| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.11.1805031017420.1259@eggly.anvils>
Date: Thu, 3 May 2018 10:19:53 -0700 (PDT)
From: Hugh Dickins <hughd@...gle.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
cc: "Kirill A. Shutemov" <kirill@...temov.name>,
Hugh Dickins <hughd@...gle.com>,
Ingo Molnar <mingo@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH] x86/boot/compressed: Exclude 'top_pgtable' from
relocation
On Thu, 3 May 2018, Kirill A. Shutemov wrote:
> On Thu, May 03, 2018 at 08:38:49AM +0000, Kirill A. Shutemov wrote:
> > The patch is bogus and I still don't understand what is going on.
>
> I think I found the issue. Could you check the patch below:
Sorry, no good on either machine, immediate reboot as before.
I'm gathering the info you asked, will send privately in an hour or so.
Hugh
>
> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
> index fca012baba19..86169ae1c536 100644
> --- a/arch/x86/boot/compressed/head_64.S
> +++ b/arch/x86/boot/compressed/head_64.S
> @@ -370,10 +370,13 @@ trampoline_return:
> /*
> * cleanup_trampoline() would restore trampoline memory.
> *
> + * RDI is address of the page table to use (if required).
> + *
> * RSI holds real mode data and needs to be preserved across
> * this function call.
> */
> pushq %rsi
> + leaq top_pgtable(%rbx), %rdi
> call cleanup_trampoline
> popq %rsi
>
> @@ -647,5 +650,14 @@ boot_stack_end:
> */
> .section ".pgtable","a",@nobits
> .balign 4096
> + .global pgtable
> pgtable:
> .fill BOOT_PGT_SIZE, 1, 0
> +
> +/*
> + * The page table is going to be used instead of page table in the trampoline
> + * memory.
> + */
> + .global top_pgtable
> +top_pgtable:
> + .fill PAGE_SIZE, 1, 0
> diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c
> index 32af1cbcd903..a362fa0b849c 100644
> --- a/arch/x86/boot/compressed/pgtable_64.c
> +++ b/arch/x86/boot/compressed/pgtable_64.c
> @@ -22,14 +22,6 @@ struct paging_config {
> /* Buffer to preserve trampoline memory */
> static char trampoline_save[TRAMPOLINE_32BIT_SIZE];
>
> -/*
> - * The page table is going to be used instead of page table in the trampoline
> - * memory.
> - *
> - * It must not be in BSS as BSS is cleared after cleanup_trampoline().
> - */
> -static char top_pgtable[PAGE_SIZE] __aligned(PAGE_SIZE) __section(.data);
> -
> /*
> * Trampoline address will be printed by extract_kernel() for debugging
> * purposes.
> @@ -134,7 +126,7 @@ struct paging_config paging_prepare(void)
> return paging_config;
> }
>
> -void cleanup_trampoline(void)
> +void cleanup_trampoline(void *pgtable)
> {
> void *trampoline_pgtable;
>
> @@ -145,8 +137,8 @@ void cleanup_trampoline(void)
> * if it's there.
> */
> if ((void *)__native_read_cr3() == trampoline_pgtable) {
> - memcpy(top_pgtable, trampoline_pgtable, PAGE_SIZE);
> - native_write_cr3((unsigned long)top_pgtable);
> + memcpy(pgtable, trampoline_pgtable, PAGE_SIZE);
> + native_write_cr3((unsigned long)pgtable);
> }
>
> /* Restore trampoline memory */
> --
> Kirill A. Shutemov
>
Powered by blists - more mailing lists