From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756126AbbJUUp1 (ORCPT ); Wed, 21 Oct 2015 16:45:27 -0400 Received: from mail-wi0-f170.google.com ([209.85.212.170]:34504 "EHLO mail-wi0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753777AbbJUUpZ (ORCPT ); Wed, 21 Oct 2015 16:45:25 -0400 Date: Wed, 21 Oct 2015 21:45:22 +0100 From: Matt Fleming To: Andy Lutomirski Cc: Borislav Petkov , Ard Biesheuvel , Ingo Molnar , Stephen Smalley , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , Kees Cook , Thomas Gleixner , "H. Peter Anvin" , Peter Zijlstra , Andy Lutomirski , Denys Vlasenko , Brian Gerst , "linux-efi@vger.kernel.org" Subject: Re: [PATCH v2] x86/mm: warn on W+x mappings Message-ID: <20151021204522.GB20338@codeblueprint.co.uk> References: <20151012144928.GF2579@codeblueprint.co.uk> <20151014151807.GA27013@gmail.com> <20151014210257.GF2782@codeblueprint.co.uk> <20151021094242.GA12155@gmail.com> <20151021124924.GA19262@gmail.com> <20151021132430.GD3575@pd.tnic> <20151021143651.GE3575@pd.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 21 Oct, at 11:46:53AM, Andy Lutomirski wrote: > > If the UEFI stuff is mapped in its own PGD entry, we could just RO > that entire PGD entry everywhere except the UEFI pgd (and make sure to > clear G so that the TLB entries get zapped). What would be the benefit of making it RO as opposed to not having it mapped at all? The mappings only exist in the trampoline_pgd right now for x86 which minimizes the potentially vulnerable code paths to the EFI runtime calls and the suspend/resume code.