From: Baoquan He <bhe@redhat.com>
To: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>,
Kees Cook <keescook@chromium.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>,
"izumi.taku@jp.fujitsu.com" <izumi.taku@jp.fujitsu.com>,
Thomas Garnier <thgarnie@google.com>,
"fanc.fnst@cn.fujitsu.com" <fanc.fnst@cn.fujitsu.com>,
Junichi Nomura <j-nomura@ce.jp.nec.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
dyoung@redhat.com
Subject: Re: [PATCH v3 2/2] x86/efi: clean up dead code around efi_reserve_boot_services()
Date: Wed, 26 Jul 2017 09:34:32 +0800 [thread overview]
Message-ID: <20170726013432.GA1117@x1> (raw)
In-Reply-To: <20170726011331.GA24304@x1>
On 07/26/17 at 09:13am, Baoquan He wrote:
> On 07/26/17 at 12:12am, Naoya Horiguchi wrote:
> > On Mon, Jul 24, 2017 at 02:20:44PM +0100, Matt Fleming wrote:
> > > On Mon, 10 Jul, at 02:51:36PM, Naoya Horiguchi wrote:
> > > > EFI_BOOT_SERVICES_{CODE|DATA} regions never overlap the kernel now,
> > > > so we can clean up the check in efi_reserve_boot_services().
> > > >
> > > > Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
> > > > ---
> > > > arch/x86/platform/efi/quirks.c | 23 +----------------------
> > > > 1 file changed, 1 insertion(+), 22 deletions(-)
> > >
> > > Is this true for kernels not using KASLR?
> >
> > Thank you for pointing out this. It's not true depending on memmap layout.
> > If a firmware does not define the memory around the kernel address
> > (0x1000000 or CONFIG_PHYSICAL_START) as EFI_BOOT_SERVICES_*, no overlap
> > happens. That's true in my testing server, but I don't think that we can
> > expect it generally.
> >
> > So I think of adding some assertion in the patch 1/2 to detect this overlap
> > in extract_kernel() even for no KASLR case.
>
> EFI_BOOT_SERVICES_* memory are collected as e820 region of
> E820_TYPE_RAM, how can we guarantee kernel won't use them after jumping
> into the running kernel whether KASLR enabled or not? We can only wish
> that EFI firmware engineer don't put EFI_BOOT_SERVICES_* far from
sorry, typo. I meant EFI boot
service region need be put far from 0x1000000. Otherwise normal kernel could
allocate memory bottom up and stomp on them. It's embarassment caused by
the hardware flaw of x86 platfrom.
> 0x1000000 where normal kernel is loaded.
next prev parent reply other threads:[~2017-07-26 1:34 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-06 8:31 [PATCH] x86/boot/KASLR: exclude EFI_BOOT_SERVICES_{CODE|DATA} from KASLR's choice Naoya Horiguchi
2017-07-06 9:13 ` Chao Fan
2017-07-06 9:22 ` Naoya Horiguchi
2017-07-06 9:36 ` Chao Fan
2017-07-06 9:18 ` Baoquan He
2017-07-06 9:36 ` Naoya Horiguchi
2017-07-06 10:04 ` Chao Fan
2017-07-06 10:20 ` Chao Fan
2017-07-06 14:57 ` Matt Fleming
2017-07-07 3:07 ` Baoquan He
2017-07-07 6:11 ` Naoya Horiguchi
2017-07-07 10:58 ` Matt Fleming
2017-07-10 5:47 ` Naoya Horiguchi
2017-07-10 5:51 ` [PATCH v3 1/2] " Naoya Horiguchi
2017-07-24 13:17 ` Matt Fleming
2017-07-25 6:17 ` Naoya Horiguchi
2017-07-10 5:51 ` [PATCH v3 2/2] x86/efi: clean up dead code around efi_reserve_boot_services() Naoya Horiguchi
2017-07-24 13:20 ` Matt Fleming
2017-07-26 0:12 ` Naoya Horiguchi
2017-07-26 1:13 ` Baoquan He
2017-07-26 1:34 ` Baoquan He [this message]
2017-07-28 6:48 ` [PATCH] x86/boot: check overlap between kernel and EFI_BOOT_SERVICES_* Naoya Horiguchi
2017-07-29 10:04 ` kbuild test robot
2017-07-29 13:01 ` kbuild test robot
2017-07-29 13:01 ` [RFC PATCH] x86/boot: efi_kernel_boot_services_overlap can be static kbuild test robot
2017-08-23 8:24 ` [PATCH] x86/boot: check overlap between kernel and EFI_BOOT_SERVICES_* Baoquan He
2017-07-07 10:56 ` [PATCH] x86/boot/KASLR: exclude EFI_BOOT_SERVICES_{CODE|DATA} from KASLR's choice Matt Fleming
2017-07-09 10:44 ` Baoquan He
2017-07-09 14:27 ` Baoquan He
2017-07-07 7:22 ` [PATCH v2 1/2] " Naoya Horiguchi
2017-07-07 7:22 ` [PATCH v2 2/2] x86/efi: clean up dead code around efi_reserve_boot_services() Naoya Horiguchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170726013432.GA1117@x1 \
--to=bhe@redhat.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dyoung@redhat.com \
--cc=fanc.fnst@cn.fujitsu.com \
--cc=hpa@zytor.com \
--cc=izumi.taku@jp.fujitsu.com \
--cc=j-nomura@ce.jp.nec.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox