lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKv+Gu8bYzctzXKdYVDUDte=KoCPS1bzVoA6JYmidbc0ZrcZ+A@mail.gmail.com>
Date:   Sat, 24 Feb 2018 08:03:58 +0000
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Tyler Baicar <tbaicar@...eaurora.org>,
        James Morse <james.morse@....com>,
        AKASHI Takahiro <takahiro.akashi@...aro.org>
Cc:     linux-efi@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jeff Hugo <jhugo@...eaurora.org>,
        Sameer Goel <sgoel@...eaurora.org>,
        Timur Tabi <timur@...eaurora.org>
Subject: Re: [PATCH 2/2] efi/esrt: mark ESRT memory region as nomap

Hi Tyler,

On 23 February 2018 at 19:42, Tyler Baicar <tbaicar@...eaurora.org> wrote:
> The ESRT memory region is being exposed as System RAM in /proc/iomem
> which is wrong because it cannot be overwritten. This memory is needed
> for kexec kernels in order to properly initialize ESRT, so if it is
> overwritten it will cause ESRT failures in the kexec kernel. Mark this
> region as nomap so that it is not overwritten.
>

This is not the right fix. We should only mark regions NOMAP if it is
uncertain whether the firmware may have a mapping of the same region
with mismatched attributes. NOMAP regions punch holes in the linear
region, increasing its TLB footprint significantly, so we should avoid
them if we can.

This same issue has come up in relation to mapping ACPI tables after
kexec. This should simply be a matter of ensuring that all
memblock_reserve()d region appear as such in /proc/iomem rather than
as 'System RAM'

> Signed-off-by: Tyler Baicar <tbaicar@...eaurora.org>
> Tested-by: Jeffrey Hugo <jhugo@...eaurora.org>
> ---
>  drivers/firmware/efi/esrt.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/drivers/firmware/efi/esrt.c b/drivers/firmware/efi/esrt.c
> index 504f3c3..f5f79c7 100644
> --- a/drivers/firmware/efi/esrt.c
> +++ b/drivers/firmware/efi/esrt.c
> @@ -335,6 +335,14 @@ void __init efi_esrt_init(void)
>         pr_info("Reserving ESRT space from %pa to %pa.\n", &esrt_data, &end);
>         efi_mem_reserve(esrt_data, esrt_data_size);
>
> +       /*
> +        * Mark the ESRT memory region as nomap to avoid it being exposed as
> +        * System RAM in /proc/iomem. Otherwise this block can be overwritten
> +        * which will then cause failures in kexec'd kernels since the ESRT
> +        * information is no longer there.
> +        */
> +       memblock_mark_nomap(esrt_data, esrt_data_size);
> +
>         pr_debug("esrt-init: loaded.\n");
>  err_memunmap:
>         early_memunmap(va, size);
> --
> Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc.
> Qualcomm Technologies, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