| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jun 2022 13:24:48 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Wupeng Ma <mawupeng1@...wei.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Mike Rapoport <rppt@...nel.org>
Cc: Jonathan Corbet <corbet@....net>, Will Deacon <will@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
X86 ML <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
Darren Hart <dvhart@...radead.org>,
Andy Shevchenko <andy@...radead.org>,
Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>,
"Paul E. McKenney" <paulmck@...nel.org>,
Kees Cook <keescook@...omium.org>, songmuchun@...edance.com,
Randy Dunlap <rdunlap@...radead.org>,
damien.lemoal@...nsource.wdc.com,
Stephen Boyd <swboyd@...omium.org>,
Wei Liu <wei.liu@...nel.org>,
Robin Murphy <robin.murphy@....com>,
David Hildenbrand <david@...hat.com>,
Anshuman Khandual <anshuman.khandual@....com>,
Zhen Lei <thunder.leizhen@...wei.com>,
Kefeng Wang <wangkefeng.wang@...wei.com>, gpiccoli@...lia.com,
Huacai Chen <chenhuacai@...nel.org>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
chenzhou10@...wei.com, vijayb@...ux.microsoft.com,
Linux Doc Mailing List <linux-doc@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-mm@...ck.org, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH v3 0/6] introduce mirrored memory support for arm64
On Fri, 10 Jun 2022 at 13:23, Ard Biesheuvel <ardb@...nel.org> wrote:
>
> On Tue, 7 Jun 2022 at 11:16, Wupeng Ma <mawupeng1@...wei.com> wrote:
> >
> > From: Ma Wupeng <mawupeng1@...wei.com>
> >
> > Commit b05b9f5f9dcf ("x86, mirror: x86 enabling - find mirrored memory ranges")
> > introduced mirrored memory support for x86. This support rely on UEFI to
> > report mirrored memory address ranges. See UEFI 2.5 spec pages 157-158:
> >
> > http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf
> >
> > Memory mirroring is a technique used to separate memory into two separate
> > channels, usually on a memory device, like a server. In memory mirroring,
> > one channel is copied to another to create redundancy. This method makes
> > input/output (I/O) registers and memory appear with more than one address
> > range because the same physical byte is accessible at more than one
> > address. Using memory mirroring, higher memory reliability and a higher
> > level of memory consolidation are possible.
> >
> > These EFI memory regions have various attributes, and the "mirrored"
> > attribute is one of them. The physical memory region whose descriptors
> > in EFI memory map has EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are
> > mirrored. The address range mirroring feature of the kernel arranges such
> > mirrored regions into normal zones and other regions into movable zones.
> >
> > Arm64 can support this too. So mirrored memory support is added to support
> > arm64.
> >
> > The main purpose of this patch set is to introduce mirrored support for
> > arm64 and we have already fixed the problems we had which is shown in
> > patch #5 to patch #8 and try to bring total isolation in patch #9 which
> > will disable mirror feature if kernelcore is not specified.
> >
> > In order to test this support in arm64:
> > - patch this patch set
> > - add kernelcore=mirror in kernel parameter
> > - start you kernel
> >
> > Patch #1-#2 introduce mirrored memory support form arm64.
> > Patch #3-#5 fix some bugs for arm64 if memory reliable is enabled.
> > Patch #6 disable mirror feature if kernelcore is not specified.
> >
> > Thanks to Ard Biesheuvel's hard work [1], now kernel will perfer mirrored
> > memory if kaslr is enabled.
> >
> > [1] https://lore.kernel.org/linux-arm-kernel/CAMj1kXEPVEzMgOM4+Yj6PxHA-jFuDOAUdDJSiSxy_XaP4P7LSw@mail.gmail.com/T/
> >
> > Changelog since v2:
> > - remove efi_fake_mem support
> > - remove Commit ("remove some redundant code in ia64 efi_init") since
> > efi_print_memmap() is not public
> > - add mirror flag back on initrd memory
> >
> > Changelog since v1:
> > - update changelog in cover letter
> > - use PHYS_PFN in patch #7
> >
> > Ma Wupeng (6):
> > efi: Make efi_find_mirror() public
> > arm64/mirror: arm64 enabling - find mirrored memory ranges
> > mm: Ratelimited mirrored memory related warning messages
> > mm: Demote warning message in vmemmap_verify() to debug level
> > mm: Add mirror flag back on initrd memory
> > efi: Disable mirror feature if kernelcore is not specified
> >
>
> I have tested these changes on QEMU/arm64 with the patch below, and
> things seem to work as expected. We have some minor issues to work out
> but the general shape of this code is good.
>
> As for the mm/ changes: does anyone mind if I take those through the
> EFI tree as well? I don't think the EFI and -mm changes depend on each
> other, so they can go into -mm separately as well.
diff --git a/drivers/firmware/efi/libstub/efi-stub.c
b/drivers/firmware/efi/libstub/efi-stub.c
index f515394cce6e..1d4dd8aca3e6 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -136,6 +136,7 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
enum efi_secureboot_mode secure_boot;
struct screen_info *si;
efi_properties_table_t *prop_tbl;
+ const efi_dxe_services_table_t *efi_dxe_table;
efi_system_table = sys_table_arg;
@@ -161,6 +162,20 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
goto fail;
}
+ efi_dxe_table = get_efi_config_table(EFI_DXE_SERVICES_TABLE_GUID);
+ if (efi_dxe_table) {
+ efi_physical_addr_t pa = 0x60000000;
+ efi_gcd_memory_space_desc_t desc;
+
+ status = efi_dxe_call(get_memory_space_descriptor, pa, &desc);
+ if (status != EFI_SUCCESS)
+ efi_err("Failed to get memory space
descriptor: %lx\n", status);
+ status = efi_dxe_call(set_memory_space_capabilities, pa, SZ_1G,
+ desc.capabilities |
EFI_MEMORY_MORE_RELIABLE);
+ if (status != EFI_SUCCESS)
+ efi_err("Failed to set memory space
capabilities: %lx\n", status);
+ }
+
/*
* Get the command line from EFI, using the LOADED_IMAGE
* protocol. We are going to copy the command line into the
diff --git a/drivers/firmware/efi/libstub/efistub.h
b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..bf11d85bf9b4 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -378,7 +378,8 @@ union efi_dxe_services_table {
void *schedule;
void *trust;
void *process_firmware_volume;
- void *set_memory_space_capabilities;
+ efi_status_t (__efiapi
*set_memory_space_capabilities)(efi_physical_addr_t,
+
u64, u64);
};
struct {
efi_table_hdr_t hdr;
Powered by blists - more mailing lists