Re: [tip:x86/microcode] x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y
On Tue, Jul 26, 2016 at 01:37:07PM -0700, Kees Cook wrote: > These ifdefs aren't needed if we added a no-op __PAGE_OFFSET_BASE to > the 32-bit page table headers. Then the compiler will DTRT with the > start calculation. When CONFIG_RANDOMIZE_MEMORY is set, start will > have a non-zero value, and when not set it'll be 0. Something like this? I'm trying to mimick the 64-bit version: --- diff --git a/arch/x86/include/asm/page_32_types.h b/arch/x86/include/asm/page_32_types.h index 3a52ee0e726d..3bae4969ac65 100644 --- a/arch/x86/include/asm/page_32_types.h +++ b/arch/x86/include/asm/page_32_types.h @@ -13,7 +13,8 @@ * If you want more physical memory than this then see the CONFIG_HIGHMEM4G * and CONFIG_HIGHMEM64G options in the kernel configuration. */ -#define __PAGE_OFFSET _AC(CONFIG_PAGE_OFFSET, UL) +#define __PAGE_OFFSET_BASE _AC(CONFIG_PAGE_OFFSET, UL) +#define __PAGE_OFFSET __PAGE_OFFSET_BASE #define __START_KERNEL_map __PAGE_OFFSET -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [tip:x86/microcode] x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y
On Tue, Jul 26, 2016 at 10:37 AM, tip-bot for Borislav Petkov wrote: > Commit-ID: efaad554b4ffae1840a2759e09e21325ddbc8b05 > Gitweb: http://git.kernel.org/tip/efaad554b4ffae1840a2759e09e21325ddbc8b05 > Author: Borislav Petkov > AuthorDate: Tue, 26 Jul 2016 11:51:38 +0200 > Committer: Ingo Molnar > CommitDate: Tue, 26 Jul 2016 19:32:57 +0200 > > x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y > > CONFIG_RANDOMIZE_MEMORY=y randomizes the physical memmap and thus the > address where the initrd is located. Therefore, we need to add the > offset KASLR put us to in order to find the initrd again on the AP path. > > In the future, we will get rid of the initrd address caching and query > the address on both the BSP and AP paths but that would need more work. > > Thanks to Nicolai Stange for the good bisection and debugging work. > > Reported-and-tested-by: Nicolai Stange > Signed-off-by: Borislav Petkov > Cc: Kees Cook > Cc: Linus Torvalds > Cc: Peter Zijlstra > Cc: Thomas Gleixner > Link: http://lkml.kernel.org/r/20160726095138.3470-1...@alien8.de > Signed-off-by: Ingo Molnar > --- > arch/x86/kernel/cpu/microcode/intel.c | 16 ++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kernel/cpu/microcode/intel.c > b/arch/x86/kernel/cpu/microcode/intel.c > index 6515c80..0f97ae9 100644 > --- a/arch/x86/kernel/cpu/microcode/intel.c > +++ b/arch/x86/kernel/cpu/microcode/intel.c > @@ -793,10 +793,10 @@ void __init load_ucode_intel_bsp(void) > void load_ucode_intel_ap(void) > { > struct ucode_blobs *blobs_p; > + unsigned long *ptrs, start = 0; > struct mc_saved_data *mcs; > struct ucode_cpu_info uci; > enum ucode_state ret; > - unsigned long *ptrs; > > #ifdef CONFIG_X86_32 > mcs = (struct mc_saved_data *)__pa_nodebug(&mc_saved_data); > @@ -815,8 +815,20 @@ void load_ucode_intel_ap(void) > if (!mcs->num_saved) > return; > > + if (blobs_p->valid) { > + start = blobs_p->start; > + > +#ifdef CONFIG_RANDOMIZE_MEMORY These ifdefs aren't needed if we added a no-op __PAGE_OFFSET_BASE to the 32-bit page table headers. Then the compiler will DTRT with the start calculation. When CONFIG_RANDOMIZE_MEMORY is set, start will have a non-zero value, and when not set it'll be 0. > + /* > +* Pay attention to CONFIG_RANDOMIZE_MEMORY=y as it shuffles > +* physmem mapping too and there we have the initrd. > +*/ > + start += PAGE_OFFSET - __PAGE_OFFSET_BASE; > +#endif > + } > + > collect_cpu_info_early(&uci); > - ret = load_microcode(mcs, ptrs, blobs_p->start, &uci); > + ret = load_microcode(mcs, ptrs, start, &uci); > if (ret != UCODE_OK) > return; > -- Kees Cook Chrome OS & Brillo Security
[tip:x86/microcode] x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y
Commit-ID: efaad554b4ffae1840a2759e09e21325ddbc8b05 Gitweb: http://git.kernel.org/tip/efaad554b4ffae1840a2759e09e21325ddbc8b05 Author: Borislav Petkov AuthorDate: Tue, 26 Jul 2016 11:51:38 +0200 Committer: Ingo Molnar CommitDate: Tue, 26 Jul 2016 19:32:57 +0200 x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY=y randomizes the physical memmap and thus the address where the initrd is located. Therefore, we need to add the offset KASLR put us to in order to find the initrd again on the AP path. In the future, we will get rid of the initrd address caching and query the address on both the BSP and AP paths but that would need more work. Thanks to Nicolai Stange for the good bisection and debugging work. Reported-and-tested-by: Nicolai Stange Signed-off-by: Borislav Petkov Cc: Kees Cook Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20160726095138.3470-1...@alien8.de Signed-off-by: Ingo Molnar --- arch/x86/kernel/cpu/microcode/intel.c | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 6515c80..0f97ae9 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -793,10 +793,10 @@ void __init load_ucode_intel_bsp(void) void load_ucode_intel_ap(void) { struct ucode_blobs *blobs_p; + unsigned long *ptrs, start = 0; struct mc_saved_data *mcs; struct ucode_cpu_info uci; enum ucode_state ret; - unsigned long *ptrs; #ifdef CONFIG_X86_32 mcs = (struct mc_saved_data *)__pa_nodebug(&mc_saved_data); @@ -815,8 +815,20 @@ void load_ucode_intel_ap(void) if (!mcs->num_saved) return; + if (blobs_p->valid) { + start = blobs_p->start; + +#ifdef CONFIG_RANDOMIZE_MEMORY + /* +* Pay attention to CONFIG_RANDOMIZE_MEMORY=y as it shuffles +* physmem mapping too and there we have the initrd. +*/ + start += PAGE_OFFSET - __PAGE_OFFSET_BASE; +#endif + } + collect_cpu_info_early(&uci); - ret = load_microcode(mcs, ptrs, blobs_p->start, &uci); + ret = load_microcode(mcs, ptrs, start, &uci); if (ret != UCODE_OK) return;