lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <D5XXP2PU3PUK.3HN27QB1GEW09@amazon.com>
Date: Thu, 28 Nov 2024 15:58:02 +0000
From: Nicolas Saenz Julienne <nsaenz@...zon.com>
To: Dave Young <dyoung@...hat.com>
CC: Ard Biesheuvel <ardb@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
	<dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H . Peter Anvin"
	<hpa@...or.com>, Matt Fleming <matt@...eblueprint.co.uk>,
	<linux-efi@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<stanspas@...zon.de>, <nh-open-source@...zon.com>, <stable@...r.kernel.org>,
	<kexec@...ts.infradead.org>
Subject: Re: [PATCH v2 2/2] x86/efi: Apply EFI Memory Attributes after kexec

Hi Dave,

On Fri Nov 22, 2024 at 1:03 PM UTC, Dave Young wrote:
> On Wed, 13 Nov 2024 at 02:53, Nicolas Saenz Julienne <nsaenz@...zon.com> wrote:
>>
>> Kexec bypasses EFI's switch to virtual mode. In exchange, it has its own
>> routine, kexec_enter_virtual_mode(), which replays the mappings made by
>> the original kernel. Unfortunately, that function fails to reinstate
>> EFI's memory attributes, which would've otherwise been set after
>> entering virtual mode. Remediate this by calling
>> efi_runtime_update_mappings() within kexec's routine.
>
> In the function __map_region(), there are playing with the flags
> similar to the efi_runtime_update_mappings though it looks a little
> different.  Is this extra callback really necessary?

EFI Memory attributes aren't tracked through
`/sys/firmware/efi/runtime-map`, and as such, whatever happens in
`__map_region()` after kexec will not honor them.

> Have you seen a real bug happened?

If lowered security posture after kexec counts as a bug, yes. The system
remains stable otherwise.

Nicolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