Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp3960497rwr;
        Mon, 8 May 2023 00:10:36 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ5iKLEYf5AAN954KGSu1pe3HAiUDq9xqGfNEYYxPR7e7IUn5ygxQ+IZXT6UwlmwSJToMcue
X-Received: by 2002:a05:6a20:3d27:b0:100:99a:7f71 with SMTP id y39-20020a056a203d2700b00100099a7f71mr5670589pzi.2.1683529835947;
        Mon, 08 May 2023 00:10:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683529835; cv=none;
        d=google.com; s=arc-20160816;
        b=Bw2CASzXZxSxobMBAjHsFuVBWHxYZSAIoh2C/YYWjjI0Uh5UEY2SKcCJbtZOmlk2KD
         mY1lL5rDVTjLY27aeaIC30OSqkSNCOlsWFtvP8VZrq2+HeqoWNsd7mlnwFe4/d3EY29R
         d+xo6nrzplg2w2cPvWA9PNG1ZnUW8SZI5/un8Jb004ZqSiCvlwQ34i0Z4747LWva7LPX
         ye4wrv6+x3YllOI88DiaapQ0qjAWzuD32G0e8C662FrWQlHpYBJ0jNZcxx5ieTqiabgp
         8GhirGZm48prOZMzsOEgqm+pqL7WJ8Gl87ZZlUi4DRZWn4YCoLF9pgeyNIZwQUIWTau2
         Fy1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=/A/BtuNQWAa+ViiFo7NpQbTkZDcm+jCTUM7zON3DLno=;
        b=jCbZaoJSASsMpRA0nUdie3UscCZbjavN29HNn4AANT2+cDqpYdoB4zOpHOdNL2dsuz
         4TUjpJKSo3fzAJQTarwzTVrXzatooldpXotCyh1eWMSC8pPse2wJwBSDDzItzJDTvxIn
         VEIGqgEwaNDPKMuNNWo1NIMS/YERUBV70hjJxPVNUAtxAwnuKmuws87IBpkVYF9hNI/R
         4eX1Wx0skLnWaceIb50HBs49tWVVOvXhbycRrYCx1zRchYsK8rNjHghgHz1Sq1ajxGbA
         4GPoqN3T1ds4KuOcmBIQFxsWZYGGPnlrg5UUBL7Q6cxqMfTErgLuVm/CHJxQqqfuLBbJ
         JjKg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGG8NyGj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q63-20020a632a42000000b00519a8f54d2bsi7917733pgq.667.2023.05.08.00.10.23;
        Mon, 08 May 2023 00:10:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGG8NyGj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233146AbjEHHF3 (ORCPT <rfc822;vegard.nossum@gmail.com>
        + 99 others); Mon, 8 May 2023 03:05:29 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45844 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233267AbjEHHFA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 May 2023 03:05:00 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B7751E987;
        Mon,  8 May 2023 00:04:23 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 070AF61F88;
        Mon,  8 May 2023 07:04:23 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A7EC3C433EF;
        Mon,  8 May 2023 07:04:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1683529462;
        bh=gkBM0ParWTIOIX3agXXl7pVKn11FNRtW92FgScbL5xQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=OGG8NyGj5znQYhIMlMU/p9vUWyXyS9VMx4MiWr+opEEKHHjRiVI8o6LrXVPAVnAVX
         FoSgFssVRcFDFVLwuetKIcASm36Yx8RfkQTvFBz+ZKrVJ58IEssCcvPWpN0KQhHgOZ
         zK1t/b7Mz7G2SsTOcu9uVdhK6j8YUmYOlbzWDFmd0BiExgvhda7Zz34GCKCvSLy6cf
         FaiIaAjx2V2P20jMc96TfCv6zXg/Xe3wzFD0kuvxV5mt5sKGwyzG5BYmQTLxXTsZXP
         1xtjUXoY/a6qSS8d3ilUafDmrs900lCvWrPCcUx1V+3Owl3h61WDHksKihb4z063n1
         xamyCEzuiJuaQ==
From:   Ard Biesheuvel <ardb@kernel.org>
To:     linux-efi@vger.kernel.org
Cc:     linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Alexey Khoroshilov <khoroshilov@ispras.ru>,
        Peter Jones <pjones@redhat.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Dave Young <dyoung@redhat.com>,
        Mario Limonciello <mario.limonciello@amd.com>,
        Kees Cook <keescook@chromium.org>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH v2 10/20] x86: efistub: Prefer EFI memory attributes protocol over DXE services
Date:   Mon,  8 May 2023 09:03:20 +0200
Message-Id: <20230508070330.582131-11-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230508070330.582131-1-ardb@kernel.org>
References: <20230508070330.582131-1-ardb@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3304; i=ardb@kernel.org; h=from:subject; bh=gkBM0ParWTIOIX3agXXl7pVKn11FNRtW92FgScbL5xQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JISVi3tYnz/gWzCoT49m797dZf8HuwijftT/58neYvHk2Z 9rNib47O0pZGMQ4GGTFFFkEZv99t/P0RKla51myMHNYmUCGMHBxCsBEzsxj+O/B+n2jWqTIzXYD keDz8btUplgYh8ffeOZzZu2zG66Z6yUZGf5uydbpeS4jPeGtbHlvp5uz/0njj1rfgpvZFiw9fED Ghg8A
X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Currently, we rely on DXE services in some cases to clear non-execute
restrictions from page allocations that need to be executable. This is
dodgy, because DXE services are not specified by UEFI but by PI, and
they are not intended for consumption by OS loaders. However, no
alternative existed at the time.

Now, there is a new UEFI protocol that should be used instead, so if it
exists, prefer it over the DXE services calls.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index fb83a72ad905ad6e..ce8434fce0c37982 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -25,6 +25,7 @@ const efi_system_table_t *efi_system_table;
 const efi_dxe_services_table_t *efi_dxe_table;
 u32 image_offset __section(".data");
 static efi_loaded_image_t *image = NULL;
+static efi_memory_attribute_protocol_t *memattr;
 
 static efi_status_t
 preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom)
@@ -221,12 +222,18 @@ adjust_memory_range_protection(unsigned long start, unsigned long size)
 	unsigned long rounded_start, rounded_end;
 	unsigned long unprotect_start, unprotect_size;
 
-	if (efi_dxe_table == NULL)
-		return;
-
 	rounded_start = rounddown(start, EFI_PAGE_SIZE);
 	rounded_end = roundup(start + size, EFI_PAGE_SIZE);
 
+	if (memattr != NULL) {
+		efi_call_proto(memattr, clear_memory_attributes, rounded_start,
+			       rounded_end - rounded_start, EFI_MEMORY_XP);
+		return;
+	}
+
+	if (efi_dxe_table == NULL)
+		return;
+
 	/*
 	 * Don't modify memory region attributes, they are
 	 * already suitable, to lower the possibility to
@@ -838,6 +845,7 @@ asmlinkage unsigned long efi_main(efi_handle_t handle,
 				  efi_system_table_t *sys_table_arg,
 				  struct boot_params *boot_params)
 {
+	efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
 	unsigned long bzimage_addr = (unsigned long)startup_32;
 	unsigned long buffer_start, buffer_end;
 	struct setup_header *hdr = &boot_params->hdr;
@@ -849,13 +857,18 @@ asmlinkage unsigned long efi_main(efi_handle_t handle,
 	if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
 		efi_exit(handle, EFI_INVALID_PARAMETER);
 
-	efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
-	if (efi_dxe_table &&
-	    efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {
-		efi_warn("Ignoring DXE services table: invalid signature\n");
-		efi_dxe_table = NULL;
+	if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) {
+		efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
+		if (efi_dxe_table &&
+		    efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {
+			efi_warn("Ignoring DXE services table: invalid signature\n");
+			efi_dxe_table = NULL;
+		}
 	}
 
+	/* grab the memory attributes protocol if it exists */
+	efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr);
+
 	status = efi_setup_5level_paging();
 	if (status != EFI_SUCCESS) {
 		efi_err("efi_setup_5level_paging() failed!\n");
-- 
2.39.2