Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 05:46pm, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Matt Fleming wrote: > > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > > > > > In fact I just referred to code in setup_arch(). Now I have a question, > > > > though CONFIG_EFI=y but efi firmware is not enabled, > > > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > > > Then below code is also problematic. > > > > > > > > #ifdef CONFIG_EFI > > > > if (!strncmp((char > > > > *)_params.efi_info.efi_loader_signature, > > > > > > > > EFI32_LOADER_SIGNATURE, 4)) { > > > > set_bit(EFI_BOOT, ); > > > > } else if (!strncmp((char > > > > *)_params.efi_info.efi_loader_signature, > > > > EFI64_LOADER_SIGNATURE, 4)) { > > > > set_bit(EFI_BOOT, ); > > > > set_bit(EFI_64BIT, ); > > > > } > > > > > > > > if (efi_enabled(EFI_BOOT)) > > > > efi_memblock_x86_reserve_range(); > > > > #endif > > > > > > Indeed. Matt? > > > > It's possibly that I'm missing some context, but boot_params should be > > zero'd -- the x86 boot protocol requires that the entire data > > structure be zero'd on allocation. > > > > Have I missed something? > > No. I misread the code. The strncmp() operates on > boot_params.efi_info.efi_loader_signature itself, so yes, all is fine. Sorry, I must be dizzy at late night of yesterday, just gave wrong answer when questioned. > > It's just Baoquans copy and paste wreckage which is busted. > > Thanks, > > tglx >
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 05:46pm, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Matt Fleming wrote: > > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > > > > > In fact I just referred to code in setup_arch(). Now I have a question, > > > > though CONFIG_EFI=y but efi firmware is not enabled, > > > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > > > Then below code is also problematic. > > > > > > > > #ifdef CONFIG_EFI > > > > if (!strncmp((char > > > > *)_params.efi_info.efi_loader_signature, > > > > > > > > EFI32_LOADER_SIGNATURE, 4)) { > > > > set_bit(EFI_BOOT, ); > > > > } else if (!strncmp((char > > > > *)_params.efi_info.efi_loader_signature, > > > > EFI64_LOADER_SIGNATURE, 4)) { > > > > set_bit(EFI_BOOT, ); > > > > set_bit(EFI_64BIT, ); > > > > } > > > > > > > > if (efi_enabled(EFI_BOOT)) > > > > efi_memblock_x86_reserve_range(); > > > > #endif > > > > > > Indeed. Matt? > > > > It's possibly that I'm missing some context, but boot_params should be > > zero'd -- the x86 boot protocol requires that the entire data > > structure be zero'd on allocation. > > > > Have I missed something? > > No. I misread the code. The strncmp() operates on > boot_params.efi_info.efi_loader_signature itself, so yes, all is fine. Sorry, I must be dizzy at late night of yesterday, just gave wrong answer when questioned. > > It's just Baoquans copy and paste wreckage which is busted. > > Thanks, > > tglx >
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Matt Fleming wrote: > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > > > In fact I just referred to code in setup_arch(). Now I have a question, > > > though CONFIG_EFI=y but efi firmware is not enabled, > > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > > Then below code is also problematic. > > > > > > #ifdef CONFIG_EFI > > > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > > > > > EFI32_LOADER_SIGNATURE, 4)) { > > > set_bit(EFI_BOOT, ); > > > } else if (!strncmp((char > > > *)_params.efi_info.efi_loader_signature, > > > EFI64_LOADER_SIGNATURE, 