[PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Tom Lendacky]

Reserving memory using efi_mem_reserve() calls into the x86
efi_arch_mem_reserve() function. This function will insert a new EFI
memory descriptor into the EFI memory map representing the area of
memory to be reserved and marking it as EFI runtime memory. As part
of adding this new entry, a new EFI memory map is allocated and mapped.
The mapping is where a problem can occur. This new memory map is mapped
using early_memremap() and generally mapped encrypted, unless the new
memory for the mapping happens to come from an area of memory that is
marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
be mapped unencrypted. However, during replacement of the old memory map,
efi_mem_type() is disabled, so the new memory map will now be long-term
mapped encrypted (in efi.memmap), resulting in the map containing invalid
data and causing the kernel boot to crash.

Since it is known that the area will be mapped encrypted going forward,
explicitly map the new memory map as encrypted using early_memremap_prot().

Cc: <stable@vger.kernel.org> # 4.14.x
Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/platform/efi/quirks.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index b15ebfe40a73..b0b848d6933a 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c
@@ -277,7 +277,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
 		return;
 	}
 
-	new = early_memremap(data.phys_map, data.size);
+	new = early_memremap_prot(data.phys_map, data.size,
+				  pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
 	if (!new) {
 		pr_err("Failed to map new boot services memmap\n");
 		return;
-- 
2.33.1

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Tom Lendacky]

On 10/20/21 1:02 PM, Tom Lendacky wrote:
> Reserving memory using efi_mem_reserve() calls into the x86
> efi_arch_mem_reserve() function. This function will insert a new EFI
> memory descriptor into the EFI memory map representing the area of
> memory to be reserved and marking it as EFI runtime memory. As part
> of adding this new entry, a new EFI memory map is allocated and mapped.
> The mapping is where a problem can occur. This new memory map is mapped
> using early_memremap() and generally mapped encrypted, unless the new
> memory for the mapping happens to come from an area of memory that is
> marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
> be mapped unencrypted. However, during replacement of the old memory map,
> efi_mem_type() is disabled, so the new memory map will now be long-term
> mapped encrypted (in efi.memmap), resulting in the map containing invalid
> data and causing the kernel boot to crash.
> 
> Since it is known that the area will be mapped encrypted going forward,
> explicitly map the new memory map as encrypted using early_memremap_prot().
> 
> Cc: <stable@vger.kernel.org> # 4.14.x
> Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>   arch/x86/platform/efi/quirks.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
> index b15ebfe40a73..b0b848d6933a 100644
> --- a/arch/x86/platform/efi/quirks.c
> +++ b/arch/x86/platform/efi/quirks.c
> @@ -277,7 +277,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
>   		return;
>   	}
>   
> -	new = early_memremap(data.phys_map, data.size);
> +	new = early_memremap_prot(data.phys_map, data.size,
> +				  pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));

I should really have a comment above this as to why this version of the 
early_memremap is being used.

Let me add that (and maybe work on the commit message a bit) and submit a 
v2. But I'll hold off for a bit in case any discussion comes about.

Thanks,
Tom

>   	if (!new) {
>   		pr_err("Failed to map new boot services memmap\n");
>   		return;
> 

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Ard Biesheuvel]

On Thu, 21 Oct 2021 at 15:21, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> On 10/20/21 1:02 PM, Tom Lendacky wrote:
> > Reserving memory using efi_mem_reserve() calls into the x86
> > efi_arch_mem_reserve() function. This function will insert a new EFI
> > memory descriptor into the EFI memory map representing the area of
> > memory to be reserved and marking it as EFI runtime memory. As part
> > of adding this new entry, a new EFI memory map is allocated and mapped.
> > The mapping is where a problem can occur. This new memory map is mapped
> > using early_memremap() and generally mapped encrypted, unless the new
> > memory for the mapping happens to come from an area of memory that is
> > marked as EFI_BOOT_SERVICES_DATA memory.

This bit already sounds dodgy to me. At runtime, anything provided by
the firmware that needs to be mapped unencrypted should be
identifiable as such, regardless of the memory type. So why is there a
special case for BS data?

