linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Evgeniy Baskov <baskov@ispras.ru>
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Ingo Molnar <mingo@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Alexey Khoroshilov <khoroshilov@ispras.ru>,
	Peter Jones <pjones@redhat.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	"Limonciello, Mario" <mario.limonciello@amd.com>,
	joeyli <jlee@suse.com>,
	lvc-project@linuxtesting.org, x86@kernel.org,
	linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH v5 03/27] x86/boot: Set cr0 to known state in trampoline
Date: Wed, 5 Apr 2023 19:54:41 +0200	[thread overview]
Message-ID: <20230405175441.GFZC214WxyhULbtl3P@fat_crate.local> (raw)
In-Reply-To: <63368ff665956a64f07aee9bc863b70c86b8b0c8.1678785672.git.baskov@ispras.ru>

On Tue, Mar 14, 2023 at 01:13:30PM +0300, Evgeniy Baskov wrote:
> Ensure WP bit to be set to prevent boot code from writing to
> non-writable memory pages.
> 
> Tested-by: Mario Limonciello <mario.limonciello@amd.com>
> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru>
> ---
>  arch/x86/boot/compressed/head_64.S | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
> index 03c4328a88cb..01fa42d31648 100644
> --- a/arch/x86/boot/compressed/head_64.S
> +++ b/arch/x86/boot/compressed/head_64.S
> @@ -660,9 +660,8 @@ SYM_CODE_START(trampoline_32bit_src)
>  	pushl	$__KERNEL_CS
>  	pushl	%eax
>  
> -	/* Enable paging again. */
> -	movl	%cr0, %eax
> -	btsl	$X86_CR0_PG_BIT, %eax
> +	/* Enable paging and set CR0 to known state (this also sets WP flag) */
> +	movl	$CR0_STATE, %eax

This sets a lot more than WP. Why?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  reply	other threads:[~2023-04-05 17:55 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-14 10:13 [PATCH v5 00/27] x86_64: Improvements at compressed kernel stage Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 01/27] x86/boot: Align vmlinuz sections on page size Evgeniy Baskov
2023-04-05 17:13   ` Borislav Petkov
2023-04-08 15:03     ` Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 02/27] x86/build: Remove RWX sections and align on 4KB Evgeniy Baskov
2023-04-05 17:40   ` Borislav Petkov
2023-04-06 11:42     ` Gerd Hoffmann
2023-04-08 15:05     ` Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 03/27] x86/boot: Set cr0 to known state in trampoline Evgeniy Baskov
2023-04-05 17:54   ` Borislav Petkov [this message]
2023-04-08 15:09     ` Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 04/27] x86/boot: Increase boot page table size Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 05/27] x86/boot: Support 4KB pages for identity mapping Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 06/27] x86/boot: Setup memory protection for bzImage code Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 07/27] x86/build: Check W^X of vmlinux during build Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 08/27] x86/boot: Map memory explicitly Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 09/27] x86/boot: Remove mapping from page fault handler Evgeniy Baskov
2023-03-14 20:33   ` Andy Lutomirski
2023-03-15 13:25     ` Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 10/27] efi/libstub: Move helper function to related file Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 11/27] x86/boot: Make console interface more abstract Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 12/27] x86/boot: Make kernel_add_identity_map() a pointer Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 13/27] x86/boot: Split trampoline and pt init code Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 14/27] x86/boot: Add EFI kernel extraction interface Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 15/27] efi/x86: Support extracting kernel from libstub Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 16/27] x86/boot: Reduce lower limit of physical KASLR Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 17/27] x86: decompressor: Remove the 'bugger off' message Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 18/27] tools/include: Add simplified version of pe.h Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 19/27] x86/build: Cleanup tools/build.c Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 20/27] efi: x86: Use private copy of struct setup_header Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 21/27] x86/build: Add SETUP_HEADER_OFFSET constant Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 22/27] x86/build: set type_of_loader for EFISTUB Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 23/27] efi/libstub: Don't set ramdisk_image/ramdisk_size Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 24/27] x86/build: Make generated PE more spec compliant Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 25/27] efi/libstub: Use memory attribute protocol Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 26/27] efi/libstub: make memory protection warnings include newlines Evgeniy Baskov
2023-03-14 10:13 ` [PATCH v5 27/27] efi/x86: don't try to set page attributes on 0-sized regions Evgeniy Baskov
2023-03-14 21:23 ` [PATCH v5 00/27] x86_64: Improvements at compressed kernel stage Andy Lutomirski
2023-03-14 23:20   ` Andy Lutomirski
2023-03-15  9:04     ` Gerd Hoffmann
2023-03-15 17:57     ` Peter Jones
2023-04-05 16:17       ` Borislav Petkov
2023-03-15 13:25   ` Evgeniy Baskov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230405175441.GFZC214WxyhULbtl3P@fat_crate.local \
    --to=bp@alien8.de \
    --cc=ardb@kernel.org \
    --cc=baskov@ispras.ru \
    --cc=dave.hansen@linux.intel.com \
    --cc=jlee@suse.com \
    --cc=khoroshilov@ispras.ru \
    --cc=kraxel@redhat.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=lvc-project@linuxtesting.org \
    --cc=mario.limonciello@amd.com \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pjones@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).