From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753580AbcHPPyi (ORCPT ); Tue, 16 Aug 2016 11:54:38 -0400 Received: from mail.skyhub.de ([78.46.96.112]:49565 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753185AbcHPPyg (ORCPT ); Tue, 16 Aug 2016 11:54:36 -0400 Date: Tue, 16 Aug 2016 17:54:12 +0200 From: Borislav Petkov To: Brian Gerst Cc: Baoquan He , Yinghai Lu , Juergen Gross , Thomas Garnier , Andy Lutomirski , "H. Peter Anvin" , Alexander Kuleshov , Josh Poimboeuf , borntraeger@de.ibm.com, sds@tycho.nsa.gov, kirill.shutemov@linux.intel.com, jroedel@suse.de, Kees Cook , "Williams, Dan J" , Mark Salter , Borislav Petkov , Jonathan Corbet , matt@codeblueprint.co.uk, guangrong.xiao@linux.intel.com, aneesh.kumar@linux.vnet.ibm.com, Ingo Molnar , Linus Torvalds , Dave Hansen , toshi.kani@hpe.com, alpopov@ptsecurity.com, Linux Kernel Mailing List , Jan Beulich , Andrew Morton , Boris Ostrovsky , Denys Vlasenko , Peter Zijlstra , dyoung@redhat.com, Thomas Gleixner , Dmitry Vyukov , lv.zheng@intel.com, schwidefsky@de.ibm.com, linux-tip-commits@vger.kernel.org Subject: Re: [tip:x86/boot] x86/mm: Enable KASLR for physical mapping memory regions Message-ID: <20160816155412.GB15004@nazgul.tnic> References: <1466556426-32664-7-git-send-email-keescook@chromium.org>

<20160814232657.GA10704@x1.redhat.com> <20160816134205.GB11106@nazgul.tnic> <20160816134928.GC11106@nazgul.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160816134928.GC11106@nazgul.tnic> User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 16, 2016 at 03:49:28PM +0200, Borislav Petkov wrote: > Just a stab in the dark: does something like that help? > > --- > diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c > index 27a0228c9cae..2debaf119baf 100644 > --- a/arch/x86/kernel/cpu/microcode/amd.c > +++ b/arch/x86/kernel/cpu/microcode/amd.c > @@ -434,6 +434,10 @@ int __init save_microcode_in_initrd_amd(void) > else > container = cont_va; > > +#ifdef CONFIG_RANDOMIZE_MEMORY > + container += PAGE_OFFSET - __PAGE_OFFSET_BASE; > +#endif > + > eax = cpuid_eax(0x00000001); > eax = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff); > > --- Ok, I ran this in a guest and it finds the microcode patches properly. My .config has: CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 When you run this, please check whether it really applies the microcode on every core. Thanks. Without the above, I get: [ 0.432103] BUG: unable to handle kernel paging request at ffff88007fa5540c [ 0.436000] IP: [] load_microcode_amd+0x2b/0x3b0 [ 0.436000] PGD 0 [ 0.436000] Oops: 0000 [#1] PREEMPT SMP [ 0.436000] Modules linked in: [ 0.436000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc1+ #16 [ 0.436000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014 [ 0.436000] task: ffff9ebf7b460000 task.stack: ffff9ebf7bffc000 [ 0.436000] RIP: 0010:[] [] load_microcode_amd+0x2b/0x3b0 [ 0.436000] RSP: 0018:ffff9ebf7bfffe08 EFLAGS: 00010246 [ 0.436000] RAX: 0000000080000000 RBX: 0000000000000006 RCX: 0000000000001ec4 [ 0.436000] RDX: ffff88007fa55408 RSI: 0000000000000015 RDI: 0000000000000000 [ 0.436000] RBP: ffff9ebf7bfffe48 R08: ffff9ebf7b805960 R09: 0000000000000000 [ 0.436000] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000001ec4 [ 0.436000] R13: ffff88007fa55408 R14: 0000000000000015 R15: 0000000000001ec4 [ 0.436000] FS: 0000000000000000(0000) GS:ffff9ebf7e800000(0000) knlGS:0000000000000000 [ 0.436000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.436000] CR2: ffff88007fa5540c CR3: 0000000067c06000 CR4: 00000000000406f0 [ 0.436000] Stack: [ 0.436000] ffff9ebf7b805900 0000000000000246 0000000000000006 0000000000000006 [ 0.436000] 0000000000000000 000000000000000f ffff88007fa55408 0000000000001ec4 [ 0.436000] ffff9ebf7bfffe80 ffffffffbcd49762 0000000000000000 00000000000000ee [ 0.436000] Call Trace: [ 0.436000] [] save_microcode_in_initrd_amd+0xac/0xe0 [ 0.436000] [] ? microcode_init+0x1b1/0x1b1 [ 0.436000] [] save_microcode_in_initrd+0x3c/0x45 [ 0.436000] [] do_one_initcall+0x59/0x190 [ 0.436000] [] ? parse_args+0x271/0x400 [ 0.436000] [] kernel_init_freeable+0x118/0x19e [ 0.436000] [] kernel_init+0xe/0x100 [ 0.436000] [] ret_from_fork+0x1f/0x40 [ 0.436000] [] ? rest_init+0x140/0x140 [ 0.436000] Code: 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 89 f6 41 55 49 89 d5 41 54 49 89 cc 53 48 83 ec 18 48 8b 3d d2 d9 e2 00 e8 e5 15 18 00 <41> 8b 4d 04 48 c7 05 be d9 e2 00 00 00 00 00 41 8b 5d 08 85 c9 [ 0.436000] RIP [] load_microcode_amd+0x2b/0x3b0 [ 0.436000] RSP [ 0.436000] CR2: ffff88007fa5540c [ 0.436000] ---[ end trace 21a612b6619d1c00 ]--- [ 0.436019] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 [ 0.436019] [ 0.438843] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 [ 0.438843] -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. --