| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Aug 2008 18:49:49 -0700
From: "Yinghai Lu" <yhlu.kernel@...il.com>
To: "Jeremy Fitzhardinge" <jeremy@...p.org>
Cc: "Ingo Molnar" <mingo@...e.hu>,
"Rafał Miłecki" <zajec5@...il.com>,
"Alan Jenkins" <alan-jenkins@...fmail.co.uk>,
"Hugh Dickens" <hugh@...itas.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC] x86: check for and defend against BIOS memory corruption
On Thu, Aug 28, 2008 at 12:52 PM, Jeremy Fitzhardinge <jeremy@...p.org> wrote:
> Some BIOSes have been observed to corrupt memory in the low 64k. This
> patch does two things:
> - Reserves all memory which does not have to be in that area, to
> prevent it from being used as general memory by the kernel. Things
> like the SMP trampoline are still in the memory, however.
> - Clears the reserved memory so we can observe changes to it.
> - Adds a function check_for_bios_corruption() which checks and reports on
> memory becoming unexpectedly non-zero. Currently it's called in the
> x86 fault handler, and the powermanagement debug output.
>
> RFC: What other places should we check for corruption in?
>
> [ Alan, Rafał: could you check you see:
> 1: corruption messages
> 2: no crashes
> Thanks -J
> ]
>
> Signed-off-by: Jeremy Fitzhardinge <jeremy@...p.org>
> Cc: Alan Jenkins <alan-jenkins@...fmail.co.uk>
> Cc: Hugh Dickens <hugh@...itas.com>
> Cc: Ingo Molnar <mingo@...e.hu>
> Cc: Rafael J. Wysocki <rjw@...k.pl>
> Cc: Rafał Miłecki <zajec5@...il.com>
> Cc: H. Peter Anvin <hpa@...or.com>
> ---
> Documentation/kernel-parameters.txt | 5 ++
> arch/x86/Kconfig | 3 +
> arch/x86/kernel/setup.c | 86 +++++++++++++++++++++++++++++++++++
> arch/x86/mm/fault.c | 2
> drivers/base/power/main.c | 1
> include/linux/kernel.h | 12 ++++
> 6 files changed, 109 insertions(+)
>
> ===================================================================
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -359,6 +359,11 @@
> BayCom Serial Port AX.25 Modem (Half Duplex Mode)
> Format: <io>,<irq>,<mode>
> See header of drivers/net/hamradio/baycom_ser_hdx.c.
> +
> + bios_corruption_check=0/1 [X86]
> + Some BIOSes seem to corrupt the first 64k of memory
> + when doing things like suspend/resume. Setting this
> + option will scan the memory looking for corruption.
>
> boot_delay= Milliseconds to delay each printk during boot.
> Values larger than 10 seconds (10000) are changed to
> ===================================================================
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -203,6 +203,9 @@
> bool
> depends on X86_SMP || (X86_VOYAGER && SMP) || (64BIT && ACPI_SLEEP)
> default y
> +
> +config X86_CHECK_BIOS_CORRUPTION
> + def_bool y
>
> config KTIME_SCALAR
> def_bool X86_32
> ===================================================================
> --- a/arch/x86/kernel/setup.c
> +++ b/arch/x86/kernel/setup.c
> @@ -582,6 +582,88 @@
> struct x86_quirks *x86_quirks __initdata = &default_x86_quirks;
>
> /*
> + * Some BIOSes seem to corrupt the low 64k of memory during events
> + * like suspend/resume and unplugging an HDMI cable. Reserve all
> + * remaining free memory in that area and fill it with a distinct
> + * pattern.
> + */
> +#ifdef CONFIG_X86_CHECK_BIOS_CORRUPTION
> +#define MAX_SCAN_AREAS 8
> +static struct e820entry scan_areas[MAX_SCAN_AREAS];
> +static int num_scan_areas;
> +
> +static void __init setup_bios_corruption_check(void)
> +{
> + u64 addr = PAGE_SIZE; /* assume first page is reserved anyway */
> +
can you please not punish systems without this bios problem?
if (!bios_corruption_check)
return;
> + while(addr < 0x10000 && num_scan_areas < MAX_SCAN_AREAS) {
> + u64 size;
> + addr = find_e820_area_size(addr, &size, PAGE_SIZE);
> +
> + if (addr == 0)
> + break;
> +
> + if ((addr + size) > 0x10000)
> + size = 0x10000 - addr;
> +
> + if (size == 0)
> + break;
> +
> + e820_update_range(addr, size, E820_RAM, E820_RESERVED);
> + scan_areas[num_scan_areas].addr = addr;
> + scan_areas[num_scan_areas].size = size;
> + num_scan_areas++;
> +
> + /* Assume we've already mapped this early memory */
> + memset(__va(addr), 0, size);
> +
> + addr += size;
> + }
> +
> + printk(KERN_INFO "scanning %d areas for BIOS corruption\n",
> + num_scan_areas);
> + update_e820();
> +}
> +
> +static int __read_mostly bios_corruption_check = 1;
move earlier and
bios_corruption_check = 0;
BTW: SMI evil damaged that area?
YH
Powered by blists - more mailing lists