lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 29 Oct 2014 16:19:26 +0100
From:	Mathias Krause <minipli@...glemail.com>
To:	Matt Fleming <matt@...sole-pimps.org>
Cc:	Borislav Petkov <bp@...en8.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	x86-ml <x86@...nel.org>, Matt Fleming <matt.fleming@...el.com>
Subject: Re: [PATCHv2 1/3] x86, ptdump: Add section for EFI runtime services

On 29 October 2014 15:20, Matt Fleming <matt@...sole-pimps.org> wrote:
> On Tue, 28 Oct, at 10:14:25PM, Mathias Krause wrote:
>>
>> Mapping the kernel into the EFI page table may help ;) Then the
>> kernel's #PF handler would be present and able to print a register
>> dump, at least.
>
> The kernel is already mapped into the EFI page table.

I was referring to Boris' ongoing work, trying to completely separate
the EFI page table from the kernel's. He was hinting to only map the
data parts of the kernel into the EFI page table and only for the
actual EFI call. But that's not such a good idea, IMHO, as explained
below.

>
>> So, assuming you're not mapping the EFI virtual mappings below the
>> pgd[511] hierarchy, making pgd[511] equal init_level4_pgt[511] should
>> help in this case. In fact, you need to map portions of the kernel
>> into the EFI page table anyway. Otherwise the EFI code wouldn't be
>> able to access, e.g., the data it should write to NVRAM. So the EFI
>> code would just trap and trigger a #PF -- and because of the missing
>> #PF handler, a #DF -- and because of the missing #DF handler the
>> triple fault. ;)
>
> Exactly.

>
> We don't setup a separate page table for EFI calls for any kind of
> isolation, we do it to make use of the existing 1:1 mappings in
> trampoline_pgd because some firmware directly reference physical
> addresses at runtime.

Ah, that makes sense now. I though we need those only for the
SetVirtualAddressMap transition.

> It actually doesn't work too well in practice,
> because you soon hit other issues on those firmware, but there you go.
>
> So the fact that we have EFI mappings in init_level4_pgt[] isn't
> indicative of any kind of bug, it's potentially a bit unclean, but
> that's about it.

Well, not only unclean but ugly, because of the RWX mappings. That's
all I was complaining about. I tried to make those r/o and nx during
normal operation and only change the attributes to RWX for the EFI
call but unfortunately set_memory_{x,nx,ro,rw} don't like to be called
with interrupts/preemption disabled.
Maybe moving the EFI virtual mappings to another pgd slot will make it
possible as in this case only the pgd entry needs to be modified. But
I leave those experiments to Boris. I had enough "fun" with EFI
already ;)

Regards,
Mathias
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