lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Nov 2015 09:18:20 +0100 From: Ingo Molnar <mingo@...nel.org> To: Matt Fleming <matt@...eblueprint.co.uk> Cc: Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>, Toshi Kani <toshi.kani@...com>, linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...el.com>, Dave Jones <davej@...emonkey.org.uk>, Denys Vlasenko <dvlasenk@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>, Stephen Smalley <sds@...ho.nsa.gov> Subject: Re: [GIT PULL v4 0/6] EFI page table isolation * Matt Fleming <matt@...eblueprint.co.uk> wrote: > Folks, > > This patch series is a response to the report that the EFI region > mappings trigger warnings when booting with CONFIG_DEBUG_WX enabled. > They allocate a new page table structure and ensure that all the > mappings we require during EFI runtime calls are only setup there. > > It turns out that it still makes sense to share some page table > entries with 'swapper_pg_dir', just not the entries where we need to > allow security lax permissions. Sharing entries is useful for memory > hotplug, for example. > > When writing this series I discovered a number of bugs in the existing > code that only became apparent when we stopped using 'trampoline_pgd' > which already mapped a bunch of things for us. I've put those bug > fixes at the start of the series. > > Further testing would be very much appreciated as this is a > notoriously funky area of the EFI code. Ok, this series looks great to me - I've applied this to tip:x86/efi and will push it out to linux-next after it passes some local testing. There should be time enough before v4.5 to figure out potential bugs. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists