On Fri, 29 Nov 2024 at 15:11, Dave Young dyoung@redhat.com wrote:
Hi Nicolas,
On Thu, 28 Nov 2024 at 23:58, Nicolas Saenz Julienne nsaenz@amazon.com wrote:
Hi Dave,
On Fri Nov 22, 2024 at 1:03 PM UTC, Dave Young wrote:
On Wed, 13 Nov 2024 at 02:53, Nicolas Saenz Julienne nsaenz@amazon.com wrote:
Kexec bypasses EFI's switch to virtual mode. In exchange, it has its own routine, kexec_enter_virtual_mode(), which replays the mappings made by the original kernel. Unfortunately, that function fails to reinstate EFI's memory attributes, which would've otherwise been set after entering virtual mode. Remediate this by calling efi_runtime_update_mappings() within kexec's routine.
In the function __map_region(), there are playing with the flags similar to the efi_runtime_update_mappings though it looks a little different. Is this extra callback really necessary?
EFI Memory attributes aren't tracked through `/sys/firmware/efi/runtime-map`, and as such, whatever happens in `__map_region()` after kexec will not honor them.
From the comment below the reason to do the mappings update is that firmware could perform some fixups. But for kexec case I think doing the mapping correctly in the mapping code would be good enough.
/* * Apply more restrictive page table mapping attributes now that * SVAM() has been called and the firmware has performed all * necessary relocation fixups for the new virtual addresses. */ efi_runtime_update_mappings();
Otherwise /sys/firmware/efi/runtime-map is a copy for kexec-tools to create the virtual efi memmap, but I think the __map_region is called after kexecing into the 2nd kernel, so I feel that at that time the mem attr table should be usable.
Another thing I'm not sure why the updated mem attr is not stored in the memmap md descriptor "attribute" field, if that is possible then the runtime-map will carry them, anyway, the __map_region still needs tweaking to use the attribute.
Anyway thanks for explaining about this. It is indeed something to improve. I have no strong opinion as your code will also work.
Have you seen a real bug happened?
If lowered security posture after kexec counts as a bug, yes. The system remains stable otherwise.
Nicolas
Thanks Dave