4)) { > > > set_bit(EFI_BOOT, ); > > > set_bit(EFI_64BIT, ); > > > } > > > > > > if (efi_enabled(EFI_BOOT)) > > > efi_memblock_x86_reserve_range(); > > > #endif > > > > Indeed. Matt? > > It's possibly that I'm missing some context, but boot_params should be > zero'd -- the x86 boot protocol requires that the entire data > structure be zero'd on allocation. > > Have I missed something? No. I misread the code. The strncmp() operates on boot_params.efi_info.efi_loader_signature itself, so yes, all is fine. It's just Baoquans copy and paste wreckage which is busted. Thanks, tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Matt Fleming wrote: > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > > > In fact I just referred to code in setup_arch(). Now I have a question, > > > though CONFIG_EFI=y but efi firmware is not enabled, > > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > > Then below code is also problematic. > > > > > > #ifdef CONFIG_EFI > > > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > > > > > EFI32_LOADER_SIGNATURE, 4)) { > > > set_bit(EFI_BOOT, ); > > > } else if (!strncmp((char > > > *)_params.efi_info.efi_loader_signature, > > > EFI64_LOADER_SIGNATURE, 4)) { > > > set_bit(EFI_BOOT, ); > > > set_bit(EFI_64BIT, ); > > > } > > > > > > if (efi_enabled(EFI_BOOT)) > > > efi_memblock_x86_reserve_range(); > > > #endif > > > > Indeed. Matt? > > It's possibly that I'm missing some context, but boot_params should be > zero'd -- the x86 boot protocol requires that the entire data > structure be zero'd on allocation. > > Have I missed something? No. I misread the code. The strncmp() operates on boot_params.efi_info.efi_loader_signature itself, so yes, all is fine. It's just Baoquans copy and paste wreckage which is busted. Thanks, tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Baoquan He wrote: > > > In fact I just referred to code in setup_arch(). Now I have a question, > > though CONFIG_EFI=y but efi firmware is not enabled, > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > Then below code is also problematic. > > > > #ifdef CONFIG_EFI > > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > > > EFI32_LOADER_SIGNATURE, 4)) { > > set_bit(EFI_BOOT, ); > > } else if (!strncmp((char > > *)_params.efi_info.efi_loader_signature, > > EFI64_LOADER_SIGNATURE, 4)) { > > set_bit(EFI_BOOT, ); > > set_bit(EFI_64BIT, ); > > } > > > > if (efi_enabled(EFI_BOOT)) > > efi_memblock_x86_reserve_range(); > > #endif > > Indeed. Matt? It's possibly that I'm missing some context, but boot_params should be zero'd -- the x86 boot protocol requires that the entire data structure be zero'd on allocation. Have I missed something?
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Baoquan He wrote: > > > In fact I just referred to code in setup_arch(). Now I have a question, > > though CONFIG_EFI=y but efi firmware is not enabled, > > boot_params.efi_info.efi_loader_signature should be initilized to 0. > > Then below code is also problematic. > > > > #ifdef CONFIG_EFI > > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > > > EFI32_LOADER_SIGNATURE, 4)) { > > set_bit(EFI_BOOT, ); > > } else if (!strncmp((char > > *)_params.efi_info.efi_loader_signature, > > EFI64_LOADER_SIGNATURE, 4)) { > > set_bit(EFI_BOOT, ); > > set_bit(EFI_64BIT, ); > > } > > > > if (efi_enabled(EFI_BOOT)) > > efi_memblock_x86_reserve_range(); > > #endif > > Indeed. Matt? It's possibly that I'm missing some context, but boot_params should be zero'd -- the x86 boot protocol requires that the entire data structure be zero'd on allocation. Have I missed something?
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote: > On 07/04/17 at 04:00pm, Thomas Gleixner wrote: > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > +/* Marks if efi mirror regions have been found and handled. */ > > > +static bool efi_mirror_found; > > > + > > > +static void process_efi_entry(unsigned long minimum, unsigned long > > > image_size) > > > +{ > > > + struct efi_info *e = _params->efi_info; > > > + struct mem_vector region; > > > + efi_memory_desc_t *md; > > > + unsigned long pmap; > > > + char *signature; > > > + u32 nr_desc; > > > + int i; > > > + > > > + > > > +#ifdef CONFIG_EFI > > > + signature = (char *)_params->efi_info.efi_loader_signature; > > > +#endif > > > > So if CONFIG_EFI=n you happily dereference the uninitialized signature > > pointer ... > > Right, this is a mistake. Thanks for pointing it out. I should have > checked if the pointer is NULL. The pointer is not NULL, it's not initialized. > In fact I just referred to code in setup_arch(). Now I have a question, > though CONFIG_EFI=y but efi firmware is not enabled, > boot_params.efi_info.efi_loader_signature should be initilized to 0. > Then below code is also problematic. > > #ifdef CONFIG_EFI > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > EFI32_LOADER_SIGNATURE, 4)) { > set_bit(EFI_BOOT, ); > } else if (!strncmp((char > *)_params.efi_info.efi_loader_signature, > EFI64_LOADER_SIGNATURE, 4)) { > set_bit(EFI_BOOT, ); > set_bit(EFI_64BIT, ); > } > > if (efi_enabled(EFI_BOOT)) > efi_memblock_x86_reserve_range(); > #endif Indeed. Matt? Thanks, tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote: > On 07/04/17 at 04:00pm, Thomas Gleixner wrote: > > On Tue, 4 Jul 2017, Baoquan He wrote: > > > +/* Marks if efi mirror regions have been found and handled. */ > > > +static bool efi_mirror_found; > > > + > > > +static void process_efi_entry(unsigned long minimum, unsigned long > > > image_size) > > > +{ > > > + struct efi_info *e = _params->efi_info; > > > + struct mem_vector region; > > > + efi_memory_desc_t *md; > > > + unsigned long pmap; > > > + char *signature; > > > + u32 nr_desc; > > > + int i; > > > + > > > + > > > +#ifdef CONFIG_EFI > > > + signature = (char *)_params->efi_info.efi_loader_signature; > > > +#endif > > > > So if CONFIG_EFI=n you happily dereference the uninitialized signature > > pointer ... > > Right, this is a mistake. Thanks for pointing it out. I should have > checked if the pointer is NULL. The pointer is not NULL, it's not initialized. > In fact I just referred to code in setup_arch(). Now I have a question, > though CONFIG_EFI=y but efi firmware is not enabled, > boot_params.efi_info.efi_loader_signature should be initilized to 0. > Then below code is also problematic. > > #ifdef CONFIG_EFI > if (!strncmp((char *)_params.efi_info.efi_loader_signature, > > EFI32_LOADER_SIGNATURE, 4)) { > set_bit(EFI_BOOT, ); > } else if (!strncmp((char > *)_params.efi_info.efi_loader_signature, > EFI64_LOADER_SIGNATURE, 4)) { > set_bit(EFI_BOOT, ); > set_bit(EFI_64BIT, ); > } > > if (efi_enabled(EFI_BOOT)) > efi_memblock_x86_reserve_range(); > #endif Indeed. Matt? Thanks, tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 04:00pm, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Baoquan He wrote: > > +/* Marks if efi mirror regions have been found and handled. */ > > +static bool efi_mirror_found; > > + > > +static void process_efi_entry(unsigned long minimum, unsigned long > > image_size) > > +{ > > + struct efi_info *e = _params->efi_info; > > + struct mem_vector region; > > + efi_memory_desc_t *md; > > + unsigned long pmap; > > + char *signature; > > + u32 nr_desc; > > + int i; > > + > > + > > +#ifdef CONFIG_EFI > > + signature = (char *)_params->efi_info.efi_loader_signature; > > +#endif > > So if CONFIG_EFI=n you happily dereference the uninitialized signature > pointer ... Right, this is a mistake. Thanks for pointing it out. I should have checked if the pointer is NULL. In fact I just referred to code in setup_arch(). Now I have a question, though CONFIG_EFI=y but efi firmware is not enabled, boot_params.efi_info.efi_loader_signature should be initilized to 0. Then below code is also problematic. #ifdef CONFIG_EFI if (!strncmp((char *)_params.efi_info.efi_loader_signature, EFI32_LOADER_SIGNATURE, 4)) { set_bit(EFI_BOOT, ); } else if (!strncmp((char *)_params.efi_info.efi_loader_signature, EFI64_LOADER_SIGNATURE, 4)) { set_bit(EFI_BOOT, ); set_bit(EFI_64BIT, ); } if (efi_enabled(EFI_BOOT)) efi_memblock_x86_reserve_range(); #endif > > Why is process_efi_entry() invoked at all if EFI is not enabled? Yeah, and it's better to check if CONFIG_EFI is enabled before invocation of process_efi_entry(). Let me change it as below and repost. Thanks again for looking into this patchset. +#ifdef CONFIG_EFI process_efi_entry(minimum, image_size); +#endif > > > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) && > > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) > > + return; > > + > > Thanks, > > tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 04:00pm, Thomas Gleixner wrote: > On Tue, 4 Jul 2017, Baoquan He wrote: > > +/* Marks if efi mirror regions have been found and handled. */ > > +static bool efi_mirror_found; > > + > > +static void process_efi_entry(unsigned long minimum, unsigned long > > image_size) > > +{ > > + struct efi_info *e = _params->efi_info; > > + struct mem_vector region; > > + efi_memory_desc_t *md; > > + unsigned long pmap; > > + char *signature; > > + u32 nr_desc; > > + int i; > > + > > + > > +#ifdef CONFIG_EFI > > + signature = (char *)_params->efi_info.efi_loader_signature; > > +#endif > > So if CONFIG_EFI=n you happily dereference the uninitialized signature > pointer ... Right, this is a mistake. Thanks for pointing it out. I should have checked if the pointer is NULL. In fact I just referred to code in setup_arch(). Now I have a question, though CONFIG_EFI=y but efi firmware is not enabled, boot_params.efi_info.efi_loader_signature should be initilized to 0. Then below code is also problematic. #ifdef CONFIG_EFI if (!strncmp((char *)_params.efi_info.efi_loader_signature, EFI32_LOADER_SIGNATURE, 4)) { set_bit(EFI_BOOT, ); } else if (!strncmp((char *)_params.efi_info.efi_loader_signature, EFI64_LOADER_SIGNATURE, 4)) { set_bit(EFI_BOOT, ); set_bit(EFI_64BIT, ); } if (efi_enabled(EFI_BOOT)) efi_memblock_x86_reserve_range(); #endif > > Why is process_efi_entry() invoked at all if EFI is not enabled? Yeah, and it's better to check if CONFIG_EFI is enabled before invocation of process_efi_entry(). Let me change it as below and repost. Thanks again for looking into this patchset. +#ifdef CONFIG_EFI process_efi_entry(minimum, image_size); +#endif > > > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) && > > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) > > + return; > > + > > Thanks, > > tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote: > +/* Marks if efi mirror regions have been found and handled. */ > +static bool efi_mirror_found; > + > +static void process_efi_entry(unsigned long minimum, unsigned long > image_size) > +{ > + struct efi_info *e = _params->efi_info; > + struct mem_vector region; > + efi_memory_desc_t *md; > + unsigned long pmap; > + char *signature; > + u32 nr_desc; > + int i; > + > + > +#ifdef CONFIG_EFI > + signature = (char *)_params->efi_info.efi_loader_signature; > +#endif So if CONFIG_EFI=n you happily dereference the uninitialized signature pointer ... Why is process_efi_entry() invoked at all if EFI is not enabled? > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) && > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) > + return; > + Thanks, tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote: > +/* Marks if efi mirror regions have been found and handled. */ > +static bool efi_mirror_found; > + > +static void process_efi_entry(unsigned long minimum, unsigned long > image_size) > +{ > + struct efi_info *e = _params->efi_info; > + struct mem_vector region; > + efi_memory_desc_t *md; > + unsigned long pmap; > + char *signature; > + u32 nr_desc; > + int i; > + > + > +#ifdef CONFIG_EFI > + signature = (char *)_params->efi_info.efi_loader_signature; > +#endif So if CONFIG_EFI=n you happily dereference the uninitialized signature pointer ... Why is process_efi_entry() invoked at all if EFI is not enabled? > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) && > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) > + return; > + Thanks, tglx