Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3947046rwb; Fri, 30 Sep 2022 10:24:49 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6F37IpLSvXcAW4WZjHmD9WV1f0CHYZkfBghyG+yRE+zGmLxeQZJBq6emlmYh07KowHLrmU X-Received: by 2002:a17:90b:3a81:b0:203:1247:4920 with SMTP id om1-20020a17090b3a8100b0020312474920mr10673536pjb.102.1664558688922; Fri, 30 Sep 2022 10:24:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664558688; cv=none; d=google.com; s=arc-20160816; b=hvH9HiGaeJJvjdn1Q6iN54BwWon0/4eC5diChj5U42np/hUAxgHSaVKBE1Sj+MUIOx 5WEqhkrZcUD8jGvaBOotkpgX85RQAHFyaZhQJ1jZJQ2j7cB2G2ZjpN4iaw2IwiOKtEeV 079cfVBrmEnVM1CQH6bV44+NIc/dLJizI+YS6RCgehT2gfOReLXVc/479xTBKljoxISl JUOA9pl3dS5uiBKchQSuR4DE0LgKrcDxublQzoG6V6WdhVHrNCnGt5fHObk/4f/kaIYv r9nStI/X37nQJQgjk4j1/lhVzVgj0WRhkmPySQ1BbM5zwVLKKVbgBM/ue7mdBUfLzhT7 JlpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=SmV33aTbZLMaSc7e6x6/a0yD1YxjcfyZWd4pX2uyxNI=; b=MYmZh/aFzF82RMPloslEHtXBeELq+y7XLVNYYDy0izpw1AJq1Zke30EnMe4Vr+nOQV DDgOdf1xiR+7QPmDnVl3RjcxU0mk+EjwCiqo/67u5YVQCg6Y+7RLovDMkveDhXpaCkm1 /pm2+Z7QU05haS3O3hCvPi3LC83kYNsEdo//8kIEmuY0tUfcA9oYboApXLaamai51JEf nhR4To2wgsuEuNzWLOCOOwrKEjz/g6Mk1BXm9BPzvgMYq0nZmwdgHBGj58eSjEaTakJZ UF0EFFSTtAKhgHDmbUlZwmvpVNq7+jwt0Kk9ofusLXRrxxMcdGUm42tsy0uTLVz8OgQb eKhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm2 header.b=upjub1rv; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=MfoCeDlA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bd5-20020a170902830500b00178aec118c9si2052168plb.378.2022.09.30.10.24.36; Fri, 30 Sep 2022 10:24:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm2 header.b=upjub1rv; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=MfoCeDlA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231779AbiI3RMd (ORCPT + 99 others); Fri, 30 Sep 2022 13:12:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231579AbiI3RMb (ORCPT ); Fri, 30 Sep 2022 13:12:31 -0400 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B49AD1B0E28; Fri, 30 Sep 2022 10:12:30 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 57A833200A35; Fri, 30 Sep 2022 13:12:29 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Fri, 30 Sep 2022 13:12:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; t=1664557948; x= 1664644348; bh=SmV33aTbZLMaSc7e6x6/a0yD1YxjcfyZWd4pX2uyxNI=; b=u pjub1rvphcp2BMPPN6KmzumKuGefLUM0bp0cVVJSfuTe+Og2D+VZzMDUA3IlqOOI 46cWvOn4Piowd35V+LAQz3UNHY+7bOT5QJnX8RbTeDi8fJTORVfaRttziHhUXzIP 3Ncp91P5Wc31GMsotZmhgvVKodWCCkCuX6iKyexRpaPicUcg4p6/aB5uAOPvIB58 vi8TaEsBy9RMnslMiJORLxTkvwcqiyL84H6FVONEoJg9sc7mL4z3c21AmFaJDCrh Q1fbpOWck9E9wDjO70BhxUjsfFcbEX9dQJ/WhdK4VeRpmE0HO3Ct9z7JrivxJD77 t2drz5P7gpFGrc8I+TIYQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1664557948; x=1664644348; bh=SmV33aTbZLMaSc7e6x6/a0yD1Yxj cfyZWd4pX2uyxNI=; b=MfoCeDlA0AzErgpeRbND50svu3p1X6qY5uB1ykZoN2Lp 4jNTzojKDLLTEUu/DLSBWJuuK3KLP7cuUywLuZOEzd6ttE+iklRiabpAm0Tc+Ddr qU4lQdua9KF9BtePgXlviNc+EFvuWmCiMlhmnzbhioQXznJdJppc7OkhTe6JedmN NCG6lavcPLHcSWniFut3ZUa1PfFzfSLr3TMvcDh1FaAxBrqVRU0wlD4fEfcXmLtN aCicyEH5Q50Vry9j/HBKoA0XdizN/OZchTX2JnQk/NSQCkJeX4xi3Cg+Ttz73OW2 +8sKOWQws3ibpwiIHH4VF4OAF9AxOIeDTFRNtK6Uiw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeehvddguddtlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeduieelfeeutedvleehueetffej geejgeffkeelveeuleeukeejjeduffetjeekteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 30 Sep 2022 13:12:27 -0400 (EDT) Date: Fri, 30 Sep 2022 13:11:59 -0400 From: Demi Marie Obenour To: Ard Biesheuvel , Jan Beulich Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Juergen Gross , Stefano Stabellini , Oleksandr Tyshchenko , Kees Cook , Anton Vorontsov , Colin Cross , Tony Luck , Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= Subject: Re: [PATCH v4 1/2] Avoid using EFI tables Xen may have clobbered Message-ID: References: <282a225d-8782-0321-6f0e-19dd4510dc42@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+TWbr9kogh5/wchI" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --+TWbr9kogh5/wchI