From: Ard Biesheuvel <ardb+git@google.com>
To: stable@vger.kernel.org
Cc: linux-efi@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Tom Englund <tomenglund26@gmail.com>
Subject: [PATCH stable-v6.1 15/18] x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
Date: Mon, 4 Mar 2024 12:19:53 +0100 [thread overview]
Message-ID: <20240304111937.2556102-35-ardb+git@google.com> (raw)
In-Reply-To: <20240304111937.2556102-20-ardb+git@google.com>
From: Ard Biesheuvel <ardb@kernel.org>
[ Commit 2f77465b05b1270c832b5e2ee27037672ad2a10a upstream ]
The EFI stub's kernel placement logic randomizes the physical placement
of the kernel by taking all available memory into account, and picking a
region at random, based on a random seed.
When KASLR is disabled, this seed is set to 0x0, and this results in the
lowest available region of memory to be selected for loading the kernel,
even if this is below LOAD_PHYSICAL_ADDR. Some of this memory is
typically reserved for the GFP_DMA region, to accommodate masters that
can only access the first 16 MiB of system memory.
Even if such devices are rare these days, we may still end up with a
warning in the kernel log, as reported by Tom:
swapper/0: page allocation failure: order:10, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
Fix this by tweaking the random allocation logic to accept a low bound
on the placement, and set it to LOAD_PHYSICAL_ADDR.
Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot")
Reported-by: Tom Englund <tomenglund26@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218404
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/arm64-stub.c | 2 +-
drivers/firmware/efi/libstub/efistub.h | 3 ++-
drivers/firmware/efi/libstub/randomalloc.c | 12 +++++++-----
drivers/firmware/efi/libstub/x86-stub.c | 1 +
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 16377b452119..16f15e36f9a7 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -181,7 +181,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
*/
status = efi_random_alloc(*reserve_size, min_kimg_align,
reserve_addr, phys_seed,
- EFI_LOADER_CODE, EFI_ALLOC_LIMIT);
+ EFI_LOADER_CODE, 0, EFI_ALLOC_LIMIT);
if (status != EFI_SUCCESS)
efi_warn("efi_random_alloc() failed: 0x%lx\n", status);
} else {
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index 4b4055877f3d..6741f3d900c5 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -906,7 +906,8 @@ efi_status_t efi_get_random_bytes(unsigned long size, u8 *out);
efi_status_t efi_random_alloc(unsigned long size, unsigned long align,
unsigned long *addr, unsigned long random_seed,
- int memory_type, unsigned long alloc_limit);
+ int memory_type, unsigned long alloc_min,
+ unsigned long alloc_max);
efi_status_t efi_random_get_seed(void);
diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c
index ed6f6087a9ea..7ba05719a53b 100644
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -17,7 +17,7 @@
static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
unsigned long size,
unsigned long align_shift,
- u64 alloc_limit)
+ u64 alloc_min, u64 alloc_max)
{
unsigned long align = 1UL << align_shift;
u64 first_slot, last_slot, region_end;
@@ -30,11 +30,11 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
return 0;
region_end = min(md->phys_addr + md->num_pages * EFI_PAGE_SIZE - 1,
- alloc_limit);
+ alloc_max);
if (region_end < size)
return 0;
- first_slot = round_up(md->phys_addr, align);
+ first_slot = round_up(max(md->phys_addr, alloc_min), align);
last_slot = round_down(region_end - size + 1, align);
if (first_slot > last_slot)
@@ -56,7 +56,8 @@ efi_status_t efi_random_alloc(unsigned long size,
unsigned long *addr,
unsigned long random_seed,
int memory_type,
- unsigned long alloc_limit)
+ unsigned long alloc_min,
+ unsigned long alloc_max)
{
unsigned long total_slots = 0, target_slot;
unsigned long total_mirrored_slots = 0;
@@ -78,7 +79,8 @@ efi_status_t efi_random_alloc(unsigned long size,
efi_memory_desc_t *md = (void *)map->map + map_offset;
unsigned long slots;
- slots = get_entry_num_slots(md, size, ilog2(align), alloc_limit);
+ slots = get_entry_num_slots(md, size, ilog2(align), alloc_min,
+ alloc_max);
MD_NUM_SLOTS(md) = slots;
total_slots += slots;
if (md->attribute & EFI_MEMORY_MORE_RELIABLE)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index 47ebc85c0d22..c1dcc86fcc3d 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -785,6 +785,7 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry)
status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr,
seed[0], EFI_LOADER_CODE,
+ LOAD_PHYSICAL_ADDR,
EFI_X86_KERNEL_ALLOC_LIMIT);
if (status != EFI_SUCCESS)
return status;
--
2.44.0.278.ge034bb2e1d-goog
next prev parent reply other threads:[~2024-03-04 11:20 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-04 11:19 [PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 01/18] arm64: efi: Limit allocations to 48-bit addressable physical region Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 02/18] efi: efivars: prevent double registration Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 03/18] x86/efistub: Simplify and clean up handover entry code Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 04/18] x86/decompressor: Avoid magic offsets for EFI handover entrypoint Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 05/18] x86/efistub: Clear BSS in EFI handover protocol entrypoint Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 06/18] x86/decompressor: Move global symbol references to C code Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 07/18] efi/libstub: Add memory attribute protocol definitions Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 08/18] efi/libstub: Add limit argument to efi_random_alloc() Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 09/18] x86/efistub: Perform 4/5 level paging switch from the stub Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 10/18] x86/decompressor: Factor out kernel decompression and relocation Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 11/18] x86/efistub: Prefer EFI memory attributes protocol over DXE services Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 12/18] x86/efistub: Perform SNP feature test while running in the firmware Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 13/18] x86/efistub: Avoid legacy decompressor when doing EFI boot Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 14/18] efi/x86: Avoid physical KASLR on older Dell systems Ard Biesheuvel
2024-03-04 11:19 ` Ard Biesheuvel [this message]
2024-03-04 11:19 ` [PATCH stable-v6.1 16/18] x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 17/18] x86/boot: efistub: Assign global boot_params variable Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 18/18] efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Ard Biesheuvel
2024-03-04 11:42 ` [PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240304111937.2556102-35-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tomenglund26@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox