| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Dec 2019 13:22:01 +0800
From: Dave Young <dyoung@...hat.com>
To: Michael Weiser <michael@...ser.dinsnail.net>
Cc: linux-efi@...r.kernel.org,
Ard Biesheuvel <ard.biesheuvel@...aro.org>, x86@...nel.org,
kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: kexec_file overwrites reserved EFI ESRT memory
On 12/03/19 at 10:11pm, Michael Weiser wrote:
> Hi Dave,
>
> On Tue, Dec 03, 2019 at 07:54:35PM +0800, Dave Young wrote:
>
> > > Neither adding add_efi_memmap nor adding your patch and setting that option
> > > does make the ESRT memory region appear in /proc/iomem. kexec_file still
> > > loads the kernel across the ESRT region.
> > Hmm, sorry, my bad, actuall add_efi_memmap does not consider the
> > EFI_MEMORY_RUNTIME attribute, it only reads the memory descriptor types.
>
> > Will read your replied information later, did not get time today, but
> > probably below chunk can help?
>
> > diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
> > index 3b9fd679cea9..516307617621 100644
> > --- a/arch/x86/platform/efi/quirks.c
> > +++ b/arch/x86/platform/efi/quirks.c
> > @@ -293,6 +293,8 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size)
> > early_memunmap(new, new_size);
>
> > efi_memmap_install(new_phys, num_entries);
> > + e820__range_update(addr, size, E820_TYPE_RAM, E820_TYPE_RESERVED);
> > + e820__update_table(e820_table);
> > }
>
> > /*
>
> Yes, that did it:
>
> 00000000-00000fff : Reserved
> 00001000-0009efff : System RAM
> 0009f000-000fffff : Reserved
> 000a0000-000bffff : PCI Bus 0000:00
> 000e0000-000e3fff : PCI Bus 0000:00
> 000e4000-000e7fff : PCI Bus 0000:00
> 000e8000-000ebfff : PCI Bus 0000:00
> 000ec000-000effff : PCI Bus 0000:00
> 000f0000-000fffff : PCI Bus 0000:00
> 000f0000-000fffff : System ROM
> 00100000-74dd1fff : System RAM
> 65000000-6affffff : Crash kernel
> 74dd2000-74dd2fff : Reserved <----- ESRT
> 74dd3000-763f5fff : System RAM
> 763f6000-79974fff : Reserved
> 79975000-799f1fff : ACPI Tables
> 799f2000-79aa6fff : ACPI Non-volatile Storage
> 79a17000-79a17fff : USBC000:00
Ok, good to know it works. I will think about it and file a patch
later. There are more things to consider, eg. kexec reboot multiple
times, userspace kexec loader etc.
If we choose to fix it in kexec_file path to avoid those region then we
need to do same in userspace, there will be compatibility issues so I
would still prefer to go with this way you tested.
BTW, on my laptop the ESRT stays in EFI runtime area so I do not see the
problem. This should be machine/firmware specific.
Here is the info on my laptop:
[ 0.000000] efi: mem34: [Runtime Data |RUN| | | | | | | |WB|WT|WC|UC] range=[0x000000007a4b0000-0x000000007a676fff] (1MB)
[ 0.020670] esrt: Reserving ESRT space from 0x000000007a4ec000 to 0x000000007a4ec088.
Thanks
Dave
Powered by blists - more mailing lists