lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrUqbmCQrWLoxw7nVQAPsu5UQ-McJx9dCsicHmH=XzzFtQ@mail.gmail.com>
Date:	Wed, 10 Aug 2016 06:18:19 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Ingo Molnar <mingo@...nel.org>
Cc:	Mario Limonciello <mario_limonciello@...l.com>,
	Borislav Petkov <bp@...en8.de>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Matthew Garrett <mjg59@...f.ucam.org>, X86 ML <x86@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>, Matt Fleming <mfleming@...e.de>
Subject: Re: [PATCH v2 0/5] Allow the trampoline to use EFI boot services RAM

On Aug 10, 2016 3:31 PM, "Ingo Molnar" <mingo@...nel.org> wrote:
>
>
> One side note:
>
> * Andy Lutomirski <luto@...nel.org> wrote:
>
> > This series fixes it the other way: it allow the trampoline to live
> > in boot services memory.  It achieves this by deferring the panic
> > due to failure to reserve a trampoline until early_initcall time
> > and then adjusting the EFI boot services quirk to reserve space
> > for the trampoline if we haven't already found it a home.
>
> >   x86/efi: Allocate a trampoline if needed in efi_free_boot_services()
>
> Btw., this means that we first try to allocate the trampoline the old fashioned
> way, and in the rare cases this fails we allocate it from the EFI data area,
> right?

Yes, exactly.

>
> This is problematic from the probability management POV: we are creating a rare
> piece of code that will run only on a select few systems.
>
> I think it would be much better to allocate the trampoline from the EFI area on
> all EFI systems by default. Is there any reason why that would not work?

I think most EFI systems don't have any boot services below 1MB, so
that wouldn't work.

We could try allocating from EFI more generically, but that sounds
much scarier.  The EFI memory map code is tangled with the e820 code
and the memblock code, and I'd be nervous about confusing the e820
code or accidentally allocating blacklisted RAM (EBDA,
Sandybridge-quirked, etc.)  The code I wrote should only allocate the
trampoline at a different address than current kernels in cases where
current kernels would panic.

I don't like it either, but after scratching my head for a while I
didn't come up with anything better.  At least the actual special case
is only a couple lines of code.

--Andy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