From: Usama Arif <usamaarif642@gmail.com>
To: Dave Young <dyoung@redhat.com>, Ard Biesheuvel <ardb@kernel.org>
Cc: Breno Leitao <leitao@debian.org>,
linux-efi@vger.kernel.org, kexec@lists.infradead.org,
ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com,
tglx@linutronix.de, dave.hansen@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org, rmikey@meta.com, gourry@gourry.net
Subject: Re: [RFC] efi/tpm: add efi.tpm_log as a reserved region in 820_table_firmware
Date: Fri, 13 Sep 2024 12:06:54 +0100 [thread overview]
Message-ID: <1c37546a-e15e-465f-bcbb-6f39c0fcf82d@gmail.com> (raw)
In-Reply-To: <CALu+AoS9+OxPmVJB9fAJFkjsX9xUVw6K_uXiOi0-XsK6-b4THg@mail.gmail.com>
On 13/09/2024 11:56, Dave Young wrote:
> On Thu, 12 Sept 2024 at 22:15, Ard Biesheuvel <ardb@kernel.org> wrote:
>>
>> (cc Dave)
>
> Thanks for ccing me.
>
>>
>> Full thread here:
>> https://lore.kernel.org/all/CAMj1kXG1hbiafKRyC5qM1Vj5X7x-dmLndqqo2AYnHMRxDz-80w@mail.gmail.com/T/#u
>>
>> On Thu, 12 Sept 2024 at 16:05, Ard Biesheuvel <ardb@kernel.org> wrote:
>>>
>>> On Thu, 12 Sept 2024 at 15:55, Usama Arif <usamaarif642@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On 12/09/2024 14:10, Ard Biesheuvel wrote:
>>>>> Does the below help at all?
>>>>>
>>>>> --- a/drivers/firmware/efi/tpm.c
>>>>> +++ b/drivers/firmware/efi/tpm.c
>>>>> @@ -60,7 +60,7 @@ int __init efi_tpm_eventlog_init(void)
>>>>> }
>>>>>
>>>>> tbl_size = sizeof(*log_tbl) + log_tbl->size;
>>>>> - memblock_reserve(efi.tpm_log, tbl_size);
>>>>> + efi_mem_reserve(efi.tpm_log, tbl_size);
>>>>>
>>>>> if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) {
>>>>> pr_info("TPM Final Events table not present\n");
>>>>
>>>> Unfortunately not. efi_mem_reserve updates e820_table, while kexec looks at /sys/firmware/memmap
>>>> which is e820_table_firmware.
>>>>
>>>> arch_update_firmware_area introduced in the RFC patch does the same thing as efi_mem_reserve does at
>>>> its end, just with e820_table_firmware instead of e820_table.
>>>> i.e. efi_mem_reserve does:
>>>> e820__range_update(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
>>>> e820__update_table(e820_table);
>>>>
>>>> while arch_update_firmware_area does:
>>>> e820__range_update_firmware(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
>>>> e820__update_table(e820_table_firmware);
>>>>
>>>
>>> Shame.
>>>
>>> Using efi_mem_reserve() is appropriate here in any case, but I guess
>>> kexec on x86 needs to be fixed to juggle the EFI memory map, memblock
>>> table, and 3 (!) versions of the E820 table in the correct way
>>> (e820_table, e820_table_kexec and e820_table_firmware)
>>>
>>> Perhaps we can put this additional logic in x86's implementation of
>>> efi_arch_mem_reserve()? AFAICT, all callers of efi_mem_reserve() deal
>>> with configuration tables produced by the firmware that may not be
>>> reserved correctly if kexec looks at e820_table_firmware[] only.
>>
>
> I have not read all the conversations, let me have a look and response later.
>
> The first glance about the patch is that I think the kexec_file_load
> syscall (default of latest kexec-tools) will not use
> e820_table_firmware AFAIK. it will only use e820_table_kexec.
I initially thought that as well. But it looks like kexec just reads /sys/firmware/memmap
https://github.com/horms/kexec-tools/blob/main/kexec/firmware_memmap.h#L29
which is e820_table_firmware.
The patch that Ard sent in https://lore.kernel.org/all/20240912155159.1951792-2-ardb+git@google.com/
is the right approach to it I believe, and I dont see the issue anymore after applying that patch.
>
> Usama, can you confirm how you tested this?
> kexec -c -l will use kexec_load syscall
I am currently testing in my VM setup with kexec_load. But production is running
kexec_file_load and has the same issue.
