Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp4079151rwb; Fri, 30 Sep 2022 12:30:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5cXytalMmp46HZyHw7UsGUFEwRYvRL0Skn4YSv57STPCY2gK0WHJiEEkh9fVL4W8VOgkrs X-Received: by 2002:a17:90b:1b4c:b0:202:c1a3:25ce with SMTP id nv12-20020a17090b1b4c00b00202c1a325cemr24573844pjb.232.1664566214228; Fri, 30 Sep 2022 12:30:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664566214; cv=none; d=google.com; s=arc-20160816; b=Cm0QqtB0BXzklYtPHdi85syyTxsUYZ3ockwGxF6ZLDmBu+gibjZazakCDvtsbOFfD6 +ROlgxIna/wWYxVlWf9F/OpTwcym/D8RVwN2Q/7IhzTZHwXX31E6Hr4I8RVTc38Tg2gS MKp6yvuN2tjxP9bPOa9H06RNF2kT4AjqqnHOmajdG/iaSjcxmzApBvKYJDiVY4qb2poB q5R4kE9UhJoKq6kiOxGUzCT2UF+r/pERVipOH2e1//1KZtSn6D3ipius/lqx7cIrEIP8 7Y0O1daZ0RSbOtExCGFHfxzAGdTj7fVXVG95ZKPSJTlwa6o74Sd6UfAyZk0kgYvk2ktM b71Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vI9hu9O4c9CZKTHRf1KJk0fVFdFM8J2KFOE0WGNk5vs=; b=iuaEP4G8gujtQ+CngB+wGhSO5fuCnuzO7K9umGElm3wIKY3o5AAPPvdGIgLWiK8he5 GWfvLHl2KzICOVhthuQHD+kVBwo/9pF3onek2T84/5B9hoLM4bA14jp2H2supl/GC5tr oYL4NRDuw6ovabZBeWjC9hLzZbS0Bwn11JGja/HV7P4iS3g4UNeFpYTPN7K91l0Hn59C kd3E2RVMVlIPO3R+phn5CoVzs/Uk1GNKVzUAoVMdNW67PNtADejGOrhThMwMwPc0JGlz VeMfYV/yBMrherUWCPts7Q+Cko2AYmwKA7r/dPFg56MMsN7q3PHzo/ysivjol6IhZ5kj 1z3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yu+WvHfH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i4-20020aa78d84000000b00547d55a4d3bsi2915081pfr.285.2022.09.30.12.30.02; Fri, 30 Sep 2022 12:30:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yu+WvHfH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232051AbiI3TMc (ORCPT + 99 others); Fri, 30 Sep 2022 15:12:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232257AbiI3TMJ (ORCPT ); Fri, 30 Sep 2022 15:12:09 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 691A01DBED9; Fri, 30 Sep 2022 12:11:40 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 76CECB829D6; Fri, 30 Sep 2022 19:11:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1FC05C433D6; Fri, 30 Sep 2022 19:11:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1664565093; bh=DpuzkSTpdIljztqf44fhe5W4QnPtXnDJDl0MM448ZSA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Yu+WvHfHfGIDERp3rGJw/Xo+T7KR5JXnWliHX2BfVnsPYHNj9dYu9HWaA8emZRFzp WP2RZn3PxpJhCTr/rEvWhDjqSXHIsIszDxu/yDsxYzD+0N1IHgI4eIZ9MvkFBQHPmw DEda+6g0QFLgSxla7ZBIuEgqIHZ3G5tVBO/ydJ9ZzXhMZKMNnkLAoi9NAYAItVLmZH 1Yr/20aKScBzpbJjOs1KLfcHUcozKb5yCP0ZOwUPI7fEBY6fA26DkQ6lEoAdZ+Kr8k BkyW4HJA1QtT6HOZXiOXBK8dcomZS9euTg8oRwOdsPMIEd+ryFFcAcebZBOPkeHLKJ vR4dng0BTd5yg== Received: by mail-lf1-f53.google.com with SMTP id bu25so8271866lfb.3; Fri, 30 Sep 2022 12:11:33 -0700 (PDT) X-Gm-Message-State: ACrzQf2fsSeWki75Kf4n7oa2ancpxVYuZVeUvrogfuqzIKvrbJrA4Oju NJZxDNsJ6MpjUXxabqg7g3iYo8C7bAycJqXHWds= X-Received: by 2002:a05:6512:c0f:b0:49b:1e8c:59fd with SMTP id z15-20020a0565120c0f00b0049b1e8c59fdmr3582078lfu.426.1664565091147; Fri, 30 Sep 2022 12:11:31 -0700 (PDT) MIME-Version: 1.0 References: <5649176eacda434267f68676f1733d06c572d19e.1664298147.git.demi@invisiblethingslab.com> In-Reply-To: From: Ard Biesheuvel Date: Fri, 30 Sep 2022 21:11:19 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 2/2] Support ESRT in Xen dom0 To: Demi Marie Obenour , Peter Jones Cc: Juergen Gross , Stefano Stabellini , Oleksandr Tyshchenko , Kees Cook , Anton Vorontsov , Colin Cross , Tony Luck , =?UTF-8?Q?Marek_Marczykowski=2DG=C3=B3recki?= , xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 30 Sept 2022 at 20:21, Demi Marie Obenour wrote: > > On Fri, Sep 30, 2022 at 06:36:11PM +0200, Ard Biesheuvel wrote: > > On Fri, 30 Sept 2022 at 01:02, Demi Marie Obenour > > wrote: > > > > > > fwupd requires access to the EFI System Resource Table (ESRT) to > > > discover which firmware can be updated by the OS. Currently, Linux does > > > not expose the ESRT when running as a Xen dom0. Therefore, it is not > > > possible to use fwupd in a Xen dom0, which is a serious problem for e.g. > > > Qubes OS. > > > > > > Before Xen 4.17, this was not fixable due to hypervisor limitations. > > > The UEFI specification requires the ESRT to be in EfiBootServicesData > > > memory, which Xen will use for whatever purposes it likes. Therefore, > > > Linux cannot safely access the ESRT, as Xen may have overwritten it. > > > > > > Starting with Xen 4.17, Xen checks if the ESRT is in EfiBootServicesData > > > or EfiRuntimeServicesData memory. If the ESRT is in EfiBootServicesData > > > memory, Xen replaces the ESRT with a copy in memory that it has > > > reserved. Such memory is currently of type EFI_RUNTIME_SERVICES_DATA, > > > but in the future it will be of type EFI_ACPI_RECLAIM_MEMORY. This > > > ensures that the ESRT can safely be accessed by the OS. > > > > > > When running as a Xen dom0, use the new > > > xen_config_table_memory_region_max() function to determine if Xen has > > > reserved the ESRT and, if so, find the end of the memory region > > > containing it. This allows programs such as fwupd which require the > > > ESRT to run under Xen, and so makes fwupd support in Qubes OS possible. > > > > > > Signed-off-by: Demi Marie Obenour > > > > Why do we need this patch? I'd expect esrt_table_exists() to return > > false when patch 1/2 is applied. > > efi_enabled(EFI_MEMMAP) is false under Xen, so there needs to be an > alternative way to get the end of the memory region containing the ESRT. > That is what this patch provides. OK. I don't think we need that to be honest. When running under Xen, we should be able to assume that the ESRT does not span multiple memory regions arbitrarily, so we can just omit this check if !efi_enabled(EFI_MEMMAP) IIRC (and Peter would know), we are trying to filter out descriptors that are completely bogus here: zero lenght, zero address, etc etc. I don't think we need that for Xen.