From: Guenter Roeck <linux@roeck-us.net>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Steven Sistare <steven.sistare@oracle.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Pavel Tatashin <pasha.tatashin@oracle.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@kernel.org>,
Hugh Dickins <hughd@google.com>, Thomas Voegtle <tv@lio96.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Shuah Khan <shuahkh@osg.samsung.com>,
patches@kernelci.org,
Ben Hutchings <ben.hutchings@codethink.co.uk>,
lkft-triage@lists.linaro.org, stable <stable@vger.kernel.org>,
Matt Fleming <matt@codeblueprint.co.uk>,
Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH 4.4 00/37] 4.4.110-stable review
Date: Thu, 11 Jan 2018 17:15:04 -0800 [thread overview]
Message-ID: <20180112011504.GA27166@roeck-us.net> (raw)
In-Reply-To: <alpine.DEB.2.20.1801112346370.2091@nanos>
On Thu, Jan 11, 2018 at 11:47:23PM +0100, Thomas Gleixner wrote:
> On Thu, 11 Jan 2018, Steven Sistare wrote:
> > On 1/11/2018 5:30 PM, Thomas Gleixner wrote:
> > > On Thu, 11 Jan 2018, Thomas Gleixner wrote:
> > >> On Thu, 11 Jan 2018, Linus Torvalds wrote:
> > >>
> > >>> On Thu, Jan 11, 2018 at 12:37 PM, Thomas Gleixner <tglx@linutronix.de> wrote:
> > >>>>
> > >>>> 67a9108ed431 ("x86/efi: Build our own page table structures")
> > >>>>
> > >>>> got rid of EFI depending on real_mode_header->trampoline_pgd
> > >>>
> > >>> So I think it only got rid of by default - the codepath is still
> > >>> there, the allocation is still there, it's just that it's not actually
> > >>> used unless somebody does that "efi=old_mmap" thing.
> > >>
> > >> Yes, the trampoline_pgd is still around, but I can't figure out how it
> > >> would be used after boot. Confused, digging more.
> > >
> > > So coming back to the same commit. From the changelog:
> > >
> > > This is caused by mapping EFI regions with RWX permissions.
> > > There isn't much we can do to restrict the permissions for these
> > > regions due to the way the firmware toolchains mix code and
> > > data, but we can at least isolate these mappings so that they do
> > > not appear in the regular kernel page tables.
> > >
> > > In commit d2f7cbe7b26a ("x86/efi: Runtime services virtual
> > > mapping") we started using 'trampoline_pgd' to map the EFI
> > > regions because there was an existing identity mapping there
> > > which we use during the SetVirtualAddressMap() call and for
> > > broken firmware that accesses those addresses.
> > >
> > > So this very commit gets rid of the (ab)use of trampoline_pgd and allocates
> > > efi_pgd, which we made use the proper size.
> > >
> > > trampoline_pgd is since then only used to get into long mode in
> > > realmode/rm/trampoline_64.S and for reboot in machine_real_restart().
> > >
> > > The runtime services stuff does not use it in kernel versions >= 4.6
> > >
> > > Thanks,
> > >
> > > tglx
> >
> > Yes, and addressing Linus' concern about EFI_OLD_MEMMAP, those paths are
> > independent of it. When EFI_OLD_MMAP is enabled, the efi pgd is not
> > used, and the bug will not bite.
>
> We have a fix queued in tip/x86/pti which addresses a missing NX clear, but
> that's a different story.
>
Since you are talking about NX, I see this in last night's -next:
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at fffffe0000007000
IP: 0xfffffe0000006e9d
PGD ffd6067 P4D ffd6067 PUD ffd5067 PMD ff73067 PTE 800000000fc09063
Oops: 0011 [#1] PREEMPT SMP PTI
Modules linked in:
CPU: 0 PID: 1 Comm: init Tainted: G W
4.15.0-rc7-next-20180111-yocto-standard #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:0xfffffe0000006e9d
RSP: 0018:ffffaee28000ffd0 EFLAGS: 00000006
RAX: 000000000000000c RBX: 0000000000400040 RCX: 00007f2c4186ad6a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb6a00000
RBP: 0000000000000008 R08: 000000000000037f R09: 0000000000000064
R10: 00000000078bfbfd R11: 0000000000000246 R12: 00007f2c41856a60
R13: 0000000000000000 R14: 0000000000402368 R15: 0000000000001000
FS: 0000000000000000(0000) GS:ffff95fecfc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffe0000007000 CR3: 000000000d88a000 CR4: 00000000003406f0
Call Trace:
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <90> 90 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 90 90 90
RIP: 0xfffffe0000006e9d RSP: ffffaee28000ffd0
CR2: fffffe0000007000
---[ end trace a82b8742114c1785 ]---
Is this the issue you are talking about, or is the fix triggering
the crash ?
Guenter
next prev parent reply other threads:[~2018-01-12 1:15 UTC|newest]
Thread overview: 156+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-03 20:11 [PATCH 4.4 00/37] 4.4.110-stable review Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 01/37] x86/boot: Add early cmdline parsing for options with arguments Greg Kroah-Hartman
2018-01-03 20:11 ` Greg Kroah-Hartman
2018-01-03 20:11 ` Greg Kroah-Hartman
2018-01-03 20:11 ` Greg Kroah-Hartman
2018-01-03 20:11 ` [kernel-hardening] [PATCH 4.4 02/37] KAISER: Kernel Address Isolation Greg Kroah-Hartman
2018-01-03 20:11 ` Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 03/37] kaiser: merged update Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 04/37] kaiser: do not set _PAGE_NX on pgd_none Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 05/37] kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 06/37] kaiser: fix build and FIXME in alloc_ldt_struct() Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 07/37] kaiser: KAISER depends on SMP Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 08/37] kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 09/37] kaiser: fix perf crashes Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 10/37] kaiser: ENOMEM if kaiser_pagetable_walk() NULL Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 11/37] kaiser: tidied up asm/kaiser.h somewhat Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 12/37] kaiser: tidied up kaiser_add/remove_mapping slightly Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 13/37] kaiser: kaiser_remove_mapping() move along the pgd Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 14/37] kaiser: cleanups while trying for gold link Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 15/37] kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 16/37] kaiser: delete KAISER_REAL_SWITCH option Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 17/37] kaiser: vmstat show NR_KAISERTABLE as nr_overhead Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 18/37] kaiser: enhanced by kernel and user PCIDs Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 19/37] kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 20/37] kaiser: PCID 0 for kernel and 128 for user Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 21/37] kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 22/37] kaiser: paranoid_entry pass cr3 need to paranoid_exit Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 23/37] kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 24/37] kaiser: fix unlikely error in alloc_ldt_struct() Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 25/37] kaiser: add "nokaiser" boot option, using ALTERNATIVE Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 26/37] x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 27/37] x86/kaiser: Check boottime cmdline params Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 28/37] kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 29/37] kaiser: drop is_atomic arg to kaiser_pagetable_walk() Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 30/37] kaiser: asm/tlbflush.h handle noPGE at lower level Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 31/37] kaiser: kaiser_flush_tlb_on_return_to_user() check PCID Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 32/37] x86/paravirt: Dont patch flush_tlb_single Greg Kroah-Hartman
2018-01-03 20:11 ` Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 33/37] x86/kaiser: Reenable PARAVIRT Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 34/37] kaiser: disabled on Xen PV Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 35/37] x86/kaiser: Move feature detection up Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 36/37] KPTI: Rename to PAGE_TABLE_ISOLATION Greg Kroah-Hartman
2018-01-03 20:11 ` [PATCH 4.4 37/37] KPTI: Report when enabled Greg Kroah-Hartman
2018-01-03 22:08 ` [PATCH 4.4 00/37] 4.4.110-stable review Nathan Chancellor
2018-01-04 8:10 ` Greg Kroah-Hartman
2018-01-04 6:50 ` Naresh Kamboju
2018-01-04 9:27 ` kernelci.org bot
2018-01-05 0:06 ` Kevin Hilman
2018-01-08 15:06 ` Guillaume Tucker
2018-01-04 16:38 ` Pavel Tatashin
2018-01-04 16:53 ` Greg Kroah-Hartman
2018-01-04 17:01 ` Guenter Roeck
2018-01-04 17:09 ` Greg Kroah-Hartman
2018-01-04 17:02 ` Pavel Tatashin
2018-01-04 17:03 ` Willy Tarreau
2018-01-04 17:11 ` Greg Kroah-Hartman
2018-01-04 17:13 ` Willy Tarreau
2018-01-04 17:14 ` Greg Kroah-Hartman
2018-01-04 17:16 ` Greg Kroah-Hartman
2018-01-04 17:56 ` Guenter Roeck
2018-01-05 15:00 ` Greg Kroah-Hartman
2018-01-05 18:12 ` Guenter Roeck
2018-01-05 20:53 ` Greg Kroah-Hartman
2018-01-04 20:11 ` Linus Torvalds
2018-01-04 17:03 ` Guenter Roeck
2018-01-04 19:38 ` Thomas Voegtle
2018-01-04 19:50 ` Greg Kroah-Hartman
2018-01-04 20:16 ` Thomas Voegtle
2018-01-04 20:29 ` Linus Torvalds
2018-01-04 20:43 ` Andy Lutomirski
2018-01-04 20:57 ` Hugh Dickins
2018-01-04 21:16 ` Andy Lutomirski
2018-01-04 21:23 ` Pavel Tatashin
2018-01-04 21:37 ` Hugh Dickins
2018-01-04 21:48 ` Pavel Tatashin
2018-01-04 22:33 ` Linus Torvalds
2018-01-05 14:59 ` Greg Kroah-Hartman
2018-01-05 15:32 ` Pavel Tatashin
2018-01-05 15:51 ` Greg Kroah-Hartman
2018-01-05 15:57 ` Willy Tarreau
2018-01-05 18:01 ` Greg Kroah-Hartman
2018-01-05 16:26 ` Pavel Tatashin
2018-01-05 16:57 ` Andy Lutomirski
2018-01-05 17:14 ` Pavel Tatashin
2018-01-05 17:43 ` Andy Lutomirski
2018-01-05 17:48 ` Pavel Tatashin
2018-01-05 17:52 ` Greg Kroah-Hartman
2018-01-05 18:15 ` Andy Lutomirski
2018-01-05 18:21 ` Pavel Tatashin
2018-01-05 19:14 ` Pavel Tatashin
2018-01-05 19:18 ` Pavel Tatashin
2018-01-05 20:45 ` Greg Kroah-Hartman
2018-01-05 21:03 ` Pavel Tatashin
2018-01-05 23:15 ` Hugh Dickins
2018-01-06 1:16 ` Pavel Tatashin
2018-01-07 10:45 ` Greg Kroah-Hartman
2018-01-07 14:17 ` Pavel Tatashin
2018-01-07 15:06 ` Pavel Tatashin
2018-01-08 7:46 ` Greg Kroah-Hartman
2018-01-08 20:38 ` Pavel Tatashin
2018-01-08 21:24 ` Pavel Tatashin
2018-01-11 18:36 ` Pavel Tatashin
2018-01-11 18:40 ` Pavel Tatashin
2018-01-11 19:09 ` Linus Torvalds
2018-01-11 20:37 ` Thomas Gleixner
2018-01-11 20:46 ` Linus Torvalds
2018-01-11 21:32 ` Thomas Gleixner
2018-01-11 22:30 ` Thomas Gleixner
2018-01-11 22:42 ` Steven Sistare
2018-01-11 22:47 ` Thomas Gleixner
2018-01-12 1:15 ` Guenter Roeck [this message]
2018-01-11 22:59 ` Linus Torvalds
2018-01-11 23:03 ` Thomas Gleixner
2018-01-12 7:19 ` Greg Kroah-Hartman
2018-01-12 8:03 ` Thomas Gleixner
2018-01-11 21:35 ` Steven Sistare
2018-01-11 21:44 ` Thomas Gleixner
2018-01-11 21:49 ` Linus Torvalds
2018-01-11 20:10 ` Greg Kroah-Hartman
2018-01-11 20:17 ` Linus Torvalds
2018-01-11 20:18 ` Pavel Tatashin
2018-01-05 20:48 ` Greg Kroah-Hartman
2018-01-05 5:33 ` Andy Lutomirski
2018-01-05 10:12 ` Kees Cook
2018-01-05 12:14 ` Greg Kroah-Hartman
2018-01-05 13:08 ` Greg Kroah-Hartman
2018-01-04 20:10 ` Guenter Roeck
2018-01-05 14:58 ` Greg Kroah-Hartman
2018-01-05 15:25 ` Thomas Voegtle
2018-01-05 15:48 ` Greg Kroah-Hartman
2018-01-04 22:00 ` Shuah Khan
2018-01-05 7:55 ` Greg Kroah-Hartman
2018-01-04 23:45 ` Guenter Roeck
2018-01-04 23:58 ` Linus Torvalds
2018-01-05 4:37 ` Mike Galbraith
2018-01-05 4:37 ` Mike Galbraith
2018-01-05 12:17 ` Greg Kroah-Hartman
2018-01-05 12:17 ` Greg Kroah-Hartman
2018-01-05 13:03 ` Mike Galbraith
2018-01-05 13:03 ` Mike Galbraith
2018-01-05 13:34 ` Greg Kroah-Hartman
2018-01-05 13:34 ` Greg Kroah-Hartman
2018-01-05 14:03 ` Mike Galbraith
2018-01-05 23:28 ` Hugh Dickins
2018-01-06 2:58 ` Mike Galbraith
2018-01-05 13:41 ` Greg Kroah-Hartman
2018-01-05 17:51 ` Guenter Roeck
2018-01-05 17:20 ` Alice Ferrazzi
2018-01-05 18:01 ` Greg Kroah-Hartman
2018-01-09 19:49 ` Serge E. Hallyn
2018-01-10 8:48 ` Greg Kroah-Hartman
2018-01-10 16:45 ` Serge E. Hallyn
2018-01-05 17:56 ` Guenter Roeck
2018-01-05 20:54 ` Greg Kroah-Hartman
2018-01-05 21:21 ` Guenter Roeck
2018-01-06 1:35 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180112011504.GA27166@roeck-us.net \
--to=linux@roeck-us.net \
--cc=akpm@linux-foundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=bp@alien8.de \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lkft-triage@lists.linaro.org \
--cc=luto@kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=pasha.tatashin@oracle.com \
--cc=patches@kernelci.org \
--cc=shuahkh@osg.samsung.com \
--cc=stable@vger.kernel.org \
--cc=steven.sistare@oracle.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tv@lio96.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.