• Matt Fleming's avatar
    x86/efi: Build our own page table structures · 36e0f05a
    Matt Fleming authored
    commit 67a9108e upstream.
    
    With commit e1a58320 ("x86/mm: Warn on W^X mappings") all
    users booting on 64-bit UEFI machines see the following warning,
    
      ------------[ cut here ]------------
      WARNING: CPU: 7 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5dc/0x780()
      x86/mm: Found insecure W+X mapping at address ffff88000005f000/0xffff88000005f000
      ...
      x86/mm: Checked W+X mappings: FAILED, 165660 W+X pages found.
      ...
    
    This is caused by mapping EFI regions with RWX permissions.
    There isn't much we can do to restrict the permissions for these
    regions due to the way the firmware toolchains mix code and
    data, but we can at least isolate these mappings so that they do
    not appear in the regular kernel page tables.
    
    In commit d2f7cbe7 ("x86/efi: Runtime services virtual
    mapping") we started using 'trampoline_pgd' to map the EFI
    regions because there was an existing identity mapping there
    which we use during the SetVirtualAddressMap() call and for
    broken firmware that accesses those addresses.
    
    But 'trampoline_pgd' shares some PGD entries with
    'swapper_pg_dir' and does not provide the isolation we require.
    Notably the virtual address for __START_KERNEL_map and
    MODULES_START are mapped by the same PGD entry so we need to be
    more careful when copying changes over in
    efi_sync_low_kernel_mappings().
    
    This patch doesn't go the full mile, we still want to share some
    PGD entries with 'swapper_pg_dir'. Having completely separate
    page tables brings its own issues such as synchronising new
    mappings after memory hotplug and module loading. Sharing also
    keeps memory usage down.
    Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Acked-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Dave Jones <davej@codemonkey.org.uk>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
    Cc: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Toshi Kani <toshi.kani@hp.com>
    Cc: linux-efi@vger.kernel.org
    Link: http://lkml.kernel.org/r/1448658575-17029-6-git-send-email-matt@codeblueprint.co.ukSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    36e0f05a
efi_32.c 2.35 KB