Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754284AbbKWNdV (ORCPT ); Mon, 23 Nov 2015 08:33:21 -0500 Received: from mail-wm0-f44.google.com ([74.125.82.44]:35757 "EHLO mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753325AbbKWNdR (ORCPT ); Mon, 23 Nov 2015 08:33:17 -0500 From: Matt Fleming To: Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Toshi Kani , Matt Fleming , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Andrew Morton , Andy Lutomirski , Borislav Petkov , Borislav Petkov , Dave Hansen , Dave Jones , Denys Vlasenko , Linus Torvalds , Sai Praneeth Prakhya , stable@vger.kernel.org, Stephen Smalley Subject: [GIT PULL v3 0/6] EFI page table isolation Date: Mon, 23 Nov 2015 13:33:08 +0000 Message-Id: <1448285594-17617-1-git-send-email-matt@codeblueprint.co.uk> X-Mailer: git-send-email 2.6.2 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3565 Lines: 83 Folks, This patch series is a response to the report that the EFI region mappings trigger warnings when booting with CONFIG_DEBUG_WX enabled. They allocate a new page table structure and ensure that all the mappings we require during EFI runtime calls are only setup there. It turns out that it still makes sense to share some page table entries with 'swapper_pg_dir', just not the entries where we need to allow security lax permissions. Sharing entries is useful for memory hotplug, for example. When writing this series I discovered a number of bugs in the existing code that only became apparent when we stopped using 'trampoline_pgd' which already mapped a bunch of things for us. I've put those bug fixes at the start of the series. Further testing would be very much appreciated as this is a notoriously funky area of the EFI code. Changes in v3: - PFN_ALIGN() _text and _end when calculating npages to map - Drop the hunk that mapped the stack in efi_setup_page_tables(), now that we're mapping RAM we know the stack is already mapped. - Update the wording in Documentation/<..>/mm.txt to make it clear we carve out a 64Gb *size* of virtual address space, we don't use the first 64Gb virtual addresses. Changes in v2: - Folded PATCH 1 and 2 together because they both fall under the umbrella of "making sure cpa->pfn is really a page frame number". - Fixed some checkpatch warnings about mixing spaces and tabs and made some stylistic changes per Borislav's comments. - Moved efi_alloc_page_tables() earlier in __efi_enter_virtual_mode() so that we fail early if we can't allocate memory for the page tables. The following changes since commit 2c66e24d75d424919c42288b418d2e593fa818b1: x86/efi: Fix kernel panic when CONFIG_DEBUG_VIRTUAL is enabled (2015-10-25 10:22:25 +0000) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-next for you to fetch changes up to fac3e3c52017a5d974c7d8168e8e43c8f68af82a: Documentation/x86: Update EFI memory region description (2015-11-23 12:33:09 +0000) ---------------------------------------------------------------- * Use completely separate page tables for EFI runtime service calls so that the security-lax mapping permissions (RWX) do not leak into the standard kernel page tables and trigger warnings when CONFIG_DEBUG_WX is enabled. ---------------------------------------------------------------- Matt Fleming (6): x86/efi: PFN_ALIGN() _text and _end when calculating number of pages x86/mm/pageattr: Ensure cpa->pfn only contains page frame numbers x86/efi: Map RAM into the identity page table for mixed mode x86/efi: Hoist page table switching code into efi_call_virt() x86/efi: Build our own page table structures Documentation/x86: Update EFI memory region description Documentation/x86/x86_64/mm.txt | 12 +-- arch/x86/include/asm/efi.h | 26 ++++++ arch/x86/mm/pageattr.c | 17 ++-- arch/x86/platform/efi/efi.c | 39 ++++----- arch/x86/platform/efi/efi_32.c | 5 ++ arch/x86/platform/efi/efi_64.c | 159 ++++++++++++++++++++++++++++-------- arch/x86/platform/efi/efi_stub_64.S | 43 ---------- 7 files changed, 181 insertions(+), 120 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/