Thanks,
Usama
> kexec [-s] -l will use kexec_file_load syscall
>
> Thanks
> Dave
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Usama Arif <usamaarif642@gmail.com>
To: Dave Young <dyoung@redhat.com>, Ard Biesheuvel <ardb@kernel.org>
Cc: Breno Leitao <leitao@debian.org>,
linux-efi@vger.kernel.org, kexec@lists.infradead.org,
ebiederm@xmission.com, bhe@redhat.com, vgoyal@redhat.com,
tglx@linutronix.de, dave.hansen@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org, rmikey@meta.com, gourry@gourry.net
Subject: Re: [RFC] efi/tpm: add efi.tpm_log as a reserved region in 820_table_firmware
Date: Fri, 13 Sep 2024 12:06:54 +0100 [thread overview]
Message-ID: <1c37546a-e15e-465f-bcbb-6f39c0fcf82d@gmail.com> (raw)
In-Reply-To: <CALu+AoS9+OxPmVJB9fAJFkjsX9xUVw6K_uXiOi0-XsK6-b4THg@mail.gmail.com>
On 13/09/2024 11:56, Dave Young wrote:
> On Thu, 12 Sept 2024 at 22:15, Ard Biesheuvel <ardb@kernel.org> wrote:
>>
>> (cc Dave)
>
> Thanks for ccing me.
>
>>
>> Full thread here:
>> https://lore.kernel.org/all/CAMj1kXG1hbiafKRyC5qM1Vj5X7x-dmLndqqo2AYnHMRxDz-80w@mail.gmail.com/T/#u
>>
>> On Thu, 12 Sept 2024 at 16:05, Ard Biesheuvel <ardb@kernel.org> wrote:
>>>
>>> On Thu, 12 Sept 2024 at 15:55, Usama Arif <usamaarif642@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On 12/09/2024 14:10, Ard Biesheuvel wrote:
>>>>> Does the below help at all?
>>>>>
>>>>> --- a/drivers/firmware/efi/tpm.c
>>>>> +++ b/drivers/firmware/efi/tpm.c
>>>>> @@ -60,7 +60,7 @@ int __init efi_tpm_eventlog_init(void)
>>>>> }
>>>>>
>>>>> tbl_size = sizeof(*log_tbl) + log_tbl->size;
>>>>> - memblock_reserve(efi.tpm_log, tbl_size);
>>>>> + efi_mem_reserve(efi.tpm_log, tbl_size);
>>>>>
>>>>> if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) {
>>>>> pr_info("TPM Final Events table not present\n");
>>>>
>>>> Unfortunately not. efi_mem_reserve updates e820_table, while kexec looks at /sys/firmware/memmap
>>>> which is e820_table_firmware.
>>>>
>>>> arch_update_firmware_area introduced in the RFC patch does the same thing as efi_mem_reserve does at
>>>> its end, just with e820_table_firmware instead of e820_table.
>>>> i.e. efi_mem_reserve does:
>>>> e820__range_update(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
>>>> e820__update_table(e820_table);
>>>>
>>>> while arch_update_firmware_area does:
>>>> e820__range_update_firmware(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
>>>> e820__update_table(e820_table_firmware);
>>>>
>>>
>>> Shame.
>>>
>>> Using efi_mem_reserve() is appropriate here in any case, but I guess
>>> kexec on x86 needs to be fixed to juggle the EFI memory map, memblock
>>> table, and 3 (!) versions of the E820 table in the correct way
>>> (e820_table, e820_table_kexec and e820_table_firmware)
>>>
>>> Perhaps we can put this additional logic in x86's implementation of
>>> efi_arch_mem_reserve()? AFAICT, all callers of efi_mem_reserve() deal
>>> with configuration tables produced by the firmware that may not be
>>> reserved correctly if kexec looks at e820_table_firmware[] only.
>>
>
> I have not read all the conversations, let me have a look and response later.
>
> The first glance about the patch is that I think the kexec_file_load
> syscall (default of latest kexec-tools) will not use
> e820_table_firmware AFAIK. it will only use e820_table_kexec.
I initially thought that as well. But it looks like kexec just reads /sys/firmware/memmap
https://github.com/horms/kexec-tools/blob/main/kexec/firmware_memmap.h#L29
which is e820_table_firmware.
The patch that Ard sent in https://lore.kernel.org/all/20240912155159.1951792-2-ardb+git@google.com/
is the right approach to it I believe, and I dont see the issue anymore after applying that patch.
>
> Usama, can you confirm how you tested this?
> kexec -c -l will use kexec_load syscall
I am currently testing in my VM setup with kexec_load. But production is running
kexec_file_load and has the same issue.
