Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp1786322rwb; Sun, 6 Aug 2023 02:57:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGzllPJwBxbfqs2CDkD+YZmIO/DTOpsfjR6KP1LH/Z4lMR8GTnulE4RCgz4xgfNgUe56R8/ X-Received: by 2002:a17:906:3151:b0:99b:c2b2:e498 with SMTP id e17-20020a170906315100b0099bc2b2e498mr5580557eje.52.1691315835383; Sun, 06 Aug 2023 02:57:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691315835; cv=none; d=google.com; s=arc-20160816; b=04tD9PQ1x6b0m7tWAFv3zHtBup7JABJCTpd1QASf0hUGCpP1vXsV0hT0mgRYYmQtKi xvozyAmRZ979bxqu0CfCR44vyvAmtjdh6OdlwXAbHJLCK2xVsI7ebpIaP/zgsz3O/SdO x24tpwlsqC9kP/tVaJyqtYdrzSY8D6e0WUNYWqFowdfdSJNs0TE4j6xXToHKNUWZG5/g RFrwEZcQTvB1Ggl8rdM+jh0c8av6Ogq6LY9Nyj00XkWKFgJtudUok07BrIdBVCJ8ODOf SOPAgR2sxjreD8ySRZ3zx+VHgSVGMwWJFv882KA6MrPutC0IaqkH9G4G9p1/bzhpv3HZ J9jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+TXmEJX4FKponOLIv3qrpvbnUYicMBXZZmOrD0W1BWU=; fh=tJ1JJA0WUStUipD3JmdjHRXf4GtND3NO4X4LiUins+c=; b=jKy1cgjpfEOAjbEgltxt23mg3MZvWFF0dzaSZci4pPTk7lIPDkjSBKjsuFEl3Myrqd C6TF5XKQkLNWE3RW3NfgbZh6O7LpykIFCSBy94zZByi+ATVLivXHcAoZtKxgVcTseAHK 1I45Up8RVxAlgi1WOLRxnoU6/RkcJmo9EEr9nWgsjdSZESvQZfDucXVQ7RQJHrd2Z4LK MXQa1CyGKLgh+mzp7nBqcgP7DSKpvUfF2lvQ10dv7CeTEWbmWlPjLrKhqDUdoeQWJkcm dQt15pLi+qP9B0koWMijfB6NCK77FjRvZYyhbACLlvmaciDzdjUiTMcev1TAmmLhhT6G 7XoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aEmjxEZ5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a19-20020a170906191300b0099bd5b27329si4137769eje.523.2023.08.06.02.56.51; Sun, 06 Aug 2023 02:57:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aEmjxEZ5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229959AbjHFJAb (ORCPT + 99 others); Sun, 6 Aug 2023 05:00:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229436AbjHFJA2 (ORCPT ); Sun, 6 Aug 2023 05:00:28 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5F5919AB; Sun, 6 Aug 2023 02:00:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3B0FB60FF6; Sun, 6 Aug 2023 09:00:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9774DC43391; Sun, 6 Aug 2023 09:00:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691312425; bh=+TXmEJX4FKponOLIv3qrpvbnUYicMBXZZmOrD0W1BWU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=aEmjxEZ53tFzsU5Fsso656G5/XDgWWs3fQw+mWwEO/Cc7D6oluHf3jroD9t760Bi5 RuHYT70vFyvr4jDlZ02vzXJxDho/asCZZyqz4hKC0HAdqqRTuxsYSMVnAOh04RaP3h YMY0GznnchRKydt+jALutU/eveNWtBliJ9zxZyPyU55u1Y6aweDMm8N43TahhjKCMp UOUwer/Vm/g4a4WNSysQD93+alJP6RZ75DiLkSJMpGEPhpdIfeqW22ku/Xc2WpedcO q2qkaMTOg2gJQqr2VOBFkMeoPdofoNQW6lRTgAKJIl9P5JKCAVvO4oZy5M/AbZpfzd 00NU9b+Uk5Qsg== Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2b9b904bb04so56974341fa.1; Sun, 06 Aug 2023 02:00:25 -0700 (PDT) X-Gm-Message-State: AOJu0Yyc75aQL4+3cu22KZ7RNfaTRM4+rPMHn5mXFlPH4lB2IzJZYIti OaGQg/1LC35bCdHSpeBiBRnHmF2bGKTLTjXBYXk= X-Received: by 2002:a05:6512:1153:b0:4fb:780d:2a49 with SMTP id m19-20020a056512115300b004fb780d2a49mr4597409lfg.5.1691312423452; Sun, 06 Aug 2023 02:00:23 -0700 (PDT) MIME-Version: 1.0 References: <20230717141409.GGZLVMsU6d/9mpJvMO@fat_crate.local> <20230728165535.GDZMPzB/ek5QM+xJqA@fat_crate.local> <20230802093927.GAZMokT57anC5jBISK@fat_crate.local> <99cb3813-1737-9d10-1f24-77565e460c55@amd.com> <20230802135856.GBZMphIHHLa3dXRRVe@fat_crate.local> <20230802155146.GCZMp7ksDdN2ETVzKV@fat_crate.local> <20230805091738.GAZM4TslVWR3HHKeUC@fat_crate.local> In-Reply-To: <20230805091738.GAZM4TslVWR3HHKeUC@fat_crate.local> From: Ard Biesheuvel Date: Sun, 6 Aug 2023 11:00:11 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel To: Borislav Petkov Cc: =?UTF-8?B?SsO2cmcgUsO2ZGVs?= , Tom Lendacky , Tao Liu , Michael Roth , tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, linux-kernel@vger.kernel.org, bhe@redhat.com, dyoung@redhat.com, kexec@lists.infradead.org, linux-efi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 5 Aug 2023 at 11:18, Borislav Petkov wrote: > > On Thu, Aug 03, 2023 at 01:11:54PM +0200, Ard Biesheuvel wrote: > > Sadly, not only 'old' grubs - GRUB mainline only recently added > > support for booting Linux/x86 via the EFI stub (because I wrote the > > code for them), > > haha. > > > but it will still fall back to the previous mode for kernels that are > > built without EFI stub support, or which are older than ~v5.8 (because > > their EFI stub does not implement the generic EFI initrd loading > > mechanism) > > The thing is, those SNP kernels pretty much use the EFI boot mechanism. > I mean, don't take my word for it as I run SNP guests only from time to > time but that's what everyone uses AFAIK. > > > Yeah. what seems to be saving our ass here is that startup_32 maps the > > first 1G of physical address space 4 times, and x86_64 EFI usually > > puts firmware tables below 4G. This means the cc blob check doesn't > > fault, but it may dereference bogus memory traversing the config table > > array looking for the cc blob GUID. However, the system table field > > holding the size of the array may also appear as bogus so this may > > still break in weird ways. > > Oh fun. > This is not actually true, I misread the code. The initial mapping is 1:1 for the lower 4G of system memory, so anything that lives there is accessible before the demand paging stuff is up and running. IOW, your change should be sufficient to fix this even when entering via the 32-bit entry point.