[PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
open code which gets the start of efi memmap descriptor and also
explain why it need be done like that, Ingo suggested it. 

And also replace several places of the open code with efi_memdesc_ptr
helper.

And also use efi_memdesc_ptr in process_efi_entries() which handle efi
mirror issue during KASLR.


Change:
v7->v8:
    Add efi_memdesc_ptr helper to wrap the open code which gets the
    start of map descriptor according to Ingo's suggestion.

v6->v7:
  Ingo pointed out several incorrect line break issues and unclear
  description of patch log. Correct them and rewrite patch log.

  And also rewrite the EFI warning message that if EFI memmap is above
  4G in 32bit system since 32bit system can not handle data above 4G at
  kernel decompression stage. This is suggested by Ingo too.

v5->v6:
  Code style issue fix according to Kees's comment.

  This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
  been put into tip/x86/boot now.



Baoquan He (2):
  efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
  x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

 arch/x86/boot/compressed/eboot.c               |  2 +-
 arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
 drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
 include/linux/efi.h                            | 19 +++++++
 4 files changed, 88 insertions(+), 5 deletions(-)

-- 
2.5.5

[PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
open code which gets the start of efi memmap descriptor and also
explain why it need be done like that, Ingo suggested it. 

And also replace several places of the open code with efi_memdesc_ptr
helper.

And also use efi_memdesc_ptr in process_efi_entries() which handle efi
mirror issue during KASLR.


Change:
v7->v8:
    Add efi_memdesc_ptr helper to wrap the open code which gets the
    start of map descriptor according to Ingo's suggestion.

v6->v7:
  Ingo pointed out several incorrect line break issues and unclear
  description of patch log. Correct them and rewrite patch log.

  And also rewrite the EFI warning message that if EFI memmap is above
  4G in 32bit system since 32bit system can not handle data above 4G at
  kernel decompression stage. This is suggested by Ingo too.

v5->v6:
  Code style issue fix according to Kees's comment.

  This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
  been put into tip/x86/boot now.



Baoquan He (2):
  efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
  x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

 arch/x86/boot/compressed/eboot.c               |  2 +-
 arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
 drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
 include/linux/efi.h                            | 19 +++++++
 4 files changed, 88 insertions(+), 5 deletions(-)

-- 
2.5.5

[PATCH v8 1/2] efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor

[Baoquan He]

The existing map iteration helper for_each_efi_memory_desc_in_map can
only be used after OS initializes EFI to fill data of struct efi_memory_map.
Before that we also need iterate map descriptors which are stored in several
intermediate structures, like struct efi_boot_memmap for arch independent
usage and struct efi_info for x86 ARCH only.

Introduce efi_memdesc_ptr to get pointer to a map descriptor, and replace
several places of open code with it.

Suggested-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Baoquan He <bhe@redhat.com>
---
 arch/x86/boot/compressed/eboot.c               |  2 +-
 drivers/firmware/efi/libstub/efi-stub-helper.c |  4 ++--
 include/linux/efi.h                            | 19 +++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index c3e869eaef0c..31e12b43be77 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -767,7 +767,7 @@ static efi_status_t setup_e820(struct boot_params *params,
 		m |= (u64)efi->efi_memmap_hi << 32;
 #endif
 
-		d = (efi_memory_desc_t *)(m + (i * efi->efi_memdesc_size));
+		d = efi_memdesc_ptr(m, efi->efi_memdesc_size, i);
 		switch (d->type) {
 		case EFI_RESERVED_TYPE:
 		case EFI_RUNTIME_SERVICES_CODE:
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index b0184360efc6..2db55c32e7ed 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -205,7 +205,7 @@ efi_status_t efi_high_alloc(efi_system_table_t *sys_table_arg,
 		unsigned long m = (unsigned long)map;
 		u64 start, end;
 
-		desc = (efi_memory_desc_t *)(m + (i * desc_size));
+		desc = efi_memdesc_ptr(m, desc_size, i);
 		if (desc->type != EFI_CONVENTIONAL_MEMORY)
 			continue;
 
@@ -298,7 +298,7 @@ efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
 		unsigned long m = (unsigned long)map;
 		u64 start, end;
 
