From patchwork Tue Mar 2 10:04:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mike Rapoport X-Patchwork-Id: 12111333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39E90C433DB for ; Tue, 2 Mar 2021 10:04:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BDCF864F0F for ; Tue, 2 Mar 2021 10:04:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BDCF864F0F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 462B38D00F7; Tue, 2 Mar 2021 05:04:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3ED308D0063; Tue, 2 Mar 2021 05:04:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B5228D00F7; Tue, 2 Mar 2021 05:04:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0131.hostedemail.com [216.40.44.131]) by kanga.kvack.org (Postfix) with ESMTP id 0D0A18D0063 for ; Tue, 2 Mar 2021 05:04:28 -0500 (EST) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id CD079180AD80F for ; Tue, 2 Mar 2021 10:04:27 +0000 (UTC) X-FDA: 77874499374.04.BD133AD Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf01.hostedemail.com (Postfix) with ESMTP id 3E93720003A3 for ; Tue, 2 Mar 2021 10:04:27 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id CB73A64F16; Tue, 2 Mar 2021 10:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1614679466; bh=15SwaZ/8rrN2waOzJF7Zw5ICoWR5Pn4pn67kuMqXsIc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ABO9P5KTXvSfK5lusGZVnliPLUTf+U4T02/6GEhpj8IrDuhujOJj//0s5atDVq4O5 YvBINr+hlj/FlCpxmp7r/Nzj1+3ZcMTO79qig9YSYlzOjsEKDnlKpMKip5UetleRmS xPQviVpaGF7/M8cE6/+jFzTkdgj+juT4q1kMtaCZTiXmunYIr1YDIq/pjNZd7EdIL4 JIauPdohVhQpwb9Ups3l3pFYQ7QGgA/LYSdSSOtKq1lFAjGKBk6ySZOOF+teXFbzzZ p62E7atkEWw7KrruqdVsRiC8Mi+xlgTalHxA+VfejBmBF9ZCFdERgCHgz7Pj0HfdDQ 484WQU36FbsRw== From: Mike Rapoport To: x86@kernel.org Cc: Andrew Morton , Andrea Arcangeli , Baoquan He , Borislav Petkov , David Hildenbrand , "H. Peter Anvin" , Ingo Molnar , Mel Gorman , Michal Hocko , Mike Rapoport , Mike Rapoport , Qian Cai , Thomas Gleixner , Vlastimil Babka , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Borislav Petkov Subject: [PATCH v3 1/2] x86/setup: consolidate early memory reservations Date: Tue, 2 Mar 2021 12:04:05 +0200 Message-Id: <20210302100406.22059-2-rppt@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210302100406.22059-1-rppt@kernel.org> References: <20210302100406.22059-1-rppt@kernel.org> MIME-Version: 1.0 X-Stat-Signature: 3qyigfu5o3qfrckcokfxesb7g34pu49n X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 3E93720003A3 Received-SPF: none (kernel.org>: No applicable sender policy available) receiver=imf01; identity=mailfrom; envelope-from=""; helo=mail.kernel.org; client-ip=198.145.29.99 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614679467-805051 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Mike Rapoport The early reservations of memory areas used by the firmware, bootloader, kernel text and data are spread over setup_arch(). Moreover, some of them happen *after* memblock allocations, e.g trim_platform_memory_ranges() and trim_low_memory_range() are called after reserve_real_mode() that allocates memory. There was no corruption of these memory regions because memblock always allocates memory either from the end of memory (in top-down mode) or above the kernel image (in bottom-up mode). However, the bottom up mode is going to be updated to span the entire memory [1] to avoid limitations caused by KASLR. Consolidate early memory reservations in a dedicated function to improve robustness against future changes. Having the early reservations in one place also makes it clearer what memory must be reserved before we allow memblock allocations. [1] https://lore.kernel.org/lkml/20201217201214.3414100-2-guro@fb.com Signed-off-by: Mike Rapoport Acked-by: Borislav Petkov --- arch/x86/kernel/setup.c | 92 ++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 48 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index d883176ef2ce..3e3c6036b023 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -645,18 +645,6 @@ static void __init trim_snb_memory(void) } } -/* - * Here we put platform-specific memory range workarounds, i.e. - * memory known to be corrupt or otherwise in need to be reserved on - * specific platforms. - * - * If this gets used more widely it could use a real dispatch mechanism. - */ -static void __init trim_platform_memory_ranges(void) -{ - trim_snb_memory(); -} - static void __init trim_bios_range(void) { /* @@ -729,7 +717,38 @@ static void __init trim_low_memory_range(void) { memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); } - + +static void __init early_reserve_memory(void) +{ + /* + * Reserve the memory occupied by the kernel between _text and + * __end_of_kernel_reserve symbols. Any kernel sections after the + * __end_of_kernel_reserve symbol must be explicitly reserved with a + * separate memblock_reserve() or they will be discarded. + */ + memblock_reserve(__pa_symbol(_text), + (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); + + /* + * Make sure page 0 is always reserved because on systems with + * L1TF its contents can be leaked to user processes. + */ + memblock_reserve(0, PAGE_SIZE); + + early_reserve_initrd(); + + if (efi_enabled(EFI_BOOT)) + efi_memblock_x86_reserve_range(); + + memblock_x86_reserve_range_setup_data(); + + reserve_ibft_region(); + reserve_bios_regions(); + + trim_snb_memory(); + trim_low_memory_range(); +} + /* * Dump out kernel offset information on panic. */ @@ -764,29 +783,6 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p) void __init setup_arch(char **cmdline_p) { - /* - * Reserve the memory occupied by the kernel between _text and - * __end_of_kernel_reserve symbols. Any kernel sections after the - * __end_of_kernel_reserve symbol must be explicitly reserved with a - * separate memblock_reserve() or they will be discarded. - */ - memblock_reserve(__pa_symbol(_text), - (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); - - /* - * Make sure page 0 is always reserved because on systems with - * L1TF its contents can be leaked to user processes. - */ - memblock_reserve(0, PAGE_SIZE); - - early_reserve_initrd(); - - /* - * At this point everything still needed from the boot loader - * or BIOS or kernel text should be early reserved or marked not - * RAM in e820. All other memory is free game. - */ - #ifdef CONFIG_X86_32 memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data)); @@ -910,8 +906,18 @@ void __init setup_arch(char **cmdline_p) parse_early_param(); - if (efi_enabled(EFI_BOOT)) - efi_memblock_x86_reserve_range(); + /* + * Do some memory reservations *before* memory is added to + * memblock, so memblock allocations won't overwrite it. + * Do it after early param, so we could get (unlikely) panic from + * serial. + * + * After this point everything still needed from the boot loader or + * firmware or kernel text should be early reserved or marked not + * RAM in e820. All other memory is free game. + */ + early_reserve_memory(); + #ifdef CONFIG_MEMORY_HOTPLUG /* * Memory used by the kernel cannot be hot-removed because Linux @@ -938,9 +944,6 @@ void __init setup_arch(char **cmdline_p) x86_report_nx(); - /* after early param, so could get panic from serial */ - memblock_x86_reserve_range_setup_data(); - if (acpi_mps_check()) { #ifdef CONFIG_X86_LOCAL_APIC disable_apic = 1; @@ -1032,8 +1035,6 @@ void __init setup_arch(char **cmdline_p) */ find_smp_config(); - reserve_ibft_region(); - early_alloc_pgt_buf(); /* @@ -1054,8 +1055,6 @@ void __init setup_arch(char **cmdline_p) */ sev_setup_arch(); - reserve_bios_regions(); - efi_fake_memmap(); efi_find_mirror(); efi_esrt_init(); @@ -1081,9 +1080,6 @@ void __init setup_arch(char **cmdline_p) reserve_real_mode(); - trim_platform_memory_ranges(); - trim_low_memory_range(); - init_mem_mapping(); idt_setup_early_pf(); From patchwork Tue Mar 2 10:04:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mike Rapoport X-Patchwork-Id: 12111335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F009C433E0 for ; Tue, 2 Mar 2021 10:04:34 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E791C64F0F for ; Tue, 2 Mar 2021 