From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: keescook@chromium.org, Ard Biesheuvel <ardb@kernel.org>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Peter Jones <pjones@redhat.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Palmer Dabbelt <palmer@dabbelt.com>,
Atish Patra <atishp@atishpatra.org>,
Arnd Bergmann <arnd@arndb.de>,
Huacai Chen <chenhuacai@loongson.cn>,
Xi Ruoyao <xry111@xry111.site>,
Lennart Poettering <lennart@poettering.net>,
Jeremy Linton <jeremy.linton@arm.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>
Subject: [PATCH 05/21] efi: libstub: Drop randomization of runtime memory map
Date: Mon, 17 Oct 2022 19:16:44 +0200 [thread overview]
Message-ID: <20221017171700.3736890-6-ardb@kernel.org> (raw)
In-Reply-To: <20221017171700.3736890-1-ardb@kernel.org>
Randomizing the UEFI runtime memory map requires the use of the
SetVirtualAddressMap() EFI boot service, which we prefer to avoid. So
let's drop randomization, which was already problematic in combination
with hibernation, which means that distro kernels never enabled it in
the first place.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/efi-stub.c | 29 --------------------
1 file changed, 29 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index cf474f0dd261..0ebfa2d9628a 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -35,15 +35,6 @@
* as well to minimize the code churn.
*/
#define EFI_RT_VIRTUAL_BASE SZ_512M
-#define EFI_RT_VIRTUAL_SIZE SZ_512M
-
-#ifdef CONFIG_ARM64
-# define EFI_RT_VIRTUAL_LIMIT DEFAULT_MAP_WINDOW_64
-#elif defined(CONFIG_RISCV) || defined(CONFIG_LOONGARCH)
-# define EFI_RT_VIRTUAL_LIMIT TASK_SIZE_MIN
-#else /* Only if TASK_SIZE is a constant */
-# define EFI_RT_VIRTUAL_LIMIT TASK_SIZE
-#endif
/*
* Some architectures map the EFI regions into the kernel's linear map using a
@@ -230,26 +221,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
efi_novamap |= !(get_supported_rt_services() &
EFI_RT_SUPPORTED_SET_VIRTUAL_ADDRESS_MAP);
- /* hibernation expects the runtime regions to stay in the same place */
- if (!IS_ENABLED(CONFIG_HIBERNATION) && !efi_nokaslr && !flat_va_mapping) {
- /*
- * Randomize the base of the UEFI runtime services region.
- * Preserve the 2 MB alignment of the region by taking a
- * shift of 21 bit positions into account when scaling
- * the headroom value using a 32-bit random value.
- */
- static const u64 headroom = EFI_RT_VIRTUAL_LIMIT -
- EFI_RT_VIRTUAL_BASE -
- EFI_RT_VIRTUAL_SIZE;
- u32 rnd;
-
- status = efi_get_random_bytes(sizeof(rnd), (u8 *)&rnd);
- if (status == EFI_SUCCESS) {
- virtmap_base = EFI_RT_VIRTUAL_BASE +
- (((headroom >> 21) * rnd) >> (32 - 21));
- }
- }
-
install_memreserve_table();
status = efi_boot_kernel(handle, image, image_addr, cmdline_ptr);
--
2.35.1
next prev parent reply other threads:[~2022-10-17 17:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-17 17:16 [PATCH 00/21] efi: Combine stub functionality with zboot decompressor Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 01/21] arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel() Ard Biesheuvel
2022-10-18 11:27 ` Catalin Marinas
2022-10-18 11:38 ` Ard Biesheuvel
2022-10-18 11:54 ` Catalin Marinas
2022-10-17 17:16 ` [PATCH 02/21] arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel() Ard Biesheuvel
2022-10-18 11:57 ` Catalin Marinas
2022-10-18 11:59 ` Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 03/21] arm64: efi: Move efi-entry.S into the libstub source directory Ard Biesheuvel
2022-10-18 11:57 ` Catalin Marinas
2022-10-17 17:16 ` [PATCH 04/21] efi: libstub: Remove zboot signing from build options Ard Biesheuvel
2022-10-17 17:16 ` Ard Biesheuvel [this message]
2022-10-17 17:16 ` [PATCH 06/21] efi: libstub: Drop handling of EFI properties table Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 07/21] efi: libstub: Deduplicate ftrace command line argument filtering Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 08/21] efi: libstub: Use local strncmp() implementation unconditionally Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 09/21] efi: libstub: Clone memcmp() into the stub Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 10/21] efi: libstub: Enable efi_printk() in zboot decompressor Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 11/21] efi: loongarch: Drop exports of unused string routines Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 12/21] efi: libstub: Move screen_info handling to common code Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 13/21] efi: libstub: Provide local implementations of strrchr() and memchr() Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 14/21] efi: libstub: Factor out EFI stub entrypoint into separate file Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 15/21] efi: libstub: Add image code and data size to the zimage metadata Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 16/21] efi: libstub: Factor out min alignment and preferred kernel load address Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 17/21] efi/riscv: libstub: Split off kernel image relocation for builtin stub Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 18/21] efi/arm64: " Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 19/21] efi/loongarch: Don't jump to kernel entry via the old image Ard Biesheuvel
2022-10-17 17:16 ` [PATCH 20/21] efi/loongarch: libstub: Split off kernel image relocation for builtin stub Ard Biesheuvel
2022-10-17 17:17 ` [PATCH 21/21] efi: libstub: Merge zboot decompressor with the ordinary stub Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221017171700.3736890-6-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=atishp@atishpatra.org \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@loongson.cn \
--cc=ilias.apalodimas@linaro.org \
--cc=jeremy.linton@arm.com \
--cc=keescook@chromium.org \
--cc=lennart@poettering.net \
--cc=linux-efi@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=palmer@dabbelt.com \
--cc=pjones@redhat.com \
--cc=will@kernel.org \
--cc=xry111@xry111.site \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.