efi: Avoid cold plugged memory for placing the kernel

commit ba69e0750b0362870294adab09339a0c39c3beaf upstream.

UEFI 2.11 introduced EFI_MEMORY_HOT_PLUGGABLE to annotate system memory
regions that are 'cold plugged' at boot, i.e., hot pluggable memory that
is available from early boot, and described as system RAM by the
firmware.

Existing loaders and EFI applications running in the boot context will
happily use this memory for allocating data structures that cannot be
freed or moved at runtime, and this prevents the memory from being
unplugged. Going forward, the new EFI_MEMORY_HOT_PLUGGABLE attribute
should be tested, and memory annotated as such should be avoided for
such allocations.

In the EFI stub, there are a couple of occurrences where, instead of the
high-level AllocatePages() UEFI boot service, a low-level code sequence
is used that traverses the EFI memory map and carves out the requested
number of pages from a free region. This is needed, e.g., for allocating
as low as possible, or for allocating pages at random.

While AllocatePages() should presumably avoid special purpose memory and
cold plugged regions, this manual approach needs to incorporate this
logic itself, in order to prevent the kernel itself from ending up in a
hot unpluggable region, preventing it from being unplugged.

So add the EFI_MEMORY_HOTPLUGGABLE macro definition, and check for it
where appropriate.

Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 332739f3eded570b0f4baa74d8fa5b343cef2a2e..8c86b3c1df0d7bb8d0b7b97e5767414f32c3a46b 100644 (file)
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -774,13 +774,15 @@ char * __init efi_md_typeattr_format(char *buf, size_t size,
                     EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_RO |
                     EFI_MEMORY_WP | EFI_MEMORY_RP | EFI_MEMORY_XP |
                     EFI_MEMORY_NV | EFI_MEMORY_SP | EFI_MEMORY_CPU_CRYPTO |
-                    EFI_MEMORY_RUNTIME | EFI_MEMORY_MORE_RELIABLE))
+                    EFI_MEMORY_MORE_RELIABLE | EFI_MEMORY_HOT_PLUGGABLE |
+                    EFI_MEMORY_RUNTIME))
                snprintf(pos, size, "|attr=0x%016llx]",
                         (unsigned long long)attr);
        else
                snprintf(pos, size,
-                        "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
+                        "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
                         attr & EFI_MEMORY_RUNTIME              ? "RUN" : "",
+                        attr & EFI_MEMORY_HOT_PLUGGABLE        ? "HP"  : "",
                         attr & EFI_MEMORY_MORE_RELIABLE        ? "MR"  : "",
                         attr & EFI_MEMORY_CPU_CRYPTO           ? "CC"  : "",
                         attr & EFI_MEMORY_SP                   ? "SP"  : "",

diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c
index 724155b9e10dcf84a44a836efed036574daaa728..de322e1b2cdac0b5d325e3c6e96f0a082e58748e 100644 (file)
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -24,6 +24,9 @@ static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
        if (md->type != EFI_CONVENTIONAL_MEMORY)
                return 0;
 
+       if (md->attribute & EFI_MEMORY_HOT_PLUGGABLE)
+               return 0;
+
        if (efi_soft_reserve_enabled() &&
            (md->attribute & EFI_MEMORY_SP))
                return 0;

diff --git a/drivers/firmware/efi/libstub/relocate.c b/drivers/firmware/efi/libstub/relocate.c
index 8ee9eb2b90392d993431bba9972923cc4c293683..c3c9c38c2184116a2d805a21d6378876834423f7 100644 (file)
--- a/drivers/firmware/efi/libstub/relocate.c
+++ b/drivers/firmware/efi/libstub/relocate.c
@@ -62,6 +62,9 @@ efi_status_t efi_low_alloc_above(unsigned long size, unsigned long align,
                if (desc->type != EFI_CONVENTIONAL_MEMORY)
                        continue;
 
+               if (desc->attribute & EFI_MEMORY_HOT_PLUGGABLE)
+                       continue;
+
                if (efi_soft_reserve_enabled() &&
                    (desc->attribute & EFI_MEMORY_SP))
                        continue;

diff --git a/include/linux/efi.h b/include/linux/efi.h
index 5554d26f91d801eed4e92956108b814bb55dc914..6bdf15b8dea535f1a2813a48c895345bcb26bc66 100644 (file)
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -125,6 +125,7 @@ typedef     struct {
 #define EFI_MEMORY_RO          ((u64)0x0000000000020000ULL)    /* read-only */
 #define EFI_MEMORY_SP          ((u64)0x0000000000040000ULL)    /* soft reserved */
 #define EFI_MEMORY_CPU_CRYPTO  ((u64)0x0000000000080000ULL)    /* supports encryption */
+#define EFI_MEMORY_HOT_PLUGGABLE       BIT_ULL(20)     /* supports unplugging at runtime */
 #define EFI_MEMORY_RUNTIME     ((u64)0x8000000000000000ULL)    /* range requires runtime mapping */
 #define EFI_MEMORY_DESCRIPTOR_VERSION  1