From patchwork Mon Sep 27 15:56:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1533432 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=mOM3/4Am; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HJ6jN4ZJYz9tkg for ; Tue, 28 Sep 2021 01:57:43 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mUt0X-0006hl-JP; Mon, 27 Sep 2021 15:57:33 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mUt0T-0006gU-TH for kernel-team@lists.ubuntu.com; Mon, 27 Sep 2021 15:57:29 +0000 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B2608402D9 for ; Mon, 27 Sep 2021 15:57:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1632758249; bh=rMMsn29XyJsn0eQc2BJyqFDFK40mEWFJHPrWnVfnEhk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mOM3/4Am/wEAb53fVzqkuJYP0Ig+EEf5jYQZsYvIuUnQvqLyv0pORNFhmsR61gRxp c2iY32Dlt1sUK77QWP/HHh3zmDhrBdnBJgzniBP0FY0/kjTjkuSK7Y5hfh+xp7Jpaf B5lqgBFvuN1sHA/RkhaXkwFJfXNdkT2oGNge8yJH8a2r4kgy7t5xHUgZGgqb1tgxdc oOd5R403nWViC26T7yuVGq4MDOH1j2/Ekew7Fya7BzrKzs7aNWPAVrg3wNcY4k+ijD 8j5Jt8IZh0IPaYNfnB4YZ+s7hGZmTGgunjt/Lwo+dLf9j1Q+7Zndq7GQDbOzdinHxx gHsG+XNWB8btw== Received: by mail-wm1-f69.google.com with SMTP id m9-20020a05600c4f4900b003057c761567so386115wmq.1 for ; Mon, 27 Sep 2021 08:57:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rMMsn29XyJsn0eQc2BJyqFDFK40mEWFJHPrWnVfnEhk=; b=2eNvS8QsmvFvFmgT30vMk7s5Tb+VlV/vt7KFDUzEoeGyODqmi7kcvOhhKCFxS68dXu UwXnSMSAXrML130g3IBhk6rzL/MlJQsSyilUibsHGOliK2CLaoE3Qvl6FhDI8tZh7/iW mXbbuu4yopTylft3fvdHbqm9uxORbSHjNznGSTNrHQbJqw4yBpbRUjvzFnJVoL45OuxA VsDwQTwv6E35lsXN7XOyDr8pQZe5l7r7rszkrOVfAP0y7/ciWtSd6TKB0TNgLrxEQ8iu 61KPejSY1G0LmhVSG5zS75EzmBah84O+aUo3W6ASGBw8nwdylyDmjCMsayd43ObLIFJm UmrA== X-Gm-Message-State: AOAM530gv9/QXfMeiPcdvDSrUF0680Y/JCqMKirBOIpBf0GNF80srIIv 8qryWZkKJefI2KgQHvRQYCqb+8VtqQxDAd6OgGdt/lzMnU2zZyAv0eDUo/FkRhwb9XsAkolxqfu 5PNDSPzN4k+8DZH7wdao6Sy3xWACTZr6ZcHKYtozCoQ== X-Received: by 2002:a7b:cf02:: with SMTP id l2mr4572579wmg.73.1632758249205; Mon, 27 Sep 2021 08:57:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxvUmRvKr40dkRkJSPPawqfPq9QQDMnj+WFDyi2LkIHr+BWceza7/xLMGhXtJ0XeV4OChhjOA== X-Received: by 2002:a7b:cf02:: with SMTP id l2mr4572563wmg.73.1632758248987; Mon, 27 Sep 2021 08:57:28 -0700 (PDT) Received: from localhost ([2a01:4b00:85fd:d700:86ad:7d9c:de94:eed0]) by smtp.gmail.com with ESMTPSA id u14sm15334976wml.24.2021.09.27.08.57.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Sep 2021 08:57:28 -0700 (PDT) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [SRU][F/hwe-5.8][PATCH 05/18] efi/mokvar: Reserve the table only if it is in boot services data Date: Mon, 27 Sep 2021 16:56:59 +0100 Message-Id: <20210927155712.164337-6-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210927155712.164337-1-dimitri.ledkov@canonical.com> References: <20210927155712.164337-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Borislav Petkov , Ard Biesheuvel Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Borislav Petkov BugLink: https://bugs.launchpad.net/bugs/1928679 One of the SUSE QA tests triggered: localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000 which comes from x86's version of efi_arch_mem_reserve() trying to reserve a memory region. Usually, that function expects EFI_BOOT_SERVICES_DATA memory descriptors but the above case is for the MOKvar table which is allocated in the EFI shim as runtime services. That lead to a fix changing the allocation of that table to boot services. However, that fix broke booting SEV guests with that shim leading to this kernel fix 8d651ee9c71b ("x86/ioremap: Map EFI-reserved memory as encrypted for SEV") which extended the ioremap hint to map reserved EFI boot services as decrypted too. However, all that wasn't needed, IMO, because that error message in efi_arch_mem_reserve() was innocuous in this case - if the MOKvar table is not in boot services, then it doesn't need to be reserved in the first place because it is, well, in runtime services which *should* be reserved anyway. So do that reservation for the MOKvar table only if it is allocated in boot services data. I couldn't find any requirement about where that table should be allocated in, unlike the ESRT which allocation is mandated to be done in boot services data by the UEFI spec. Signed-off-by: Borislav Petkov Signed-off-by: Ard Biesheuvel (cherry picked from commit 47e1e233e9d822dfda068383fb9a616451bda703) Signed-off-by: Dimitri John Ledkov --- drivers/firmware/efi/mokvar-table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c index d8bc013406..38722d2009 100644 --- a/drivers/firmware/efi/mokvar-table.c +++ b/drivers/firmware/efi/mokvar-table.c @@ -180,7 +180,10 @@ void __init efi_mokvar_table_init(void) pr_err("EFI MOKvar config table is not valid\n"); return; } - efi_mem_reserve(efi.mokvar_table, map_size_needed); + + if (md.type == EFI_BOOT_SERVICES_DATA) + efi_mem_reserve(efi.mokvar_table, map_size_needed); + efi_mokvar_table_size = map_size_needed; }