Thanks,
Usama
> kexec [-s] -l will use kexec_file_load syscall
>
> Thanks
> Dave
>
next prev parent reply other threads:[~2024-09-13 11:07 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 10:41 [RFC] efi/tpm: add efi.tpm_log as a reserved region in 820_table_firmware Usama Arif
2024-09-11 10:41 ` Usama Arif
2024-09-11 11:51 ` Ard Biesheuvel
2024-09-11 11:51 ` Ard Biesheuvel
2024-09-11 14:34 ` Usama Arif
2024-09-11 14:34 ` Usama Arif
2024-09-12 10:23 ` Usama Arif
2024-09-12 10:23 ` Usama Arif
2024-09-12 10:51 ` Ard Biesheuvel
2024-09-12 10:51 ` Ard Biesheuvel
2024-09-12 11:17 ` Usama Arif
2024-09-12 11:17 ` Usama Arif
2024-09-12 13:03 ` Breno Leitao
2024-09-12 13:03 ` Breno Leitao
2024-09-12 13:10 ` Ard Biesheuvel
2024-09-12 13:10 ` Ard Biesheuvel
2024-09-12 13:54 ` Usama Arif
2024-09-12 13:54 ` Usama Arif
2024-09-12 14:05 ` Ard Biesheuvel
2024-09-12 14:05 ` Ard Biesheuvel
2024-09-12 14:14 ` Ard Biesheuvel
2024-09-12 14:14 ` Ard Biesheuvel
2024-09-13 10:56 ` Dave Young
2024-09-13 10:56 ` Dave Young
2024-09-13 11:06 ` Usama Arif [this message]
2024-09-13 11:06 ` Usama Arif
2024-09-13 11:13 ` Dave Young
2024-09-13 11:13 ` Dave Young
2024-09-13 11:49 ` Dave Young
2024-09-13 11:49 ` Dave Young
2024-09-13 11:56 ` Usama Arif
2024-09-13 11:56 ` Usama Arif
2024-09-13 12:52 ` Dave Young
2024-09-13 12:52 ` Dave Young
2024-09-14 6:46 ` Dave Young
2024-09-14 6:46 ` Dave Young
2024-09-14 8:31 ` Ard Biesheuvel
2024-09-14 8:31 ` Ard Biesheuvel
2024-09-14 9:24 ` Dave Young
2024-09-14 9:24 ` Dave Young
2024-09-14 9:46 ` Dave Young
2024-09-14 9:46 ` Dave Young
2024-09-12 14:29 ` Breno Leitao
2024-09-12 14:29 ` Breno Leitao
2024-09-12 15:21 ` Ard Biesheuvel
2024-09-12 15:21 ` Ard Biesheuvel
2024-09-12 15:35 ` Usama Arif
2024-09-12 15:35 ` Usama Arif
2024-09-12 15:45 ` Ard Biesheuvel
2024-09-12 15:45 ` Ard Biesheuvel
2024-09-12 16:22 ` James Bottomley
2024-09-12 16:22 ` James Bottomley
2024-09-13 11:57 ` Breno Leitao
2024-09-13 11:57 ` Breno Leitao
2024-09-13 12:07 ` James Bottomley
2024-09-13 12:07 ` James Bottomley
2024-09-16 20:20 ` Eric W. Biederman
2024-09-16 20:20 ` Eric W. Biederman
2024-09-17 6:45 ` Ard Biesheuvel
2024-09-17 6:45 ` Ard Biesheuvel
2024-09-17 15:24 ` Eric W. Biederman
2024-09-17 15:24 ` Eric W. Biederman
2024-09-17 15:35 ` Ard Biesheuvel
2024-09-17 15:35 ` Ard Biesheuvel
2024-09-18 3:13 ` Eric W. Biederman
2024-09-18 3:13 ` Eric W. Biederman
2024-09-18 7:36 ` Ard Biesheuvel
2024-09-18 7:36 ` Ard Biesheuvel
2024-10-09 9:10 ` Jonathan McDowell
2024-10-09 9:10 ` Jonathan McDowell
2024-10-09 10:46 ` Breno Leitao
2024-10-09 10:46 ` Breno Leitao
2024-10-09 14:05 ` Jonathan McDowell
2024-10-09 14:05 ` Jonathan McDowell
2024-09-14 8:44 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1c37546a-e15e-465f-bcbb-6f39c0fcf82d@gmail.com \
--to=usamaarif642@gmail.com \
--cc=ardb@kernel.org \
--cc=bhe@redhat.com \
--cc=dave.hansen@linux.intel.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gourry@gourry.net \
--cc=kexec@lists.infradead.org \
--cc=leitao@debian.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rmikey@meta.com \
--cc=tglx@linutronix.de \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.