10:04:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E791C64F0F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 7BE308D00F8; Tue, 2 Mar 2021 05:04:33 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7202A8D0063; Tue, 2 Mar 2021 05:04:33 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E7EC8D00F8; Tue, 2 Mar 2021 05:04:33 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0021.hostedemail.com [216.40.44.21]) by kanga.kvack.org (Postfix) with ESMTP id 4332F8D0063 for ; Tue, 2 Mar 2021 05:04:33 -0500 (EST) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 0FADD52C1 for ; Tue, 2 Mar 2021 10:04:33 +0000 (UTC) X-FDA: 77874499626.30.6D975F8 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf20.hostedemail.com (Postfix) with ESMTP id B5DE6F8 for ; Tue, 2 Mar 2021 10:04:31 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 031E164F1B; Tue, 2 Mar 2021 10:04:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1614679471; bh=pACDq5dh9SnWHeToI15lAiv7Zc9+44fWIB6RMHF0BEE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oFZA3+CfC+xOMR2lWPr7on7rEzOVojEsEaxFZgnroqRvY/QhbYpKja31vbfao/GJk WGP8F0Si5Hc7JLt9UEQFGXi18MZvPWJz5us7WBglcI8Ev4eJmo5H3F7WxtNrESNiVx +kJVAWKpUOiXAlmie414eLbuDHDF1tYHtQSeWg2mJRSEObt+tXTd0xj4Gptsstsm5H qklhTAn6uuNmVk6A6sYV7kXF3Su/kjHE9ROUGUgv16/RTVON3ulgull8dX6yH6Vyp2 9g2HqqqVK7LFWIkZDeU/n/coy8Iqagxp3YsBv93SPrBpmMkNzgfYB+XIK7czAhaqFR b2+Gevc5FCo9g== From: Mike Rapoport To: x86@kernel.org Cc: Andrew Morton , Andrea Arcangeli , Baoquan He , Borislav Petkov , David Hildenbrand , "H. Peter Anvin" , Ingo Molnar , Mel Gorman , Michal Hocko , Mike Rapoport , Mike Rapoport , Qian Cai , Thomas Gleixner , Vlastimil Babka , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Borislav Petkov Subject: [PATCH v3 2/2] x86/setup: merge several reservations of start of the memory Date: Tue, 2 Mar 2021 12:04:06 +0200 Message-Id: <20210302100406.22059-3-rppt@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210302100406.22059-1-rppt@kernel.org> References: <20210302100406.22059-1-rppt@kernel.org> MIME-Version: 1.0 X-Stat-Signature: kisk4fdhh9ykgpsqrpqaq368uoxk6n6h X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: B5DE6F8 Received-SPF: none (kernel.org>: No applicable sender policy available) receiver=imf20; identity=mailfrom; envelope-from=""; helo=mail.kernel.org; client-ip=198.145.29.99 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614679471-723124 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Mike Rapoport Currently the first several pages are reserved both to avoid leaking their contents on systems with L1TF and to avoid corrupting BIOS memory. Merge the two memory reservations. Signed-off-by: Mike Rapoport Reviewed-by: David Hildenbrand Acked-by: Borislav Petkov --- arch/x86/kernel/setup.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 3e3c6036b023..776fc9b3fafe 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -713,11 +713,6 @@ static int __init parse_reservelow(char *p) early_param("reservelow", parse_reservelow); -static void __init trim_low_memory_range(void) -{ - memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); -} - static void __init early_reserve_memory(void) { /* @@ -730,10 +725,17 @@ static void __init early_reserve_memory(void) (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); /* - * Make sure page 0 is always reserved because on systems with - * L1TF its contents can be leaked to user processes. + * The first 4Kb of memory is a BIOS owned area, but generally it is + * not listed as such in the E820 table. + * + * Reserve the first memory page and typically some additional + * memory (64KiB by default) since some BIOSes are known to corrupt + * low memory. See the Kconfig help text for X86_RESERVE_LOW. + * + * In addition, make sure page 0 is always reserved because on + * systems with L1TF its contents can be leaked to user processes. */ - memblock_reserve(0, PAGE_SIZE); + memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); early_reserve_initrd(); @@ -746,7 +748,6 @@ static void __init early_reserve_memory(void) reserve_bios_regions(); trim_snb_memory(); - trim_low_memory_range(); } /*