From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: stable@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted
Date: Sun, 12 Dec 2021 14:20:24 +0100 [thread overview]
Message-ID: <YbX3GGdl+muJBWsY@kroah.com> (raw)
In-Reply-To: <2e06a99ba4c4b1bc6663605414f7518e4c43d188.1639243140.git.thomas.lendacky@amd.com>
On Sat, Dec 11, 2021 at 11:19:00AM -0600, Tom Lendacky wrote:
> commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream
> to be applied to 4.14, 4.19 and 5.4.
>
> Reserving memory using efi_mem_reserve() calls into the x86
> efi_arch_mem_reserve() function. This function will insert a new EFI
> memory descriptor into the EFI memory map representing the area of
> memory to be reserved and marking it as EFI runtime memory. As part
> of adding this new entry, a new EFI memory map is allocated and mapped.
> The mapping is where a problem can occur. This new memory map is mapped
> using early_memremap() and generally mapped encrypted, unless the new
> memory for the mapping happens to come from an area of memory that is
> marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
> be mapped unencrypted. However, during replacement of the old memory map,
> efi_mem_type() is disabled, so the new memory map will now be long-term
> mapped encrypted (in efi.memmap), resulting in the map containing invalid
> data and causing the kernel boot to crash.
>
> Since it is known that the area will be mapped encrypted going forward,
> explicitly map the new memory map as encrypted using early_memremap_prot().
>
> Cc: <stable@vger.kernel.org> # 4.14.x
> Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
> Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> [ardb: incorporate Kconfig fix by Arnd]
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/x86/Kconfig | 1 +
> arch/x86/platform/efi/quirks.c | 3 ++-
> 2 files changed, 3 insertions(+), 1 deletion(-)
Now queued up, thanks.
greg k-h
next prev parent reply other threads:[~2021-12-12 13:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-11 17:19 [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted Tom Lendacky
2021-12-12 13:20 ` Greg Kroah-Hartman [this message]
2021-12-14 9:09 ` Greg Kroah-Hartman
2021-12-14 11:54 ` Tom Lendacky
2021-12-14 13:40 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2021-10-20 18:02 Tom Lendacky
2021-10-21 13:21 ` Tom Lendacky
2021-10-22 14:48 ` Ard Biesheuvel
2021-10-22 16:21 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YbX3GGdl+muJBWsY@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ardb@kernel.org \
--cc=stable@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox