[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240520183633.1457687-3-steve.wahl@hpe.com>
Date: Mon, 20 May 2024 13:36:32 -0500
From: Steve Wahl <steve.wahl@....com>
To: Steve Wahl <steve.wahl@....com>, Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
Pavin Joseph <me@...injoseph.com>, Eric Hagberg <ehagberg@...il.com>
Cc: Simon Horman <horms@...ge.net.au>, Eric Biederman <ebiederm@...ssion.com>,
Dave Young <dyoung@...hat.com>, Sarah Brofeldt <srhb@....dk>,
Russ Anderson <rja@....com>, Dimitri Sivanich <sivanich@....com>,
Hou Wenlong <houwenlong.hwl@...group.com>,
Andrew Morton <akpm@...ux-foundation.org>, Baoquan He <bhe@...hat.com>,
Yuntao Wang <ytcoode@...il.com>, Bjorn Helgaas <bhelgaas@...gle.com>,
Joerg Roedel <jroedel@...e.de>, Michael Roth <michael.roth@....com>
Subject: [PATCH 2/3] x86/kexec: Add EFI Confidential Computing blob to kexec identity mapping.
Like the EFI config table itself, the Confidential Computing blob entry
in that table, if it exists, is referenced by the kexec kernel before
it establishes its own identity map.
This could potentially cause a kexec failure if the CC blob is not
located close to other identity map areas. Such a failure is more
likely with the nogbpages command line option.
So, explicitly add the CC blob to the kexec identity map.
Signed-off-by: Steve Wahl <steve.wahl@....com>
Tested-by: Pavin Joseph <me@...injoseph.com>
Tested-by: Sarah Brofeldt <srhb@....dk>
Tested-by: Eric Hagberg <ehagberg@...il.com>
---
arch/x86/kernel/machine_kexec_64.c | 47 +++++++++++++++++++++++++++++-
1 file changed, 46 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index d89942307659..bb68d86ecafe 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -29,6 +29,7 @@
#include <asm/set_memory.h>
#include <asm/cpu.h>
#include <asm/efi.h>
+#include <asm/sev.h>
#ifdef CONFIG_ACPI
/*
@@ -90,6 +91,7 @@ map_efi_tables(struct x86_mapping_info *info, pgd_t *level4p)
unsigned long mstart, mend;
void *kaddr;
int ret;
+ unsigned int cfg_tbl_len;
if (!efi_enabled(EFI_BOOT))
return 0;
@@ -120,16 +122,59 @@ map_efi_tables(struct x86_mapping_info *info, pgd_t *level4p)
if (efi_enabled(EFI_64BIT)) {
efi_system_table_64_t *stbl = (efi_system_table_64_t *)kaddr;
+ cfg_tbl_len = stbl->nr_tables;
mend = mstart + sizeof(efi_config_table_64_t) * stbl->nr_tables;
} else {
efi_system_table_32_t *stbl = (efi_system_table_32_t *)kaddr;
+ cfg_tbl_len = stbl->nr_tables;
mend = mstart + sizeof(efi_config_table_32_t) * stbl->nr_tables;
}
memunmap(kaddr);
- return kernel_ident_mapping_init(info, level4p, mstart, mend);
+ ret = kernel_ident_mapping_init(info, level4p, mstart, mend);
+ if (ret)
+ return ret;
+
+ /*
+ * CC blob is referenced in kernel startup before the new
+ * kernel creates it's own identity map, so make sure it's
+ * included in the kexec identity map.
+ */
+ kaddr = memremap(mstart, mend - mstart, MEMREMAP_WB);
+ if (!kaddr) {
+ pr_err("Could not map UEFI config table\n");
+ return -ENOMEM;
+ }
+
+ mstart = 0;
+ if (efi_enabled(EFI_64BIT)) {
+ efi_config_table_64_t *ctbl = (void *) kaddr;
+ int i;
+
+ for (i = 0; i < cfg_tbl_len; i++) {
+ if (!efi_guidcmp(EFI_CC_BLOB_GUID, ctbl[i].guid)) {
+ mstart = ctbl[i].table;
+ mend = mstart + sizeof(struct cc_blob_sev_info);
+ break;
+ }
+ }
+ } else {
+ efi_config_table_32_t *ctbl = (void *) kaddr;
+ int i;
+
+ for (i = 0; i < cfg_tbl_len; i++) {
+ if (!efi_guidcmp(EFI_CC_BLOB_GUID, ctbl[i].guid)) {
+ mstart = ctbl[i].table;
+ mend = mstart + sizeof(struct cc_blob_sev_info);
+ break;
+ }
+ }
+ }
+ memunmap(kaddr);
+ if (mstart)
+ return kernel_ident_mapping_init(info, level4p, mstart, mend);
#endif
return 0;
}
--
2.26.2
Powered by blists - more mailing lists