From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Sean Christopherson <seanjc@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Joerg Roedel <jroedel@suse.de>, Ard Biesheuvel <ardb@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Vlastimil Babka <vbabka@suse.cz>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>,
Varad Gautam <varad.gautam@suse.com>,
Dario Faggioli <dfaggioli@suse.com>,
Dave Hansen <dave.hansen@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@redhat.com>,
x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv5 06/12] x86/boot/compressed: Handle unaccepted memory
Date: Mon, 25 Apr 2022 06:39:28 +0300 [thread overview]
Message-ID: <20220425033934.68551-7-kirill.shutemov@linux.intel.com> (raw)
In-Reply-To: <20220425033934.68551-1-kirill.shutemov@linux.intel.com>
The firmware will pre-accept the memory used to run the stub. But, the
stub is responsible for accepting the memory into which it decompresses
the main kernel. Accept memory just before decompression starts.
The stub is also responsible for choosing a physical address in which to
place the decompressed kernel image. The KASLR mechanism will randomize
this physical address. Since the unaccepted memory region is relatively
small, KASLR would be quite ineffective if it only used the pre-accepted
area (EFI_CONVENTIONAL_MEMORY). Ensure that KASLR randomizes among the
entire physical address space by also including EFI_UNACCEPTED_MEMOR
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/kaslr.c | 14 ++++++++++++--
arch/x86/boot/compressed/mem.c | 21 +++++++++++++++++++++
arch/x86/boot/compressed/misc.c | 9 +++++++++
arch/x86/include/asm/unaccepted_memory.h | 2 ++
5 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 7f672f7e2fea..b59007e57cbf 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -102,7 +102,7 @@ endif
vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o
vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o
-vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/mem.o
+vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/find.o $(obj)/mem.o
vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 411b268bc0a2..59db90626042 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -725,10 +725,20 @@ process_efi_entries(unsigned long minimum, unsigned long image_size)
* but in practice there's firmware where using that memory leads
* to crashes.
*
- * Only EFI_CONVENTIONAL_MEMORY is guaranteed to be free.
+ * Only EFI_CONVENTIONAL_MEMORY and EFI_UNACCEPTED_MEMORY (if
+ * supported) are guaranteed to be free.
*/
- if (md->type != EFI_CONVENTIONAL_MEMORY)
+
+ switch (md->type) {
+ case EFI_CONVENTIONAL_MEMORY:
+ break;
+ case EFI_UNACCEPTED_MEMORY:
+ if (IS_ENABLED(CONFIG_UNACCEPTED_MEMORY))
+ break;
continue;
+ default:
+ continue;
+ }
if (efi_soft_reserve_enabled() &&
(md->attribute & EFI_MEMORY_SP))
diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c
index 415df0d3bc81..b5058c975d26 100644
--- a/arch/x86/boot/compressed/mem.c
+++ b/arch/x86/boot/compressed/mem.c
@@ -3,12 +3,15 @@
#include "../cpuflags.h"
#include "bitmap.h"
#include "error.h"
+#include "find.h"
#include "math.h"
#define PMD_SHIFT 21
#define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
#define PMD_MASK (~(PMD_SIZE - 1))
+extern struct boot_params *boot_params;
+
static inline void __accept_memory(phys_addr_t start, phys_addr_t end)
{
/* Platform-specific memory-acceptance call goes here */
@@ -66,3 +69,21 @@ void process_unaccepted_memory(struct boot_params *params, u64 start, u64 end)
bitmap_set((unsigned long *)params->unaccepted_memory,
start / PMD_SIZE, (end - start) / PMD_SIZE);
}
+
+void accept_memory(phys_addr_t start, phys_addr_t end)
+{
+ unsigned long range_start, range_end;
+ unsigned long *unaccepted_memory;
+ unsigned long bitmap_size;
+
+ unaccepted_memory = (unsigned long *)boot_params->unaccepted_memory;
+ range_start = start / PMD_SIZE;
+ bitmap_size = DIV_ROUND_UP(end, PMD_SIZE);
+
+ for_each_set_bitrange_from(range_start, range_end,
+ unaccepted_memory, bitmap_size) {
+ __accept_memory(range_start * PMD_SIZE, range_end * PMD_SIZE);
+ bitmap_clear(unaccepted_memory,
+ range_start, range_end - range_start);
+ }
+}
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index fa8969fad011..285b37e28074 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -18,6 +18,7 @@
#include "../string.h"
#include "../voffset.h"
#include <asm/bootparam_utils.h>
+#include <asm/unaccepted_memory.h>
/*
* WARNING!!
@@ -451,6 +452,14 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
#endif
debug_putstr("\nDecompressing Linux... ");
+
+#ifdef CONFIG_UNACCEPTED_MEMORY
+ if (boot_params->unaccepted_memory) {
+ debug_putstr("Accepting memory... ");
+ accept_memory(__pa(output), __pa(output) + needed_size);
+ }
+#endif
+
__decompress(input_data, input_len, NULL, NULL, output, output_len,
NULL, error);
parse_elf(output);
diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h
index df0736d32858..41fbfc798100 100644
--- a/arch/x86/include/asm/unaccepted_memory.h
+++ b/arch/x86/include/asm/unaccepted_memory.h
@@ -7,4 +7,6 @@ struct boot_params;
void process_unaccepted_memory(struct boot_params *params, u64 start, u64 num);
+void accept_memory(phys_addr_t start, phys_addr_t end);
+
#endif
--
2.35.1
next prev parent reply other threads:[~2022-04-25 3:39 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-25 3:39 [PATCHv5 00/12] mm, x86/cc: Implement support for unaccepted memory Kirill A. Shutemov
2022-04-25 3:39 ` [PATCHv5 01/12] x86/boot/: Centralize __pa()/__va() definitions Kirill A. Shutemov
2022-04-25 7:37 ` David Hildenbrand
2022-04-25 7:52 ` Mike Rapoport
2022-04-25 3:39 ` [PATCHv5 02/12] mm: Add support for unaccepted memory Kirill A. Shutemov
2022-04-28 10:05 ` Borislav Petkov
2022-05-03 20:21 ` David Hildenbrand
2022-05-06 0:54 ` Kirill A. Shutemov
2022-04-25 3:39 ` [PATCHv5 03/12] efi/x86: Get full memory map in allocate_e820() Kirill A. Shutemov
2022-04-27 20:25 ` Borislav Petkov
2022-04-27 23:48 ` Kirill A. Shutemov
2022-04-28 10:02 ` Borislav Petkov
2022-04-25 3:39 ` [PATCHv5 04/12] x86/boot: Add infrastructure required for unaccepted memory support Kirill A. Shutemov
2022-04-29 10:58 ` Wander Lairson Costa
2022-05-02 13:38 ` Kirill A. Shutemov
2022-04-25 3:39 ` [PATCHv5 05/12] efi/x86: Implement support for unaccepted memory Kirill A. Shutemov
2022-04-29 10:53 ` Borislav Petkov
2022-05-02 13:40 ` Kirill A. Shutemov
2022-04-25 3:39 ` Kirill A. Shutemov [this message]
2022-04-27 0:17 ` [PATCHv5 06/12] x86/boot/compressed: Handle " Michael Roth
2022-04-27 14:19 ` Kirill A. Shutemov
2022-05-03 14:15 ` Borislav Petkov
2022-04-29 13:10 ` Wander Lairson Costa
2022-05-03 14:12 ` Borislav Petkov
2022-05-06 15:30 ` Kirill A. Shutemov
2022-05-10 11:03 ` Borislav Petkov
2022-05-13 5:31 ` Dionna Amalie Glaze
2022-05-13 5:34 ` Dionna Amalie Glaze
2022-05-13 9:01 ` Borislav Petkov
2022-05-13 14:45 ` Kirill A. Shutemov
2022-05-16 6:46 ` Xu, Min M
2022-05-31 22:37 ` Dionna Amalie Glaze
2022-05-31 22:40 ` Dionna Amalie Glaze
2022-06-01 15:49 ` Gupta, Pankaj
2022-06-01 16:20 ` Dionna Amalie Glaze
2022-06-01 19:34 ` Randy Dunlap
2022-06-01 21:19 ` Gupta, Pankaj
2022-06-02 12:51 ` Gupta, Pankaj
2022-06-02 15:31 ` Dionna Amalie Glaze
2022-06-07 17:28 ` Dionna Amalie Glaze
2022-06-07 18:15 ` Gupta, Pankaj
2022-04-25 3:39 ` [PATCHv5 07/12] x86/mm: Reserve unaccepted memory bitmap Kirill A. Shutemov
2022-04-29 13:19 ` Wander Lairson Costa
2022-05-04 11:04 ` Borislav Petkov
2022-04-25 3:39 ` [PATCHv5 08/12] x86/mm: Provide helpers for unaccepted memory Kirill A. Shutemov
2022-05-04 11:12 ` Borislav Petkov
2022-05-06 16:13 ` Kirill A. Shutemov
2022-05-10 18:32 ` Borislav Petkov
2022-05-11 1:15 ` Kirill A. Shutemov
2022-05-11 9:07 ` Borislav Petkov
2022-04-25 3:39 ` [PATCHv5 09/12] x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub Kirill A. Shutemov
2022-04-25 3:39 ` [PATCHv5 10/12] x86/tdx: Unaccepted memory support Kirill A. Shutemov
2022-05-05 10:12 ` Borislav Petkov
2022-05-06 20:44 ` Kirill A. Shutemov
2022-05-11 1:19 ` Kirill A. Shutemov
2022-05-11 9:13 ` Borislav Petkov
2022-04-25 3:39 ` [PATCHv5 11/12] mm/vmstat: Add counter for memory accepting Kirill A. Shutemov
2022-04-25 3:39 ` [PATCHv5 12/12] x86/mm: Report unaccepted memory in /proc/meminfo Kirill A. Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220425033934.68551-7-kirill.shutemov@linux.intel.com \
--to=kirill.shutemov@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=dfaggioli@suse.com \
--cc=jroedel@suse.de \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=rppt@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=varad.gautam@suse.com \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.