Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp36562177rwd; Tue, 11 Jul 2023 02:40:54 -0700 (PDT) X-Google-Smtp-Source: APBJJlFHt7HTkXpWXHCWCyr96hNiPGWjCw4OiBBRUxbzVDvkXugPa6ItWOgCKe5Pb73PQAhqElI/ X-Received: by 2002:a17:90a:6f43:b0:262:fe45:860b with SMTP id d61-20020a17090a6f4300b00262fe45860bmr15736590pjk.0.1689068454044; Tue, 11 Jul 2023 02:40:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689068454; cv=none; d=google.com; s=arc-20160816; b=hj79gU+zXtsMSZBDF2oZR8MK4kZD8g/KLwfEkoExtt0tI7+NE1DbS+CKj+g94DKbFW N9+JobezwOXAbqoUXgmJbcrltUFN6iFlfhdWUl6JquRMAG1MxIZpIChXuaV9dBN2yrV0 vpEfObVP5rYhbMNsa/DYHDDqMVoDpZvBiOfw0/kEskWtCtBxo1uqMrmL+dXnpKamxtw9 zTWtuCU/y6eOkxZNMSU8AcdBvoeyDZV7v5+l5+FSz5Wrxp2bgdQY2Ul9sH4SbKa0yJza N+N24gqCqR6B91lrTP1EW8iJr1otmqFIB1c8QJy5lo2IepaNDv+JYccYYloU0w7IPDUd 3Dng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XcWv5QZ+k+8rvq1NwtmuQjdOW2IW5kFmWRDyqyOM0gg=; fh=UoPnrMfWVKGOqsML3Cwqzr4dYAyNRBpPmY/ITnBmPi0=; b=pdIasLLwKo2m65WtvzWewlJSyjL4DQizUIxrs74C6UhxgS39d0qNDHSy18Pj+UOGv+ kGdNu0BCbsM4cRxhGWwiWW9TXFXZiRFM7LDObmRSZohQOXxZIBAULWH36b5Nb2jkMdhA jvEuOWCYZXVVGUygblo2gza+gMU4PD8BYNSmygCHE2dSAvoQ5fvrmLDPW6zVHo1kUJp5 dFtuU59HO7RNSmk2lq8iOpY8KMeVS8N4mjU2ZP3Luvgq6Gdw983Qub7TtEqC3flr5KoX r0/iljgA3ZReayS1nJ8Nb9Bt9WrxAwJk+iKwC2cNjahypkAiLX6qdSssnNZFm7orD0Ne H95w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="d0J/00mC"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nm4-20020a17090b19c400b00263f59430fasi1295933pjb.95.2023.07.11.02.40.42; Tue, 11 Jul 2023 02:40:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="d0J/00mC"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230252AbjGKJRo (ORCPT + 99 others); Tue, 11 Jul 2023 05:17:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231894AbjGKJQy (ORCPT ); Tue, 11 Jul 2023 05:16:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90691172A; Tue, 11 Jul 2023 02:16:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2E3A461418; Tue, 11 Jul 2023 09:16:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4DF1C433C8; Tue, 11 Jul 2023 09:16:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689066967; bh=2+7iwEobaM7sVn9y3ZDpX6mWLwOi48XQ2V4eIw6Xv00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d0J/00mCcjvbZG+taK8RXvHYuERieBbbb0UNeiPm2qEfAsDSwy771CmE1eznnomqp 41UNFLLd4Jq/Q4SNMN53etlP3pc0qjfZj6mteIOEMsM7XT9k4MymVc5WZRNbhG1OWo Dw56rXb5tDyVd+/1m9GANVlWm/wpKcIIff5ONYUKP0Ui8J5uW3X9BiLPNUpNAEI274 JPn+LEjLroVY28lJXGB9uRJ6sinfFtWp8aGUvxo3VeFeOHXhqKLbRrxY/fIsKEE0mC IVQaHj5dggNSh6qVbObeAu0am4xpwwBAVhe8B0VKkOyTJ3zrh0ivnUMw8GPeHN3KW8 eGn23bnuPQafg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v6 15/21] x86/efistub: Prefer EFI memory attributes protocol over DXE services Date: Tue, 11 Jul 2023 11:14:47 +0200 Message-Id: <20230711091453.2543622-16-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230711091453.2543622-1-ardb@kernel.org> References: <20230711091453.2543622-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3324; i=ardb@kernel.org; h=from:subject; bh=2+7iwEobaM7sVn9y3ZDpX6mWLwOi48XQ2V4eIw6Xv00=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIWWtbNsH5ZKIjAddD8+bpB2an64gddDi9KK2EENF1SM+N i5FxVkdpSwMYhwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCIbGBn+6SiI7tleLC84MV42 bq/DxAPKjFPnfdfX36TW9P7gdL6gYoY/3JdWvd43K23jt/QvC/KDPlz/IlT5JmOzLHOc7ek112o bOAE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, the EFI stub relies on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 961ae3bd87058a45..efb4f5eda6784026 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t; union sev_memory_acceptance_protocol { @@ -233,12 +234,18 @@ void efi_adjust_memory_range_protection(unsigned long start, unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -801,6 +808,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -812,13 +820,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n"); -- 2.39.2