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvH79waR02n+wvIl588UmIy0EXlarZc3F1OSFva01M+G+7d1XIJNl/+BvmX8uyg9Urarnw X-Received: by 2002:a05:6402:718:: with SMTP id w24mr12864419edx.49.1628257004976; Fri, 06 Aug 2021 06:36:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628257004; cv=none; d=google.com; s=arc-20160816; b=0apAgZPpoP/lxWFXWc1ELBhM4A7zHlYBYvK+ISAYWit6t6hIDisR8mfoU+HFxpytiE jrAwcZFHOMZWoh8X63D8RC9nod+lf7ngEACBhB2Ulf7GOyZjdKDaatt7Z1u0ae6bzfFc HSHSJBvj17j5+1IYqXgMxKz7IzfKFpzWMidD7eNtkUDIi1GGEjNmzD8EIBsc8+e4g1MI KJ6comTujHE28WNDZsBKVZn8n57r6dFgL9o34zP/hJF/OxMqDo9RDQwC6W1QmPDh69SQ 21IPuk8LtCBKUWHSB44kDURVg4HbdTC2SZXkHySprfGLoZs2uP3oWS0tCofVG18+3yGx nfYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=F4joU2oUDk7RalSRa65Br2HyUa+/mDr2By0+c31GbHk=; b=Gl1Zr2L5WExXsuJipMJy/VX0pxg+00d+OTx5fzDWwqZJTjPqBLrifuXvEZOFWS4fbw 6rML+1a+RwtYQ7wfYV2NdPeLJUBSg/Kx2bBzk6WaytjDHzPQ5wYsCvha01b4baHZ8nuk SLr/ATn/EaG00K2lq8D7j/g4Pc60ykPmZ3FwhjAvvt+uOYgFCGVpfO1CGeb0Sl2dRnCg GZcpIgfXR8ETT2AM+N575cV5Vc0zCWEPVcRa7zdmogjcbtUlYmTTzl2sIaKGYC132dXp +iTVNZCcO1o2HB6lN5gDEZwbfa4iwLC+rVNSKnClcsTCmLiPWlFfco1KKerWjapbFeUz YyeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=cJ7xXDZG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j20si8450508edp.226.2021.08.06.06.36.21; Fri, 06 Aug 2021 06:36:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=cJ7xXDZG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244144AbhHFIV2 (ORCPT + 99 others); Fri, 6 Aug 2021 04:21:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:47248 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238787AbhHFITE (ORCPT ); Fri, 6 Aug 2021 04:19:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8EE4E61167; Fri, 6 Aug 2021 08:18:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1628237927; bh=fvvgQ9NlGndbKm/lUZW+jV4hnC9sgAUudL+0moyF+wo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cJ7xXDZG9jRRhmDxy+4W5jbNg9gz6CBpr2baVratzBHaPYXBOzE4cTgp2WiTDEisW Rns+9OgqEMH/l31Z0+g0WkEGOV3mzEKfBdYzdt6hW/Do5FA2rgHbvcJ9RruqGnlH0Z BKI/kAGLFWQVJTlx9efWIQJCRcLbwsVzRYn5TuGM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Borislav Petkov , Ard Biesheuvel , Sasha Levin Subject: [PATCH 5.10 15/30] efi/mokvar: Reserve the table only if it is in boot services data Date: Fri, 6 Aug 2021 10:16:53 +0200 Message-Id: <20210806081113.651725422@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210806081113.126861800@linuxfoundation.org> References: <20210806081113.126861800@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Borislav Petkov [ Upstream commit 47e1e233e9d822dfda068383fb9a616451bda703 ] One of the SUSE QA tests triggered: localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000 which comes from x86's version of efi_arch_mem_reserve() trying to reserve a memory region. Usually, that function expects EFI_BOOT_SERVICES_DATA memory descriptors but the above case is for the MOKvar table which is allocated in the EFI shim as runtime services. That lead to a fix changing the allocation of that table to boot services. However, that fix broke booting SEV guests with that shim leading to this kernel fix 8d651ee9c71b ("x86/ioremap: Map EFI-reserved memory as encrypted for SEV") which extended the ioremap hint to map reserved EFI boot services as decrypted too. However, all that wasn't needed, IMO, because that error message in efi_arch_mem_reserve() was innocuous in this case - if the MOKvar table is not in boot services, then it doesn't need to be reserved in the first place because it is, well, in runtime services which *should* be reserved anyway. So do that reservation for the MOKvar table only if it is allocated in boot services data. I couldn't find any requirement about where that table should be allocated in, unlike the ESRT which allocation is mandated to be done in boot services data by the UEFI spec. Signed-off-by: Borislav Petkov Signed-off-by: Ard Biesheuvel Signed-off-by: Sasha Levin --- drivers/firmware/efi/mokvar-table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c index d8bc01340686..38722d2009e2 100644 --- a/drivers/firmware/efi/mokvar-table.c +++ b/drivers/firmware/efi/mokvar-table.c @@ -180,7 +180,10 @@ void __init efi_mokvar_table_init(void) pr_err("EFI MOKvar config table is not valid\n"); return; } - efi_mem_reserve(efi.mokvar_table, map_size_needed); + + if (md.type == EFI_BOOT_SERVICES_DATA) + efi_mem_reserve(efi.mokvar_table, map_size_needed); + efi_mokvar_table_size = map_size_needed; } -- 2.30.2