From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id E527F740038 for ; Wed, 15 Jan 2025 18:53:12 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=qqWYQAqyajgGTrvZs0KVSyG/u75sfwt751PjBQn07Ug=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240830; t=1736967192; v=1; x=1737226391; b=Nr9MivpqvljJmUJEH73SLfDq+WXIu4S3z3qQsjxGnGtYl1UgpTLGEeVIk51COKK/f3Pl3JTU OEDatw8fnj+GmbC+epjmDBoNV0RJdlF39VbtCZTP7ittJa0dmLGsr/s20YXzlNpb7RylGqTqCyS Q20jMJJJ/ImlFdRYXnV/ViZrHVie9CHukhB79pibdxFdx3uc3hHqoZIXEC0auz7wraPVyvcjio+ BAWWpBD6HHPY7zgPZoi0vxOja9NqHqcFCFKdRG3f5TcePOQprR6qH3FDkwZ8L/xH8xKN0p47aS7 yOMsYcUsb3yKGt1zfSLL0g+cJjzuMYpC6usGfOW9A8J0w== X-Received: by 127.0.0.2 with SMTP id vroYYY7687511x91kPPZvBBU; Wed, 15 Jan 2025 10:53:11 -0800 X-Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.web11.19735.1736519477547684764 for ; Fri, 10 Jan 2025 06:31:17 -0800 X-Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4361b0ec57aso21395105e9.0 for ; Fri, 10 Jan 2025 06:31:17 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVrR2M90s+Kc+IgsL7JAHMzKUsk/4sxUswgdLbmRNYF3n4UwgULGPvkY66Ykiw5suDNyxDJDw==@edk2.groups.io X-Gm-Message-State: zj1lCv1JXGzRvRZMpv0XGyimx7686176AA= X-Gm-Gg: ASbGncsif8ZeL7F69hHgd7U+WeBUHNlzZplB6N0II8jVHSVWnc8U3crqy9lf/Pox+YC pfmvju5GBQeQBEIPCyTH1H0e1IAcLTFzqTi91E9GZsoTfgpHsDm77gi3k95j/31EnDQ6ABSxo3W S1h6TTG53zi0CfuShbtChJ9eEyJIdcwsFC8lMKtFxn2zoeosNIP5XLTvE2UfDu6H7XQMZwjR2E0 tf+kdQD1rONCwDN6Kr5EvvQM10Yt++iLp6C6dEprvGnt9wrpjon/+cd5FpsDC3wFmVoLpgDMNTo 3j9D/Xr7gn01/dEeIcQxSecKVRCXQl6oXfTnmPZ9+ESeFLGXag== X-Google-Smtp-Source: AGHT+IGq00rhLc0Ylg2NuJdsWT9ahGisN7BbjecTv7ITNG64U9Bb1M/Ufx7fRwM6+4l70m96C3vDSA== X-Received: by 2002:a05:600c:3551:b0:434:a781:f5e2 with SMTP id 5b1f17b1804b1-436e26c3c34mr99055335e9.8.1736519475604; Fri, 10 Jan 2025 06:31:15 -0800 (PST) X-Received: from ?IPV6:2a02:6b67:d752:5f00:c46:86ac:45ea:7590? ([2a02:6b67:d752:5f00:c46:86ac:45ea:7590]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e9dc860bsm54386535e9.9.2025.01.10.06.31.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 10 Jan 2025 06:31:15 -0800 (PST) Message-ID: Date: Fri, 10 Jan 2025 14:31:14 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [RFC 2/2] efi/memattr: add efi_mem_attr_table as a reserved region in 820_table_firmware To: Ard Biesheuvel Cc: linux-efi@vger.kernel.org, devel@edk2.groups.io, kexec@lists.infradead.org, hannes@cmpxchg.org, dyoung@redhat.com, x86@kernel.org, linux-kernel@vger.kernel.org, leitao@debian.org, gourry@gourry.net, kernel-team@meta.com References: <20250108215957.3437660-1-usamaarif642@gmail.com> <20250108215957.3437660-3-usamaarif642@gmail.com> From: "Usama Arif via groups.io" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 15 Jan 2025 10:52:53 -0800 Resent-From: usamaarif642@gmail.com Reply-To: devel@edk2.groups.io,usamaarif642@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=Nr9Mivpq; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 10/01/2025 07:32, Ard Biesheuvel wrote: > On Thu, 9 Jan 2025 at 17:32, Usama Arif wrote: >> >> >> >> On 09/01/2025 16:15, Ard Biesheuvel wrote: >> I think in the end whoevers' responsibility it is, the easiest path forw= ard >> seems to be in kernel? (and not firmware or libstub) >> >=20 > Agreed. But as I pointed out in the other thread, the memory > attributes table only augments the memory map with permission > information, and can be disregarded, and given how badly we mangle the > memory map on x86, maybe this is the right choice here. >=20 >>> >>>> The next ideal place would be in libstub. However, it looks like >>>> InstallMemoryAttributesTable [2] is not available as a boot service >>>> call option [3], [4], and install_configuration_table does not >>>> seem to work as a valid substitute. >>>> >>> >>> To do what, exactly? >>> >> >> To change the memory type from System RAM to either reserved or >> something more appropriate, i.e. any type that is not touched by >> kexec or any other userspace. >> >> Basically the example code I attached at the end of the cover letter in >> https://lore.kernel.org/all/20250108215957.3437660-1-usamaarif642@gmail.