-		desc = (efi_memory_desc_t *)(m + (i * desc_size));
+		desc = efi_memdesc_ptr(m, desc_size, i);
 
 		if (desc->type != EFI_CONVENTIONAL_MEMORY)
 			continue;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 8269bcb8ccf7..9a6ea328705f 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1020,6 +1020,25 @@ extern int efi_memattr_init(void);
 extern int efi_memattr_apply_permissions(struct mm_struct *mm,
 					 efi_memattr_perm_setter fn);
 
+/*
+ * efi_memdesc_ptr - get the n-th efi memmap descriptor
+ * @map: the start of efi memmap
+ * @desc_size: the size of space for each efi memmap descriptor
+ * @n: the index of efi memmap descriptor
+ *
+ * EFI boot service provides function GetMemoryMap() to get a copy of the
+ * current memory map which is an array of memory descriptors, each of
+ * which describes a contiguous block of memory. And also get the size of
+ * map, and the size of each descriptor, etc. Note that per section 6.2 of
+ * UEFI Spec 2.6 Errata A, the returned size of each descriptor might not
+ * be equal to sizeof(efi_memory_memdesc_t) since efi_memory_memdesc_t may
+ * be extended in the future in response to hardware innovation. Thus OS
+ * MUST use the returned size of descriptor to find the start of each
+ * efi_memory_memdesc_t in the memory map array.
+ */
+#define efi_memdesc_ptr(map, desc_size, n)				\
+	(efi_memory_desc_t *)((void *)(map) + ((n) * (desc_size)))
+
 /* Iterate through an efi_memory_map */
 #define for_each_efi_memory_desc_in_map(m, md)				   \
 	for ((md) = (m)->map;						   \
-- 
2.5.5

[PATCH v8 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

Currently KASLR will parse all e820 entries of RAM type and add all
candidate position into slots array. Then we will choose one slot
randomly as the new position which kernel will be decompressed into
and run at.

On system with EFI enabled, e820 memory regions are coming from EFI
memory regions by combining adjacent regions. While these EFI memory
regions have more attributes to mark their different use. Mirror
attribute is such kind. The physical memory region whose descriptors
in EFI memory map has EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are
mirrored. The address range mirroring feature of kernel arranges such
mirror region into normal zone and other region into movable zone. And
with mirroring feature enabled, the code and date of kernel can only be
located in more reliable mirror region. However, the current KASLR code
doesn't check EFI memory entries, and could choose new position in
non-mirrored region. This will break the functionality of the address
range mirroring feature.

So if EFI is detected, iterate EFI memory map and pick the mirror region
to process for adding candidate of randomization slot. If EFI is disabled
or no mirror region found, still process e820 memory map.

Signed-off-by: Baoquan He <bhe@redhat.com>
---
 arch/x86/boot/compressed/kaslr.c | 68 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 66 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 99c7194f7ea6..3d3ce762dc98 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -37,7 +37,9 @@
 #include <linux/uts.h>
 #include <linux/utsname.h>
 #include <linux/ctype.h>
+#include <linux/efi.h>
 #include <generated/utsrelease.h>
+#include <asm/efi.h>
 
 /* Macros used by the included decompressor code below. */
 #define STATIC
@@ -558,6 +560,65 @@ static void process_mem_region(struct mem_vector *entry,
 	}
 }
 
