From: Matt Fleming <matt@codeblueprint.co.uk>
To: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@kernel.org>,
Stephen Smalley <sds@tycho.nsa.gov>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Andy Lutomirski <luto@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
Brian Gerst <brgerst@gmail.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Ricardo Neri <ricardo.neri-calderon@linux.intel.com>,
luv@ml01.01.org
Subject: Re: [PATCH v2] x86/mm: warn on W+x mappings
Date: Thu, 15 Oct 2015 11:10:16 +0100 [thread overview]
Message-ID: <20151015101016.GB2975@codeblueprint.co.uk> (raw)
In-Reply-To: <20151014153522.GC8218@pd.tnic>
On Wed, 14 Oct, at 05:35:22PM, Borislav Petkov wrote:
> On Wed, Oct 14, 2015 at 08:30:48AM -0700, Andy Lutomirski wrote:
> > Can we just unmap these things until someone tries to do an EFI call,
> > and then unmap them again after the call returns? We already switch
> > pgds for EFI IIRC.
>
> hpa did mention an EFI-aware page fault handler at the time. I guess we
> could do that too...
We do this for the Linux UEFI Validation project kernel [1]. There, we
do not map EFI Boot Services regions by default, only if the firmware
tries to access them.
This gives us the opporunity to print an error message if Boot
Services regions are accessed after ExitBootServices() (which is the
bug mjg59 describes in commit 916f676f8dc0 ("x86, efi: Retain boot
service code until after switching to virtual mode")).
But for the issue being discussed in this thread, the thing unmapping
the EFI regions buys you is that they're no longer accessible from the
x86 sleep/wakeup code paths, since those also use trampoline_pgd which
is where the EFI page tables are mapped.
And that's probably a good idea.
[1] - https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=stable&id=9b78793058bf93958aa9529400cb2617ec1bc958
--
Matt Fleming, Intel Open Source Technology Center
next prev parent reply other threads:[~2015-10-15 10:10 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-02 19:29 [PATCH v2] x86/mm: warn on W+x mappings Stephen Smalley
2015-10-02 20:44 ` Kees Cook
2015-10-03 11:27 ` Ingo Molnar
2015-10-05 19:13 ` Stephen Smalley
2015-10-06 7:32 ` Ingo Molnar
2015-10-06 15:37 ` Stephen Smalley
2015-10-12 11:36 ` Borislav Petkov
2015-10-12 12:41 ` Matt Fleming
2015-10-12 12:49 ` Ingo Molnar
2015-10-12 12:55 ` Matt Fleming
2015-10-12 14:17 ` Ingo Molnar
2015-10-12 14:49 ` Matt Fleming
2015-10-12 15:34 ` Ard Biesheuvel
2015-10-12 15:50 ` Matt Fleming
2015-10-12 16:43 ` Ard Biesheuvel
2015-10-14 15:18 ` Ingo Molnar
2015-10-14 15:30 ` Andy Lutomirski
2015-10-14 15:35 ` Borislav Petkov
2015-10-15 10:10 ` Matt Fleming [this message]
2015-10-15 10:33 ` Borislav Petkov
2015-10-16 1:45 ` Ricardo Neri
2015-10-14 21:02 ` Matt Fleming
2015-10-21 9:42 ` Ingo Molnar
2015-10-21 12:49 ` Ingo Molnar
2015-10-21 12:57 ` Ard Biesheuvel
2015-10-21 13:24 ` Borislav Petkov
2015-10-21 13:28 ` Ard Biesheuvel
2015-10-21 14:36 ` Borislav Petkov
2015-10-21 18:46 ` Andy Lutomirski
2015-10-21 20:45 ` Matt Fleming
2015-10-21 20:49 ` Andy Lutomirski
2015-10-21 20:38 ` Matt Fleming
2015-10-12 14:56 ` Josh Triplett
2015-10-14 15:19 ` Ingo Molnar
2015-10-14 16:47 ` Josh Triplett
2015-10-21 9:43 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151015101016.GB2975@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=a.p.zijlstra@chello.nl \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=luv@ml01.01.org \
--cc=mingo@kernel.org \
--cc=ricardo.neri-calderon@linux.intel.com \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).