From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Dave Jones <davej@codemonkey.org.uk>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
Kees Cook <keescook@chromium.org>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>
Subject: Re: [GIT PULL] x86/mm changes for v4.4
Date: Sat, 7 Nov 2015 08:39:35 +0100 [thread overview]
Message-ID: <CAKv+Gu-s=91p2hVV-8r5AWQwgjD2sbXC86sPhtmq9UyqqcOz4w@mail.gmail.com> (raw)
In-Reply-To: <20151107070922.GC6235@gmail.com>
On 7 November 2015 at 08:09, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Matt Fleming <matt@codeblueprint.co.uk> wrote:
>
>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
>> >
>> > 3) We should fix the EFI permission problem without relying on the firmware: it
>> > appears we could just mark everything R-X optimistically, and if a write fault
>> > happens (it's pretty rare in fact, only triggers when we write to an EFI
>> > variable and so), we can mark the faulting page RW- on the fly, because it
>> > appears that writable EFI sections, while not enumerated very well in 'old'
>> > firmware, are still supposed to be page granular. (Even 'new' firmware I
>> > wouldn't automatically trust to get the enumeration right...)
>>
>> Sorry, this isn't true. I misled you with one of my earlier posts on
>> this topic. Let me try and clear things up...
>>
>> Writing to EFI regions has to do with every invocation of the EFI
>> runtime services - it's not limited to when you read/write/delete EFI
>> variables. In fact, EFI variables really have nothing to do with this
>> discussion, they're a completely opaque concept to the OS, we have no
>> idea how the firmware implements them. Everything is done via the EFI
>> boot/runtime services.
>>
>> The firmware itself will attempt to write to EFI regions when we
>> invoke the EFI services because that's where the PE/COFF ".data" and
>> ".bss" sections live along with the heap. There's even some relocation
>> fixups that occur as SetVirtualAddressMap() time so it'll write to
>> ".text" too.
>>
>> Now, the above PE/COFF sections are usually (always?) contained within
>> EFI regions of type EfiRuntimeServicesCode. We know this is true
>> because the firmware folks have told us so, and because stopping that
>> is the motivation behind the new EFI_PROPERTIES_TABLE feature in UEFI
>> V2.5.
>>
>> The data sections within the region are also *not* guaranteed to be
>> page granular because work was required in Tianocore for emitting
>> sections with 4k alignment as part of the EFI_PROPERTIES_TABLE
>> support.
>>
>> Ultimately, what this means is that if you were to attempt to
>> dynamically fixup those regions that required write permission, you'd
>> have to modify the mappings for the majority of the EFI regions
>> anyway. And if you're blindly allowing write permission as a fixup,
>> there's not much security to be had.
>
> I think you misunderstood my suggestion: the 'fixup' would be changing it from R-X
> to RW-, i.e. it would add 'write' permission but remove 'execute' permission.
>
> Note that there would be no 'RWX' permission at any given moment - which is the
> dangerous combination.
>
The problem with that is that /any/ page in the UEFI runtime region
may intersect with both .text and .data of any of the PE/COFF images
that make up the runtime firmware (since the PE/COFF sections are not
necessarily page aligned). Such pages require RWX permissions. The
UEFI memory map does not provide the information to identify those
pages a priori (the entire region containing several PE/COFF images
could be covered by a single entry) so it is hard to guess which pages
should be allowed these RWX permissions.
>> > If that 'supposed to be' turns out to be 'not true' (not unheard of in
>> > firmware land), then plan B would be to mark pages that generate write faults
>> > RWX as well, to not break functionality. (This 'mark it RWX' is not something
>> > that exploits would have easy access to, and we could also generate a warning
>> > [after the EFI call has finished] if it ever triggers.)
>> >
>> > Admittedly this approach might not be without its own complications, but it
>> > looks reasonably simple (I don't think we need per EFI call page tables,
>> > etc.), and does not assume much about the firmware being able to enumerate its
>> > permissions properly. Were we to merge EFI support today I'd have insisted on
>> > trying such an approach from day 1 on.
>>
>> We already have separate EFI page tables, though with the caveat that
>> we share some of swapper_pg_dir's PGD entries. The best solution would
>> be to stop sharing entries and isolate the EFI mappings from every
>> other page table structure, so that they're only used during the EFI
>> service calls.
>
> Absolutely. Can you try to fix this for v4.3?
>
> Thanks,
>
> Ingo
next prev parent reply other threads:[~2015-11-07 7:39 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-03 11:16 [GIT PULL] x86/mm changes for v4.4 Ingo Molnar
2015-11-04 19:26 ` Linus Torvalds
2015-11-04 23:39 ` Dave Jones
2015-11-05 1:31 ` Linus Torvalds
2015-11-05 2:17 ` Dave Jones
2015-11-05 21:27 ` Linus Torvalds
2015-11-05 21:33 ` Linus Torvalds
2015-11-06 11:39 ` Matt Fleming
2015-11-07 7:05 ` Ingo Molnar
2015-11-07 7:05 ` Ingo Molnar
2015-11-07 10:03 ` Matt Fleming
2015-11-07 10:03 ` Matt Fleming
2015-11-05 22:04 ` Linus Torvalds
2015-11-05 22:27 ` Borislav Petkov
2015-11-06 6:55 ` Ingo Molnar
2015-11-06 7:05 ` Andy Lutomirski
2015-11-06 13:09 ` Matt Fleming
2015-11-06 13:09 ` Matt Fleming
2015-11-06 13:24 ` Borislav Petkov
2015-11-06 13:24 ` Borislav Petkov
2015-11-07 7:03 ` Ingo Molnar
2015-11-06 7:44 ` Ingo Molnar
2015-11-06 12:39 ` Matt Fleming
2015-11-07 7:09 ` Ingo Molnar
2015-11-07 7:09 ` Ingo Molnar
2015-11-07 7:39 ` Ard Biesheuvel [this message]
2015-11-08 6:58 ` Kees Cook
2015-11-08 7:55 ` Ard Biesheuvel
2015-11-08 7:55 ` Ard Biesheuvel
2015-11-09 21:08 ` Kees Cook
2015-11-10 7:08 ` Ard Biesheuvel
2015-11-10 20:11 ` Kees Cook
2015-11-10 20:11 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu-s=91p2hVV-8r5AWQwgjD2sbXC86sPhtmq9UyqqcOz4w@mail.gmail.com' \
--to=ard.biesheuvel@linaro.org \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=davej@codemonkey.org.uk \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.