From: Breno Leitao <leitao@debian.org>
To: ardb@kernel.org, linux-efi@vger.kernel.org,
kexec@lists.infradead.org, bhe@redhat.com, vgoyal@redhat.com,
devel@edk2.groups.io, ebiederm@xmission.com
Cc: rppt@kernel.org, usamaarif642@gmail.com, gourry@gourry.net,
rmikey@meta.com
Subject: [edk2-devel] EFI table being corrupted during Kexec
Date: Tue, 10 Sep 2024 06:58:44 -0700 [thread overview]
Message-ID: <20240910-juicy-festive-sambar-9ad23a@devvm32600> (raw)
We've seen a problem in upstream kernel kexec, where a EFI TPM log event table
is being overwritten. This problem happen on real machine, as well as in a
recent EDK2 qemu VM.
Digging deep, the table is being overwritten during kexec, more precisely when
relocating kernel (relocate_kernel() function).
I've also found that the table is being properly reserved using
memblock_reserve() early in the boot, and that range gets overwritten later in
by relocate_kernel(). In other words, kexec is overwriting a memory that was
previously reserved (as memblock_reserve()).
Usama found that kexec only honours memory reservations from /sys/firmware/memmap
which comes from e820_table_firmware table.
Looking at the TPM spec, I found the following part:
If the ACPI TPM2 table contains the address and size of the Platform Firmware TCG log,
firmware “pins” the memory associated with the Platform Firmware TCG log, and reports
this memory as “Reserved” memory via the INT 15h/E820 interface.
From: https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientPlatform_Profile_for_TPM_2p0_Systems_v49_161114_public-review.pdf
I am wondering if that memory region/range should be part of e820 table that is
passed by EFI firmware to kernel, and if it is not passed (as it is not being
passed today), then the kernel doesn't need to respect it, and it is free to
overwrite (as it does today). In other words, this is a firmware bug and not a
kernel bug.
Am I missing something?
Thanks
--breno
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120541): https://edk2.groups.io/g/devel/message/120541
Mute This Topic: https://groups.io/mt/108376671/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2024-09-10 15:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 13:58 Breno Leitao [this message]
2024-09-10 15:44 ` [edk2-devel] EFI table being corrupted during Kexec Andrew Fish via groups.io
2024-09-11 8:44 ` Gerd Hoffmann
[not found] ` <87ed5rd1qf.fsf@email.froward.int.ebiederm.org>
2024-09-10 15:13 ` Breno Leitao
2024-09-10 15:46 ` Usama Arif
2024-09-10 16:09 ` Breno Leitao
2024-09-10 16:14 ` Gregory Price
2024-09-11 10:58 ` Usama Arif
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240910-juicy-festive-sambar-9ad23a@devvm32600 \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox