lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200802141306.17642.ak@suse.de>
Date:	Thu, 14 Feb 2008 13:06:17 +0100
From:	Andi Kleen <ak@...e.de>
To:	"Huang, Ying" <ying.huang@...el.com>
Cc:	Ingo Molnar <mingo@...hat.com>,
	ThomasGleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86: EFI runtime code mapping enhancement


> For EFI runtime service in virtual mode, using direct mapping is mainly
> for kexec, where EFI runtime memory area need to be mapped at same
> virtual address across kexec. 

I see. I didn't consider this aspect.

> - Use direct mapping of kernel, clean NX bit from kernel page table
> temporarily before/after EFI calling. This needs not split 2M page into
> 4K pages, because the region changed is aligned with 2M. And, because
> the changing is temporary, a little larger region is not a big issue.

I would just do it permanently. 

> Aligning 
> EFI runtime code region with 1G seems not a good idea too. I think a
> better method is adding a non-split mode to c_p_a(), where the region
> changed is enlarged if necessary to avoid page allocation. This can be
> used to implement early_set_memory_xx(). The early_set_memory_xx()
> instead of duplicated c_p_a() variant can be used by EFI code.

I attempted something like this with my advisory vs required static
protections last week, but it was rejected.

But yes having such a mode would make sense agreed. 

The easiest way (as in least amount of code) to implement it actually 
is to just bypass set_memory_*() and just do the lookup_address() yourself 
and clear NX and do a global TLB flush. For the special case of NX
that is fine because you don't need to worry about fixing up any aliases.

-Andi
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