+#ifdef CONFIG_EFI
+/*
+ * Returns true if mirror region found (and must have been processed
+ * for slots adding)
+ */
+static bool
+process_efi_entries(unsigned long minimum, unsigned long image_size)
+{
+	struct efi_info *e = &boot_params->efi_info;
+	bool efi_mirror_found = false;
+	struct mem_vector region;
+	efi_memory_desc_t *md;
+	unsigned long pmap;
+	char *signature;
+	u32 nr_desc;
+	int i;
+
+	signature = (char *)&e->efi_loader_signature;
+	if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
+	    strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
+		return false;
+
+#ifdef CONFIG_X86_32
+	/* Can't handle data above 4GB at this time */
+	if (e->efi_memmap_hi) {
+		warn("EFI memmap is above 4GB, can't be handled now on x86_32. EFI should be disabled.\n");
+		return false;
+	}
+	pmap =  e->efi_memmap;
+#else
+	pmap = (e->efi_memmap | ((__u64)e->efi_memmap_hi << 32));
+#endif
+
+	nr_desc = e->efi_memmap_size / e->efi_memdesc_size;
+	for (i = 0; i < nr_desc; i++) {
+		md = efi_memdesc_ptr(pmap, e->efi_memdesc_size, i);
+		if (md->attribute & EFI_MEMORY_MORE_RELIABLE) {
+			region.start = md->phys_addr;
+			region.size = md->num_pages << EFI_PAGE_SHIFT;
+			process_mem_region(&region, minimum, image_size);
+			efi_mirror_found = true;
+
+			if (slot_area_index == MAX_SLOT_AREA) {
+				debug_putstr("Aborted EFI scan (slot_areas full)!\n");
+				break;
+			}
+		}
+	}
+
+	return efi_mirror_found;
+}
+#else
+static inline bool
+process_efi_entries(unsigned long minimum, unsigned long image_size)
+{
+	return false;
+}
+#endif
+
 static void process_e820_entries(unsigned long minimum,
 				 unsigned long image_size)
 {
@@ -586,13 +647,16 @@ static unsigned long find_random_phys_addr(unsigned long minimum,
 {
 	/* Check if we had too many memmaps. */
 	if (memmap_too_large) {
-		debug_putstr("Aborted e820 scan (more than 4 memmap= args)!\n");
+		debug_putstr("Aborted memory entries scan (more than 4 memmap= args)!\n");
 		return 0;
 	}
 
 	/* Make sure minimum is aligned. */
 	minimum = ALIGN(minimum, CONFIG_PHYSICAL_ALIGN);
 
+	if (process_efi_entries(minimum, image_size))
+		return slots_fetch_random();
+
 	process_e820_entries(minimum, image_size);
 	return slots_fetch_random();
 }
@@ -652,7 +716,7 @@ void choose_random_location(unsigned long input,
 	 */
 	min_addr = min(*output, 512UL << 20);
 
-	/* Walk e820 and find a random address. */
+	/* Walk available memory entries to find a random address. */
 	random_addr = find_random_phys_addr(min_addr, output_size);
 	if (!random_addr) {
 		warn("Physical KASLR disabled: no suitable memory region!");
-- 
2.5.5

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

Sorry, NACK this series, there's error to hang system. Before I just
halt system intentionally with error() to check the efi memmap printing,
didn't notice this. Checking the cause.

On 08/04/17 at 03:26pm, Baoquan He wrote:
> Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
> open code which gets the start of efi memmap descriptor and also
> explain why it need be done like that, Ingo suggested it. 
> 
> And also replace several places of the open code with efi_memdesc_ptr
> helper.
> 
> And also use efi_memdesc_ptr in process_efi_entries() which handle efi
> mirror issue during KASLR.
> 
> 
> Change:
> v7->v8:
>     Add efi_memdesc_ptr helper to wrap the open code which gets the
>     start of map descriptor according to Ingo's suggestion.
> 
> v6->v7:
>   Ingo pointed out several incorrect line break issues and unclear
>   description of patch log. Correct them and rewrite patch log.
> 
>   And also rewrite the EFI warning message that if EFI memmap is above
>   4G in 32bit system since 32bit system can not handle data above 4G at
>   kernel decompression stage. This is suggested by Ingo too.
> 
> v5->v6:
>   Code style issue fix according to Kees's comment.
> 
>   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>   been put into tip/x86/boot now.
> 
> 
> 
> Baoquan He (2):
>   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
> 
>  arch/x86/boot/compressed/eboot.c               |  2 +-
>  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>  include/linux/efi.h                            | 19 +++++++
>  4 files changed, 88 insertions(+), 5 deletions(-)
> 
> -- 
> 2.5.5
> 

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

Sorry, NACK this series, there's error to hang system. Before I just
halt system intentionally with error() to check the efi memmap printing,
didn't notice this. Checking the cause.

On 08/04/17 at 03:26pm, Baoquan He wrote:
> Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
> open code which gets the start of efi memmap descriptor and also
> explain why it need be done like that, Ingo suggested it. 
> 
> And also replace several places of the open code with efi_memdesc_ptr
> helper.
> 
> And also use efi_memdesc_ptr in process_efi_entries() which handle efi
> mirror issue during KASLR.
> 
> 
> Change:
> v7->v8:
>     Add efi_memdesc_ptr helper to wrap the open code which gets the
>     start of map descriptor according to Ingo's suggestion.
> 
> v6->v7:
>   Ingo pointed out several incorrect line break issues and unclear
>   description of patch log. Correct them and rewrite patch log.
> 
>   And also rewrite the EFI warning message that if EFI memmap is above
>   4G in 32bit system since 32bit system can not handle data above 4G at
>   kernel decompression stage. This is suggested by Ingo too.
> 
> v5->v6:
>   Code style issue fix according to Kees's comment.
> 
>   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>   been put into tip/x86/boot now.
> 
> 
> 
> Baoquan He (2):
>   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
> 
>  arch/x86/boot/compressed/eboot.c               |  2 +-
>  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>  include/linux/efi.h                            | 19 +++++++
>  4 files changed, 88 insertions(+), 5 deletions(-)
> 
> -- 
> 2.5.5
> 

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

On 08/04/17 at 03:52pm, Baoquan He wrote:
> Sorry, NACK this series, there's error to hang system. Before I just
> halt system intentionally with error() to check the efi memmap printing,
> didn't notice this. Checking the cause.

I rebuilt the code or change the one of the replacement back, hang never
seen again. Not sure if I copied the wrong kernel or any other mistakes.
Have got a hardware system with efi enabled to try again, see if
anything wrong will happen. It's really weird. And Chao also is helping
to try on his side.

> 
> On 08/04/17 at 03:26pm, Baoquan He wrote:
> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
> > open code which gets the start of efi memmap descriptor and also
> > explain why it need be done like that, Ingo suggested it. 
> > 
> > And also replace several places of the open code with efi_memdesc_ptr
> > helper.
> > 
> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
> > mirror issue during KASLR.
> > 
> > 
> > Change:
> > v7->v8:
> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
> >     start of map descriptor according to Ingo's suggestion.
> > 
> > v6->v7:
> >   Ingo pointed out several incorrect line break issues and unclear
> >   description of patch log. Correct them and rewrite patch log.
> > 
> >   And also rewrite the EFI warning message that if EFI memmap is above
> >   4G in 32bit system since 32bit system can not handle data above 4G at
> >   kernel decompression stage. This is suggested by Ingo too.
> > 
> > v5->v6:
> >   Code style issue fix according to Kees's comment.
> > 
> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
> >   been put into tip/x86/boot now.
> > 
> > 
> > 
> > Baoquan He (2):
> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
> > 
> >  arch/x86/boot/compressed/eboot.c               |  2 +-
> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
> >  include/linux/efi.h                            | 19 +++++++
> >  4 files changed, 88 insertions(+), 5 deletions(-)
> > 
> > -- 
> > 2.5.5
> > 

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

On 08/04/17 at 03:52pm, Baoquan He wrote:
> Sorry, NACK this series, there's error to hang system. Before I just
> halt system intentionally with error() to check the efi memmap printing,
> didn't notice this. Checking the cause.

I rebuilt the code or change the one of the replacement back, hang never
seen again. Not sure if I copied the wrong kernel or any other mistakes.
Have got a hardware system with efi enabled to try again, see if
anything wrong will happen. It's really weird. And Chao also is helping
to try on his side.

> 
> On 08/04/17 at 03:26pm, Baoquan He wrote:
> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
> > open code which gets the start of efi memmap descriptor and also
> > explain why it need be done like that, Ingo suggested it. 
> > 
> > And also replace several places of the open code with efi_memdesc_ptr
> > helper.
> > 
> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
> > mirror issue during KASLR.
> > 
> > 
> > Change:
> > v7->v8:
> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
> >     start of map descriptor according to Ingo's suggestion.
> > 
> > v6->v7:
> >   Ingo pointed out several incorrect line break issues and unclear
> >   description of patch log. Correct them and rewrite patch log.
> > 
> >   And also rewrite the EFI warning message that if EFI memmap is above
> >   4G in 32bit system since 32bit system can not handle data above 4G at
> >   kernel decompression stage. This is suggested by Ingo too.
> > 
> > v5->v6:
> >   Code style issue fix according to Kees's comment.
> > 
> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
> >   been put into tip/x86/boot now.
> > 
> > 
> > 
> > Baoquan He (2):
> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
> > 
> >  arch/x86/boot/compressed/eboot.c               |  2 +-
> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
> >  include/linux/efi.h                            | 19 +++++++
> >  4 files changed, 88 insertions(+), 5 deletions(-)
> > 
> > -- 
> > 2.5.5
> > 

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Chao Fan]

On Fri, Aug 04, 2017 at 05:22:41PM +0800, Baoquan He wrote:
>On 08/04/17 at 03:52pm, Baoquan He wrote:
>> Sorry, NACK this series, there's error to hang system. Before I just
>> halt system intentionally with error() to check the efi memmap printing,
>> didn't notice this. Checking the cause.
>
>I rebuilt the code or change the one of the replacement back, hang never
>seen again. Not sure if I copied the wrong kernel or any other mistakes.
>Have got a hardware system with efi enabled to try again, see if
>anything wrong will happen. It's really weird. And Chao also is helping

Maybe a little later, cause from tommorow, I will be on vacation for 9
days.

Thanks,
Chao Fan

>to try on his side.
>
>> 
>> On 08/04/17 at 03:26pm, Baoquan He wrote:
>> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
>> > open code which gets the start of efi memmap descriptor and also
>> > explain why it need be done like that, Ingo suggested it. 
>> > 
>> > And also replace several places of the open code with efi_memdesc_ptr
>> > helper.
>> > 
>> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
>> > mirror issue during KASLR.
>> > 
>> > 
>> > Change:
>> > v7->v8:
>> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
>> >     start of map descriptor according to Ingo's suggestion.
>> > 
>> > v6->v7:
>> >   Ingo pointed out several incorrect line break issues and unclear
>> >   description of patch log. Correct them and rewrite patch log.
>> > 
>> >   And also rewrite the EFI warning message that if EFI memmap is above
>> >   4G in 32bit system since 32bit system can not handle data above 4G at
>> >   kernel decompression stage. This is suggested by Ingo too.
>> > 
>> > v5->v6:
>> >   Code style issue fix according to Kees's comment.
>> > 
>> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>> >   been put into tip/x86/boot now.
>> > 
>> > 
>> > 
>> > Baoquan He (2):
>> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
>> > 
>> >  arch/x86/boot/compressed/eboot.c               |  2 +-
>> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>> >  include/linux/efi.h                            | 19 +++++++
>> >  4 files changed, 88 insertions(+), 5 deletions(-)
>> > 
>> > -- 
>> > 2.5.5
>> > 
>
>

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Chao Fan]

On Fri, Aug 04, 2017 at 05:22:41PM +0800, Baoquan He wrote:
>On 08/04/17 at 03:52pm, Baoquan He wrote:
>> Sorry, NACK this series, there's error to hang system. Before I just
>> halt system intentionally with error() to check the efi memmap printing,
>> didn't notice this. Checking the cause.
>
>I rebuilt the code or change the one of the replacement back, hang never
>seen again. Not sure if I copied the wrong kernel or any other mistakes.
>Have got a hardware system with efi enabled to try again, see if
>anything wrong will happen. It's really weird. And Chao also is helping

Maybe a little later, cause from tommorow, I will be on vacation for 9
days.

Thanks,
Chao Fan

>to try on his side.
>
>> 
>> On 08/04/17 at 03:26pm, Baoquan He wrote:
>> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
>> > open code which gets the start of efi memmap descriptor and also
>> > explain why it need be done like that, Ingo suggested it. 
>> > 
>> > And also replace several places of the open code with efi_memdesc_ptr
>> > helper.
>> > 
>> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
>> > mirror issue during KASLR.
>> > 
>> > 
>> > Change:
>> > v7->v8:
>> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
>> >     start of map descriptor according to Ingo's suggestion.
>> > 
>> > v6->v7:
>> >   Ingo pointed out several incorrect line break issues and unclear
>> >   description of patch log. Correct them and rewrite patch log.
>> > 
>> >   And also rewrite the EFI warning message that if EFI memmap is above
>> >   4G in 32bit system since 32bit system can not handle data above 4G at
>> >   kernel decompression stage. This is suggested by Ingo too.
>> > 
>> > v5->v6:
>> >   Code style issue fix according to Kees's comment.
>> > 
>> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>> >   been put into tip/x86/boot now.
>> > 
>> > 
>> > 
>> > Baoquan He (2):
>> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
>> > 
>> >  arch/x86/boot/compressed/eboot.c               |  2 +-
>> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>> >  include/linux/efi.h                            | 19 +++++++
>> >  4 files changed, 88 insertions(+), 5 deletions(-)
>> > 
>> > -- 
>> > 2.5.5
>> > 
>
>

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Chao Fan]

On Fri, Aug 04, 2017 at 05:22:41PM +0800, Baoquan He wrote:
>On 08/04/17 at 03:52pm, Baoquan He wrote:
>> Sorry, NACK this series, there's error to hang system. Before I just
>> halt system intentionally with error() to check the efi memmap printing,
>> didn't notice this. Checking the cause.
>
>I rebuilt the code or change the one of the replacement back, hang never
>seen again. Not sure if I copied the wrong kernel or any other mistakes.
>Have got a hardware system with efi enabled to try again, see if
>anything wrong will happen. It's really weird. And Chao also is helping
>to try on his side.

Hi Bao,

After testing for 10 times, no problem happened.
Maybe you did something wrong in the first time.

Thanks,
Chao Fan

>
>> 
>> On 08/04/17 at 03:26pm, Baoquan He wrote:
>> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
>> > open code which gets the start of efi memmap descriptor and also
>> > explain why it need be done like that, Ingo suggested it. 
>> > 
>> > And also replace several places of the open code with efi_memdesc_ptr
>> > helper.
>> > 
>> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
>> > mirror issue during KASLR.
>> > 
>> > 
>> > Change:
>> > v7->v8:
>> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
>> >     start of map descriptor according to Ingo's suggestion.
>> > 
>> > v6->v7:
>> >   Ingo pointed out several incorrect line break issues and unclear
>> >   description of patch log. Correct them and rewrite patch log.
>> > 
>> >   And also rewrite the EFI warning message that if EFI memmap is above
>> >   4G in 32bit system since 32bit system can not handle data above 4G at
>> >   kernel decompression stage. This is suggested by Ingo too.
>> > 
>> > v5->v6:
>> >   Code style issue fix according to Kees's comment.
>> > 
>> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>> >   been put into tip/x86/boot now.
>> > 
>> > 
>> > 
>> > Baoquan He (2):
>> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
>> > 
>> >  arch/x86/boot/compressed/eboot.c               |  2 +-
>> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>> >  include/linux/efi.h                            | 19 +++++++
>> >  4 files changed, 88 insertions(+), 5 deletions(-)
>> > 
>> > -- 
>> > 2.5.5
>> > 
>
>

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Chao Fan]

On Fri, Aug 04, 2017 at 05:22:41PM +0800, Baoquan He wrote:
>On 08/04/17 at 03:52pm, Baoquan He wrote:
>> Sorry, NACK this series, there's error to hang system. Before I just
>> halt system intentionally with error() to check the efi memmap printing,
>> didn't notice this. Checking the cause.
>
>I rebuilt the code or change the one of the replacement back, hang never
>seen again. Not sure if I copied the wrong kernel or any other mistakes.
>Have got a hardware system with efi enabled to try again, see if
>anything wrong will happen. It's really weird. And Chao also is helping
>to try on his side.

Hi Bao,

After testing for 10 times, no problem happened.
Maybe you did something wrong in the first time.

Thanks,
Chao Fan

>
>> 
>> On 08/04/17 at 03:26pm, Baoquan He wrote:
>> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
>> > open code which gets the start of efi memmap descriptor and also
>> > explain why it need be done like that, Ingo suggested it. 
>> > 
>> > And also replace several places of the open code with efi_memdesc_ptr
>> > helper.
>> > 
>> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
>> > mirror issue during KASLR.
>> > 
>> > 
>> > Change:
>> > v7->v8:
>> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
>> >     start of map descriptor according to Ingo's suggestion.
>> > 
>> > v6->v7:
>> >   Ingo pointed out several incorrect line break issues and unclear
>> >   description of patch log. Correct them and rewrite patch log.
>> > 
>> >   And also rewrite the EFI warning message that if EFI memmap is above
>> >   4G in 32bit system since 32bit system can not handle data above 4G at
>> >   kernel decompression stage. This is suggested by Ingo too.
>> > 
>> > v5->v6:
>> >   Code style issue fix according to Kees's comment.
>> > 
>> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
>> >   been put into tip/x86/boot now.
>> > 
>> > 
>> > 
>> > Baoquan He (2):
>> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
>> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
>> > 
>> >  arch/x86/boot/compressed/eboot.c               |  2 +-
>> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
>> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
>> >  include/linux/efi.h                            | 19 +++++++
>> >  4 files changed, 88 insertions(+), 5 deletions(-)
>> > 
>> > -- 
>> > 2.5.5
>> > 
>
>

Re: [PATCH v8 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

[Baoquan He]

On 08/04/17 at 05:59pm, Chao Fan wrote:
> On Fri, Aug 04, 2017 at 05:22:41PM +0800, Baoquan He wrote:
> >On 08/04/17 at 03:52pm, Baoquan He wrote:
> >> Sorry, NACK this series, there's error to hang system. Before I just
> >> halt system intentionally with error() to check the efi memmap printing,
> >> didn't notice this. Checking the cause.
> >
> >I rebuilt the code or change the one of the replacement back, hang never
> >seen again. Not sure if I copied the wrong kernel or any other mistakes.
> >Have got a hardware system with efi enabled to try again, see if
> >anything wrong will happen. It's really weird. And Chao also is helping
> >to try on his side.
> 
> Hi Bao,
> 
> After testing for 10 times, no problem happened.
> Maybe you did something wrong in the first time.

Thanks, Chao. I tried several times on a machine with efi enabled, no
problem found.

Sorry, guys, so it's a false alarm.

> >
> >> 
> >> On 08/04/17 at 03:26pm, Baoquan He wrote:
> >> > Patch 1/2 is newly added to add efi_memdesc_ptr helper to wrap the
> >> > open code which gets the start of efi memmap descriptor and also
> >> > explain why it need be done like that, Ingo suggested it. 
> >> > 
> >> > And also replace several places of the open code with efi_memdesc_ptr
> >> > helper.
> >> > 
> >> > And also use efi_memdesc_ptr in process_efi_entries() which handle efi
> >> > mirror issue during KASLR.
> >> > 
> >> > 
> >> > Change:
> >> > v7->v8:
> >> >     Add efi_memdesc_ptr helper to wrap the open code which gets the
> >> >     start of map descriptor according to Ingo's suggestion.
> >> > 
> >> > v6->v7:
> >> >   Ingo pointed out several incorrect line break issues and unclear
> >> >   description of patch log. Correct them and rewrite patch log.
> >> > 
> >> >   And also rewrite the EFI warning message that if EFI memmap is above
> >> >   4G in 32bit system since 32bit system can not handle data above 4G at
> >> >   kernel decompression stage. This is suggested by Ingo too.
> >> > 
> >> > v5->v6:
> >> >   Code style issue fix according to Kees's comment.
> >> > 
> >> >   This is based on tip/x86/boot, patch 1,2,3/4 in v5 post has
> >> >   been put into tip/x86/boot now.
> >> > 
> >> > 
> >> > 
> >> > Baoquan He (2):
> >> >   efi: Introduce efi_memdesc_ptr to get pointer to memmap descriptor
> >> >   x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
> >> > 
> >> >  arch/x86/boot/compressed/eboot.c               |  2 +-
> >> >  arch/x86/boot/compressed/kaslr.c               | 68 +++++++++++++++++++++++++-
> >> >  drivers/firmware/efi/libstub/efi-stub-helper.c |  4 +-
> >> >  include/linux/efi.h                            | 19 +++++++
> >> >  4 files changed, 88 insertions(+), 5 deletions(-)
> >> > 
> >> > -- 
> >> > 2.5.5
> >> > 
> >
> >
> 
>