Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp3206896rwb;
        Mon, 7 Aug 2023 09:43:51 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IErsTYzufWaDIfq1MMOyZSUaTSrS4SZUCSno9EV8rfA5PY5jF9hhGF7/Vd3XHc2zMbgNUAy
X-Received: by 2002:a17:903:2445:b0:1b8:aee8:a21c with SMTP id l5-20020a170903244500b001b8aee8a21cmr12073398pls.31.1691426630809;
        Mon, 07 Aug 2023 09:43:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691426630; cv=none;
        d=google.com; s=arc-20160816;
        b=lAeYTDRt4TNylGNLrst8LgMorS6HdfiIdckwXON2zjtovXZjYrcztOx/T8RYzMoiJQ
         4iXTULvEV2aQ/QXzAsHfZTUHFV5H4wZYIISrT4H8MMdibHM/pAfPUabm9AJIPKouO7Ns
         f2YUeqo7zruSulaWDz28O7zNKcTn6CDGD6x6Lzm3OOCIZ9iXuP8spe30+S2Edq2vjKjr
         zit1e4Kp/6GrI5fNymMMOulTeSBlXENyyCe+EMf7zrHRtvLOrfCZ2R+xxvmosm61leYF
         nn2ua1YbAgu1TtrXHt7R3GkQm9MLKCHTjqeB+yjau67/c6K7F6mmN7lJrPMfyT+xe13S
         V9BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=IQL49+wkBQCrsk56hKhP7yDvFPKBFHJ/K6FeWsnjjXc=;
        fh=cABQbWJU7O0a+UPgHSiwUQ6sY/R0G63oUvu0DeYA5T8=;
        b=K/M4Ri4AtsxeArYOk4uHMITBHJUNDuo/6V8SbO/n9ahEOqdRRA/S184XQ+Vwsw4teU
         +l1Dt7HhTqxM+VG46CKpODp+ugSdwQyP64m4ahK2UFEwm3N0dsGqh0c09Z+cLqR26zM0
         wRvcxwbjN3Wj1j3ex0imNi4jzjUeZivzCH9P7se6NLohAlnUsiwT+pqxvggklL/8ds6R
         l0RpzrRmEMBmPQTxnJqoUuaveZvwvpCd0KhSknzVvnewju3s0fnaspjwXRoQTGKYLcN8
         HAwFyYSnK7RnlQcuxZA7RYIBX2xg3PWJxBNQEaokDeWJc9ilif/gu4vqjJaieg2QTDax
         YgrA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CBjDo05g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u5-20020a170902e5c500b001b88ff2efeasi6224026plf.431.2023.08.07.09.43.38;
        Mon, 07 Aug 2023 09:43:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CBjDo05g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230389AbjHGQ3f (ORCPT <rfc822;aprilthirty60@gmail.com>
        + 99 others); Mon, 7 Aug 2023 12:29:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35612 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231817AbjHGQ3D (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Aug 2023 12:29:03 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3D0E1FCE;
        Mon,  7 Aug 2023 09:28:25 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 957B561F33;
        Mon,  7 Aug 2023 16:28:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78F88C433C7;
        Mon,  7 Aug 2023 16:28:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1691425705;
        bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=CBjDo05gh+QlQNGFhuBllM6lpSIft4iqt/Qg8EYCO4EhvuHgIjTz6lhqLgN+00+Jq
         TxQSdDQGejmUKhXNCA/s0/X8VRUUmD3jJ6b+PUoqHg/UE85lfyyuZ10SlacCMn0YAa
         vSrgByXq+nzhDhovAq4KXqFcNe18kmM+OLlLZ7AEq40FhmhUJlx9MBNLUJ/MisQQTP
         zmDsMXqAgOJVPRQZs6kDaPt6IRxiHv5tJJYLebPwLbmOr1AhVuaAZ9gkpvXeQ5p34c
         CywdeJ1KUBBAmAYo0SJrB7H415S7djl//aELo+Nm/3rE71aLQtAVS03ZP3EJbnFqTg
         63OczHKWL29/Q==
From:   Ard Biesheuvel <ardb@kernel.org>
To:     linux-efi@vger.kernel.org
Cc:     linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>
Subject: [PATCH v9 21/23] efi/libstub: Add limit argument to efi_random_alloc()
Date:   Mon,  7 Aug 2023 18:27:18 +0200
Message-Id: <20230807162720.545787-22-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230807162720.545787-1-ardb@kernel.org>
References: <20230807162720.545787-1-ardb@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3943; i=ardb@kernel.org; h=from:subject; bh=Os+OvcWXVTEgn4GvlOd4rs76sb2kuX0zlm0OhlZtKNw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeWidOoS5do7oTpWZ7leH79/4ptb9c/JjLeZVQWF+MS2F e86L23UUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZSGMbwz+wu9+FTaz+8e3ne 7ZaRUG7hlj0neM+e2SPS9bFkQfCHD62MDE2TTt7u57mW0WcR6Tjv2pwZvX3vfZ7nzHeb2n10r6j vExYA
X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

x86 will need to limit the kernel memory allocation to the lowest 512
MiB of memory, to match the behavior of the existing bare metal KASLR
physical randomization logic. So in preparation for that, add a limit
parameter to efi_random_alloc() and wire it up.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/arm64-stub.c  |  2 +-
 drivers/firmware/efi/libstub/efistub.h     |  2 +-
 drivers/firmware/efi/libstub/randomalloc.c | 10 ++++++----
 drivers/firmware/efi/libstub/zboot.c       |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 770b8ecb73984c61..8c40fc89f5f99209 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -106,7 +106,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
 		 */
 		status = efi_random_alloc(*reserve_size, min_kimg_align,
 					  reserve_addr, phys_seed,
-					  EFI_LOADER_CODE);
+					  EFI_LOADER_CODE, EFI_ALLOC_LIMIT);
 		if (status != EFI_SUCCESS)
 			efi_warn("efi_random_alloc() failed: 0x%lx\n", status);
 	} else {
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index 06b7abc92ced9e18..9823f6fb3e01f718 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -956,7 +956,7 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out);
 
 efi_status_t efi_random_alloc(unsigned long size, unsigned long align,
 			      unsigned long *addr, unsigned long random_seed,
-			      int memory_type);
+			      int memory_type, unsigned long alloc_limit);
 
 efi_status_t efi_random_get_seed(void);
 
diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c
index 32c7a54923b4c127..674a064b8f7adc68 100644
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -16,7 +16,8 @@
  */
 static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
 					 unsigned long size,
-					 unsigned long align_shift)
+					 unsigned long align_shift,
+					 u64 alloc_limit)
 {
 	unsigned long align = 1UL << align_shift;
 	u64 first_slot, last_slot, region_end;
@@ -29,7 +30,7 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
 		return 0;
 
 	region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1,
-			 (u64)EFI_ALLOC_LIMIT);
+			 alloc_limit);
 	if (region_end < size)
 		return 0;
 
@@ -54,7 +55,8 @@ efi_status_t efi_random_alloc(unsigned long size,
 			      unsigned long align,
 			      unsigned long *addr,
 			      unsigned long random_seed,
-			      int memory_type)
+			      int memory_type,
+			      unsigned long alloc_limit)
 {
 	unsigned long total_slots = 0, target_slot;
 	unsigned long total_mirrored_slots = 0;
@@ -76,7 +78,7 @@ efi_status_t efi_random_alloc(unsigned long size,
 		efi_memory_desc_t *md = (void *)map->map + map_offset;
 		unsigned long slots;
 
-		slots = get_entry_num_slots(md, size, ilog2(align));
+		slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit);
 		MD_NUM_SLOTS(md) = slots;
 		total_slots += slots;
 		if (md->attribute & EFI_MEMORY_MORE_RELIABLE)
diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c
index e5d7fa1f1d8fd160..bdb17eac0cb401be 100644
--- a/drivers/firmware/efi/libstub/zboot.c
+++ b/drivers/firmware/efi/libstub/zboot.c
@@ -119,7 +119,7 @@ efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab)
 		}
 
 		status = efi_random_alloc(alloc_size, min_kimg_align, &image_base,
-					  seed, EFI_LOADER_CODE);
+					  seed, EFI_LOADER_CODE, EFI_ALLOC_LIMIT);
 		if (status != EFI_SUCCESS) {
 			efi_err("Failed to allocate memory\n");
 			goto free_cmdline;
-- 
2.39.2