2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-25 05:34:00 +08:00
linux-next/arch/x86/platform
Matt Fleming 67a9108ed4 x86/efi: Build our own page table structures
With commit e1a58320a3 ("x86/mm: Warn on W^X mappings") all
users booting on 64-bit UEFI machines see the following warning,

  ------------[ cut here ]------------
  WARNING: CPU: 7 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5dc/0x780()
  x86/mm: Found insecure W+X mapping at address ffff88000005f000/0xffff88000005f000
  ...
  x86/mm: Checked W+X mappings: FAILED, 165660 W+X pages found.
  ...

This is caused by mapping EFI regions with RWX permissions.
There isn't much we can do to restrict the permissions for these
regions due to the way the firmware toolchains mix code and
data, but we can at least isolate these mappings so that they do
not appear in the regular kernel page tables.

In commit d2f7cbe7b2 ("x86/efi: Runtime services virtual
mapping") we started using 'trampoline_pgd' to map the EFI
regions because there was an existing identity mapping there
which we use during the SetVirtualAddressMap() call and for
broken firmware that accesses those addresses.

But 'trampoline_pgd' shares some PGD entries with
'swapper_pg_dir' and does not provide the isolation we require.
Notably the virtual address for __START_KERNEL_map and
MODULES_START are mapped by the same PGD entry so we need to be
more careful when copying changes over in
efi_sync_low_kernel_mappings().

This patch doesn't go the full mile, we still want to share some
PGD entries with 'swapper_pg_dir'. Having completely separate
page tables brings its own issues such as synchronising new
mappings after memory hotplug and module loading. Sharing also
keeps memory usage down.

Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1448658575-17029-6-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-11-29 09:15:42 +01:00
..
atom x86/platform: Make atom/pmc_atom.c explicitly non-modular 2015-08-25 09:47:50 +02:00
ce4100 x86: ce4100, irq: Do not set legacy_pic to null_legacy_pic 2014-06-21 23:05:42 +02:00
efi x86/efi: Build our own page table structures 2015-11-29 09:15:42 +01:00
geode x86/geode: Fix incorrect placement of __initdata tag 2013-10-01 13:21:27 +02:00
goldfish goldfish: platform device for x86 2013-01-21 12:09:19 -08:00
intel x86/platform/iosf_mbi: Add Intel Tangier PCI id 2015-07-16 17:48:48 +02:00
intel-mid x86/intel-mid: Make intel_mid_ops static 2015-10-11 21:03:12 +02:00
intel-quark x86/intel/quark: Run IMR self-test on IMR capble hw only 2015-04-02 12:47:50 +02:00
iris x86: platform: iris: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
olpc x86/olpc/xo15/sci: Use newly added power_supply_put API 2015-03-13 23:15:53 +01:00
scx200 X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
sfi x86: Cleanup irq_domain ops 2015-04-24 15:36:55 +02:00
ts5500 x86/platform/ts5500: Add support for TS-5400 boards 2014-07-16 21:17:42 +02:00
uv x86/platform/uv: Implement simple dump failover if kdump fails 2015-09-14 15:31:30 +02:00
Makefile x86/platform/iosf_mbi: Move to dedicated folder 2015-07-16 17:48:47 +02:00