> > In this case, the new memory will
> > be mapped unencrypted. However, during replacement of the old memory map,
> > efi_mem_type() is disabled, so the new memory map will now be long-term
> > mapped encrypted (in efi.memmap), resulting in the map containing invalid
> > data and causing the kernel boot to crash.
> >
> > Since it is known that the area will be mapped encrypted going forward,
> > explicitly map the new memory map as encrypted using early_memremap_prot().
> >
> > Cc: <stable@vger.kernel.org> # 4.14.x
> > Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
> > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> > ---
> >   arch/x86/platform/efi/quirks.c | 3 ++-
> >   1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
> > index b15ebfe40a73..b0b848d6933a 100644
> > --- a/arch/x86/platform/efi/quirks.c
> > +++ b/arch/x86/platform/efi/quirks.c
> > @@ -277,7 +277,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
> >               return;
> >       }
> >
> > -     new = early_memremap(data.phys_map, data.size);
> > +     new = early_memremap_prot(data.phys_map, data.size,
> > +                               pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
>
> I should really have a comment above this as to why this version of the
> early_memremap is being used.
>
> Let me add that (and maybe work on the commit message a bit) and submit a
> v2. But I'll hold off for a bit in case any discussion comes about.
>

For the [backported] change itself (with the comment added)

Acked-by: Ard Biesheuvel <ardb@kernel.org>

but I'd still like to understand if we can improve the situation with BS data.

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Tom Lendacky]

On 10/22/21 9:48 AM, Ard Biesheuvel wrote:
> On Thu, 21 Oct 2021 at 15:21, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>>
>> On 10/20/21 1:02 PM, Tom Lendacky wrote:
>>> Reserving memory using efi_mem_reserve() calls into the x86
>>> efi_arch_mem_reserve() function. This function will insert a new EFI
>>> memory descriptor into the EFI memory map representing the area of
>>> memory to be reserved and marking it as EFI runtime memory. As part
>>> of adding this new entry, a new EFI memory map is allocated and mapped.
>>> The mapping is where a problem can occur. This new memory map is mapped
>>> using early_memremap() and generally mapped encrypted, unless the new
>>> memory for the mapping happens to come from an area of memory that is
>>> marked as EFI_BOOT_SERVICES_DATA memory.
> 
> This bit already sounds dodgy to me. At runtime, anything provided by
> the firmware that needs to be mapped unencrypted should be
> identifiable as such, regardless of the memory type. So why is there a
> special case for BS data?

Much of the EFI data is identifiable, but some is not. By default, an 
early_memremap() will map memory encrypted when SME is active. The 
early_memremap_pgprot_adjust() function in the early_memremap() path is 
used to alter this mapping. This function does a lot of checks to 
determine if the memory being mapped is setup data or EFI data. There is 
some EFI related data being mapped where the physical address didn't match 
the original EFI memory map address or EFI system table address or other 
EFI tables addresses. So checking whether the memory is part of 
EFI_BOOT_SERVICES_DATA or EFI_RUNTIME_SERVICES_DATA provided the missing 
piece so that it was mapped properly.

IIRC, one of the areas where this occurred was when mapping the BGRT image 
pointed to from the BGRT table.

> 
>>> In this case, the new memory will
>>> be mapped unencrypted. However, during replacement of the old memory map,
>>> efi_mem_type() is disabled, so the new memory map will now be long-term
>>> mapped encrypted (in efi.memmap), resulting in the map containing invalid
>>> data and causing the kernel boot to crash.
>>>
>>> Since it is known that the area will be mapped encrypted going forward,
>>> explicitly map the new memory map as encrypted using early_memremap_prot().
>>>
>>> Cc: <stable@vger.kernel.org> # 4.14.x
>>> Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>> ---
>>>    arch/x86/platform/efi/quirks.c | 3 ++-
>>>    1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
>>> index b15ebfe40a73..b0b848d6933a 100644
>>> --- a/arch/x86/platform/efi/quirks.c
>>> +++ b/arch/x86/platform/efi/quirks.c
>>> @@ -277,7 +277,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
>>>                return;
>>>        }
>>>
>>> -     new = early_memremap(data.phys_map, data.size);
>>> +     new = early_memremap_prot(data.phys_map, data.size,
>>> +                               pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
>>
>> I should really have a comment above this as to why this version of the
>> early_memremap is being used.
>>
>> Let me add that (and maybe work on the commit message a bit) and submit a
>> v2. But I'll hold off for a bit in case any discussion comes about.
>>
> 
> For the [backported] change itself (with the comment added)
> 
> Acked-by: Ard Biesheuvel <ardb@kernel.org>

Thanks, Ard. I'll send out the v2 shortly.

> 
> but I'd still like to understand if we can improve the situation with BS data.

I'll try to take a deeper look and see if anything can be done as a future 
enhancement.

Thanks,
Tom

> 

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Greg Kroah-Hartman]

On Tue, Dec 14, 2021 at 05:54:56AM -0600, Tom Lendacky wrote:
> On 12/14/21 3:09 AM, Greg Kroah-Hartman wrote:
> > On Sat, Dec 11, 2021 at 11:19:00AM -0600, Tom Lendacky wrote:
> 
> > 
> > This seems to cause config warnings as reported here:
> > 	https://lore.kernel.org/r/CA+G9fYsEQCjOi_58WcMb4i-2t1Gv=KjPuWa6L792YAZF=zzinw@mail.gmail.com
> > and:
> > 	https://lore.kernel.org/r/CA+G9fYuCFSbLMarXOnapUXN_NRgQMkjfr_rSTPjzBJQ-FT-Q3g@mail.gmail.com
> > 
> > so I will be dropping this commit from the 4.14, 4.19, and 5.4 trees.
> > Can you please fix this up and resend?
> 
> Yes, I'll look into this.

Looks like 5.4.y is working ok, I'll leave the change in there.

thanks,

greg k-h

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Tom Lendacky]

On 12/14/21 3:09 AM, Greg Kroah-Hartman wrote:
> On Sat, Dec 11, 2021 at 11:19:00AM -0600, Tom Lendacky wrote:

> 
> This seems to cause config warnings as reported here:
> 	https://lore.kernel.org/r/CA+G9fYsEQCjOi_58WcMb4i-2t1Gv=KjPuWa6L792YAZF=zzinw@mail.gmail.com
> and:
> 	https://lore.kernel.org/r/CA+G9fYuCFSbLMarXOnapUXN_NRgQMkjfr_rSTPjzBJQ-FT-Q3g@mail.gmail.com
> 
> so I will be dropping this commit from the 4.14, 4.19, and 5.4 trees.
> Can you please fix this up and resend?

Yes, I'll look into this.

Thanks,
Tom

> 
> thanks,
> 
> greg k-h
> 

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Greg Kroah-Hartman]

On Sat, Dec 11, 2021 at 11:19:00AM -0600, Tom Lendacky wrote:
> commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream
> to be applied to 4.14, 4.19 and 5.4.
> 
> Reserving memory using efi_mem_reserve() calls into the x86
> efi_arch_mem_reserve() function. This function will insert a new EFI
> memory descriptor into the EFI memory map representing the area of
> memory to be reserved and marking it as EFI runtime memory. As part
> of adding this new entry, a new EFI memory map is allocated and mapped.
> The mapping is where a problem can occur. This new memory map is mapped
> using early_memremap() and generally mapped encrypted, unless the new
> memory for the mapping happens to come from an area of memory that is
> marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
> be mapped unencrypted. However, during replacement of the old memory map,
> efi_mem_type() is disabled, so the new memory map will now be long-term
> mapped encrypted (in efi.memmap), resulting in the map containing invalid
> data and causing the kernel boot to crash.
> 
> Since it is known that the area will be mapped encrypted going forward,
> explicitly map the new memory map as encrypted using early_memremap_prot().
> 
> Cc: <stable@vger.kernel.org> # 4.14.x
> Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
> Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> [ardb: incorporate Kconfig fix by Arnd]
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/Kconfig               | 1 +
>  arch/x86/platform/efi/quirks.c | 3 ++-
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index c2a3ec3dd850..c6c71592f6e4 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1990,6 +1990,7 @@ config EFI
>  	depends on ACPI
>  	select UCS2_STRING
>  	select EFI_RUNTIME_WRAPPERS
> +	select ARCH_USE_MEMREMAP_PROT
>  	---help---
>  	  This enables the kernel to use EFI runtime services that are
>  	  available (such as the EFI variable services).
> diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
> index aefe845dff59..6ca88fbc009c 100644
> --- a/arch/x86/platform/efi/quirks.c
> +++ b/arch/x86/platform/efi/quirks.c
> @@ -279,7 +279,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
>  		return;
>  	}
>  
> -	new = early_memremap(new_phys, new_size);
> +	new = early_memremap_prot(new_phys, new_size,
> +				  pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
>  	if (!new) {
>  		pr_err("Failed to map new boot services memmap\n");
>  		return;
> -- 
> 2.33.1
> 

This seems to cause config warnings as reported here:
	https://lore.kernel.org/r/CA+G9fYsEQCjOi_58WcMb4i-2t1Gv=KjPuWa6L792YAZF=zzinw@mail.gmail.com
and:
	https://lore.kernel.org/r/CA+G9fYuCFSbLMarXOnapUXN_NRgQMkjfr_rSTPjzBJQ-FT-Q3g@mail.gmail.com

so I will be dropping this commit from the 4.14, 4.19, and 5.4 trees.
Can you please fix this up and resend?

thanks,

greg k-h

Re: [PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Greg Kroah-Hartman]

On Sat, Dec 11, 2021 at 11:19:00AM -0600, Tom Lendacky wrote:
> commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream
> to be applied to 4.14, 4.19 and 5.4.
> 
> Reserving memory using efi_mem_reserve() calls into the x86
> efi_arch_mem_reserve() function. This function will insert a new EFI
> memory descriptor into the EFI memory map representing the area of
> memory to be reserved and marking it as EFI runtime memory. As part
> of adding this new entry, a new EFI memory map is allocated and mapped.
> The mapping is where a problem can occur. This new memory map is mapped
> using early_memremap() and generally mapped encrypted, unless the new
> memory for the mapping happens to come from an area of memory that is
> marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
> be mapped unencrypted. However, during replacement of the old memory map,
> efi_mem_type() is disabled, so the new memory map will now be long-term
> mapped encrypted (in efi.memmap), resulting in the map containing invalid
> data and causing the kernel boot to crash.
> 
> Since it is known that the area will be mapped encrypted going forward,
> explicitly map the new memory map as encrypted using early_memremap_prot().
> 
> Cc: <stable@vger.kernel.org> # 4.14.x
> Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
> Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> [ardb: incorporate Kconfig fix by Arnd]
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/Kconfig               | 1 +
>  arch/x86/platform/efi/quirks.c | 3 ++-
>  2 files changed, 3 insertions(+), 1 deletion(-)

Now queued up, thanks.

greg k-h

[PATCH] x86/sme: Explicitly map new EFI memmap table as encrypted

[Tom Lendacky]

commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream
to be applied to 4.14, 4.19 and 5.4.

Reserving memory using efi_mem_reserve() calls into the x86
efi_arch_mem_reserve() function. This function will insert a new EFI
memory descriptor into the EFI memory map representing the area of
memory to be reserved and marking it as EFI runtime memory. As part
of adding this new entry, a new EFI memory map is allocated and mapped.
The mapping is where a problem can occur. This new memory map is mapped
using early_memremap() and generally mapped encrypted, unless the new
memory for the mapping happens to come from an area of memory that is
marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will
be mapped unencrypted. However, during replacement of the old memory map,
efi_mem_type() is disabled, so the new memory map will now be long-term
mapped encrypted (in efi.memmap), resulting in the map containing invalid
data and causing the kernel boot to crash.

Since it is known that the area will be mapped encrypted going forward,
explicitly map the new memory map as encrypted using early_memremap_prot().

Cc: <stable@vger.kernel.org> # 4.14.x
Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear")
Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
[ardb: incorporate Kconfig fix by Arnd]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/Kconfig               | 1 +
 arch/x86/platform/efi/quirks.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index c2a3ec3dd850..c6c71592f6e4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1990,6 +1990,7 @@ config EFI
 	depends on ACPI
 	select UCS2_STRING
 	select EFI_RUNTIME_WRAPPERS
+	select ARCH_USE_MEMREMAP_PROT
 	---help---
 	  This enables the kernel to use EFI runtime services that are
 	  available (such as the EFI variable services).
diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index aefe845dff59..6ca88fbc009c 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c
@@ -279,7 +279,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
 		return;
 	}
 
-	new = early_memremap(new_phys, new_size);
+	new = early_memremap_prot(new_phys, new_size,
+				  pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL)));
 	if (!new) {
 		pr_err("Failed to map new boot services memmap\n");
 		return;
-- 
2.33.1