Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756464AbdCXITe (ORCPT ); Fri, 24 Mar 2017 04:19:34 -0400 Received: from terminus.zytor.com ([65.50.211.136]:41201 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751552AbdCXITL (ORCPT ); Fri, 24 Mar 2017 04:19:11 -0400 Date: Fri, 24 Mar 2017 01:10:05 -0700 From: tip-bot for Baoquan He Message-ID: Cc: jpoimboe@redhat.com, hpa@zytor.com, bhsharma@redhat.com, brgerst@gmail.com, dyoung@redhat.com, thgarnie@google.com, dvlasenk@redhat.com, tglx@linutronix.de, bp@alien8.de, keescook@chromium.org, ard.biesheuvel@linaro.org, linux-kernel@vger.kernel.org, yamada.masahiro@socionext.com, bhe@redhat.com, matt@codeblueprint.co.uk, akpm@linux-foundation.org, luto@kernel.org, torvalds@linux-foundation.org, mingo@kernel.org, peterz@infradead.org Reply-To: peterz@infradead.org, mingo@kernel.org, torvalds@linux-foundation.org, akpm@linux-foundation.org, luto@kernel.org, matt@codeblueprint.co.uk, yamada.masahiro@socionext.com, bhe@redhat.com, linux-kernel@vger.kernel.org, ard.biesheuvel@linaro.org, bp@alien8.de, keescook@chromium.org, bhsharma@redhat.com, brgerst@gmail.com, jpoimboe@redhat.com, hpa@zytor.com, tglx@linutronix.de, dvlasenk@redhat.com, thgarnie@google.com, dyoung@redhat.com In-Reply-To: <1490331592-31860-1-git-send-email-bhe@redhat.com> References: <1490331592-31860-1-git-send-email-bhe@redhat.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/urgent] x86/mm/KASLR: Exclude EFI region from KASLR VA space randomization Git-Commit-ID: a46f60d76004965e5669dbf3fc21ef3bc3632eb4 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3055 Lines: 75 Commit-ID: a46f60d76004965e5669dbf3fc21ef3bc3632eb4 Gitweb: http://git.kernel.org/tip/a46f60d76004965e5669dbf3fc21ef3bc3632eb4 Author: Baoquan He AuthorDate: Fri, 24 Mar 2017 12:59:52 +0800 Committer: Ingo Molnar CommitDate: Fri, 24 Mar 2017 09:04:27 +0100 x86/mm/KASLR: Exclude EFI region from KASLR VA space randomization Currently KASLR is enabled on three regions: the direct mapping of physical memory, vamlloc and vmemmap. However the EFI region is also mistakenly included for VA space randomization because of misusing EFI_VA_START macro and assuming EFI_VA_START < EFI_VA_END. (This breaks kexec and possibly other things that rely on stable addresses.) The EFI region is reserved for EFI runtime services virtual mapping which should not be included in KASLR ranges. In Documentation/x86/x86_64/mm.txt, we can see: ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space EFI uses the space from -4G to -64G thus EFI_VA_START > EFI_VA_END, Here EFI_VA_START = -4G, and EFI_VA_END = -64G. Changing EFI_VA_START to EFI_VA_END in mm/kaslr.c fixes this problem. Signed-off-by: Baoquan He Reviewed-by: Bhupesh Sharma Acked-by: Dave Young Acked-by: Thomas Garnier Cc: #4.8+ Cc: Andrew Morton Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Kees Cook Cc: Linus Torvalds Cc: Masahiro Yamada Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1490331592-31860-1-git-send-email-bhe@redhat.com Signed-off-by: Ingo Molnar --- arch/x86/mm/kaslr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 887e571..aed2064 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -48,7 +48,7 @@ static const unsigned long vaddr_start = __PAGE_OFFSET_BASE; #if defined(CONFIG_X86_ESPFIX64) static const unsigned long vaddr_end = ESPFIX_BASE_ADDR; #elif defined(CONFIG_EFI) -static const unsigned long vaddr_end = EFI_VA_START; +static const unsigned long vaddr_end = EFI_VA_END; #else static const unsigned long vaddr_end = __START_KERNEL_map; #endif @@ -105,7 +105,7 @@ void __init kernel_randomize_memory(void) */ BUILD_BUG_ON(vaddr_start >= vaddr_end); BUILD_BUG_ON(IS_ENABLED(CONFIG_X86_ESPFIX64) && - vaddr_end >= EFI_VA_START); + vaddr_end >= EFI_VA_END); BUILD_BUG_ON((IS_ENABLED(CONFIG_X86_ESPFIX64) || IS_ENABLED(CONFIG_EFI)) && vaddr_end >= __START_KERNEL_map);