| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241127190343.44916-1-dwmw2@infradead.org>
Date: Wed, 27 Nov 2024 19:00:14 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: kexec@...ts.infradead.org
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
David Woodhouse <dwmw@...zon.co.uk>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Kai Huang <kai.huang@...el.com>,
Nikolay Borisov <nik.borisov@...e.com>,
linux-kernel@...r.kernel.org,
Simon Horman <horms@...nel.org>,
Dave Young <dyoung@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
jpoimboe@...nel.org,
bsz@...zon.de
Subject: [RFC PATCH v4 00/20] x86/kexec: Add exception handling for relocate_kernel and further yak-shaving
Debugging kexec failures is painful, as anything going wrong in execution
of the critical relocate_kernel() function tends to just lead to a triple
fault. Thus leading to *weeks* of my life that I won't get back. Having
hacked something up for my own use, I figured I should share it...
Add a CONFIG_KEXEC_DEBUG option which sets up a trivial exception handler
in that environment, and outputs to the early_printk serial console if
configured. Currently only I/O-based 8250 serial ports are supported, but
that could be extended.
While we're here, clean the code up a little and fix some other problems.
Most notably, load a suitable GDT on the way back into the kernel after a
KEXEC_PRESERVE_CONTEXT invocation instead of trusting the called code to do
so. And (new in v4) fix the interaction of PTI and the identmap code so that
it doesn't scribble over the end of the 4KiB region allocated for the PGD
expecting there to be a userspace PGD there.
I should probably bring the i386 version into line with this, although
the lack of rip-based addressing makes all the PIC code a bit harder.
David Woodhouse (20):
x86/kexec: Restore GDT on return from preserve_context kexec
x86/kexec: Clean up and document register use in relocate_kernel_64.S
x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S
x86/kexec: Only swap pages for preserve_context mode
x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
x86/kexec: Allocate PGD for x86_64 transition page tables separately
x86/kexec: Copy control page into place in machine_kexec_prepare()
x86/kexec: Invoke copy of relocate_kernel() instead of the original
x86/kexec: Move relocate_kernel to kernel .data section
x86/kexec: Add data section to relocate_kernel
x86/kexec: Drop page_list argument from relocate_kernel()
x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page
x86/kexec: Clean up register usage in relocate_kernel()
x86/kexec: Mark relocate_kernel page as ROX instead of RWX
x86/kexec: Add CONFIG_KEXEC_DEBUG option
x86/kexec: Debugging support: load a GDT
x86/kexec: Debugging support: Load an IDT and basic exception entry points
x86/kexec: Debugging support: Dump registers on exception
x86/kexec: Add 8250 serial port output
[DO NOT MERGE] x86/kexec: Add int3 in kexec path for testing
arch/x86/Kconfig.debug | 8 +
arch/x86/include/asm/kexec.h | 34 +++-
arch/x86/include/asm/pgtable_types.h | 8 +-
arch/x86/include/asm/sections.h | 1 +
arch/x86/kernel/callthunks.c | 6 +
arch/x86/kernel/early_printk.c | 6 +
arch/x86/kernel/machine_kexec_64.c | 121 +++++++----
arch/x86/kernel/relocate_kernel_64.S | 385 +++++++++++++++++++++++++++--------
arch/x86/kernel/vmlinux.lds.S | 16 +-
arch/x86/mm/ident_map.c | 6 +-
arch/x86/mm/pti.c | 2 +-
11 files changed, 457 insertions(+), 136 deletions(-)
Powered by blists - more mailing lists