lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 20 Aug 2021 18:04:18 +0200
From:   Joerg Roedel <joro@...tes.org>
To:     David Laight <David.Laight@...lab.com>
Cc:     'Ard Biesheuvel' <ardb@...nel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "hpa@...or.com" <hpa@...or.com>, Joerg Roedel <jroedel@...e.de>,
        Kees Cook <keescook@...omium.org>,
        Andy Lutomirski <luto@...nel.org>,
        Uros Bizjak <ubizjak@...il.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Fabio Aiuto <fabioaiuto83@...il.com>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH] x86/efi: Restore Firmware IDT in before
 ExitBootServices()

On Fri, Aug 20, 2021 at 03:46:11PM +0000, David Laight wrote:
> So load a temporary IDT so that you can detect invalid instructions
> and restore the UEFI IDT immediately afterwards?

Going forward with SEV-SNP, the IDT is not only needed for special
instructions, but also to detect when the hypervisor is doing fishy
things with the guests memory, which could happen at _any_ instruction
boundary.

> I'm guessing the GDT is changed in order to access all of physical
> memory (well enough to load the kernel).

The kernels GDT is needed to switch from 32-bit protected mode to long
mode, where it calls ExitBootServices().

I think the reason is to avoid compiling a 64-bit and a 32-bit EFI
library into the decompressor stub. With a 32-bit library the kernel
could call ExitBootServices() right away before it jumps to startup_32.
But it only has the 64-bit library, so it has to switch to long-mode
first before it make subsequent EFI calls.

> Could that be done using the LDT?
> It is unlikely that the UEFI cares about that?

Well, I guess it could work via the LDT too, but the current GDT
switching code if proven to work on exiting BIOSes and I'd rather not
change it to something less proven when there is no serious problem with
it.

> Is this 32bit non-paged code?
> Running that with a physical memory offset made my head hurt.

Yes, 32-bit EFI launches the kernel in 32-bit protected mode, paging
disabled. I think that it also has to use a flat segmentation model
without offsets. But someone who knows the EFI spec better than me can
correct me here :)

Regards,

	Joerg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