From patchwork Tue Nov 30 11:04:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1561558 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=c7ydOTIA; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4J3K9h4Tjcz9t2p for ; Tue, 30 Nov 2021 22:04:40 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ms0w3-000799-Gx; Tue, 30 Nov 2021 11:04:31 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ms0w0-000787-M3 for kernel-team@lists.ubuntu.com; Tue, 30 Nov 2021 11:04:28 +0000 Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 825D43F1D6 for ; Tue, 30 Nov 2021 11:04:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1638270268; bh=A/oFkNMOSyoMxD7bg+Yb03Z7jZkEaQ7ViigAvzmd2A8=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=c7ydOTIAhdTdbSM5//s0E6tLv0RdMU4drasx1HFD4oBvPf+eDGkwLBIinMZ7NVISz h8mDSO9+zTCDgQElJs5k1EahCYr4KZRxYeXMJAAFCsFBltSb+aCIHr1qe0CiwIhdMO AzZWmQYp75ZOz/WBLZgthpwJG1gFf8RiPw0smEUOY3ZVPNimh6lHdACsKi3+xrtYFU 74EOw1iErIO9BQPanEGdJmPHDFK3hvIki9urn48zx/wa+UdxpZz9rxZ70eLSnYoIZ7 e70rYr3issJkaAeWRWDT1odmrSFZDoA5QfSvsUi2Egfqf/+8H7U9YUr248q8MAEtt3 L9cSv2WfelqIA== Received: by mail-ed1-f69.google.com with SMTP id eg20-20020a056402289400b003eb56fcf6easo16522684edb.20 for ; Tue, 30 Nov 2021 03:04:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A/oFkNMOSyoMxD7bg+Yb03Z7jZkEaQ7ViigAvzmd2A8=; b=oEkXbiqVZrTMhD2qWipzrDjtnpb8Ylq1Etx/A0y+OI9GOjWg5GttknrSO5z/eYRprI vEtEvqT4AP+HrgPoRV6N20DbcxAdl0ANMWeqT+MLp/jvnTrCJo2rg5u5swFMjsK+maWE /JtkbPHbDcIPv41wheJYW1hOl9msgr8MnD9XSw0jVSVG9+8R8rQtslWhnzauf0+5wwI+ HXYMdNKmBNFzOrkNChxpFGl5R1/C/MdTxniMOS2ecN1YLJHCX5aY9XEHGvfbOc3NdtJs xCbZYlzzkPoeMDepWFdlfOzIME58+rgQIxPjm8JmyAFLSe5SXLz6LkYtB86xGBcezXAH rYdA== X-Gm-Message-State: AOAM5310GlfptXnLe30jHs/MhaRCfh8buE3epKe05+poBs/R70g0/zOr sOePUXRsKKfk1RTj445xOVlLvq1piuFpr8RsHrZOx752mTUVKh8RT206n2DlIhEgyTtV1NFRIxx n/GvpMeKnHHXaDVXPk/IJM0pKndvp6Kpp/+r4WM+oUw== X-Received: by 2002:a17:907:6e0b:: with SMTP id sd11mr64771603ejc.134.1638270267995; Tue, 30 Nov 2021 03:04:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJw5g8K6kii7g2h2ctL2rAaOo9wBk6mZ8VYdVo//dzi4BIF0zLyJUECHmeAvXe2++P4Af8LqrA== X-Received: by 2002:a17:907:6e0b:: with SMTP id sd11mr64771586ejc.134.1638270267763; Tue, 30 Nov 2021 03:04:27 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id b7sm12487032edd.26.2021.11.30.03.04.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Nov 2021 03:04:27 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [SRU][BIONIC][PATCH 04/16] efi/mokvar: Reserve the table only if it is in boot services data Date: Tue, 30 Nov 2021 11:04:04 +0000 Message-Id: <20211130110416.171269-5-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211130110416.171269-1-dimitri.ledkov@canonical.com> References: <20211130110416.171269-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Borislav Petkov BugLink: https://bugs.launchpad.net/bugs/1928679 One of the SUSE QA tests triggered: localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000 which comes from x86's version of efi_arch_mem_reserve() trying to reserve a memory region. Usually, that function expects EFI_BOOT_SERVICES_DATA memory descriptors but the above case is for the MOKvar table which is allocated in the EFI shim as runtime services. That lead to a fix changing the allocation of that table to boot services. However, that fix broke booting SEV guests with that shim leading to this kernel fix 8d651ee9c71b ("x86/ioremap: Map EFI-reserved memory as encrypted for SEV") which extended the ioremap hint to map reserved EFI boot services as decrypted too. However, all that wasn't needed, IMO, because that error message in efi_arch_mem_reserve() was innocuous in this case - if the MOKvar table is not in boot services, then it doesn't need to be reserved in the first place because it is, well, in runtime services which *should* be reserved anyway. So do that reservation for the MOKvar table only if it is allocated in boot services data. I couldn't find any requirement about where that table should be allocated in, unlike the ESRT which allocation is mandated to be done in boot services data by the UEFI spec. Signed-off-by: Borislav Petkov Signed-off-by: Ard Biesheuvel (cherry picked from commit 47e1e233e9d822dfda068383fb9a616451bda703) Signed-off-by: Dimitri John Ledkov --- drivers/firmware/efi/mokvar-table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c index d8bc013406..38722d2009 100644 --- a/drivers/firmware/efi/mokvar-table.c +++ b/drivers/firmware/efi/mokvar-table.c @@ -180,7 +180,10 @@ void __init efi_mokvar_table_init(void) pr_err("EFI MOKvar config table is not valid\n"); return; } - efi_mem_reserve(efi.mokvar_table, map_size_needed); + + if (md.type == EFI_BOOT_SERVICES_DATA) + efi_mem_reserve(efi.mokvar_table, map_size_needed); + efi_mokvar_table_size = map_size_needed; }