From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756575AbdCXITn (ORCPT ); Fri, 24 Mar 2017 04:19:43 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:33097 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752405AbdCXISP (ORCPT ); Fri, 24 Mar 2017 04:18:15 -0400 Date: Fri, 24 Mar 2017 09:08:33 +0100 From: Ingo Molnar To: Baoquan He Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, linux-efi@vger.kernel.org, Thomas Garnier , Kees Cook , Borislav Petkov , Andrew Morton , Masahiro Yamada , Dave Young , Bhupesh Sharma Subject: Re: [PATCH v2] x86/mm/KASLR: EFI region is mistakenly included into KASLR VA space for randomization Message-ID: <20170324080833.GA15200@gmail.com> References: <1490331592-31860-1-git-send-email-bhe@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1490331592-31860-1-git-send-email-bhe@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Baoquan He wrote: > Currently KASLR is enabled on three regions: the direct mapping of physical > memory, vamlloc and vmemmap. However EFI region is also mistakenly included > for VA space randomization because of misusing EFI_VA_START macro and > assuming EFI_VA_START < EFI_VA_END. > > The EFI region is reserved for EFI runtime services virtual mapping which > should not be included in kaslr ranges. In Documentation/x86/x86_64/mm.txt, > we can see: > ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space > EFI use the space from -4G to -64G thus EFI_VA_START > EFI_VA_END, > Here EFI_VA_START = -4G, and EFI_VA_END = -64G. > > Changing EFI_VA_START to EFI_VA_END in mm/kaslr.c fixes this problem. > > Cc: #4.8+ > Signed-off-by: Baoquan He > Acked-by: Dave Young > Reviewed-by: Bhupesh Sharma > Acked-by: Thomas Garnier > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: "H. Peter Anvin" > Cc: x86@kernel.org > Cc: linux-efi@vger.kernel.org > Cc: Thomas Garnier > Cc: Kees Cook > Cc: Borislav Petkov > Cc: Andrew Morton > Cc: Masahiro Yamada > Cc: Dave Young > Cc: Bhupesh Sharma So I applied this kexec fix and extended the changelog to clearly show why this fix matters in practice. Also, to make sure I understood it correctly: these addresses are all dynamic on 64-bit kernels, i.e. we are establishing and then tearing down these page tables around EFI calls, and they are 'normally' not present at all, right? Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH v2] x86/mm/KASLR: EFI region is mistakenly included into KASLR VA space for randomization Date: Fri, 24 Mar 2017 09:08:33 +0100 Message-ID: <20170324080833.GA15200@gmail.com> References: <1490331592-31860-1-git-send-email-bhe@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <1490331592-31860-1-git-send-email-bhe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Baoquan He Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Thomas Garnier , Kees Cook , Borislav Petkov , Andrew Morton , Masahiro Yamada , Dave Young , Bhupesh Sharma List-Id: linux-efi@vger.kernel.org * Baoquan He wrote: > Currently KASLR is enabled on three regions: the direct mapping of physical > memory, vamlloc and vmemmap. However EFI region is also mistakenly included > for VA space randomization because of misusing EFI_VA_START macro and > assuming EFI_VA_START < EFI_VA_END. > > The EFI region is reserved for EFI runtime services virtual mapping which > should not be included in kaslr ranges. In Documentation/x86/x86_64/mm.txt, > we can see: > ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space > EFI use the space from -4G to -64G thus EFI_VA_START > EFI_VA_END, > Here EFI_VA_START = -4G, and EFI_VA_END = -64G. > > Changing EFI_VA_START to EFI_VA_END in mm/kaslr.c fixes this problem. > > Cc: #4.8+ > Signed-off-by: Baoquan He > Acked-by: Dave Young > Reviewed-by: Bhupesh Sharma > Acked-by: Thomas Garnier > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: "H. Peter Anvin" > Cc: x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org > Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org > Cc: Thomas Garnier > Cc: Kees Cook > Cc: Borislav Petkov > Cc: Andrew Morton > Cc: Masahiro Yamada > Cc: Dave Young > Cc: Bhupesh Sharma So I applied this kexec fix and extended the changelog to clearly show why this fix matters in practice. Also, to make sure I understood it correctly: these addresses are all dynamic on 64-bit kernels, i.e. we are establishing and then tearing down these page tables around EFI calls, and they are 'normally' not present at all, right? Thanks, Ingo