From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754287AbbJUJoJ (ORCPT <rfc822;w@1wt.eu>);
	Wed, 21 Oct 2015 05:44:09 -0400
Received: from mail-wi0-f172.google.com ([209.85.212.172]:36174 "EHLO
	mail-wi0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754197AbbJUJoB (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 21 Oct 2015 05:44:01 -0400
Date: Wed, 21 Oct 2015 11:43:57 +0200
From: Ingo Molnar <mingo@kernel.org>
To: Josh Triplett <josh@joshtriplett.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>, Borislav Petkov <bp@alien8.de>,
        Stephen Smalley <sds@tycho.nsa.gov>, x86@kernel.org,
        linux-kernel@vger.kernel.org, keescook@chromium.org,
        Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>,
        Peter Zijlstra <a.p.zijlstra@chello.nl>
Subject: Re: [PATCH v2] x86/mm: warn on W+x mappings
Message-ID: <20151021094357.GB12155@gmail.com>
References: <1443814185-21552-1-git-send-email-sds@tycho.nsa.gov>
 <20151003112701.GA4531@gmail.com>
 <5612CBE8.2010504@tycho.nsa.gov>
 <20151006073205.GA11115@gmail.com>
 <5613EAD5.2070405@tycho.nsa.gov>
 <20151012113605.GB7384@pd.tnic>
 <20151012141754.GA6621@gmail.com>
 <20151012145539.GA25937@x>
 <20151014151940.GB27013@gmail.com>
 <20151014164744.GA14705@x>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151014164744.GA14705@x>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Josh Triplett <josh@joshtriplett.org> wrote:

> On Wed, Oct 14, 2015 at 05:19:40PM +0200, Ingo Molnar wrote:
> > 
> > * Josh Triplett <josh@joshtriplett.org> wrote:
> > 
> > > On Mon, Oct 12, 2015 at 04:17:54PM +0200, Ingo Molnar wrote:
> > > > * Matt Fleming <matt@codeblueprint.co.uk> wrote:
> > > > > On Mon, 12 Oct, at 02:49:36PM, Ingo Molnar wrote:
> > > > > > So why not unmap them after bootup? Is there any reason to call into EFI code 
> > > > > > while the system is up and running?
> > > > > 
> > > > > That's where the runtime services code lives. So if you want things like EFI 
> > > > > variables (used by the distro installer, among other things) you need to map the 
> > > > > runtime regions.
> > > > 
> > > > So EFI variables could be queried during bootup and saved on the Linux side.
> > > 
> > > That wouldn't support writing to EFI variables.  Or using the EFI
> > > capsule update system to update firmware.
> > 
> > Well, if we know the location of those pages then we could map those 'rw-' - while 
> > the rest would be mapped 'r-x'.
> 
> We have no way to do so in the absence of the additional code/data
> separation information provided by more recent firmware.

But we could map those out via transparent page faults dynamically, as those 
accesses happen. It should be maximally compatible AFAICS, even without the new 
EFI extensions - and at no time would there be vulnerable 'rwx' mappings in the 
kernel page tables.

Thanks,

	Ingo