From: Kees Cook <keescook@chromium.org>
To: Ard Biesheuvel <ardb+git@google.com>
Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Ben Chaney <bchaney@akamai.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] x86/efistub: Omit physical KASLR when memory reservations exist
Date: Thu, 16 May 2024 11:55:01 -0700 [thread overview]
Message-ID: <202405161154.01864575AD@keescook> (raw)
In-Reply-To: <20240516090541.4164270-2-ardb+git@google.com>
On Thu, May 16, 2024 at 11:05:42AM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> The legacy decompressor has elaborate logic to ensure that the
> randomized physical placement of the decompressed kernel image does not
> conflict with any memory reservations, including ones specified on the
> command line using mem=, memmap=, efi_fake_mem= or hugepages=, which are
> taken into account by the kernel proper at a later stage.
>
> When booting in EFI mode, it is the firmware's job to ensure that the
> chosen range does not conflict with any memory reservations that it
> knows about, and this is trivially achieved by using the firmware's
> memory allocation APIs.
>
> That leaves reservations specified on the command line, though, which
> the firmware knows nothing about, as these regions have no other special
> significance to the platform. Since commit
>
> a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot")
>
> these reservations are not taken into account when randomizing the
> physical placement, which may result in conflicts where the memory
> cannot be reserved by the kernel proper because its own executable image
> resides there.
>
> To avoid having to duplicate or reuse the existing complicated logic,
> disable physical KASLR entirely when such overrides are specified. These
> are mostly diagnostic tools or niche features, and physical KASLR (as
> opposed to virtual KASLR, which is much more important as it affects the
> memory addresses observed by code executing in the kernel) is something
> we can live without.
>
> Closes: https://lkml.kernel.org/r/FA5F6719-8824-4B04-803E-82990E65E627%40akamai.com
> Reported-by: Ben Chaney <bchaney@akamai.com>
> Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot")
> Cc: <stable@vger.kernel.org> # v6.1+
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Yup, all good by me:
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
prev parent reply other threads:[~2024-05-16 18:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-16 9:05 [PATCH] x86/efistub: Omit physical KASLR when memory reservations exist Ard Biesheuvel
2024-05-16 17:29 ` Chaney, Ben
2024-05-16 17:30 ` Ard Biesheuvel
2024-05-16 18:45 ` Kees Cook
2024-05-16 18:47 ` Ard Biesheuvel
2024-05-16 18:55 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202405161154.01864575AD@keescook \
--to=keescook@chromium.org \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=bchaney@akamai.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.