Added the following 2 commits to optimize memory consumption

tpm: Disable the tpm verifier if the TPM device is not present
powerpc: increase MIN RMA size for CAS negotiation

Resolves: #RHEL-76558
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
This commit is contained in:
Nicolas Frayer 2025-03-17 15:53:16 +01:00
parent e36472a9a9
commit d2abbf1abe
4 changed files with 282 additions and 1 deletions

View File

@ -0,0 +1,156 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 22 Mar 2023 12:25:43 +0800
Subject: [PATCH] tpm: Disable the tpm verifier if the TPM device is not
present
When the tpm module is loaded, the verifier reads entire file into
memory, measures it and uses verified content as a backing buffer for
file accesses. However, this process may result in high memory
utilization for file operations, sometimes causing a system to run out
of memory which may finally lead to boot failure. To address this issue,
among others, the commit 887f98f0d (mm: Allow dynamically requesting
additional memory regions) have optimized memory management by
dynamically allocating heap space to maximize memory usage and reduce
threat of memory exhaustion. But in some cases problems may still arise,
e.g., when large ISO images are mounted using loopback or when dealing
with embedded systems with limited memory resources.
Unfortunately current implementation of the tpm module doesn't allow
elimination of the back buffer once it is loaded. Even if the TPM device
is not present or it has been explicitly disabled. This may unnecessary
allocate a lot memory. To solve this issue, a patch has been developed
to detect the TPM status at module load and skip verifier registration
if the device is missing or deactivated. This prevents allocation of
memory for the back buffer, avoiding wasting memory when no real measure
boot functionality is performed. Disabling the TPM device in the system
can reduce memory usage in the GRUB. It is useful in scenarios where
high memory utilization is a concern and measurements of loaded
artifacts are not necessary.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit 30708dfe3bebd62a5487437554da8a24253f519f)
---
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++
grub-core/commands/ieee1275/ibmvtpm.c | 20 +++++++++----------
grub-core/commands/tpm.c | 10 ++++++++++
include/grub/tpm.h | 1 +
4 files changed, 58 insertions(+), 10 deletions(-)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index ae09c1bf8bc5..e1f343fea3ff 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
else
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
}
+
+int
+grub_tpm_present (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1)
+ {
+ grub_efi_tpm_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm1_present (tpm);
+ }
+ else
+ {
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm2_present (tpm);
+ }
+}
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c
index 239942d27e55..a6fee5c516dc 100644
--- a/grub-core/commands/ieee1275/ibmvtpm.c
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -135,16 +135,6 @@ grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
- /*
- * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
- * can be found.
- */
- grub_err_t err = tpm_init ();
-
- /* Absence of a TPM isn't a failure. */
- if (err != GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
pcr, size, description);
@@ -153,3 +143,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
return GRUB_ERR_NONE;
}
+
+int
+grub_tpm_present (void)
+{
+ /*
+ * Call tpm_init() "late" rather than from GRUB_MOD_INIT() so that device nodes
+ * can be found.
+ */
+ return tpm_init() == GRUB_ERR_NONE;
+}
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index e287d042e6b4..5839053d3df8 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -86,10 +86,20 @@ struct grub_file_verifier grub_tpm_verifier = {
GRUB_MOD_INIT (tpm)
{
+ /*
+ * Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(),
+ * it does seem to call it late enough in the initialization sequence so
+ * that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
+ * called, enables the ibmvtpm driver to see the device nodes.
+ */
+ if (!grub_tpm_present())
+ return;
grub_verifier_register (&grub_tpm_verifier);
}
GRUB_MOD_FINI (tpm)
{
+ if (!grub_tpm_present())
+ return;
grub_verifier_unregister (&grub_tpm_verifier);
}
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 5c285cbc5256..c19fcbd0a60d 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -36,4 +36,5 @@
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
+int grub_tpm_present (void);
#endif

