Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp502186pxt; Fri, 6 Aug 2021 07:11:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvqlqAmuOEwxpRDGQyAs2jwzXx6ctF4tOycb1AldFG9IRZucRD1On/VSNHQAhuiVNAehuG X-Received: by 2002:a92:c524:: with SMTP id m4mr174149ili.42.1628259087015; Fri, 06 Aug 2021 07:11:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628259087; cv=none; d=google.com; s=arc-20160816; b=lswl+kQ/TJ8dYbTAJ5tuVIwdXgfT6gEernUeCLRW8m65E45OREYJ4htykui5Lw+04n COsxrnOcxmgUPNMvD9gIDMuxfyztnmAQCjm/BcP3UMlYzcGQ8Ap44pz/0bCyS690iG80 /fIShaOP52EKSXiPhqoU7PoupjNN9zy90CsFTO/duwNEX7RjTOHhhrBc8jgHjTJTUesu ChG7DsVynRCJI37YejQjboYxOWjIjBLma5L0W3TiPJCcDjqIs098MLSzgyxrmd6VZj7r B1Ke4sX+UeY9+EfeajWbG2lpJAs7CTzD8WJKtlz2a6wc7DJP5jMpGLz+7Az4n886/gPx fg9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=F4joU2oUDk7RalSRa65Br2HyUa+/mDr2By0+c31GbHk=; b=Fb1Kbnw/FHOv8UA8CHCKSyvRxwU9XS0EMaECRJM+lTJiMipBhGQiA3YEsg53Br5bYr JNlmeUIFSpL4/5aQ681BMgR7BYO1Y1BoQ1kso+d7jruwtvCrSsgXKHeCXqnv5K0a2Vve G5shQAuzq+9ddfM+zJ1Yw3xykkkvFqJQvr/8Q17twXcFTSlBGI0nt2ofNf7yQnijPBMH S42AWwUZiKJoomKTNYQSQet+v/9Za7q2MyiU8aHC5RSzdu5/49ujnPU7Ym2g0bMS5yO2 6qjS19Ibbp7cIe/9V8yALA2sAirywsofpnK1IN3YX4q5YLVKPEU74eYxkI3OU5nI8+3k 1zpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="x3/mgvvU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t2si5101732ilq.106.2021.08.06.07.11.14; Fri, 06 Aug 2021 07:11:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="x3/mgvvU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244921AbhHFIY0 (ORCPT + 99 others); Fri, 6 Aug 2021 04:24:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:51244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244076AbhHFIU4 (ORCPT ); Fri, 6 Aug 2021 04:20:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A84EC611CC; Fri, 6 Aug 2021 08:20:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1628238034; bh=fvvgQ9NlGndbKm/lUZW+jV4hnC9sgAUudL+0moyF+wo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=x3/mgvvUksu8yfObABRRFMzuzdxS8u/EjhQaJtnTIdOxXB8IVkA8A0ruvABJDFxR3 ieh/XE4XxnszVxGgHhhVR79Hl0ArTF2e6tIMMK7kTpwHbTeEWQfJaFSKjX6CLOCx2E NUYelbNwLlrBn2XaJZ+l0JscUer/5IdKAtEZAWkE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Borislav Petkov , Ard Biesheuvel , Sasha Levin Subject: [PATCH 5.13 26/35] efi/mokvar: Reserve the table only if it is in boot services data Date: Fri, 6 Aug 2021 10:17:09 +0200 Message-Id: <20210806081114.587320457@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210806081113.718626745@linuxfoundation.org> References: <20210806081113.718626745@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Borislav Petkov [ Upstream commit 47e1e233e9d822dfda068383fb9a616451bda703 ] One of the SUSE QA tests triggered: localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000 which comes from x86's version of efi_arch_mem_reserve() trying to reserve a memory region. Usually, that function expects EFI_BOOT_SERVICES_DATA memory descriptors but the above case is for the MOKvar table which is allocated in the EFI shim as runtime services. That lead to a fix changing the allocation of that table to boot services. However, that fix broke booting SEV guests with that shim leading to this kernel fix 8d651ee9c71b ("x86/ioremap: Map EFI-reserved memory as encrypted for SEV") which extended the ioremap hint to map reserved EFI boot services as decrypted too. However, all that wasn't needed, IMO, because that error message in efi_arch_mem_reserve() was innocuous in this case - if the MOKvar table is not in boot services, then it doesn't need to be reserved in the first place because it is, well, in runtime services which *should* be reserved anyway. So do that reservation for the MOKvar table only if it is allocated in boot services data. I couldn't find any requirement about where that table should be allocated in, unlike the ESRT which allocation is mandated to be done in boot services data by the UEFI spec. Signed-off-by: Borislav Petkov Signed-off-by: Ard Biesheuvel Signed-off-by: Sasha Levin --- drivers/firmware/efi/mokvar-table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c index d8bc01340686..38722d2009e2 100644 --- a/drivers/firmware/efi/mokvar-table.c +++ b/drivers/firmware/efi/mokvar-table.c @@ -180,7 +180,10 @@ void __init efi_mokvar_table_init(void) pr_err("EFI MOKvar config table is not valid\n"); return; } - efi_mem_reserve(efi.mokvar_table, map_size_needed); + + if (md.type == EFI_BOOT_SERVICES_DATA) + efi_mem_reserve(efi.mokvar_table, map_size_needed); + efi_mokvar_table_size = map_size_needed; } -- 2.30.2