From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935789AbdCXKzF (ORCPT ); Fri, 24 Mar 2017 06:55:05 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:33343 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752701AbdCXKy5 (ORCPT ); Fri, 24 Mar 2017 06:54:57 -0400 Date: Fri, 24 Mar 2017 11:54:52 +0100 From: Ingo Molnar To: Ard Biesheuvel Cc: Dave Young , Baoquan He , "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , "x86@kernel.org" , "linux-efi@vger.kernel.org" , Thomas Garnier , Kees Cook , Borislav Petkov , Andrew Morton , Masahiro Yamada , Bhupesh Sharma Subject: Re: [PATCH v2] x86/mm/KASLR: EFI region is mistakenly included into KASLR VA space for randomization Message-ID: <20170324105452.GA20282@gmail.com> References: <1490331592-31860-1-git-send-email-bhe@redhat.com> <20170324080833.GA15200@gmail.com> <20170324083451.GC30442@x1> <20170324084609.GA6807@dhcp-128-65.nay.redhat.com> <20170324092433.GA3237@gmail.com> <20170324103624.GA6231@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Ard Biesheuvel wrote: > > Turning KASLR off actively degrades that randomization of the kernel virtual > > addresses. > > > > Am I missing anything? > > > > No, I think you are right. UEFI runtime services region are likely to consist of > R+W+X mappings for the foreseeable future on x86, and the more we tighten down > security in other places, the more appealing the UEFI regions become for > exploitation (even if they are only mapped while runtime services calls are in > progress). Ok, so I'm fine with the current proposed patch as a temporary workaround, but only if we are going to get a real fix as well, ASAP. Thanks, Ingo