Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp2297835ybh; Fri, 24 Jul 2020 09:14:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw8gnlME5uD9gxj0i9qfX/QDzSYWAfHu8r1ZhYTQtAnYP+ndu9cq+7oIBKlBVAXL+3292oD X-Received: by 2002:a17:906:c30b:: with SMTP id s11mr10024033ejz.263.1595607241065; Fri, 24 Jul 2020 09:14:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595607241; cv=none; d=google.com; s=arc-20160816; b=UU7ny4ivuWq3w50GVh6mhafCR1PmpkTlOyXREiRewMWO9VjZCvwINtuGKxdYJ8d8mU tez1sf9arrjHcIhw41HfK45RfEHi9h25BcoelvVe3R7PL+XRmtUY6H1fkCFGUnctdiW5 qLFBA9gnsrx0W1h57evj84p+wOBtO3L8jCV1dVFxIFnP/p5pG7euzv/QHOvk+xj43jCa CmpQQtFuKJ8EqAOoUGfpRxdZSM/GgAuNOjmphrisc6G1CGw1MdbntIrWDiR9Kf3tVNDQ l+roMtlNur+SHBglyGFs1bbbNggFuYet6UEWNFrKbUY/yAImpQn5BmTkMsce86QISFdt fCJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=ARfLtGYu3eBkbDNDBp5kZEbI5mEMWvAcNYZbry6vzKs=; b=rsTV5XPrO+H+HAD52ejAyCgOQLc8OAUdopNGGX9EouEU09cKcb0RsTd93bIjUgpHwh hoUvayTOVsLCLAjISPAZsOyDr9+Xrv616arPq/+Lv6Qcqgdk20Zzddju4+MuwfoZH57N OME4yZlS3GcD3xuzeJ3NDj+yfSd8pPOcbioS9A6eLEk7I4BaoYusIchPZWyqXnNKvCjI 3fSGlCoC+mvbU5uDdWgy9JgSUQVx75ZUyvbpyjFbRLsYMZrdA3VXpocZVJ6AoaVCECGq 8HfInIrc1D/xscdpj3tGOA5Ojm1AYXJXoxfRO+LTpbN3YRx5ff0gWrldO7dwW3B2vfU7 ZMTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i8si768017edx.405.2020.07.24.09.13.37; Fri, 24 Jul 2020 09:14:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728531AbgGXQKm (ORCPT + 99 others); Fri, 24 Jul 2020 12:10:42 -0400 Received: from 8bytes.org ([81.169.241.247]:59268 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726895AbgGXQEH (ORCPT ); Fri, 24 Jul 2020 12:04:07 -0400 Received: from cap.home.8bytes.org (p5b006776.dip0.t-ipconnect.de [91.0.103.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id CBDE9E2D; Fri, 24 Jul 2020 18:04:04 +0200 (CEST) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , Kees Cook , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v5 16/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code Date: Fri, 24 Jul 2020 18:02:37 +0200 Message-Id: <20200724160336.5435-17-joro@8bytes.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200724160336.5435-1-joro@8bytes.org> References: <20200724160336.5435-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel With the page-fault handler in place the identity mapping can be built on-demand. So remove the code which manually creates the mappings and unexport/remove the functions used for it. Signed-off-by: Joerg Roedel Reviewed-by: Kees Cook --- arch/x86/boot/compressed/ident_map_64.c | 6 ++---- arch/x86/boot/compressed/kaslr.c | 24 +----------------------- arch/x86/boot/compressed/misc.h | 10 ---------- 3 files changed, 3 insertions(+), 37 deletions(-) diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c index ecf9353b064d..c63257bf8373 100644 --- a/arch/x86/boot/compressed/ident_map_64.c +++ b/arch/x86/boot/compressed/ident_map_64.c @@ -87,11 +87,9 @@ phys_addr_t physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; static struct x86_mapping_info mapping_info; /* - * Adds the specified range to what will become the new identity mappings. - * Once all ranges have been added, the new mapping is activated by calling - * finalize_identity_maps() below. + * Adds the specified range to the identity mappings. */ -void add_identity_map(unsigned long start, unsigned long size) +static void add_identity_map(unsigned long start, unsigned long size) { unsigned long end = start + size; diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 856dc1c9bb0d..c466fb738de0 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -399,8 +399,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, */ mem_avoid[MEM_AVOID_ZO_RANGE].start = input; mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input; - add_identity_map(mem_avoid[MEM_AVOID_ZO_RANGE].start, - mem_avoid[MEM_AVOID_ZO_RANGE].size); /* Avoid initrd. */ initrd_start = (u64)boot_params->ext_ramdisk_image << 32; @@ -420,14 +418,10 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, ; mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line; mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size; - add_identity_map(mem_avoid[MEM_AVOID_CMDLINE].start, - mem_avoid[MEM_AVOID_CMDLINE].size); /* Avoid boot parameters. */ mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params; mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params); - add_identity_map(mem_avoid[MEM_AVOID_BOOTPARAMS].start, - mem_avoid[MEM_AVOID_BOOTPARAMS].size); /* We don't need to set a mapping for setup_data. */ @@ -436,11 +430,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, /* Enumerate the immovable memory regions */ num_immovable_mem = count_immovable_mem_regions(); - -#ifdef CONFIG_X86_VERBOSE_BOOTUP - /* Make sure video RAM can be used. */ - add_identity_map(0, PMD_SIZE); -#endif } /* @@ -919,19 +908,8 @@ void choose_random_location(unsigned long input, warn("Physical KASLR disabled: no suitable memory region!"); } else { /* Update the new physical address location. */ - if (*output != random_addr) { - add_identity_map(random_addr, output_size); + if (*output != random_addr) *output = random_addr; - } - - /* - * This loads the identity mapping page table. - * This should only be done if a new physical address - * is found for the kernel, otherwise we should keep - * the old page table to make it be like the "nokaslr" - * case. - */ - finalize_identity_maps(); } diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 345c90fbc500..ea6174bad699 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -98,17 +98,7 @@ static inline void choose_random_location(unsigned long input, #endif #ifdef CONFIG_X86_64 -void initialize_identity_maps(void); -void add_identity_map(unsigned long start, unsigned long size); -void finalize_identity_maps(void); extern unsigned char _pgtable[]; -#else -static inline void initialize_identity_maps(void) -{ } -static inline void add_identity_map(unsigned long start, unsigned long size) -{ } -static inline void finalize_identity_maps(void) -{ } #endif #ifdef CONFIG_EARLY_PRINTK -- 2.27.0