View File

@ -0,0 +1,117 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan <avnish@linux.ibm.com>
Date: Thu, 13 Mar 2025 19:45:50 +0530
Subject: [PATCH] powerpc: increase MIN RMA size for CAS negotiation
Change RMA size from 512 MB to 768 MB which will result
in more memory at boot time for PowerPC. When vTPM, Secure Boot or
FADump are enabled on PowerPC, the 512 MB RMA memory is not sufficient for
booting. With this 512 MB RMA, GRUB2 runs out of memory and fails to
boot the machine. Sometimes even usage of CDROM requires more memory
for installation and along with the options mentioned above exhausts
the boot memory which results in boot failures. Increasing the RMA size
will resolves multiple out of memory issues observed in PowerPC.
Failure details (GRUB2 debugs):
kern/ieee1275/init.c:550: mm requested region of size 8513000, flags 1
kern/ieee1275/init.c:563: Cannot satisfy allocation and retain minimum runtime space
kern/ieee1275/init.c:550: mm requested region of size 8513000, flags 0
kern/ieee1275/init.c:563: Cannot satisfy allocation and retain minimum runtime space
kern/file.c:215: Closing `/ppc/ppc64/initrd.img' ...
kern/disk.c:297: Closing `ieee1275//vdevice/v-scsi@30000067/disk@8300000000000000'...
kern/disk.c:311: Closing `ieee1275//vdevice/v-scsi@30000067/disk@8300000000000000' succeeded.
kern/file.c:225: Closing `/ppc/ppc64/initrd.img' failed with 3.
kern/file.c:148: Opening `/ppc/ppc64/initrd.img' succeeded.
error: ../../grub-core/kern/mm.c:552:out of memory.
Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com>
---
grub-core/kern/ieee1275/init.c | 51 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 46 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 4ec6598cfbb8..bb791f80f41c 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -737,7 +737,7 @@ struct cas_vector
/*
* Call ibm,client-architecture-support to try to get more RMA.
- * We ask for 512MB which should be enough to verify a distro kernel.
+ * We ask for 768MB which should be enough to verify a distro kernel.
* We ignore most errors: if we don't succeed we'll proceed with whatever
* memory we have.
*/
@@ -809,7 +809,7 @@ grub_ieee1275_ibm_cas (void)
.vec1 = 0x80, /* ignore */
.vec2_size = 1 + sizeof (struct option_vector2) - 2,
.vec2 = {
- 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48
+ 0, 0, -1, -1, -1, -1, -1, 768, -1, 0, 48
},
.vec3_size = 2 - 1,
.vec3 = 0x00e0, /* ask for FP + VMX + DFP but don't halt if unsatisfied */
@@ -846,6 +846,10 @@ grub_claim_heap (void)
{
grub_err_t err;
grub_uint32_t total = HEAP_MAX_SIZE;
+#if defined(__powerpc__)
+ grub_uint32_t ibm_ca_support_reboot = 0;
+ grub_ssize_t actual;
+#endif
err = grub_ieee1275_total_mem (&rmo_top);
@@ -858,11 +862,48 @@ grub_claim_heap (void)
grub_mm_add_region_fn = grub_ieee1275_mm_add_region;
#if defined(__powerpc__)
+ /* Check if it's a CAS reboot with below property. If so, we will skip CAS call */
+ if (grub_ieee1275_get_integer_property (grub_ieee1275_chosen,
+ "ibm,client-architecture-support-reboot",
+ &ibm_ca_support_reboot,
+ sizeof (ibm_ca_support_reboot),
+ &actual) >= 0)
+ grub_dprintf ("ieee1275", "ibm,client-architecture-support-reboot: %" PRIuGRUB_UINT32_T "\n",
+ ibm_ca_support_reboot);
+
if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY))
{
- /* if we have an error, don't call CAS, just hope for the best */
- if (err == GRUB_ERR_NONE && rmo_top < (512 * 1024 * 1024))
- grub_ieee1275_ibm_cas ();
+ /*
+ * If we have an error, don't call CAS. Just hope for the best.
+ * Along with the above, if the rmo_top is 512 MB or above. We
+ * will skip the CAS call. However, if we call CAS, the rmo_top
+ * will be set to 768 MB via CAS Vector2. But we need to call
+ * CAS with "rmo_top < 512 MB" to avoid the issue on the older
+ * Linux kernel, which still uses rmo_top as 512 MB. If we call
+ * CAS with a condition "rmo_top < 768 MB", it will result in an
+ * issue due to the IBM CAS reboot feature and we won't be able
+ * to boot the newer kernel. Whenever a reboot is detected as
+ * the CAS reboot by GRUB. It will boot the machine with the
+ * last booted kernel by reading the variable "boot-last-label"
+ * which has the info related to the last boot and it's specific
+ * to IBM PowerPC. Due to this, the machine will boot with the
+ * last booted kernel which has rmo_top as 512 MB. Also, if the
+ * reboot is detected as a CAS reboot, the GRUB will skip the CAS
+ * call. As the CAS has already been called earlier, so it is
+ * not required to call CAS even if the other conditions are met.
+ * This condition will also prevent a scenario where the machine
+ * get stuck in the CAS reboot loop while booting. A machine with
+ * an older kernel, having option_vector2 MIN_RMA as 512 MB in
+ * Linux prom_init.c and GRUB uses "rmo_top < 768 MB" condition
+ * for calling CAS. Due to their respective conditions, linux
+ * CAS and GRUB CAS will keep doing the CAS calls and change
+ * the MIN_RMA from 768(changed by GRUB) to 512(changed by Linux)
+ * to 768(changed by GRUB) to 512(changed by Linux) and so on,
+ * and the machine will stuck in this CAS reboot loop forever.
+ * IBM PAPR : https://openpower.foundation/specifications/linuxonpower/
+ */
+ if (!ibm_ca_support_reboot && err == GRUB_ERR_NONE && rmo_top < (512 * 1024 * 1024))
+ grub_ieee1275_ibm_cas ();
}
#endif

View File

@ -451,3 +451,5 @@ Patch0451: 0451-types-Make-bool-generally-available.patch
Patch0452: 0452-include-grub-types.h-Add-PRI-GRUB_OFFSET-and-PRI-GRU.patch
Patch0453: 0453-fs-xfs-Fix-issues-found-while-fuzzing-the-XFS-filesy.patch
Patch0454: 0454-fs-ext2-Rework-out-of-bounds-read-for-inline-and-ext.patch
Patch0455: 0455-tpm-Disable-the-tpm-verifier-if-the-TPM-device-is-no.patch
Patch0456: 0456-powerpc-increase-MIN-RMA-size-for-CAS-negotiation.patch

View File

@ -16,7 +16,7 @@
Name: grub2
Epoch: 1
Version: 2.06
Release: 98%{?dist}
Release: 99%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -547,6 +547,12 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif
%changelog
* Mon Mar 17 2025 Nicolas Frayer <nfrayer@redhat.com> 2.06-99
- Added the following 2 commits to optimize memory consumption
- tpm: Disable the tpm verifier if the TPM device is not present
- powerpc: increase MIN RMA size for CAS negotiation
- Resolves: #RHEL-76558
* Mon Mar 10 2025 Leo Sandoval <lsandova@redhat.com> 2.06-98
- Remove 'fs/ntfs: Implement attribute verification' patch
- Related: RHEL-83117