Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp958099rwb; Fri, 28 Jul 2023 02:28:39 -0700 (PDT) X-Google-Smtp-Source: APBJJlFoPlZvw2V+ALQkIK646tYap6i/zZgAGTiurm+XJlzuvhpzYhK5IeVLN36kjbCtwNGrGK3z X-Received: by 2002:aa7:c9d5:0:b0:521:8d64:df1c with SMTP id i21-20020aa7c9d5000000b005218d64df1cmr1586157edt.0.1690536519225; Fri, 28 Jul 2023 02:28:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690536519; cv=none; d=google.com; s=arc-20160816; b=hMJWN2jZdLWfBBqzfCWvsfnbFPfAUwihe+olByGR8dVcmOAHpPNDIp7Chh3yUbJpcz jTlrr9bZMblfT7d3TT2HDOf8NF9J0f5zNcM2NgwIkFhXpryzVEBalu/6fERSVGdXZAmf 57Er+AtNXwboodoBFx6I736YZLWPNGCAV8DtNf2uLUubo4Zf/OZ1xOK4vm9xYYuHwy8B wCJoRFewpC1jTiG55SdBa0PDrQtYN6gauRy40XPLV9T7lAa6y4rKGi/oVEuZ81mKSJDk Ui4TtlniYuPbDVGB826TqPN4AAs5fvZ05QX4oYsn8Thr100kaC+kKgWAvZS8eM5iQU16 7wYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IQL49+wkBQCrsk56hKhP7yDvFPKBFHJ/K6FeWsnjjXc=; fh=UoPnrMfWVKGOqsML3Cwqzr4dYAyNRBpPmY/ITnBmPi0=; b=Wqqxucd6MV6UI+GfGQf+221HClcGaj3CTepY8Ozt6p09Zhpm4xoLe0e+lX40OkkHmI BC1OPWTRadhKqqgoLH52ttJt5vf4Q6fchFziyOjyKRZFIQshMv8itGxk/tVeLgLha1Bn y2KG+mnWfKXzJ3TYa+vTTo/3xQ4wxCMQpAjZeozYqrYZeqAuL6pHQoDTeibSMscnvu/H IeWo+3OqnG+7QIR/tCTkABcVaH8Dk6tBiHGQwgeNPpjUKGd4v69d465LSDN0Z8QW646t nuZYwSZNmIpi1KG2sLdxDFHuW4+EVIX4iajMbMKAT9V+a9NBXbKt1ENCdq0bTxpOGIF7 YHhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vQVjI79t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f18-20020a056402069200b005222d141b53si2209275edy.29.2023.07.28.02.28.14; Fri, 28 Jul 2023 02:28:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vQVjI79t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235467AbjG1JQI (ORCPT + 99 others); Fri, 28 Jul 2023 05:16:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235475AbjG1JO5 (ORCPT ); Fri, 28 Jul 2023 05:14:57 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7283D5262; Fri, 28 Jul 2023 02:12:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7A22362065; Fri, 28 Jul 2023 09:12:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28DB0C433CB; Fri, 28 Jul 2023 09:12:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690535526; bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vQVjI79tuKRLdbWfaLk+8qjWILCCFQjNEM+QhknjnFd2Nu8tgwcmZR1Ra1caJqahV /HpChs5IlG7ggAx+3Kh+boEjPtK0GyodZ+nEK/6hNPaHCwUdm7+DczqPmE9FQw/Ki8 EbVojvjoqDPVPxjuwaspgOlRLbrNGldLIly/OJaV6/l3L7rJU+s+t5zXRmMzjV472C RR+YNBi+ERJP0L2yQXXeu1TaLRVikdyjF8vFSC9IgOhBQzRpfMRTmpyswbvVFlwQlL 8WUkWZmTxSMqN3EFlNKcORAyU/4D1Gim0mG7X7RV0c0epwXGTEowc3dODu6Qn1FJ93 7uVwWL6laRAhg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Subject: [PATCH v7 20/22] efi/libstub: Add limit argument to efi_random_alloc() Date: Fri, 28 Jul 2023 11:09:14 +0200 Message-Id: <20230728090916.1538550-21-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230728090916.1538550-1-ardb@kernel.org> References: <20230728090916.1538550-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3943; i=ardb@kernel.org; h=from:subject; bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeVw684lyrV3QnWsznK9Pn7/xDe36p+TGW8zqwoK8YltK 951Xtqoo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwkbyHD//qDjZ4tf6qrJq89 mnlc6f3tzaIycXflmFdJPj29qmgzUzwjww+u4M8VV/7+cHkuszNH3enYdWXjba1Ty+Oi99Vlx5/ R5wQA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org x86 will need to limit the kernel memory allocation to the lowest 512 MiB of memory, to match the behavior of the existing bare metal KASLR physical randomization logic. So in preparation for that, add a limit parameter to efi_random_alloc() and wire it up. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++---- drivers/firmware/efi/libstub/zboot.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 770b8ecb73984c61..8c40fc89f5f99209 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -106,7 +106,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, */ status = efi_random_alloc(*reserve_size, min_kimg_align, reserve_addr, phys_seed, - EFI_LOADER_CODE); + EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) efi_warn("efi_random_alloc() failed: 0x%lx\n", status); } else { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 06b7abc92ced9e18..9823f6fb3e01f718 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -956,7 +956,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out); efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type); + int memory_type, unsigned long alloc_limit); efi_status_t efi_random_get_seed(void); diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c index 32c7a54923b4c127..674a064b8f7adc68 100644 --- a/drivers/firmware/efi/libstub/randomalloc.c +++ b/drivers/firmware/efi/libstub/randomalloc.c @@ -16,7 +16,8 @@ */ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, unsigned long size, - unsigned long align_shift) + unsigned long align_shift, + u64 alloc_limit) { unsigned long align = 1UL << align_shift; u64 first_slot, last_slot, region_end; @@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md, return 0; region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1, - (u64)EFI_ALLOC_LIMIT); + alloc_limit); if (region_end < size) return 0; @@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size, unsigned long align, unsigned long *addr, unsigned long random_seed, - int memory_type) + int memory_type, + unsigned long alloc_limit) { unsigned long total_slots = 0, target_slot; unsigned long total_mirrored_slots = 0; @@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size, efi_memory_desc_t *md = (void *)map->map + map_offset; unsigned long slots; - slots = get_entry_num_slots(md, size, ilog2(align)); + slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit); MD_NUM_SLOTS(md) = slots; total_slots += slots; if (md->attribute & EFI_MEMORY_MORE_RELIABLE) diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c index e5d7fa1f1d8fd160..bdb17eac0cb401be 100644 --- a/drivers/firmware/efi/libstub/zboot.c +++ b/drivers/firmware/efi/libstub/zboot.c @@ -119,7 +119,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab) } status = efi_random_alloc(alloc_size, min_kimg_align, &image_base, - seed, EFI_LOADER_CODE); + seed, EFI_LOADER_CODE, EFI_ALLOC_LIMIT); if (status != EFI_SUCCESS) { efi_err("Failed to allocate memory\n"); goto free_cmdline; -- 2.39.2