| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1203041409.27930.11.camel@caritas-dev.intel.com> Date: Fri, 15 Feb 2008 10:10:09 +0800 From: "Huang, Ying" <ying.huang@...el.com> To: Andi Kleen <ak@...e.de> Cc: Ingo Molnar <mingo@...hat.com>, ThomasGleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] x86: EFI runtime code mapping enhancement On Thu, 2008-02-14 at 13:06 +0100, Andi Kleen wrote: > > For EFI runtime service in virtual mode, using direct mapping is mainly > > for kexec, where EFI runtime memory area need to be mapped at same > > virtual address across kexec. > > I see. I didn't consider this aspect. > > > - Use direct mapping of kernel, clean NX bit from kernel page table > > temporarily before/after EFI calling. This needs not split 2M page into > > 4K pages, because the region changed is aligned with 2M. And, because > > the changing is temporary, a little larger region is not a big issue. > > I would just do it permanently. Because during early boot stage, alloc_page() is not available. If we do it there, we must make more pages executable to avoid alloc_page(). It may be acceptable for 2M mapping (aligned memory range with 2M), but I think it is not acceptable for 1G mapping (aligned memory range with 1G). Maybe it is the better method that always using the fixmap (efi_ioremap) to map executable memory area to avoid split large mapping. > > Aligning > > EFI runtime code region with 1G seems not a good idea too. I think a > > better method is adding a non-split mode to c_p_a(), where the region > > changed is enlarged if necessary to avoid page allocation. This can be > > used to implement early_set_memory_xx(). The early_set_memory_xx() > > instead of duplicated c_p_a() variant can be used by EFI code. > > I attempted something like this with my advisory vs required static > protections last week, but it was rejected. > > But yes having such a mode would make sense agreed. > > The easiest way (as in least amount of code) to implement it actually > is to just bypass set_memory_*() and just do the lookup_address() yourself > and clear NX and do a global TLB flush. For the special case of NX > that is fine because you don't need to worry about fixing up any aliases. This is the original method. The issue is that it must be synced with set_memory_*() and lookup_address() implementation. For example, it lacked 1G support when that is added to lookup_address(). Best Regards, Huang Ying -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists