From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>, Dave Young <dyoung@redhat.com>,
Mario Limonciello <mario.limonciello@amd.com>,
Kees Cook <keescook@chromium.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Joerg Roedel <jroedel@suse.de>
Subject: [PATCH v8 17/23] x86/efistub: Prefer EFI memory attributes protocol over DXE services
Date: Wed, 2 Aug 2023 17:48:25 +0200 [thread overview]
Message-ID: <20230802154831.2147855-18-ardb@kernel.org> (raw)
In-Reply-To: <20230802154831.2147855-1-ardb@kernel.org>
Currently, the EFI stub relies on DXE services in some cases to clear
non-execute restrictions from page allocations that need to be
executable. This is dodgy, because DXE services are not specified by
UEFI but by PI, and they are not intended for consumption by OS loaders.
However, no alternative existed at the time.
Now, there is a new UEFI protocol that should be used instead, so if it
exists, prefer it over the DXE services calls.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/x86-stub.c | 29 ++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index af5f50617a5b4c59..acb1c65bf8ac6fb3 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -26,6 +26,7 @@ const efi_system_table_t *efi_system_table;
const efi_dxe_services_table_t *efi_dxe_table;
u32 image_offset __section(".data");
static efi_loaded_image_t *image = NULL;
+static efi_memory_attribute_protocol_t *memattr;
typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t;
union sev_memory_acceptance_protocol {
@@ -233,12 +234,18 @@ void efi_adjust_memory_range_protection(unsigned long start,
unsigned long rounded_start, rounded_end;
unsigned long unprotect_start, unprotect_size;
- if (efi_dxe_table == NULL)
- return;
-
rounded_start = rounddown(start, EFI_PAGE_SIZE);
rounded_end = roundup(start + size, EFI_PAGE_SIZE);
+ if (memattr != NULL) {
+ efi_call_proto(memattr, clear_memory_attributes, rounded_start,
+ rounded_end - rounded_start, EFI_MEMORY_XP);
+ return;
+ }
+
+ if (efi_dxe_table == NULL)
+ return;
+
/*
* Don't modify memory region attributes, they are
* already suitable, to lower the possibility to
@@ -801,6 +808,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
efi_system_table_t *sys_table_arg,
struct boot_params *boot_params)
{
+ efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
unsigned long bzimage_addr = (unsigned long)startup_32;
unsigned long buffer_start, buffer_end;
struct setup_header *hdr = &boot_params->hdr;
@@ -812,13 +820,18 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
efi_exit(handle, EFI_INVALID_PARAMETER);
- efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
- if (efi_dxe_table &&
- efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {
- efi_warn("Ignoring DXE services table: invalid signature\n");
- efi_dxe_table = NULL;
+ if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) {
+ efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
+ if (efi_dxe_table &&
+ efi_dxe_table->hdr.signature != EFI_DXE_SERVICES_TABLE_SIGNATURE) {
+ efi_warn("Ignoring DXE services table: invalid signature\n");
+ efi_dxe_table = NULL;
+ }
}
+ /* grab the memory attributes protocol if it exists */
+ efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr);
+
status = efi_setup_5level_paging();
if (status != EFI_SUCCESS) {
efi_err("efi_setup_5level_paging() failed!\n");
--
2.39.2
next prev parent reply other threads:[~2023-08-02 15:51 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-02 15:48 [PATCH v8 00/23] efi/x86: Avoid bare metal decompressor during EFI boot Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 01/23] x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 02/23] x86/head_64: Store boot_params pointer in callee save register Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 03/23] x86/efistub: Branch straight to kernel entry point from C code Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 04/23] x86/efistub: Simplify and clean up handover entry code Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 05/23] x86/decompressor: Avoid magic offsets for EFI handover entrypoint Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 06/23] x86/efistub: Clear BSS in EFI handover protocol entrypoint Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 07/23] x86/decompressor: Store boot_params pointer in callee save register Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 08/23] x86/decompressor: Assign paging related global variables earlier Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 09/23] x86/decompressor: Call trampoline as a normal function Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 10/23] x86/decompressor: Use standard calling convention for trampoline Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 11/23] x86/decompressor: Avoid the need for a stack in the 32-bit trampoline Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 12/23] x86/decompressor: Call trampoline directly from C code Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 13/23] x86/decompressor: Only call the trampoline when changing paging levels Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 14/23] x86/decompressor: Pass pgtable address to trampoline directly Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 15/23] x86/decompressor: Merge trampoline cleanup with switching code Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 16/23] x86/efistub: Perform 4/5 level paging switch from the stub Ard Biesheuvel
2023-08-02 15:48 ` Ard Biesheuvel [this message]
2023-08-02 15:48 ` [PATCH v8 18/23] decompress: Use 8 byte alignment Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 19/23] x86/decompressor: Move global symbol references to C code Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 20/23] x86/decompressor: Factor out kernel decompression and relocation Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 21/23] efi/libstub: Add limit argument to efi_random_alloc() Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 22/23] x86/efistub: Perform SNP feature test while running in the firmware Ard Biesheuvel
2023-08-02 15:48 ` [PATCH v8 23/23] x86/efistub: Avoid legacy decompressor when doing EFI boot Ard Biesheuvel
2023-08-05 14:40 ` [PATCH v8 00/23] efi/x86: Avoid bare metal decompressor during " Borislav Petkov
2023-08-05 17:37 ` Ard Biesheuvel
2023-08-05 21:06 ` Borislav Petkov
2023-08-05 22:19 ` Ard Biesheuvel
2023-08-06 10:05 ` Ard Biesheuvel
2023-08-06 10:17 ` Borislav Petkov
2023-08-06 10:21 ` Ard Biesheuvel
2023-08-07 16:18 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230802154831.2147855-18-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=baskov@ispras.ru \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dyoung@redhat.com \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=khoroshilov@ispras.ru \
--cc=kirill.shutemov@linux.intel.com \
--cc=kraxel@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mario.limonciello@amd.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pjones@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox