From: Matt Fleming <matt@codeblueprint.co.uk>
To: Baoquan He <bhe@redhat.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Kees Cook <keescook@chromium.org>,
LKML <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>,
"izumi.taku@jp.fujitsu.com" <izumi.taku@jp.fujitsu.com>,
Thomas Garnier <thgarnie@google.com>,
"fanc.fnst@cn.fujitsu.com" <fanc.fnst@cn.fujitsu.com>,
Junichi Nomura <j-nomura@ce.jp.nec.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH] x86/boot/KASLR: exclude EFI_BOOT_SERVICES_{CODE|DATA} from KASLR's choice
Date: Fri, 7 Jul 2017 11:56:58 +0100 [thread overview]
Message-ID: <20170707105658.GA9917@codeblueprint.co.uk> (raw)
In-Reply-To: <20170707030759.GA2343@x1>
On Fri, 07 Jul, at 11:07:59AM, Baoquan He wrote:
> On 07/06/17 at 03:57pm, Matt Fleming wrote:
> > On Thu, 06 Jul, at 08:31:07AM, Naoya Horiguchi wrote:
> > > + for (i = 0; i < nr_desc; i++) {
> > > + md = (efi_memory_desc_t *)(pmap + (i * e->efi_memdesc_size));
> > > +
> > > + /*
> > > + * EFI_BOOT_SERVICES_{CODE|DATA} are avoided because boot
> > > + * services regions could be accessed after ExitBootServices()
> > > + * due to the workaround for buggy firmware.
> > > + */
> > > + if (!(md->type == EFI_LOADER_CODE ||
> > > + md->type == EFI_LOADER_DATA ||
> > > + md->type == EFI_CONVENTIONAL_MEMORY))
> > > + continue;
> >
> > Wouldn't it make more sense to *only* use EFI_CONVENTIONAL_MEMORY?
> >
> > You can't re-use EFI_LOADER_* regions because the kaslr code is run so
> > early in boot that you've no idea if data the kernel will need is in
> > those EFI_LOADER_* regions.
> >
> > For example, we pass struct setup_data objects inside of
> > EFI_LOADER_DATA regions.
>
> It doesn't matter because we have tried to avoid those memory setup_data
> resides in in mem_avoid_overlap(). Here discarding EFI_LOADER_* could
> discard the whole regions while setup_data could occupy small part of
> them.
What about the GDT that we allocate in the x86 EFI boot stub as
EFI_LOADER_DATA? Are there functions to avoid that too?
What about any future uses we add? Who's going to remember to patch
the kaslr code which now duplicates some of the EFI memory map logic?
All of these problems can avoided if you just stick with
EFI_CONVENTIONAL_MEMORY.
Honestly, how much memory do we expect to waste if we ignore
EFI_LOADER_* regions?
Also, the fact that you're referencing EFI-specific boot quirks in the
kaslr code should be a massive red flag that you're playing with the
innards of the EFI subsystem.
next prev parent reply other threads:[~2017-07-07 10:57 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-06 8:31 [PATCH] x86/boot/KASLR: exclude EFI_BOOT_SERVICES_{CODE|DATA} from KASLR's choice Naoya Horiguchi
2017-07-06 9:13 ` Chao Fan
2017-07-06 9:22 ` Naoya Horiguchi
2017-07-06 9:36 ` Chao Fan
2017-07-06 9:18 ` Baoquan He
2017-07-06 9:36 ` Naoya Horiguchi
2017-07-06 10:04 ` Chao Fan
2017-07-06 10:20 ` Chao Fan
2017-07-06 14:57 ` Matt Fleming
2017-07-07 3:07 ` Baoquan He
2017-07-07 6:11 ` Naoya Horiguchi
2017-07-07 10:58 ` Matt Fleming
2017-07-10 5:47 ` Naoya Horiguchi
2017-07-10 5:51 ` [PATCH v3 1/2] " Naoya Horiguchi
2017-07-24 13:17 ` Matt Fleming
2017-07-25 6:17 ` Naoya Horiguchi
2017-07-10 5:51 ` [PATCH v3 2/2] x86/efi: clean up dead code around efi_reserve_boot_services() Naoya Horiguchi
2017-07-24 13:20 ` Matt Fleming
2017-07-26 0:12 ` Naoya Horiguchi
2017-07-26 1:13 ` Baoquan He
2017-07-26 1:34 ` Baoquan He
2017-07-28 6:48 ` [PATCH] x86/boot: check overlap between kernel and EFI_BOOT_SERVICES_* Naoya Horiguchi
2017-07-29 10:04 ` kbuild test robot
2017-07-29 13:01 ` kbuild test robot
2017-07-29 13:01 ` [RFC PATCH] x86/boot: efi_kernel_boot_services_overlap can be static kbuild test robot
2017-08-23 8:24 ` [PATCH] x86/boot: check overlap between kernel and EFI_BOOT_SERVICES_* Baoquan He
2017-07-07 10:56 ` Matt Fleming [this message]
2017-07-09 10:44 ` [PATCH] x86/boot/KASLR: exclude EFI_BOOT_SERVICES_{CODE|DATA} from KASLR's choice Baoquan He
2017-07-09 14:27 ` Baoquan He
2017-07-07 7:22 ` [PATCH v2 1/2] " Naoya Horiguchi
2017-07-07 7:22 ` [PATCH v2 2/2] x86/efi: clean up dead code around efi_reserve_boot_services() Naoya Horiguchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170707105658.GA9917@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=ard.biesheuvel@linaro.org \
--cc=bhe@redhat.com \
--cc=fanc.fnst@cn.fujitsu.com \
--cc=hpa@zytor.com \
--cc=izumi.taku@jp.fujitsu.com \
--cc=j-nomura@ce.jp.nec.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox