Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp1008065rwb; Sat, 5 Aug 2023 05:44:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAN/wTe90OK/o2ZQgBX7kJBfyQBBOvbRyYpExrqURPgAhXK3zrragcC/ysyPL0L5ZSMdQ4 X-Received: by 2002:a05:6512:472:b0:4fd:fadc:f1e with SMTP id x18-20020a056512047200b004fdfadc0f1emr2941441lfd.44.1691239455576; Sat, 05 Aug 2023 05:44:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691239455; cv=none; d=google.com; s=arc-20160816; b=oWPIJrfWq3kmt2p9dk0xOUpA6DOJiiNIbpSqOEI3Q7ZhRKPtKnw6X3ujgGAlHofQnM 0hLwpcpDdM+QBfi8y/ckOTcVXisi11J6kliK2FHipV56/wQvpt9RUDHwe0kJHU0dfleT 0fQzqBHly2AK1e43WB6H5sXV19qRHRgKsUZi3LdwMjQpLCq1NYB0WuSbOeceBwe5g9MB g23CA95EabL7xtdMLClRYc6lVNdAmO56QSwhS9Rc13Em9cWv+hWdpc36JxFsinY9rdKo YuIVAbV7EINbmOIYzjDu+QnBzqSRXDU0EUXJI/OGuM1JytLaZu5wp/Kd2UNpiZGMn53j 1Vsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=AX17IsjWs1wvCdpan7Z6cB5tCZ+nkFjypGCrx0zZWWk=; fh=sKw4MO/V/VC0AjatM6MxZD8E/1e+opuk1rsPgOqyxiM=; b=o4OKgeGV/TV70Riohln5sOaDUKxUBk17DrsGA3zmfzWL5LJy4Kf2PmP0EeYJ1gMmlY +gVkidfulhG0hfgzKVIHDlUYBUpEQ5KjT7qGtJM/I2vkh3MiYxbjYuXFXygRF0fx/Hee XomMU6L0Rhmoh/lunIzzaOG1ds1BbHwdMw+XnmcFMeFp6WS9Un81SGd2Qbf4PxcHZD1v aLC5jWf1fz+lAaj66RVjUepbbt4gp9Lziec/qXxO14unddOlCqT1BhqAA7lV9+pQ7Gh/ CVrBB2Yxhb/T0bdeKsyM9Zup20v64NkeRX3p8XjPm/uFRNGh+o06yEKBlFM80U7iMF8K djMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=DjmfrOdC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x13-20020aa7dacd000000b0052317adcb31si3074330eds.393.2023.08.05.05.43.50; Sat, 05 Aug 2023 05:44:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=DjmfrOdC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229739AbjHEJSM (ORCPT + 99 others); Sat, 5 Aug 2023 05:18:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbjHEJSK (ORCPT ); Sat, 5 Aug 2023 05:18:10 -0400 Received: from mail.alien8.de (mail.alien8.de [IPv6:2a01:4f9:3051:3f93::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FA0EE70 for ; Sat, 5 Aug 2023 02:18:03 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id F35A640E01E6; Sat, 5 Aug 2023 09:18:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id F44GW5dpf85V; Sat, 5 Aug 2023 09:17:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691227078; bh=AX17IsjWs1wvCdpan7Z6cB5tCZ+nkFjypGCrx0zZWWk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DjmfrOdCMiReVXUtSgbKkcELpVKnElf2p6URQNv3oZgYrXnXsreH38hdp6EqaDTuh dznglyyAoRGNBNd6Ic5wXuH6PaXe+4hgcFzXx0QWlds5Q7hh6aR6qG5sOVoL8w0JOw B84gmm9uAryZ201SFIZalXgiTm843BQeb+5+KpOrP+wJYHLDpgnTFxv/V/WGb6mUIw LC1EjJflSN4s1YMpeKJJB0L8QqnjzApeRtlbWqeEaQHmWbQn+QpivU0b7namA+qV0z AkEpVjpYCrmRaxdTcHGzRsYI0A5Olyg34O5CXIi/K2++CMcGGT3KAyguNbFzOIXLV3 /Y3EP0KOy/NSKsdvKsDjT4HWUMY1ccz7gWcur0E79SgzbF+Qban4Vi8Gng1DsIFz+G A/parmDJwv3zjjb2N1FlOdYPjDEIII9aB8XqGREPgN1xnN0QCNsJJ91jz5J1sqe4R5 pPzY6ZCd4AZ/w7r2C2x9HzKQzB5H/V0fwk9MGKo/tfmGzznFGuZI8j1J2Aw2AMG0+6 wQLOdT0hZq/g3akwzT546qPo49Jos4m15YnUnzItQfiFQbTZZvAepyXUfc8n/PzAz1 mIKUN4NTCHp73dr5//xQx3jgemf1op8+zPEoXlvBnK51PaNmeQA4P4sy7r4ftkpqIw 0D/sB6U9LxC4s5JFZlW1S/m0= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id A5BD740E019D; Sat, 5 Aug 2023 09:17:43 +0000 (UTC) Date: Sat, 5 Aug 2023 11:17:38 +0200 From: Borislav Petkov To: Ard Biesheuvel Cc: =?utf-8?B?SsO2cmcgUsO2ZGVs?= , Tom Lendacky , Tao Liu , Michael Roth , tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, linux-kernel@vger.kernel.org, bhe@redhat.com, dyoung@redhat.com, kexec@lists.infradead.org, linux-efi@vger.kernel.org Subject: Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel Message-ID: <20230805091738.GAZM4TslVWR3HHKeUC@fat_crate.local> References: <20230717141409.GGZLVMsU6d/9mpJvMO@fat_crate.local> <20230728165535.GDZMPzB/ek5QM+xJqA@fat_crate.local> <20230802093927.GAZMokT57anC5jBISK@fat_crate.local> <99cb3813-1737-9d10-1f24-77565e460c55@amd.com> <20230802135856.GBZMphIHHLa3dXRRVe@fat_crate.local> <20230802155146.GCZMp7ksDdN2ETVzKV@fat_crate.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 03, 2023 at 01:11:54PM +0200, Ard Biesheuvel wrote: > Sadly, not only 'old' grubs - GRUB mainline only recently added > support for booting Linux/x86 via the EFI stub (because I wrote the > code for them), haha. > but it will still fall back to the previous mode for kernels that are > built without EFI stub support, or which are older than ~v5.8 (because > their EFI stub does not implement the generic EFI initrd loading > mechanism) The thing is, those SNP kernels pretty much use the EFI boot mechanism. I mean, don't take my word for it as I run SNP guests only from time to time but that's what everyone uses AFAIK. > Yeah. what seems to be saving our ass here is that startup_32 maps the > first 1G of physical address space 4 times, and x86_64 EFI usually > puts firmware tables below 4G. This means the cc blob check doesn't > fault, but it may dereference bogus memory traversing the config table > array looking for the cc blob GUID. However, the system table field > holding the size of the array may also appear as bogus so this may > still break in weird ways. Oh fun. > I don't think we can kill it yet, but it would be nice if we could > avoid the need to support SNP boot when entering that way. That's what I meant - not boot SNP guests through the 32-bit entry path. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette