On Tue, 2 May 2023 at 15:37, Tom Lendacky <thomas.lendacky@xxxxxxx> wrote: > > On 4/24/23 11:57, Ard Biesheuvel wrote: > > This series is conceptually a combination of Evgeny's series [0] and > > mine [1], both of which attempt to make the early decompressor code more > > amenable to executing in the EFI environment with stricter handling of > > memory permissions. > > > > My series [1] implemented zboot for x86, by getting rid of the entire > > x86 decompressor, and replacing it with existing EFI code that does the > > same but in a generic way. The downside of this is that only EFI boot is > > supported, making it unviable for distros, which need to support BIOS > > boot and hybrid EFI boot modes that omit the EFI stub. > > > > Evgeny's series [0] adapted the entire decompressor code flow to allow > > it to execute in the EFI context as well as the bare metal context, and > > this involves changes to the 1:1 mapping code and the page fault > > handlers etc, none of which are really needed when doing EFI boot in the > > first place. > > > > So this series attempts to occupy the middle ground here: it makes > > minimal changes to the existing decompressor so some of it can be called > > from the EFI stub. Then, it reimplements the EFI boot flow to decompress > > the kernel and boot it directly, without relying on the trampoline code, > > page table code or page fault handling code. This allows us to get rid > > of quite a bit of unsavory EFI stub code, and replace it with two clear > > invocations of the EFI firmware APIs to clear NX restrictions from > > allocations that have been populated with executable code. > > > > The only code that is being reused is the decompression library itself, > > along with the minimal ELF parsing that is required to copy the ELF > > segments in place, and the relocation processing that fixes up absolute > > symbol references to refer to the correct virtual addresses. > > > > Note that some of Evgeny's changes to clean up the PE/COFF header > > generation will still be needed, but I've omitted those here for > > brevity. > > I tried booting an SEV and an SEV-ES guest using this and both failed to boot: > > EFI stub: WARNING: Decompression failed: Out of memory while allocating > z_stream > > I'll have to take a closer look as to why, but it might be a couple of > days before I can get to it. > Thanks Tom. The internal malloc() seems to be failing, which is often caused by BSS clearing problems. Could you elaborate a little bit on the boot environment you are using here?
