From: Matt Fleming <matt@codeblueprint.co.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dave Jones <davej@codemonkey.org.uk>,
Ingo Molnar <mingo@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
linux-efi@vger.kernel.org
Subject: Re: [GIT PULL] x86/mm changes for v4.4
Date: Fri, 6 Nov 2015 11:39:43 +0000 [thread overview]
Message-ID: <20151106113943.GB2651@codeblueprint.co.uk> (raw)
In-Reply-To: <CA+55aFyC7L85SYen3Uz6e1cvH0jXzQ9_MddHJ=7PxvpOR2U23w@mail.gmail.com>
On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote:
>
> And if this turns out to be due to EFI wanting those permissions, what
> should we do? People have talked about running the EFI callbacks in
> their own private page table setup, which sounds like the right idea,
> but until that actually *happens*....
We have separate page tables today, for a few reasons, but mainly it's
so that we can have an identity mapping of memory present in the
region usually used by user processes - broken firmware still uses
those identity mappings even after the kernel tells it they're
invalid.
Note that when I say "separate" I'm talking about trampoline_pgd[]
which is also used by the x86 suspend/resume code.
However, turns out that the issue with the current scheme is the fact
that trampoline_pgd[] actually shares a couple of PGD entries with
swapper_pg_dir as can be seen in setup_real_mode(),
trampoline_pgd = (u64 *)__va(real_mode_header->trampoline_pgd);
trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd;
trampoline_pgd[511] = init_level4_pgt[511].pgd;
So when we map the EFI regions in efi_map_regions() we're inserting
them into swapper_pg_dir also, which is why you're seeing the
warnings.
If I remember correctly the rationale for using trampoline_pgd[] was
that it already did what we wanted (provided the identity mapping) and
would save us the overhead of maintaining more page tables for no good
reason. Obviously this entire thread is a good reason.
I suggest we stop using trampoline_pgd[] (since it has a good reason
for sharing the kernel mapping PGD entries) and create our own so that
we can isolate EFI completely.
For the immediate problem of the warnings spewing forth on all UEFI
machines, at the very least the config options needs to be disabled by
default, if not the patch reverted.
next parent reply other threads:[~2015-11-06 11:39 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20151103111649.GA3477@gmail.com>
[not found] ` <CA+55aFzcwO+RSLeHOwAYvjZ5AcVvD9Th2=G3R=ZQY1xf+MkDow@mail.gmail.com>
[not found] ` <20151104233907.GA25925@codemonkey.org.uk>
[not found] ` <CA+55aFxb14eM6b=ctq65Dx-Ujehj2dbtsVM9rrVOVfLgT=EoHg@mail.gmail.com>
[not found] ` <20151105021710.GA22941@codemonkey.org.uk>
[not found] ` <CA+55aFyXNFu_TfmBjGedCRujoAbhqiBcia7XOtzSq0uxbVv6MA@mail.gmail.com>
[not found] ` <CA+55aFyC7L85SYen3Uz6e1cvH0jXzQ9_MddHJ=7PxvpOR2U23w@mail.gmail.com>
2015-11-06 11:39 ` Matt Fleming [this message]
[not found] ` <20151106113943.GB2651-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-11-07 7:05 ` [GIT PULL] x86/mm changes for v4.4 Ingo Molnar
[not found] ` <20151107070554.GB6235-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-11-07 10:03 ` Matt Fleming
[not found] ` <20151106065549.GA2031@gmail.com>
2015-11-06 12:39 ` Matt Fleming
[not found] ` <20151106123912.GC2651-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-11-07 7:09 ` Ingo Molnar
2015-11-07 7:39 ` Ard Biesheuvel
2015-11-08 6:58 ` Kees Cook
2015-11-08 7:55 ` Ard Biesheuvel
2015-11-09 21:08 ` Kees Cook
2015-11-10 7:08 ` Ard Biesheuvel
[not found] ` <CAKv+Gu9ct9Rwi+_-0KtLq3Gw2Rn+QLhSVt_zbn4zBxfk_Qs16g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-11-10 20:11 ` Kees Cook
[not found] ` <CALCETrU2dn4TEj_2QiCPy4Mjw6hCbB84k1RnPzx7sLNygj4D5Q@mail.gmail.com>
[not found] ` <CALCETrU2dn4TEj_2QiCPy4Mjw6hCbB84k1RnPzx7sLNygj4D5Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-11-06 13:09 ` Matt Fleming
[not found] ` <20151106130948.GD2651-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-11-06 13:24 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151106113943.GB2651@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=davej@codemonkey.org.uk \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox