From: Gregory Price <gourry@gourry.net>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Jiri Slaby <jirislaby@kernel.org>,
Ard Biesheuvel <ardb+git@google.com>,
linux-efi@vger.kernel.org, stable@vger.kernel.org,
Breno Leitao <leitao@debian.org>,
Usama Arif <usamaarif642@gmail.com>
Subject: Re: [PATCH] efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
Date: Wed, 30 Oct 2024 12:32:30 -0400 [thread overview]
Message-ID: <ZyJfnjj9lkd5MBQH@PC2K9PVX.TheFacebook.com> (raw)
In-Reply-To: <CAMj1kXHqgZ-fD=oSAr7E0h9kTj_yzDv=_o2ifCCD0cYNgXv9RQ@mail.gmail.com>
On Fri, Oct 25, 2024 at 09:30:51AM +0200, Ard Biesheuvel wrote:
> On Fri, 25 Oct 2024 at 07:09, Jiri Slaby <jirislaby@kernel.org> wrote:
> >
> > On 25. 10. 24, 7:07, Jiri Slaby wrote:
> > > On 24. 10. 24, 18:20, Jiri Slaby wrote:
> > >
> > > ====
> > > EFI_ACPI_RECLAIM_MEMORY
> > >
> > > This memory is to be preserved by the UEFI OS loader and OS until ACPI
> > > is enabled. Once ACPI is enabled, the memory in this range is available
> > > for general use.
> > > ====
> > >
> > > BTW doesn't the above mean it is released by the time TPM actually reads
> > > it?
> > >
> > > Isn't the proper fix to actually memblock_reserve() that TPM portion.
> > > The same as memattr in efi_memattr_init()?
> >
> > And this is actually done in efi_tpm_eventlog_init().
> >
>
> EFI_ACPI_RECLAIM_MEMORY may be reclaimed by the OS, but we never
> actually do that in Linux.
>
> To me, it seems like the use of EFI_ACPI_RECLAIM_MEMORY in this case
> simply tickles a bug in the firmware that causes it to corrupt the
> memory attributes table. The fact that cold boot behaves differently
> is a strong indicator here.
>
> I didn't see the results of the memory attribute table dumps on the
> bugzilla thread, but dumping this table from EFI is not very useful
> because it will get regenerated/updated at ExitBootServices() time.
> Unfortunately, that also takes away the console so capturing the state
> of that table before the EFI stub boots the kernel is not an easy
> thing to do.
>
> Is the memattr table completely corrupted? It also has a version
> field, and only versions 1 and 2 are defined so we might use that to
> detect corruption.
When we initially identified the TPM log corruption issue, I had a gut
feeling we were about to discover a lot more corruption along the same
lines. It feels like e820 should have significantly more ACPI entries
marked to avoid kexec from touching it - instead of just 1 or 2.
Hopefully I'm wrong, I'll take a look at the raw memory attributes on
a few systems and see if there's a disagreement between UEFI and e820.
Not looking forward to a thrilling game of whack-a-mole :[
~Gregory
next prev parent reply other threads:[~2024-10-30 16:32 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-12 15:52 [PATCH] efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Ard Biesheuvel
2024-09-13 6:27 ` Ilias Apalodimas
2024-09-13 10:00 ` Breno Leitao
2024-10-24 16:20 ` Jiri Slaby
2024-10-25 5:07 ` Jiri Slaby
2024-10-25 5:09 ` Jiri Slaby
2024-10-25 7:30 ` Ard Biesheuvel
2024-10-30 16:32 ` Gregory Price [this message]
2024-10-31 7:55 ` Jiri Slaby
2024-10-31 9:04 ` Ard Biesheuvel
2024-10-25 13:27 ` Usama Arif
2024-10-30 5:25 ` Jiri Slaby
2024-10-30 17:13 ` Usama Arif
2024-10-30 18:02 ` Gregory Price
2024-10-30 18:24 ` Usama Arif
2024-10-31 8:38 ` Jiri Slaby
2024-10-30 18:26 ` Gregory Price
2024-10-30 19:43 ` Ard Biesheuvel
2024-10-30 20:30 ` Gregory Price
2024-10-31 8:19 ` Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyJfnjj9lkd5MBQH@PC2K9PVX.TheFacebook.com \
--to=gourry@gourry.net \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=jirislaby@kernel.org \
--cc=leitao@debian.org \
--cc=linux-efi@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=usamaarif642@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox