lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8e36be57-58a6-404e-8828-6c777b8d2196@suse.com>
Date:   Thu, 12 Oct 2023 13:51:13 +0300
From:   Nikolay Borisov <nik.borisov@...e.com>
To:     kirill.shutemov@...ux.intel.com
Cc:     ardb@...nel.org, linux-efi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/efistub: Don't try to print after ExitBootService()



On 12.10.23 г. 13:14 ч., kirill.shutemov@...ux.intel.com wrote:
> On Wed, Oct 11, 2023 at 10:25:28PM +0300, Nikolay Borisov wrote:
>> setup_e820() is executed after UEFI's ExitBootService has been called.
>> This causes the firmware to throw an exception because Console IO
>> protocol handler is supposed to work only during boot service
>> environment. As per UEFI 2.9, section 12.1:
>>
>>   "This protocol isused to handle input and output of text-based
>>   information intended for the system user during the operation of code
>>   in the boot services environment."
>>
>> Running a TDX guest with TDVF with unaccepted memory disabled results in
>> the following output:
> 
> Oh. My bad.
> 
> But there's other codepath that does the same. If setup_e820() fails with
> EFI_BUFFER_TOO_SMALL, efi_stub_entry() would try to print "exit_boot()
> failed\n".
> 
> I wouldner if it is feasible to hook up earlyprintk console into
> efi_printk() machinery for after ExitBootService() case? Silent boot
> failure is not the best UX.
> 


In my testing I was able to transpose setup_e820 and efi 
exit_boot_service by calling exit_boot_func before setup_e820 which 
ensures the various memory variables are populated. Is there any 
specific reason why ExitBootServices is called before setting up the 
e820 table? AFAIU this is an arbitrary choice?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