| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Apr 2023 17:08:51 -0700
From: Anthony Yznaga <anthony.yznaga@...cle.com>
To: linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, x86@...nel.org,
hpa@...or.com, dave.hansen@...ux.intel.com, luto@...nel.org,
peterz@...radead.org, rppt@...nel.org, akpm@...ux-foundation.org,
ebiederm@...ssion.com, keescook@...omium.org, graf@...zon.com,
jason.zeng@...el.com, lei.l.li@...el.com,
steven.sistare@...cle.com, fam.zheng@...edance.com,
mgalaxy@...mai.com, kexec@...ts.infradead.org
Subject: [RFC v3 15/21] kexec: PKRAM: prevent kexec clobbering preserved pages in some cases
When loading a kernel for kexec, dynamically update the list of physical
ranges that are not to be used for storing preserved pages with the ranges
where kexec segments will be copied to on reboot. This ensures no pages
preserved after the new kernel has been loaded will reside in these ranges
on reboot.
Not yet handled is the case where pages have been preserved before a
kexec kernel is loaded. This will be covered by a later patch.
Signed-off-by: Anthony Yznaga <anthony.yznaga@...cle.com>
---
kernel/kexec.c | 9 +++++++++
kernel/kexec_file.c | 10 ++++++++++
2 files changed, 19 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 92d301f98776..cd871fc07c65 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -16,6 +16,7 @@
#include <linux/syscalls.h>
#include <linux/vmalloc.h>
#include <linux/slab.h>
+#include <linux/pkram.h>
#include "kexec_internal.h"
@@ -153,6 +154,14 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
if (ret)
goto out;
+ for (i = 0; i < nr_segments; i++) {
+ unsigned long mem = image->segment[i].mem;
+ size_t memsz = image->segment[i].memsz;
+
+ if (memsz)
+ pkram_ban_region(PFN_DOWN(mem), PFN_UP(mem + memsz) - 1);
+ }
+
/* Install the new kernel and uninstall the old */
image = xchg(dest_image, image);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f1a0e4e3fb5c..ca2aa2d61955 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -27,6 +27,8 @@
#include <linux/kernel_read_file.h>
#include <linux/syscalls.h>
#include <linux/vmalloc.h>
+#include <linux/pkram.h>
+
#include "kexec_internal.h"
#ifdef CONFIG_KEXEC_SIG
@@ -403,6 +405,14 @@ static int kexec_image_verify_sig(struct kimage *image, void *buf,
if (ret)
goto out;
+ for (i = 0; i < image->nr_segments; i++) {
+ unsigned long mem = image->segment[i].mem;
+ size_t memsz = image->segment[i].memsz;
+
+ if (memsz)
+ pkram_ban_region(PFN_DOWN(mem), PFN_UP(mem + memsz) - 1);
+ }
+
/*
* Free up any temporary buffers allocated which are not needed
* after image has been loaded
--
1.9.4
Powered by blists - more mailing lists