lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 25 Apr 2024 11:45:01 -0500
From: "Kalra, Ashish" <ashish.kalra@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
 x86@...nel.org, rafael@...nel.org, peterz@...radead.org,
 adrian.hunter@...el.com, sathyanarayanan.kuppuswamy@...ux.intel.com,
 jun.nakajima@...el.com, rick.p.edgecombe@...el.com, thomas.lendacky@....com,
 michael.roth@....com, seanjc@...gle.com, kai.huang@...el.com,
 bhe@...hat.com, kirill.shutemov@...ux.intel.com, bdas@...hat.com,
 vkuznets@...hat.com, dionnaglaze@...gle.com, anisinha@...hat.com,
 jroedel@...e.de, ardb@...nel.org, kexec@...ts.infradead.org,
 linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 1/3] efi/x86: skip efi_arch_mem_reserve() in case of
 kexec.

 >It sounds to me like you need to go back up, to the 10000ft view and
>> explain how exactly this efi_mem_reserve() causes trouble for the
>> kexec-ed kernel so that we can think of a proper solution, not some
>> random hackery.
>
> The above details explain why and how efi_arch_mem_reserve() causes 
> trouble for the (nested) kexec-ed kernel, additionally, there is a 
> another reason to skip efi_arch_mem_reserve() altogether for the kexec 
> case, as for kexec use case we need to use the EFI memmap passed from 
> the 1st kernel via setup_data and probably need to avoid any 
> additional EFI memory map additions/updates.
>
> Therefore, the first revision of this patch had the following code to 
> skip efi_arch_mem_reserve():
>
> void __init efi_arch_mem_reserve(..) {
>
> + if (efi_setup) + return;
>
> But then based on upstream review/feedback, the second revision of 
> this patch, updated the patch to check the md attribute of the EFI 
> memory descriptor instead of checking for efi_setup for detecting if 
> running under kexec kernel and the checking of the md attribute of the 
> EFI memory descriptor introduces these additional checks and pr_err() 
> which you commented on above.
>
> Hopefully, the above detailed explanation captures the reason to skip 
> efi_arch_mem_reserve() in case of (SNP) guest kexec, looking forward 
> to your comments/feedback on the same for me to rework this patch 
> (especially the commit message) and post it again.

<snip>

I am actually going to rename this patch to something more appropriate like:

Fix EFI memory map corruption during SNP guest kexec

And in the patch itself, go back to skipping efi_arch_mem_reserve() by 
checking efi_setup to check for running under kexec kernel similar to 
how it used by efi_enter_virtual_mode().

Thanks, Ashish

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