= com/ >> It could be EFI_ACPI_RECLAIM_MEMORY or EFI_RESERVED_TYPE, both of which = aren't >> touched by kexec. >> >=20 > This is a kexec problem (on x86 only) so let's fix it there. I don't believe we can accurately tell if we are booting from a cold boot o= r kexec. There is bootloader_type available for x86, but not sure if we should rely = on that. I think a way forward would be to move it behind a Kconfig option, so= mething like below, which defaults to n for x86. Anyone who needs it can enable it. What= do you think? diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index aa95f77d7a30..31deb0a5371e 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -83,7 +83,9 @@ static const unsigned long * const efi_tables[] =3D { &efi_config_table, &efi.esrt, &prop_phys, +#ifdef CONFIG_EFI_MEMATTR &efi_mem_attr_table, +#endif #ifdef CONFIG_EFI_RCI2_TABLE &rci2_table_phys, #endif diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index 72f2537d90ca..b8ecb318768c 100644 --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -287,6 +287,13 @@ config EFI_EMBEDDED_FIRMWARE bool select CRYPTO_LIB_SHA256 =20 +config EFI_MEMATTR + bool "EFI Memory attributes table" + default n if X86_64 + help + EFI Memory Attributes table describes memory protections that ma= y + be applied to the EFI Runtime code and data regions by the kerne= l. + endmenu =20 config UEFI_CPER diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile index a2d0009560d0..c593ec0d9940 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile @@ -11,7 +11,9 @@ KASAN_SANITIZE_runtime-wrappers.o :=3D n =20 obj-$(CONFIG_ACPI_BGRT) +=3D efi-bgrt.o -obj-$(CONFIG_EFI) +=3D efi.o vars.o reboot.o memattr.= o tpm.o +obj-$(CONFIG_EFI) +=3D efi.o vars.o reboot.o tpm.o +obj-$(CONFIG_EFI_MEMATTR) +=3D memattr.o + obj-$(CONFIG_EFI) +=3D memmap.o ifneq ($(CONFIG_EFI_CAPSULE_LOADER),) obj-$(CONFIG_EFI) +=3D capsule.o diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index fdf07dd6f459..f359179083d5 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -596,7 +596,9 @@ static const efi_config_table_type_t common_tables[] __= initconst =3D { {SMBIOS_TABLE_GUID, &efi.smbios, "SM= BIOS" }, {SMBIOS3_TABLE_GUID, &efi.smbios3, "SM= BIOS 3.0" }, {EFI_SYSTEM_RESOURCE_TABLE_GUID, &efi.esrt, "ES= RT" }, +#ifdef CONFIG_EFI_MEMATTR {EFI_MEMORY_ATTRIBUTES_TABLE_GUID, &efi_mem_attr_table, "ME= MATTR" }, +#endif {LINUX_EFI_RANDOM_SEED_TABLE_GUID, &efi_rng_seed, "RN= G" }, {LINUX_EFI_TPM_EVENT_LOG_GUID, &efi.tpm_log, "TP= MEventLog" }, {EFI_TCG2_FINAL_EVENTS_TABLE_GUID, &efi.tpm_final_log, "TP= MFinalLog" }, diff --git a/include/linux/efi.h b/include/linux/efi.h index 9c239cdff771..4cf5ebe014e2 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -783,9 +783,21 @@ extern unsigned long efi_mem_attr_table; */ typedef int (*efi_memattr_perm_setter)(struct mm_struct *, efi_memory_desc= _t *, bool); =20 +#ifdef CONFIG_EFI_MEMATTR extern int efi_memattr_init(void); extern int efi_memattr_apply_permissions(struct mm_struct *mm, efi_memattr_perm_setter fn); +#else +static inline int efi_memattr_init(void) +{ + return 0; +} +static inline int efi_memattr_apply_permissions(struct mm_struct *mm, + efi_memattr_perm_setter fn) +{ + return 0; +} +#endif =20 /* * efi_memdesc_ptr - get the n-th EFI memmap descriptor -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#121013): https://edk2.groups.io/g/devel/message/121013 Mute This Topic: https://groups.io/mt/110518541/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-