Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp3240820rwb; Mon, 7 Aug 2023 10:12:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHzT0gv13S5yEGG+a2TuOHC1g1UR5qQF+OBIJrgMU1zNU4k/PYSe5foiWrJ8n7ixOWCjGuS X-Received: by 2002:a05:6a20:2451:b0:140:3554:3f41 with SMTP id t17-20020a056a20245100b0014035543f41mr10556833pzc.54.1691428335752; Mon, 07 Aug 2023 10:12:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691428335; cv=none; d=google.com; s=arc-20160816; b=TR5EO98F8/itMv8IxAfrVZw2gghys5Zocw5IwLQmQEj/g5vW9OgWI0Hnjrdx3Acrb+ N0LaqLTNRevNhZxjkfyTWAQ41mxsqGhoUM//FV+zTJopRA5yVY0TbC4HIxoYBfnAFUqB JQLHQMP4TnA/0wpGWFFbTSKxTk3wzAJ34fEgSKA2nuNbJ5s7qee5dr1TLp1zPBAIe39F TCTnfIGzqjj7Cl1WR7NRLpRmVO+W6v12v95l9/9t+DpWlPwKsz9lJ8/Ozy427/Ybqzk9 TGxKGkTpUOFVhAeuht2y4021qwmd4+9bnl1CFIHDU1tFKm0s0CqoFwU0k1TuQx2jA9BS 3f6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OdWuYfQY9jvFqqZcaRxWuErNFnmSkdfw4BPQLDFKuJg=; fh=cABQbWJU7O0a+UPgHSiwUQ6sY/R0G63oUvu0DeYA5T8=; b=eKMvtuzxm4U9Z7DhJorulfya+ZWwx1axHWPwgTDCg+URyv1umb/T9YmjahhwzyueJv vsWQEEiECUu+SbXGjbxeyef2StO9pvQnDo9xDMXsd8FMSm1/voD0gQo3INj2ROu0AGrX ZjJE3eUH73tlrOQsMQCxTzSrDxmkNPOLdQo4hqNg/KfkNjHv2P72Tcyv9P5hfzGKVQcP rOj6Rbs5OMPRsp8pSBBMtIT5BdqyejwlIgFrQ3Mt4i4ud9K2QbMPZ7bYoEZZDhKcycBp H24yCEj+bz8lCbCpFFVznZtqZ6HA0wafBl+OMqD5VDcuFBEVHsfHNs00AtjfeJiwS3LH Vbew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZUWfxdxH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eg26-20020a056a00801a00b00652c20d3522si5898127pfb.303.2023.08.07.10.12.03; Mon, 07 Aug 2023 10:12:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZUWfxdxH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231722AbjHGQ3G (ORCPT + 99 others); Mon, 7 Aug 2023 12:29:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231731AbjHGQ2r (ORCPT ); Mon, 7 Aug 2023 12:28:47 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E55A119A6; Mon, 7 Aug 2023 09:28:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A8F2F61F2D; Mon, 7 Aug 2023 16:28:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8EC8EC433C9; Mon, 7 Aug 2023 16:28:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691425697; bh=Fk0lLfubzCQVs/j9K2oCq55VjZoVRLPQJNzwiQAW0qQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZUWfxdxH8cx9OrRrG0ELLmZKSZEKPqP9lsMVUiHaUB9SRuz31SuNPiS/W3tOm98CQ 6hKzTFm0sgF2Z9NPYmRP3xFrxW63BOcWyxQc/N8Ie6zx9GJHoNn6B2kpgimCtWD3M+ lhPPzHC3jxzrwDY38v+EVV36BRBenKmxHQcag7G6vucGtHKnRRRvnftmS4Tbmzf/c7 7+p9yITnMfeW7lfcgTgIX2BQ0V5o8FnO4AViE7qYD1MqHPu7IH4XHVSZihNSxZRrwz iYbXuQAtOfRBrE2L0wVHwZniFF3z65o2Gi/iYmw1GazYqDF9GIEbfY15HxsN1IJxZ0 TP4MRXHrGuKpw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner Subject: [PATCH v9 17/23] x86/efistub: Prefer EFI memory attributes protocol over DXE services Date: Mon, 7 Aug 2023 18:27:14 +0200 Message-Id: <20230807162720.545787-18-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230807162720.545787-1-ardb@kernel.org> References: <20230807162720.545787-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3324; i=ardb@kernel.org; h=from:subject; bh=Fk0lLfubzCQVs/j9K2oCq55VjZoVRLPQJNzwiQAW0qQ=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeWidILRwStnrJT7mr4c2CLZK+3G+/6LZ+NjQybPDbrdv sYTva90lLIwiHEwyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIkIqzMyTPkze9WFq80Mbe/O f3mexnGz4aLjlpNR9y8vuu5hxmypzMrwP3jiMYtvXNPf7Pn3JT2heemL6J93vuRE2Rmd0brgE3X OghkA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, the EFI stub relies on DXE services in some cases to clear non-execute restrictions from page allocations that need to be executable. This is dodgy, because DXE services are not specified by UEFI but by PI, and they are not intended for consumption by OS loaders. However, no alternative existed at the time. Now, there is a new UEFI protocol that should be used instead, so if it exists, prefer it over the DXE services calls. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index af5f50617a5b4c59..acb1c65bf8ac6fb3 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table; const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +static efi_memory_attribute_protocol_t *memattr; typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t; union sev_memory_acceptance_protocol { @@ -233,12 +234,18 @@ void efi_adjust_memory_range_protection(unsigned long start, unsigned long rounded_start, rounded_end; unsigned long unprotect_start, unprotect_size; - if (efi_dxe_table == NULL) - return; - rounded_start = rounddown(start, EFI_PAGE_SIZE); rounded_end = roundup(start + size, EFI_PAGE_SIZE); + if (memattr != NULL) { + efi_call_proto(memattr, clear_memory_attributes, rounded_start, + rounded_end - rounded_start, EFI_MEMORY_XP); + return; + } + + if (efi_dxe_table == NULL) + return; + /* * Don't modify memory region attributes, they are * already suitable, to lower the possibility to @@ -801,6 +808,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, efi_system_table_t *sys_table_arg, struct boot_params *boot_params) { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; @@ -812,13 +820,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); - efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); - if (efi_dxe_table && - efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { - efi_warn("Ignoring DXE services table: invalid signature\n"); - efi_dxe_table = NULL; + if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) { + efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID); + if (efi_dxe_table && + efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) { + efi_warn("Ignoring DXE services table: invalid signature\n"); + efi_dxe_table = NULL; + } } + /* grab the memory attributes protocol if it exists */ + efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr); + status = efi_setup_5level_paging(); if (status != EFI_SUCCESS) { efi_err("efi_setup_5level_paging() failed!\n"); -- 2.39.2