Content-Type: text/plain; protected-headers=v1; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Fri, 30 Sep 2022 13:11:59 -0400 From: Demi Marie Obenour To: Ard Biesheuvel , Jan Beulich Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Juergen Gross , Stefano Stabellini , Oleksandr Tyshchenko , Kees Cook , Anton Vorontsov , Colin Cross , Tony Luck , Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= Subject: Re: [PATCH v4 1/2] Avoid using EFI tables Xen may have clobbered On Fri, Sep 30, 2022 at 06:30:57PM +0200, Ard Biesheuvel wrote: > On Fri, 30 Sept 2022 at 08:44, Jan Beulich wrote: > > > > On 30.09.2022 01:02, Demi Marie Obenour wrote: > > > Memory of type EFI_CONVENTIONAL_MEMORY, EFI_LOADER_CODE, EFI_LOADER_D= ATA, > > > EFI_BOOT_SERVICES_CODE, and EFI_BOOT_SERVICES_DATA may be clobbered by > > > Xen before Linux gets to start using it. Therefore, Linux under Xen > > > must not use EFI tables from such memory. Most of the remaining EFI > > > memory types are not suitable for EFI tables, leaving only > > > EFI_ACPI_RECLAIM_MEMORY, EFI_RUNTIME_SERVICES_DATA, and > > > EFI_RUNTIME_SERVICES_CODE. When running under Xen, Linux should only > > > use tables that are located in one of these types of memory. > > > > > > This patch ensures this, and also adds a function > > > (xen_config_table_memory_region_max()) that will be used later to > > > replace the usage of the EFI memory map in esrt.c when running under > > > Xen. This function can also be used in mokvar-table.c and efi-bgrt.c, > > > but I have not implemented this. > > > > > > Signed-off-by: Demi Marie Obenour > > > > In Xen we don't clobber EfiBootServices{Code,Data} when xen.efi was pas= sed > > "-mapbs". Should we perhaps extend the interface such that Dom0 can then > > also use tables located in such regions, perhaps by faking > > EFI_MEMORY_RUNTIME in the attributes returned by XEN_FW_EFI_MEM_INFO? > > >=20 > I know this ship has sailed for x86, but for the sake of other > architectures, I'd strongly recommend leaving the EFI_MEMORY_RUNTIME > bits alone, for the same reasons I gave earlier. (Runtime mappings for > the firmware code itself, page table fragmentation etc etc) Why do you say that it has sailed for x86? > I know very little about Xen, but based on the context you provided in > this thread, I'd say that the best approach from the Xen side is to > convert all EfiBootServicesData regions that have configuration tables > pointing into them into EfiAcpiReclaimMemory. Should Xen convert the entire region, or should it try to reserve only the memory it needs? The latter would require it to parse the configuration tables. Is there a list of configuration tables that can legitimately be in EfiBootServicesData regions? > I take it XEN_FW_EFI_MEM_INFO is an existing interface? If so, you > might do the same for the returned type - EfiBootServicesData -> > EfiAcpiReclaimMemory, and not muck about with the EFI_MEMORY_RUNTIME > attribute. It is indeed an existing interface, and this is a much better idea than what you proposed. --=20 Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab --+TWbr9kogh5/wchI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmM3I3kACgkQsoi1X/+c IsHimRAAopJdHd1YzyxGmCQs/5C27GsZ6O2Z2oo4shynl65qxosa4wjyQ+hf0uBh 9UUbiWVqVuQHlw2SNR4RklZ9a4lVENb85rfkvFkGkb5JrGVU7PgCpYsNZJ0ZSDiW SW4w4QR87BwF23Bk6GEiCL+dWTq1wH4iq89tX/S1LhvjaAh88tMf6Xm2lKuS2nek EjfjWnWDtHLoj7K7M09b5m/8ofqofqiLvqCup6JRvambXHezEEgisxE3FeX3jmOA Iw8e656o0sia+GK1mMfa1vf7+lHt+bmULbM9Qtjh4OzAim7NIycRj+8mNfnXmhWW 2hozW1E5ALre+lmdDuV9cRStlRmaXVv7YXNav+ia36xMDcxsTQP6V1scmdbkKk29 GxGq8fIU9ySZXmtrygIAF+RU4V4BLe72sqee/K+FcnHcUqJ6WaHW1TYP57eDNfoL XThEJy7ZSwhVn7KxtQhr16aqysit7XeVr1OjRooP8ju5DouAumAdpEqZTUO8ruLH dg2AN5DlD3WB8g5x5jFc/UHRvF5cEbNawEfEO6wkPVFozynIDXdvWQDQ/+0t5LnB TbrEnfoeuiGn5PMB0paCrQKdr4mOxyZHe/EigAEhnMkWo4QyseG6yBme+Ee6N7sv 3A3g8YohKWHsRxRPHc7cdgVjAgc5Wsb1SlNNdgYwBVxW2udbzJ8= =ag4U -----END PGP SIGNATURE----- --+TWbr9kogh5/wchI--