Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 05:46pm, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Matt Fleming wrote:
> > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> > > On Tue, 4 Jul 2017, Baoquan He wrote:
> > >
> > > > In fact I just referred to code in setup_arch(). Now I have a question,
> > > > though CONFIG_EFI=y but efi firmware is not enabled,
> > > > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > > > Then below code is also problematic.
> > > >
> > > > #ifdef CONFIG_EFI
> > > > if (!strncmp((char
> > > > *)_params.efi_info.efi_loader_signature,
> > > >
> > > > EFI32_LOADER_SIGNATURE, 4)) {
> > > > set_bit(EFI_BOOT, );
> > > > } else if (!strncmp((char
> > > > *)_params.efi_info.efi_loader_signature,
> > > > EFI64_LOADER_SIGNATURE, 4)) {
> > > > set_bit(EFI_BOOT, );
> > > > set_bit(EFI_64BIT, );
> > > > }
> > > >
> > > > if (efi_enabled(EFI_BOOT))
> > > > efi_memblock_x86_reserve_range();
> > > > #endif
> > >
> > > Indeed. Matt?
> >
> > It's possibly that I'm missing some context, but boot_params should be
> > zero'd -- the x86 boot protocol requires that the entire data
> > structure be zero'd on allocation.
> >
> > Have I missed something?
>
> No. I misread the code. The strncmp() operates on
> boot_params.efi_info.efi_loader_signature itself, so yes, all is fine.
Sorry, I must be dizzy at late night of yesterday, just gave wrong
answer when questioned.
>
> It's just Baoquans copy and paste wreckage which is busted.
>
> Thanks,
>
> tglx
>
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 05:46pm, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Matt Fleming wrote:
> > On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> > > On Tue, 4 Jul 2017, Baoquan He wrote:
> > >
> > > > In fact I just referred to code in setup_arch(). Now I have a question,
> > > > though CONFIG_EFI=y but efi firmware is not enabled,
> > > > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > > > Then below code is also problematic.
> > > >
> > > > #ifdef CONFIG_EFI
> > > > if (!strncmp((char
> > > > *)_params.efi_info.efi_loader_signature,
> > > >
> > > > EFI32_LOADER_SIGNATURE, 4)) {
> > > > set_bit(EFI_BOOT, );
> > > > } else if (!strncmp((char
> > > > *)_params.efi_info.efi_loader_signature,
> > > > EFI64_LOADER_SIGNATURE, 4)) {
> > > > set_bit(EFI_BOOT, );
> > > > set_bit(EFI_64BIT, );
> > > > }
> > > >
> > > > if (efi_enabled(EFI_BOOT))
> > > > efi_memblock_x86_reserve_range();
> > > > #endif
> > >
> > > Indeed. Matt?
> >
> > It's possibly that I'm missing some context, but boot_params should be
> > zero'd -- the x86 boot protocol requires that the entire data
> > structure be zero'd on allocation.
> >
> > Have I missed something?
>
> No. I misread the code. The strncmp() operates on
> boot_params.efi_info.efi_loader_signature itself, so yes, all is fine.
Sorry, I must be dizzy at late night of yesterday, just gave wrong
answer when questioned.
>
> It's just Baoquans copy and paste wreckage which is busted.
>
> Thanks,
>
> tglx
>
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Matt Fleming wrote:
> On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> > On Tue, 4 Jul 2017, Baoquan He wrote:
> >
> > > In fact I just referred to code in setup_arch(). Now I have a question,
> > > though CONFIG_EFI=y but efi firmware is not enabled,
> > > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > > Then below code is also problematic.
> > >
> > > #ifdef CONFIG_EFI
> > > if (!strncmp((char *)_params.efi_info.efi_loader_signature,
> > >
> > > EFI32_LOADER_SIGNATURE, 4)) {
> > > set_bit(EFI_BOOT, );
> > > } else if (!strncmp((char
> > > *)_params.efi_info.efi_loader_signature,
> > > EFI64_LOADER_SIGNATURE, 4)) {
> > > set_bit(EFI_BOOT, );
> > > set_bit(EFI_64BIT, );
> > > }
> > >
> > > if (efi_enabled(EFI_BOOT))
> > > efi_memblock_x86_reserve_range();
> > > #endif
> >
> > Indeed. Matt?
>
> It's possibly that I'm missing some context, but boot_params should be
> zero'd -- the x86 boot protocol requires that the entire data
> structure be zero'd on allocation.
