From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CA513A9D83 for ; Fri, 10 Apr 2026 08:00:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808031; cv=none; b=e0mcvt8/8ATCC7dCLywsW8wS50kfAgtGCp6YhS8bW6HQIz7R9n6NdBn80CklCAhlSyCpOgxqgNT0pEbBhQMVbIKHlfvaVUPWQaBnFCm+FpNqBEDqACYCRpe4hskxr6SE+eLBIkSzGpB1hMpigSWLoOiFW8iAudUqkJOnzzOGiKo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808031; c=relaxed/simple; bh=gwk2O0HVrHyQzJmAAiYDk1JsQjiaoBO/6mdfGTIyv60=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=jDBip3AoyfNI7BS5RROC/3kOLpkm36uBlRf3zTCQI1MpTO8WspCF6pqWt7ks7NZPMqK1xuhTZ9AxUmWmleRd9I2jGWDmydIF/5lYr1jjqcLcVlZzBIhIgRYs44BiKie1qaZ83cWUOLEMSjdmtDIaYGzeQ8Jwmefp5+0p43RnTLk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HvDutz3q; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HvDutz3q" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-488c2764f83so13475575e9.2 for ; Fri, 10 Apr 2026 01:00:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808029; x=1776412829; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=aZuVlxjjLoHFeIUm8jVkTp0g1A6kMbh8Qq6SqnHOAQI=; b=HvDutz3qpDv60cbo/ZM3VxcDVFT4lN7TyJpKBXDuRGpCDUFhR4ok73d2NLhN8bDRFO SqYPb4rMNCn9aiyyb7uIrcWQl7QPrSewPkq3REVqYu1R4zjqN0sSIKREo/5QYgJhhwh+ Q/LG5A+bqoLOyxEK8/qm3oV20AKQ96xFCDfErrIxuD4osVjDFvq24gI6X+YWCFrBSYmT gWctGV1mabE4Mo5VbWOyzOy2Dkg67btLvR/IC33IUHvh72/IHlRH3PqAbYe1ocaRkgIn wk9FcMtEo5vEzzCGjKr4gsaEMT/MbZIDADQ0FyIghjs7a90T9n8qlw+QyWiHESn+7GG/ H2Ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808029; x=1776412829; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aZuVlxjjLoHFeIUm8jVkTp0g1A6kMbh8Qq6SqnHOAQI=; b=ssqy0M13Z5dUuv7IH9ThKVPCRmFYDShvqxZxoUyrzS86GMakjavph3H5LFyjV1iq7O rNz2/4bFqhnyygcMsRmYkOvVAW27NSQg3Y7ZU+Wqy7noImVg6rIOGeVs7carrKNoVI8T tlibvO7+SuCRNHXDxANZcKYSO3OhplgTOOnSDFkQlGhEE29e9nKjaUB6ZQlNcW/Io1Yf KkRVURjUubT4JLEK4XXC+Orp1eayLId2GuPJZkYvAZhvrm3pra3IG6BjQZ1ofUCMW/sg VOWacSErlhG44PwGxV2XgQWReWQJ6XTtPS8pzNMY2VQnBPnccKhBXtZIHT+jUhViw33K XWdA== X-Gm-Message-State: AOJu0YwEE+e9I/xO1Ch04lNFxNe7jdBx+qy/Gk4CdK6WJOFx2SZYgY7n vlzHjThwvBRd5ZAo4TJ6Ux/wjMgOM1+JDyYs0JBUFyOBmtMf4o/7YeDubBOVJ/9RrXqeyhIdPA= = X-Received: from wroz6.prod.google.com ([2002:adf:f1c6:0:b0:43c:facf:6d8a]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:474c:b0:488:a2ac:a340 with SMTP id 5b1f17b1804b1-488d67e7212mr21451815e9.12.1775808028469; Fri, 10 Apr 2026 01:00:28 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:51 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2085; i=ardb@kernel.org; h=from:subject; bh=i+mFqLKqfPIlD2XAFQO4ErxCcgxefQreWpA5tkYfbQk=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPG2p9ml2v/Wa/f3BN/cqeayoUpgZNbK95Lz+h/xJZ76 Z7DQ46UjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRP/MZ/tdxn+hw/dZ1zO7n 2rb0OqX9EiG37BdVbo2K/CX6v3fD70MMf6U37Q10fSaYUcL5S7x3z4PSHcsmxV/9ZNs0ReB7wYs tMhwA X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-10-ardb+git@google.com> Subject: [PATCH 1/7] x86/efi: Omit redundant kernel image overlap check From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The physical region covering the kernel's executable image is memblock_reserve()'d in early_mem_reserve(), and so it is guaranteed not to intersect with the regions passed to can_free_region(). So remove the pointless overlap check. Signed-off-by: Ard Biesheuvel --- arch/x86/platform/efi/quirks.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index 35caa5746115..05ef1b06c25d 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -305,16 +305,11 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u6= 4 size) * can free regions in efi_free_boot_services(). * * Use this function to ensure we do not free regions owned by somebody - * else. We must only reserve (and then free) regions: - * - * - Not within any part of the kernel - * - Not the BIOS reserved area (E820_TYPE_RESERVED, E820_TYPE_NVS, etc) + * else. We must only reserve (and then free) regions that do not intersect + * with the BIOS reserved area (E820_TYPE_RESERVED, E820_TYPE_NVS, etc) */ static __init bool can_free_region(u64 start, u64 size) { - if (start + size > __pa_symbol(_text) && start <=3D __pa_symbol(_end)) - return false; - if (!e820__mapped_all(start, start+size, E820_TYPE_RAM)) return false; =20 @@ -343,10 +338,8 @@ void __init efi_reserve_boot_services(void) * Because the following memblock_reserve() is paired * with free_reserved_area() for this region in * efi_free_boot_services(), we must be extremely - * careful not to reserve, and subsequently free, - * critical regions of memory (like the kernel image) or - * those regions that somebody else has already - * reserved. + * careful not to reserve, and subsequently free, critical + * regions of memory that somebody else has already reserved. * * A good example of a critical region that must not be * freed is page zero (first 4Kb of memory), which may --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FAEE3AA1A6 for ; Fri, 10 Apr 2026 08:00:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808032; cv=none; b=FHlyCpXO6++D652l0PKw5xVA/QemvULzzeV0SAzDm4rNao3sC4VXeP9bmHL8hfkF3aQzxXooVPeLOiw2fzz2+3Ri/ErjGLnEFe70lNq7ciUDXyeAlyaMpP5bKwWD1VFMoo3QTkH27go/jniy45GONWLouqf9olGyCkRDPoshB7c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808032; c=relaxed/simple; bh=pr8QEBbnszis14zfZ5a8IpBKOMihG9vcklfRoGOhBUs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Fmno5+R+KOyvcSSX8uthfnhHtJYtXHFBqgD5/hd2x6yh30t72NeIh/DGJu9ZyaOAiU7+8gsj7CxNl6JsUGFatffsF6SAxVyvzCuq94pvtxFQLPo/NnPm1+fFkHWaNoqblAIwHIHIhF9LhMt7qc/mTq5EzPs5wshmDrtdt/B/wus= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=emM9+MyS; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="emM9+MyS" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4837b6f6b93so14199005e9.3 for ; Fri, 10 Apr 2026 01:00:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808029; x=1776412829; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AuKgU5F4yjz7fCBhFZrw06bTjm0O5cNfeictVRtboxE=; b=emM9+MySRdLJ5QO+bawj3TGKuDcDi5afVP6H69JixjBOQeMmVAjio82rnBYFanWwSm ++qrQ2abtvKbhU0zCxUTYLYJvAwXNyulHHKLgOqygiUBXPJyJoeWQmf51n/NuQ5yMoo+ Hl9wAkvoYEI+E5OqMSLm9zl7fTPOr2QyvAJIbREkdAryntTwFqAElSbs6xtXmmsQh5q3 dzCA+kE9ufHjxfPCP4UsNpD2cXVPvm2g3tvm+1/r1KOJqX7623EUkTyz6zsJFazZbrPW /jdw59Xqzlm9H9Ck+feCv2tQ9rjUvSDoppiiomLwgtyFx7InVUkzMtm8OaDNpdPBEhjo jrHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808029; x=1776412829; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AuKgU5F4yjz7fCBhFZrw06bTjm0O5cNfeictVRtboxE=; b=GgmVdOrQlfw4hrjSzn5RHJISO2EPj0W2hUmcwlwee6/UQ/G1eRtvXsFTaY+4wT0yIT POKsJvWlXsOLCIta3JpfGvhpNvOFXREM/x8PXC6UxpbDIoFFSisgBowLNFuzMkLL2+Ko NP/Vs7wZA7jxA1q/9DJxNCD25si9kVemqAyyvfikfX8XT54k3KXgVxO6KMkBeKZbhGr5 N1aXvEwgCrlJKoQrCvYr1ENdhYR5osj/J+QvV4ba8yPvRr+KDxedxDd5kr9TrBLb+lLr dKi1JlTK3aQpvpFDgaAmujXyXcHBJkUi1lFJm/JI6XoKguQhrYr8ljUpI8rVplMasfbz hziA== X-Gm-Message-State: AOJu0YwWANa+DhtomocKm1SMR5i2UoOfNnPjrcn3qcfAmboh+ngAEe0e 0fUpoijX/6s1ICYnGOPZ+xRy5a+2XZKrDBgPVMAfYrn96OUhxacdHuGHb0S5wpYYdf6H/ZkWRQ= = X-Received: from wrse9.prod.google.com ([2002:adf:fc49:0:b0:43b:7a63:37ca]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:a010:b0:488:aa3d:faca with SMTP id 5b1f17b1804b1-488d68af250mr25530245e9.18.1775808029523; Fri, 10 Apr 2026 01:00:29 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:52 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=915; i=ardb@kernel.org; h=from:subject; bh=4dG7M9eLw58W6NeWNgCBMOIErdjPUYMAR1EfYEEwfHo=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPG2l/dG4oWhR5gEZB+wN/sM3NL47vYYGdHA5PYrnUyB X/tYh92lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIksEGZkWJAb4zZZtzrZ8+Ci efPyzsXvfHPJa198549nMqnT7yrL/mdkuCd4ab3Hd6/9y23mrHTznu+xuHbm3nWhizbviS2rMVw jzg0A X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-11-ardb+git@google.com> Subject: [PATCH 2/7] x86/efi: Drop redundant EFI_PARAVIRT check From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel efi_memblock_x86_reserve_range() exits early if EFI_PARAVIRT is set, so there is no point in checking it a second time further down. Signed-off-by: Ard Biesheuvel Reviewed-by: Thomas Huth --- arch/x86/platform/efi/efi.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index d84c6020dda1..b60f8454a1ec 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -211,11 +211,9 @@ int __init efi_memblock_x86_reserve_range(void) data.desc_size =3D e->efi_memdesc_size; data.desc_version =3D e->efi_memdesc_version; =20 - if (!efi_enabled(EFI_PARAVIRT)) { - rv =3D efi_memmap_init_early(&data); - if (rv) - return rv; - } + rv =3D efi_memmap_init_early(&data); + if (rv) + return rv; =20 if (add_efi_memmap || do_efi_soft_reserve()) do_add_efi_memmap(); --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D37CC3AB260 for ; Fri, 10 Apr 2026 08:00:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808035; cv=none; b=fJF4MDXW5daxYcXb0JFGRqbd/Izs9mLRLQ0CpVJLtbUeVkIaFEJ+S57KONaff6Wx4XUt4jyC49kbH5qfqXHJMsIfeklHNT8gbxjxT8TAHYCfxWOl0tfsJOXdyXgL04xWB9qZeZTw0egKtDS4Jfjgn4Ekye+VxP9gLrqtgz69IyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808035; c=relaxed/simple; bh=lU3bZHXBTGkw7+BD61qLmq3Q/hsggbp8heSCEgprnFU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Ba+ym1BKExPI3QvR7a4VG1sHQgydNGJ1TveS9OvrSoL9SyRlL1iWDOR//VqJ4wIzglUOOAKz0UJzRUwbs1Cbrk0a5OXd0H89mU4ErrxSEX8BVT0c1/0Zna2FkzO6Biaj2Y0VitEXBG9h35+8PafIFX6i4HUtGGYMIfBg6nQ9k5E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XIlKbKeR; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XIlKbKeR" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-4362197d1easo1230604f8f.2 for ; Fri, 10 Apr 2026 01:00:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808031; x=1776412831; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lyrlB4WzYxChX1lupcLvEn8b3bwfY9ejggIuX50+pQE=; b=XIlKbKeRd03koDGTtbGdoRaoPVaXem24jqxNx4Fw23eRj19wA4gXCqi+oPN/xRCfvO RSsaAtZk5/7Qh6eZEQl6+oPmDBi52ueBxurqj2KOTUjGzflQCnWSba9a4pCcp6se8Lqi ftoKUZ6NUt6kyXurhuBTUnyTMLKMeKm6ITMwIgYJcp+mFFsrHvyNeoV/dvlpJqorGQTk ez4mDfmVyfnNDZdcitzUnlIMpbNJcUQBeFw7B24NmWgYn2LveLudhPADNLCWLl3YOjwo vSTs9806cTzckmX93PE1xiqs+iP4i+qXPQ0riuUTsPAMITNdrFdQM8+iwdq9/7tS0JLR 8EpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808031; x=1776412831; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lyrlB4WzYxChX1lupcLvEn8b3bwfY9ejggIuX50+pQE=; b=e4YqnB+LVLufL1rtoAdvQZQAsqL+XA0lNQWCuXKoZO2ilXZNW7EZuO/3PePZDJ8O0H LFc00mcCydAeD4mwHpsc36yAb4TAUaiyj/xB4LBYuzSNKI+Z2BtljNzPVQjiKEGqChY9 JlLEgpwK09f6XkwSIyp9fnkb3iZqZAYp5u27WUXwV2K915ce2A3+Xp7FlJdzEBGyxgyJ TTTReTa4wbid49qFxN/9DYWebPF74yLNtttbpBohulho4WoXvIG2DU83c5reZAeVkO+m JH0wSJB7pmyKb3q5UdVLcTaSzIz+1l+w2p583gVVlFbPzlpx9Kq92akUxJHHY5/y6sVf QYGA== X-Gm-Message-State: AOJu0YzVJb93u7nJz46q5tBHPrqHMQw9Sw0BNYnT6xw4aKeBR8f1s5RC kDWjGDilKmsf+NWDbnyfcRhZA1AZComx+wjvUipiZOfaR7VWBk5bmZ0iVTmxfye5/pqfrIOXhQ= = X-Received: from wrxp1.prod.google.com ([2002:a05:6000:181:b0:43c:f8f1:8e8]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5f94:0:b0:439:c62a:6dc2 with SMTP id ffacd0b85a97d-43d642b1920mr3246794f8f.41.1775808030771; Fri, 10 Apr 2026 01:00:30 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:53 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4145; i=ardb@kernel.org; h=from:subject; bh=Agc4UCTg/xwUx4YQxdagTJIbedCrqSRRvBngGubFfFM=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPG2j/NQd9vF4lKVB/0afPRm8Eg8XWd5MFqXpYUtzlZk /JPM3l3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIk8dGVkWKlcLm4z71i+5mLG HfGBgZdKDZ3dPkrIxkurNP2euEq+neF/wIeckKbk9FXrpYN3a/Fx6FWFH0zzvjaLI2CpSrSR2G0 +AA== X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-12-ardb+git@google.com> Subject: [PATCH 3/7] x86/efi: Only merge EFI memory map entries on 32-bit systems From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Commit 202f9d0a4180 ("x86, efi: Merge contiguous memory regions of the same type= and attribute") introduced a pass over the EFI memory map, ensuring that contiguous regions of the same type and attribute are coalesced into a single entry. This was needed because relative references may exist between those regions, and so the virtual remapping needs to preserve the relative placement of these regions. This virtual remapping was based on ioremap() at the time, which does not guarantee that adjacent physical addresses are mapped adjacently in the virtual space. Commit d2f7cbe7b26a ("x86/efi: Runtime services virtual mapping") introduced a new strategy for virtually remapping the EFI runtime services, which is now the only remaining one, and commit a5caa209ba9c ("x86/efi: Fix boot crash by mapping EFI memmap entries bott= om-up at runtime, instead of top-down") tweaked the logic to ensure that the relative offset of adjacent regions of any type is preserved on 64-bit systems, by reversing the order in which the EFI memory map is traversed when choosing the virtual placement. This means that merging regions is no longer needed on 64-bit, given that the relative placement of adjacent regions is guaranteed to be preserved in the virtual space. So make this hack 32-bit only. Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 6 ++++ arch/x86/platform/efi/efi.c | 31 -------------------- arch/x86/platform/efi/efi_32.c | 31 ++++++++++++++++++++ 3 files changed, 37 insertions(+), 31 deletions(-) diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 51b4cdbea061..e397ea61c9f8 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -143,6 +143,12 @@ extern void efi_unmap_boot_services(void); void arch_efi_call_virt_setup(void); void arch_efi_call_virt_teardown(void); =20 +#ifdef CONFIG_X86_32 +void efi_merge_regions(void); +#else +static inline void efi_merge_regions(void) {} +#endif + extern u64 efi_setup; =20 #ifdef CONFIG_EFI diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index b60f8454a1ec..2330d028a889 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -502,37 +502,6 @@ void __init efi_init(void) efi_print_memmap(); } =20 -/* Merge contiguous regions of the same type and attribute */ -static void __init efi_merge_regions(void) -{ - efi_memory_desc_t *md, *prev_md =3D NULL; - - for_each_efi_memory_desc(md) { - u64 prev_size; - - if (!prev_md) { - prev_md =3D md; - continue; - } - - if (prev_md->type !=3D md->type || - prev_md->attribute !=3D md->attribute) { - prev_md =3D md; - continue; - } - - prev_size =3D prev_md->num_pages << EFI_PAGE_SHIFT; - - if (md->phys_addr =3D=3D (prev_md->phys_addr + prev_size)) { - prev_md->num_pages +=3D md->num_pages; - md->type =3D EFI_RESERVED_TYPE; - md->attribute =3D 0; - continue; - } - prev_md =3D md; - } -} - static void *realloc_pages(void *old_memmap, int old_shift) { void *ret; diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c index b2cc7b4552a1..886ede4117b5 100644 --- a/arch/x86/platform/efi/efi_32.c +++ b/arch/x86/platform/efi/efi_32.c @@ -152,3 +152,34 @@ void arch_efi_call_virt_teardown(void) firmware_restrict_branch_speculation_end(); efi_fpu_end(); } + +/* Merge contiguous regions of the same type and attribute */ +void __init efi_merge_regions(void) +{ + efi_memory_desc_t *md, *prev_md =3D NULL; + + for_each_efi_memory_desc(md) { + u64 prev_size; + + if (!prev_md) { + prev_md =3D md; + continue; + } + + if (prev_md->type !=3D md->type || + prev_md->attribute !=3D md->attribute) { + prev_md =3D md; + continue; + } + + prev_size =3D prev_md->num_pages << EFI_PAGE_SHIFT; + + if (md->phys_addr =3D=3D (prev_md->phys_addr + prev_size)) { + prev_md->num_pages +=3D md->num_pages; + md->type =3D EFI_RESERVED_TYPE; + md->attribute =3D 0; + continue; + } + prev_md =3D md; + } +} --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BADAE3AB272 for ; Fri, 10 Apr 2026 08:00:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808036; cv=none; b=COzvZhWIJ1K0yNXVjQkDChTOB/HF5c2LRBG7cFJtGAznttO4qmvzBEGkv5L7pQanHIoA5b7mhxu71r7HwA56UbZQ2fX27TVp+GnwUY/mZFGNuVudVFWk2rpwh7jU69KlS9mTai5Z0tARnsYPnizVd3paRpfthrHSvidGRZTLiG0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808036; c=relaxed/simple; bh=nhSKk3yiZTlmuLZlKrP4M/EwgJGoUmv6HuP/CfHcubE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tyWm3IQIAVsZc7eaM2uA7V6VVcB4ZremkFGS+Js2RemE6v0axg0FCHu7wtSCYKhFgU6qtuxFlm8Sr2TSldfaPi92Fxr12hd5SAN9Tn1LcYs6b9OFaN3TPS6pgMfERQ1HWNLxWpLbS+lGpIdPTdKyY/NjwMRRnZPELVmVFg4C8Dk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MGR7ZU1C; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MGR7ZU1C" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-488d6ebe9cfso3826515e9.2 for ; Fri, 10 Apr 2026 01:00:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808032; x=1776412832; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Jh+VwlSPoKJfKmdjpjK1njBuyxMj3AtXQ5UacMb0+Mg=; b=MGR7ZU1Cg0tQ6ykq53SSZmTKbEypuBPwThtOVATo8LzWmpDqzdALf8hvybqaw48hhI aBYNECpxUDl7oGTxNWKN28g+yCKqm6Z/8WKmKatC47QJeWfFQWeGw+lkVFxjAJZBozYw SYIit7yyds3WsZJpmP8MhwfNA8ne1NYcUnXCmYR3YissVIKI8xrcFDSBLHr0ZKPENLkg DCjCIcvt/pdMIpPTTkdv4NzvYh4e9gM8lwNFx1pPLXH7Nzzv2szzth95gW6RmyWCIn4T Gv/SCZ7tb/hyfkuKpdYB07VkHtyexmkN4LLkrOd0G2L7bX7hwMyH550fOPVR27hiJP5G N0BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808032; x=1776412832; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Jh+VwlSPoKJfKmdjpjK1njBuyxMj3AtXQ5UacMb0+Mg=; b=g6tWbtEThQC5VLZxt2PmDfRAG/+r1azFxmwePNkcWh8eraPzvmsRX0sX7CH7x6rMiv 5mFrelIpwhM8cdnSagnlYfDZUdTf3QHr+LBM/ctuurzomley4/GWQfBdPT7/uejz2nOg sDI1odWPetNu1ivlJXJXJwUVcYx2auzMdf3twnm7z1/0ctqVVLmVyigmFxpXF6V8vZrn VzxaNL0QjJ2s7hX+UNz9znqe5vcPSBWVBOHZsNZKqTX7LNwxMUxLr5Pty+oKWIwHjdVx eVDhzaLFwKMK9181hxBVXBCdIisTe+dWcn/UipacTmqrib6rsQKh9aHxF9Yi+pd/6iSB ZpHw== X-Gm-Message-State: AOJu0YzhzDGGllaoTmjUnac0KyeUEqejL0GRSM7HKF7r4+6rnY4R0jPE G8YWLgZ39wUaucBO7Oh5NKC/DPf4O/H4pi94AErTq/W36Oq4CWp03BpEjlIaA517OvZr377P6w= = X-Received: from wrbdi3.prod.google.com ([2002:a05:6000:ac3:b0:43b:865c:710a]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c171:b0:488:a894:b27a with SMTP id 5b1f17b1804b1-488d67f0105mr26435495e9.8.1775808031836; Fri, 10 Apr 2026 01:00:31 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:54 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1904; i=ardb@kernel.org; h=from:subject; bh=6FE52P5VWh4lK//afSy92y8GicT/whGYEMZykED7ys4=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPG2r+qXI/vRh02LZDY9/bdqZD5V5dHta8KMzKS8Nlwt 0BmwtbcjlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR5TIM/4srEm5Mai7usGP7 dc49T1rs91zvRez58Rcqevs7g748aWT471j1p0N+ktjlSYui1Dg8/BgL90cYRLUJPXjxQ/H7wuf J3AA= X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-13-ardb+git@google.com> Subject: [PATCH 4/7] x86/efi: Defer sub-1M check from unmap to free stage From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel As a first step towards moving the free logic to a later stage altogether, and only keeping the unmap and the realmode trampoline hack during the early stage of freeing the boot service code and data regions, move the logic that avoids freeing memory below 1M to the later stage. Signed-off-by: Ard Biesheuvel --- arch/x86/platform/efi/quirks.c | 28 +++++++++----------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index 05ef1b06c25d..999c9277c49c 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -468,18 +468,6 @@ void __init efi_unmap_boot_services(void) size -=3D rm_size; } =20 - /* - * Don't free memory under 1M for two reasons: - * - BIOS might clobber it - * - Crash kernel needs it to be reserved - */ - if (start + size < SZ_1M) - continue; - if (start < SZ_1M) { - size -=3D (SZ_1M - start); - start =3D SZ_1M; - } - /* * With CONFIG_DEFERRED_STRUCT_PAGE_INIT parts of the memory * map are still not initialized and we can't reliably free @@ -537,12 +525,20 @@ static int __init efi_free_boot_services(void) if (!ranges_to_free) return 0; =20 - while (range->start) { - void *start =3D phys_to_virt(range->start); + while (range->start || range->end) { + /* + * Don't free memory under 1M for two reasons: + * - BIOS might clobber it + * - Crash kernel needs it to be reserved + */ + unsigned long s =3D max(range->start, SZ_1M); + void *start =3D phys_to_virt(s); void *end =3D phys_to_virt(range->end); =20 - free_reserved_area(start, end, -1, NULL); - freed +=3D (end - start); + if (start < end) { + free_reserved_area(start, end, -1, NULL); + freed +=3D (end - start); + } range++; } kfree(ranges_to_free); --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1B9B3ACA45 for ; Fri, 10 Apr 2026 08:00:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808039; cv=none; b=cUFHJ8R+7h7wQ9LMPdpJLKB0V8H7QqmBDRpCWFTLl8ocpcqzDsqPJyzbkdITLDutriAjwn7y0Dm4/zkWDwLBgzaZOckrfrYFN5MWmnunY0nrlEJ9ES0ym5IkbVHmJRHy0fC3A6BDGW9+ALCDaEXSdE/RyC9k92m+yuOlj7CZ49o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808039; c=relaxed/simple; bh=4W4CxxD5Dxlp7I+ADPSq/Vuyb33eiXHyxz8fUdtuBfo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=BYDS/N1X/unPsqMOXWUe9Hh8dm6u/OYNkroOm/Mcg6PNCgGFgihPKIGfuJT9Sp+ypEP5CgvyIXmnZNo02hhc2GVLw6eFz556ERyT+Q8IMVX4n6immmcKDcHQPJqkCVjRu4Pn4x4BAZkNxF0mdNGcU7qAxYZpCKXxWR3TJLyhyW0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GNv/8Tu+; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GNv/8Tu+" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-488d2cd2674so9092525e9.0 for ; Fri, 10 Apr 2026 01:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808035; x=1776412835; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=64Gsuc+pgbKxgzVx0XspSJLmGpBqh32jTkSHxGYvit0=; b=GNv/8Tu+p7/KZhsRUaSsPsrXj+UbfQC6giKOJaqKU22IFYg/+lTgG3wUC5epxkgKi1 uX68KcgVUIJKEUrOd1n/eRqWXXgCVBxfeYwtB+B+PxFy5/STXP8FRfIlOvKlx3ALw8QT bb/U7p53MsTVxJfTZUVwmwBNSALyc+OF7LG4yLJSjFAy26ywZ0+FlPavacDI8bH0MTKX oxr//kB+bTcsM7epN/varIIN6H0RcgHhEpCNucsUXTmHS/ZIR4j386/XZSHe5aK13gVR GF6csDg4DuOrVdwU8p3NPj6Ex8SuExYfn1rMsuWA7duW59hAltUTvWPlszGdfZ/6xFn7 Gq3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808035; x=1776412835; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=64Gsuc+pgbKxgzVx0XspSJLmGpBqh32jTkSHxGYvit0=; b=NLz6VONBsYV3x/8Ho1wtEC1Iv6BbztnmwRkwxaCIKX0I7OqrD5XJW5jIUkA1edlZqD nPSzbGFLLP9ASK6yp7bMnrz2pwXvUX4k4hgV0NMxW1e7gHwhjfwPnkVaqPYal0BhhGc7 RLiHKvaQ9/E6BjnNo6V8yawr5Fgx13tuAs7ROE4t7d320DTA10U2IXKAKsLZNcOoxSvb 5HFsH920I3r/dU2zN5BIGnLGN6m11v2RY9bIrYhKyKrlKEAASyIinEV3lRuQwNBhkIKR Ly0yxc4AwV6zRO6HtgZVUNgK21AvIgHaZekT2x3ORxRLdIGRVZiMNxNlsho80xb5jgqP 2PYg== X-Gm-Message-State: AOJu0YxqpbZebSQ+GKaHScC3gAPg7b5neGXqmz5CatMmkCZ40ytXF+0k uNcjf27PKfWx5DLLnrS53aGgwapW0WScD/rCzaieg9VWkw4DUsDnRqS6Ev4IUymldpyVR3CZFg= = X-Received: from wmbz1.prod.google.com ([2002:a05:600c:c081:b0:488:888b:cf6b]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8907:b0:488:80b6:873a with SMTP id 5b1f17b1804b1-488d6860bc3mr15809595e9.21.1775808033196; Fri, 10 Apr 2026 01:00:33 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:55 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3763; i=ardb@kernel.org; h=from:subject; bh=0dtpy6UFjr/qVlazrgUyoaxEm1jrc76faJUnaSEwhU8=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPG2v+9TNaW1mcyLtx/oL1Iz0XN5Xm1ON/GI2+Oh/jKP 9uxdn90RykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIXjOG/3G3i6sOaqR8an0Y ZLCttDHDYVvOze7Hl5ytFr+O7U/luMLIcIj5Ce/8+8wN7FVZdVWZUSK1EtaTWuyilOJa7xXrHxV kAQA= X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-14-ardb+git@google.com> Subject: [PATCH 5/7] x86/efi: Simplify real mode trampoline allocation quirk From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel To work around a common bug in EFI firmware for x86 systems, Linux reserves all EFI boot services code and data regions until after it has invoked the SetVirtualAddressMap() EFI runtime service. This is needed because those regions may still be accessed by the firmware during that call, even though the EFI spec says that they shouldn't. This includes any boot services data regions below 1M, which might mean that by the time the real mode trampoline is being allocated, all memory below 1M is already exhausted. Commit 5bc653b73182 ("x86/efi: Allocate a trampoline if needed in efi_free_boot_= services()") added a quirk to detect this condition, and to make another attempt at allocating the real mode trampoline when freeing those boot services regions again. This is a rather crude hack, which gets in the way of cleanup work on the EFI/x86 memory map handling code. Given that - the real mode trampoline is normally allocated soon after all EFI boot services regions are reserved temporarily, - this allocation logic marks all memory below 1M as reserved, - the trampoline memory is not actually populated until an early initcall, there is actually no need to reserve any boot services regions below 1M, even if they are mapped into the EFI page tables during the call to SetVirtualAddressMap(). So cap the lower bound of the reserved regions to 1M, and fix up the size accordingly when making the reservation. This allows the additional quirk to be dropped entirely. Signed-off-by: Ard Biesheuvel --- arch/x86/platform/efi/quirks.c | 29 ++++---------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index 999c9277c49c..ee906c0c46c1 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -324,10 +324,14 @@ void __init efi_reserve_boot_services(void) return; =20 for_each_efi_memory_desc(md) { - u64 start =3D md->phys_addr; - u64 size =3D md->num_pages << EFI_PAGE_SHIFT; + u64 start =3D max(md->phys_addr, SZ_1M); + u64 end =3D md->phys_addr + (md->num_pages << EFI_PAGE_SHIFT); + u64 size =3D end - start; bool already_reserved; =20 + if (end <=3D start) + continue; + if (md->type !=3D EFI_BOOT_SERVICES_CODE && md->type !=3D EFI_BOOT_SERVICES_DATA) continue; @@ -427,7 +431,6 @@ void __init efi_unmap_boot_services(void) for_each_efi_memory_desc(md) { unsigned long long start =3D md->phys_addr; unsigned long long size =3D md->num_pages << EFI_PAGE_SHIFT; - size_t rm_size; =20 if (md->type !=3D EFI_BOOT_SERVICES_CODE && md->type !=3D EFI_BOOT_SERVICES_DATA) { @@ -448,26 +451,6 @@ void __init efi_unmap_boot_services(void) */ efi_unmap_pages(md); =20 - /* - * Nasty quirk: if all sub-1MB memory is used for boot - * services, we can get here without having allocated the - * real mode trampoline. It's too late to hand boot services - * memory back to the memblock allocator, so instead - * try to manually allocate the trampoline if needed. - * - * I've seen this on a Dell XPS 13 9350 with firmware - * 1.4.4 with SGX enabled booting Linux via Fedora 24's - * grub2-efi on a hard disk. (And no, I don't know why - * this happened, but Linux should still try to boot rather - * panicking early.) - */ - rm_size =3D real_mode_size_needed(); - if (rm_size && (start + rm_size) < (1<<20) && size >=3D rm_size) { - set_real_mode_mem(start); - start +=3D rm_size; - size -=3D rm_size; - } - /* * With CONFIG_DEFERRED_STRUCT_PAGE_INIT parts of the memory * map are still not initialized and we can't reliably free --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6B523ACA51 for ; Fri, 10 Apr 2026 08:00:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808039; cv=none; b=X9XK+3a34AsszwDaPhsbACezRM+dw19R0H9ZqG+V4e4E4qwPWuv03809z+5KFeJA5C1FK8aKAEF//k1KIgwe0suczVf+hNEx4WZUVjrmLMsnsqerKWuwFJXPA9Eo+qgAWRDycFLulFHppzdpVh0UJNwGsFfEJ5AsTg3C+0EQ0eM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808039; c=relaxed/simple; bh=xiBwRUwdD7mwCb3k1s6xV78E/2MQKEFPT4F6+ExAwmQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=i+jdM9CUdhAU03hJzSEPJGgzu3IVhWHOtyTQhNB/eY16uLvTnoih9M9zY+3oZ0c6kqgWG0GkxI6uxKkarPNtc4/QbUzZHNjcs7FMJGVrKxFHcbXctH+ik6yte69AKI94KjbkmgHQQL9bOln/A3S5oLKScUTKvN7ZSvkV0daYW7Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z2YEXOFK; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z2YEXOFK" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-488c2cc0cbaso10044435e9.3 for ; Fri, 10 Apr 2026 01:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808035; x=1776412835; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=uwcAQPDDIrW1cFM9HvdigTfFfqAoQNgDOfizPxofehU=; b=Z2YEXOFKj8JUhSB7KyPkVZifrR4UQTSyfsc+9K2N8hwTc7mpqKBXneCZct3LQflKcZ Y8PDqu1wsvZAtPFm60V0p4PAdJ8qDQrOhGwrUpF8S1rXNA19z2fZDB8E/0lP6Wt7RMUs Ij1w6ktc8uh8EYJeIbErZlDJP6bpA2w0jSuJhTDyAh6e1ZfWEZKiimWidQzrp9A7g/xB aQnbcI8KKNNuL4Awlzrg2ZCiS5x7iT6Wvc+xNTTycxTa0FWO6PrEhVrFeg9mMU14BiMW yH+VflzcMu4v19mkXO+mGvgFmxRvTFW/YjKr1iVrz8GvmSWJvZlUjRjEwAdSDw458xjG Fq6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808035; x=1776412835; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uwcAQPDDIrW1cFM9HvdigTfFfqAoQNgDOfizPxofehU=; b=bA4QGsdPlqqseOrUkfWhNNB12VtcjRKZXK9DZiKkCMrhGhDPDLUmC29Y4hvp8RB6yM mTCpK1FgJxLpkjT5KgtlBduH1GWlm2YhVw4Xr7sCrWChOebMGRKchAKwqOtjIj7vUTAf bmSIXpWLBHpXak8V6Ly6fz7aqc6UjpL8RpTwCDsL91T1jPM4W7mLzzYiCkhbon25ytKO z7Xa4AYM1E8XhSJQbuAi2+IgB9domgAgtiqO1qZcBXy9boE0mMjyJdq5iNtlavW4zkE2 Vy8Mw5xiFn2t6arSW87fnlOJFiMS8VLCpj/cyyiejod42+TAmpCHysgbZ/Gl9ZWnNQZZ 58ZQ== X-Gm-Message-State: AOJu0YwhhaC4rXK+/c5W1sRrMv5yy6dje2vMQY1yQ/unD/NiuSj8SGcC O7UWwB8SDo4hVbPZShmK/JnV8ho6a0XGBitA7OQM/XJErSlfjsy334rLPajisdja2VhLwgJZXg= = X-Received: from wrmg2.prod.google.com ([2002:adf:e402:0:b0:43c:fd30:98a9]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c10d:b0:488:ae4e:51a5 with SMTP id 5b1f17b1804b1-488d683d633mr16251785e9.15.1775808034928; Fri, 10 Apr 2026 01:00:34 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:56 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1541; i=ardb@kernel.org; h=from:subject; bh=G2RtUAKBQckrIeEWiuJzklUVykG05lXyXKv1jbxIYNI=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPGOoZHnG67pz06+TN2k0qQ5Ntq92SWB9P98iYWXV1cV fc649K7jlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR8hJGhkk68+dx1BasXttt Y73a6eIl0dYP/gUmnSe+KM7YI38ywpqR4Z3j3OoL8etuLTh8naFLz2i96R6juJuiP8LtWlrvztu bzg4A X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-15-ardb+git@google.com> Subject: [PATCH 6/7] x86/efi: Unmap kernel-reserved boot regions from EFI page tables From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Currently, the logic that unmaps boot services code and data regions that were mapped temporarily to work around firmware bugs disregards regions that have been marked as EFI_MEMORY_RUNTIME. However, such regions only have significance to the OS, and there is no reason to retain the mapping in the EFI page tables, given that the runtime firmware must never touch those regions. So pull the unmap forward. Signed-off-by: Ard Biesheuvel --- arch/x86/platform/efi/quirks.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index ee906c0c46c1..929ee71a140c 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -438,12 +438,6 @@ void __init efi_unmap_boot_services(void) continue; } =20 - /* Do not free, someone else owns it: */ - if (md->attribute & EFI_MEMORY_RUNTIME) { - num_entries++; - continue; - } - /* * Before calling set_virtual_address_map(), EFI boot services * code/data regions were mapped as a quirk for buggy firmware. @@ -451,6 +445,12 @@ void __init efi_unmap_boot_services(void) */ efi_unmap_pages(md); =20 + /* Do not free, someone else owns it: */ + if (md->attribute & EFI_MEMORY_RUNTIME) { + num_entries++; + continue; + } + /* * With CONFIG_DEFERRED_STRUCT_PAGE_INIT parts of the memory * map are still not initialized and we can't reliably free --=20 2.53.0.1213.gd9a14994de-goog From nobody Sat Jun 20 20:52:37 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C386A3AB298 for ; Fri, 10 Apr 2026 08:00:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808042; cv=none; b=hLkTKS3ODr6JjrfsdtSRT1yDnTKctpaG++8EgOl+ZhQ0DWHwl9p3WtGmCu1b/5kmbIfwwckLoB1EKGqlZSd3k9z4OXganFomv0MYxVl/f1JdQfXGf4RxLxMgp4K1zrCt4i6kDt9+LH0qqOtSykRTUiIm8l12SEYUoWXO0Km9vks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775808042; c=relaxed/simple; bh=iLen1aR102YuA/eT56ah2gSVgDvHfb0/X1KtXE0m5Oc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GIEsM5Ux1Esmt8MzGcxMtPmEiUZnRBXCqGoXdQTA1qd3V0OA4b5r5guzvaP6FmTUtEuzo09Y4Q8UfeocHbIyxzwTyzPg8YznpOYuXzBBFbxfuDFkYKnN+CjFk8k4TO08PFcLoImr5fze3TG/6T4AiZrUBdprRpAjNOejqlW/R3A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B8PuJzaW; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B8PuJzaW" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-488c16958e9so10785715e9.1 for ; Fri, 10 Apr 2026 01:00:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775808036; x=1776412836; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=634Dmh8NJpUnXMsTawnmCgoHk0n99s2/V3zN7QrSSpg=; b=B8PuJzaWsmK6L9j1ZyZDSjh5wodebeQUvwndGgtvjo0REvd7yWyCFhsD+cB5V+DHe8 EgyLr+mTPlKhjtHN37g4SeMiFV2CYJK6dhwcJjaib89ZMf3mKkPsGO/l2tcmsEQ+yG77 eGlFrYTR8jIl/QIPF2Rog5MJ8JgF1YnuCXroU0PjnAKvl3eOLZ6SkYR+py67XoHwSpuO akcrrnKbIRHQcfSJ5RJcbCoMHnH0em7URMZFD8d+ype13Sk5HSTMQKSSln0ss3PmFxuS 3pZXS3ZcjxjflAxw9HYiD1l3GQG6/asHLI7AfVPjWB51OZhpwvslYshZ8iU7xOG3+msS 6oOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775808036; x=1776412836; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=634Dmh8NJpUnXMsTawnmCgoHk0n99s2/V3zN7QrSSpg=; b=fRU5vso4oYfoDbEOR/NASRl0Xd/0XbMgsh9PZfxTPzpF5g2TmzbHv3cc7DOj4uvykK HECD18p9GnnvCPWAi6XDYyqu1TtY9vvqEcke7LqMfs2Z3Y41Wd0EQBjDkjnBycHBFjaH /xMicyz8NiKzREE+LhYbt93uStYqf7IUN/JU2muXNayr3Or8mNWhw4WbsHoCOOmH/ud4 TI05PT0yrf4JkjTSmevatxgik3b26hyvBEo0ABsHY23uIoI/zyobHX0MmS+q0uMll0DB z185p4e6aW6KmkSxPR4BXaLNZDlqQYYRgOrgB1jvD3xOhWXrtTodjvaqeoaJONJ9cpGt EPdQ== X-Gm-Message-State: AOJu0YzDWGTTKAuabR0SO2KlU/K6N7VD0NQBsLr8z46st7u+pQrJgQ/w 08rtH33K0UmhsN5wnRgYN5Fl2CPWR8GqKSqarwyXBtWTKK3oj7qkApkpfkPYktSXC4HlixSWfg= = X-Received: from wrsh15.prod.google.com ([2002:adf:fd4f:0:b0:43c:f5f6:7a44]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6990:b0:488:a2ac:a34c with SMTP id 5b1f17b1804b1-488d67f5bf5mr23156855e9.12.1775808036295; Fri, 10 Apr 2026 01:00:36 -0700 (PDT) Date: Fri, 10 Apr 2026 09:59:57 +0200 In-Reply-To: <20260410075950.1687350-9-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260410075950.1687350-9-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2065; i=ardb@kernel.org; h=from:subject; bh=T5sTl7puRsqzLiSvOrabalA8+UTfZUouj5nq1Nh6ncg=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIfPGOqbPf2/szZBxtHmvWNeQzfJv/XSWl1E749IN7Fy6R er5g9M7SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwEQK9jIyTPNqv2Llc7Z5s9wl /yJmzS1P21Je+k+q8C+doxzVarbTnpHhZCrLqaYbfPEWVxxdbScyuF6wv32i8zBHuE/9le+ljj0 MAA== X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260410075950.1687350-16-ardb+git@google.com> Subject: [PATCH 7/7] x86/efi: Drop EFI_MEMORY_RUNTIME check from __ioremap_check_other() From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel __ioremap_check_other() is called when memremap() is used on memory that turns out to be reserved. This may be the case for ESRT or MOK tables that are reserved via efi_mem_reserve(), in which case they will be covered by EfiBootServicesData entries in the EFI memory map. Such entries are created with the EFI_MEMORY_RUNTIME attribute set, to distinguish them from EfiBootServicesData entries that were reserved only temporarily, in order to work around firmware bugs. However, given that a) __ioremap_check_other() is only called for memory that could not be mapped using try_ram_remap(), b) on x86, the EFI memory map only retains EfiBootServicesData entries that cover a permanent reservation, the EFI_MEMORY_RUNTIME check is redundant, and can be dropped. This removes the need to set this attribute in the first place, which is desirable as it results in considerable complexity in managing the EFI memory map on x86. This will be addressed in follow-up work. While at it, use switch() rather than if() to avoid multiple calls to efi_mem_type(), which is backed by a hypervisor call in some cases. Cc: Tom Lendacky Signed-off-by: Ard Biesheuvel --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index 12c8180ca1ba..5be11e031b8e 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -124,10 +124,11 @@ static void __ioremap_check_other(resource_size_t add= r, struct ioremap_desc *des if (!IS_ENABLED(CONFIG_EFI)) return; =20 - if (efi_mem_type(addr) =3D=3D EFI_RUNTIME_SERVICES_DATA || - (efi_mem_type(addr) =3D=3D EFI_BOOT_SERVICES_DATA && - efi_mem_attributes(addr) & EFI_MEMORY_RUNTIME)) + switch (efi_mem_type(addr)) { + case EFI_RUNTIME_SERVICES_DATA: + case EFI_BOOT_SERVICES_DATA: desc->flags |=3D IORES_MAP_ENCRYPTED; + } } =20 static int __ioremap_collect_map_flags(struct resource *res, void *arg) --=20 2.53.0.1213.gd9a14994de-goog