korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-27 08:14:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
f610316200
linux/arch/x86
History
Ard Biesheuvel f610316200 efi/x86: Don't remap text<->rodata gap read-only for mixed mode 
Commit

  d9e3d2c4f1 ("efi/x86: Don't map the entire kernel text RW for mixed mode")

updated the code that creates the 1:1 memory mapping to use read-only
attributes for the 1:1 alias of the kernel's text and rodata sections, to
protect it from inadvertent modification. However, it failed to take into
account that the unused gap between text and rodata is given to the page
allocator for general use.

If the vmap'ed stack happens to be allocated from this region, any by-ref
output arguments passed to EFI runtime services that are allocated on the
stack (such as the 'datasize' argument taken by GetVariable() when invoked
from efivar_entry_size()) will be referenced via a read-only mapping,
resulting in a page fault if the EFI code tries to write to it:

  BUG: unable to handle page fault for address: 00000000386aae88
  #PF: supervisor write access in kernel mode
  #PF: error_code(0x0003) - permissions violation
  PGD fd61063 P4D fd61063 PUD fd62063 PMD 386000e1
  Oops: 0003 [#1] SMP PTI
  CPU: 2 PID: 255 Comm: systemd-sysv-ge Not tainted 5.6.0-rc4-default+ #22
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
  RIP: 0008:0x3eaeed95
  Code: ...  <89> 03 be 05 00 00 80 a1 74 63 b1 3e 83 c0 48 e8 44 d2 ff ff eb 05
  RSP: 0018:000000000fd73fa0 EFLAGS: 00010002
  RAX: 0000000000000001 RBX: 00000000386aae88 RCX: 000000003e9f1120
  RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001
  RBP: 000000000fd73fd8 R08: 00000000386aae88 R09: 0000000000000000
  R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000
  R13: ffffc0f040220000 R14: 0000000000000000 R15: 0000000000000000
  FS:  00007f21160ac940(0000) GS:ffff9cf23d500000(0000) knlGS:0000000000000000
  CS:  0008 DS: 0018 ES: 0018 CR0: 0000000080050033
  CR2: 00000000386aae88 CR3: 000000000fd6c004 CR4: 00000000003606e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  Call Trace:
  Modules linked in:
  CR2: 00000000386aae88
  ---[ end trace a8bfbd202e712834 ]---

Let's fix this by remapping text and rodata individually, and leave the
gaps mapped read-write.

Fixes: d9e3d2c4f1 ("efi/x86: Don't map the entire kernel text RW for mixed mode")
Reported-by: Jiri Slaby <jslaby@suse.cz>
Tested-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200409130434.6736-10-ardb@kernel.org
2020-04-14 08:32:17 +02:00
..
boot SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
configs compiler: remove CONFIG_OPTIMIZE_INLINING entirely 2020-04-07 10:43:42 -07:00
crypto x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
entry sparc,x86: vdso: remove meaningless undefining CONFIG_OPTIMIZE_INLINING 2020-04-07 10:43:42 -07:00
events perf/x86/intel/uncore: Add Ice Lake server uncore support 2020-04-08 11:33:46 +02:00
hyperv x86/hyperv: Suspend/resume the hypercall page for hibernation 2020-02-01 09:41:16 +01:00
ia32 Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-31 11:04:05 -07:00
include A set of three patches to fix the fallout of the newly added split lock 2020-04-12 10:17:16 -07:00
kernel x86/split_lock: Provide handle_guest_split_lock() 2020-04-11 16:39:30 +02:00
kvm KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest 2020-04-11 16:42:41 +02:00
lib SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
math-emu Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 10:42:40 -08:00
mm mm/memory_hotplug: add pgprot_t to mhp_params 2020-04-10 15:36:21 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
oprofile
pci pci-v5.6-changes 2020-01-31 14:48:54 -08:00
platform efi/x86: Don't remap text<->rodata gap read-only for mixed mode 2020-04-14 08:32:17 +02:00
power x86/kernel: Convert to new CPU match macros 2020-03-24 21:28:26 +01:00
purgatory Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 10:42:40 -08:00
ras
realmode SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
tools .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
um mm/vma: define a default value for VM_DATA_DEFAULT_FLAGS 2020-04-10 15:36:21 -07:00
video
xen xen: branch for v5.7-rc1b 2020-04-10 17:20:06 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
Kbuild
Kconfig Kbuild updates for v5.7 (2nd) 2020-04-11 09:46:12 -07:00
Kconfig.assembler x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
Kconfig.cpu x86/cpu: Detect VMX features on Intel, Centaur and Zhaoxin CPUs 2020-01-13 18:02:53 +01:00
Kconfig.debug x86: mm: convert dump_pagetables to use walk_page_range 2020-02-04 03:05:25 +00:00
Makefile x86: probe assembler capabilities via kconfig instead of makefile 2020-04-09 00:01:59 +09:00
Makefile_32.cpu
Makefile.um