>
> Have I missed something?
No. I misread the code. The strncmp() operates on
boot_params.efi_info.efi_loader_signature itself, so yes, all is fine.
It's just Baoquans copy and paste wreckage which is busted.
Thanks,
tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Matt Fleming wrote:
> On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> > On Tue, 4 Jul 2017, Baoquan He wrote:
> >
> > > In fact I just referred to code in setup_arch(). Now I have a question,
> > > though CONFIG_EFI=y but efi firmware is not enabled,
> > > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > > Then below code is also problematic.
> > >
> > > #ifdef CONFIG_EFI
> > > if (!strncmp((char *)_params.efi_info.efi_loader_signature,
> > >
> > > EFI32_LOADER_SIGNATURE, 4)) {
> > > set_bit(EFI_BOOT, );
> > > } else if (!strncmp((char
> > > *)_params.efi_info.efi_loader_signature,
> > > EFI64_LOADER_SIGNATURE, 4)) {
> > > set_bit(EFI_BOOT, );
> > > set_bit(EFI_64BIT, );
> > > }
> > >
> > > if (efi_enabled(EFI_BOOT))
> > > efi_memblock_x86_reserve_range();
> > > #endif
> >
> > Indeed. Matt?
>
> It's possibly that I'm missing some context, but boot_params should be
> zero'd -- the x86 boot protocol requires that the entire data
> structure be zero'd on allocation.
>
> Have I missed something?
No. I misread the code. The strncmp() operates on
boot_params.efi_info.efi_loader_signature itself, so yes, all is fine.
It's just Baoquans copy and paste wreckage which is busted.
Thanks,
tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Baoquan He wrote:
>
> > In fact I just referred to code in setup_arch(). Now I have a question,
> > though CONFIG_EFI=y but efi firmware is not enabled,
> > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > Then below code is also problematic.
> >
> > #ifdef CONFIG_EFI
> > if (!strncmp((char *)_params.efi_info.efi_loader_signature,
> >
> > EFI32_LOADER_SIGNATURE, 4)) {
> > set_bit(EFI_BOOT, );
> > } else if (!strncmp((char
> > *)_params.efi_info.efi_loader_signature,
> > EFI64_LOADER_SIGNATURE, 4)) {
> > set_bit(EFI_BOOT, );
> > set_bit(EFI_64BIT, );
> > }
> >
> > if (efi_enabled(EFI_BOOT))
> > efi_memblock_x86_reserve_range();
> > #endif
>
> Indeed. Matt?
It's possibly that I'm missing some context, but boot_params should be
zero'd -- the x86 boot protocol requires that the entire data
structure be zero'd on allocation.
Have I missed something?
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 04 Jul, at 04:46:58PM, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Baoquan He wrote:
>
> > In fact I just referred to code in setup_arch(). Now I have a question,
> > though CONFIG_EFI=y but efi firmware is not enabled,
> > boot_params.efi_info.efi_loader_signature should be initilized to 0.
> > Then below code is also problematic.
> >
> > #ifdef CONFIG_EFI
> > if (!strncmp((char *)_params.efi_info.efi_loader_signature,
> >
> > EFI32_LOADER_SIGNATURE, 4)) {
> > set_bit(EFI_BOOT, );
> > } else if (!strncmp((char
> > *)_params.efi_info.efi_loader_signature,
> > EFI64_LOADER_SIGNATURE, 4)) {
> > set_bit(EFI_BOOT, );
> > set_bit(EFI_64BIT, );
> > }
> >
> > if (efi_enabled(EFI_BOOT))
> > efi_memblock_x86_reserve_range();
> > #endif
>
> Indeed. Matt?
It's possibly that I'm missing some context, but boot_params should be
zero'd -- the x86 boot protocol requires that the entire data
structure be zero'd on allocation.
Have I missed something?
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote:
> On 07/04/17 at 04:00pm, Thomas Gleixner wrote:
> > On Tue, 4 Jul 2017, Baoquan He wrote:
> > > +/* Marks if efi mirror regions have been found and handled. */
> > > +static bool efi_mirror_found;
> > > +
> > > +static void process_efi_entry(unsigned long minimum, unsigned long
> > > image_size)
> > > +{
> > > + struct efi_info *e = _params->efi_info;
> > > + struct mem_vector region;
> > > + efi_memory_desc_t *md;
> > > + unsigned long pmap;
> > > + char *signature;
> > > + u32 nr_desc;
> > > + int i;
> > > +
> > > +
> > > +#ifdef CONFIG_EFI
> > > + signature = (char *)_params->efi_info.efi_loader_signature;
> > > +#endif
> >
> > So if CONFIG_EFI=n you happily dereference the uninitialized signature
> > pointer ...
>
> Right, this is a mistake. Thanks for pointing it out. I should have
> checked if the pointer is NULL.
The pointer is not NULL, it's not initialized.
> In fact I just referred to code in setup_arch(). Now I have a question,
> though CONFIG_EFI=y but efi firmware is not enabled,
> boot_params.efi_info.efi_loader_signature should be initilized to 0.
> Then below code is also problematic.
>
> #ifdef CONFIG_EFI
> if (!strncmp((char *)_params.efi_info.efi_loader_signature,
>
> EFI32_LOADER_SIGNATURE, 4)) {
> set_bit(EFI_BOOT, );
> } else if (!strncmp((char
> *)_params.efi_info.efi_loader_signature,
> EFI64_LOADER_SIGNATURE, 4)) {
> set_bit(EFI_BOOT, );
> set_bit(EFI_64BIT, );
> }
>
> if (efi_enabled(EFI_BOOT))
> efi_memblock_x86_reserve_range();
> #endif
Indeed. Matt?
Thanks,
tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote:
> On 07/04/17 at 04:00pm, Thomas Gleixner wrote:
> > On Tue, 4 Jul 2017, Baoquan He wrote:
> > > +/* Marks if efi mirror regions have been found and handled. */
> > > +static bool efi_mirror_found;
> > > +
> > > +static void process_efi_entry(unsigned long minimum, unsigned long
> > > image_size)
> > > +{
> > > + struct efi_info *e = _params->efi_info;
> > > + struct mem_vector region;
> > > + efi_memory_desc_t *md;
> > > + unsigned long pmap;
> > > + char *signature;
> > > + u32 nr_desc;
> > > + int i;
> > > +
> > > +
> > > +#ifdef CONFIG_EFI
> > > + signature = (char *)_params->efi_info.efi_loader_signature;
> > > +#endif
> >
> > So if CONFIG_EFI=n you happily dereference the uninitialized signature
> > pointer ...
>
> Right, this is a mistake. Thanks for pointing it out. I should have
> checked if the pointer is NULL.
The pointer is not NULL, it's not initialized.
> In fact I just referred to code in setup_arch(). Now I have a question,
> though CONFIG_EFI=y but efi firmware is not enabled,
> boot_params.efi_info.efi_loader_signature should be initilized to 0.
> Then below code is also problematic.
>
> #ifdef CONFIG_EFI
> if (!strncmp((char *)_params.efi_info.efi_loader_signature,
>
> EFI32_LOADER_SIGNATURE, 4)) {
> set_bit(EFI_BOOT, );
> } else if (!strncmp((char
> *)_params.efi_info.efi_loader_signature,
> EFI64_LOADER_SIGNATURE, 4)) {
> set_bit(EFI_BOOT, );
> set_bit(EFI_64BIT, );
> }
>
> if (efi_enabled(EFI_BOOT))
> efi_memblock_x86_reserve_range();
> #endif
Indeed. Matt?
Thanks,
tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 04:00pm, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Baoquan He wrote:
> > +/* Marks if efi mirror regions have been found and handled. */
> > +static bool efi_mirror_found;
> > +
> > +static void process_efi_entry(unsigned long minimum, unsigned long
> > image_size)
> > +{
> > + struct efi_info *e = _params->efi_info;
> > + struct mem_vector region;
> > + efi_memory_desc_t *md;
> > + unsigned long pmap;
> > + char *signature;
> > + u32 nr_desc;
> > + int i;
> > +
> > +
> > +#ifdef CONFIG_EFI
> > + signature = (char *)_params->efi_info.efi_loader_signature;
> > +#endif
>
> So if CONFIG_EFI=n you happily dereference the uninitialized signature
> pointer ...
Right, this is a mistake. Thanks for pointing it out. I should have
checked if the pointer is NULL.
In fact I just referred to code in setup_arch(). Now I have a question,
though CONFIG_EFI=y but efi firmware is not enabled,
boot_params.efi_info.efi_loader_signature should be initilized to 0.
Then below code is also problematic.
#ifdef CONFIG_EFI
if (!strncmp((char *)_params.efi_info.efi_loader_signature,
EFI32_LOADER_SIGNATURE, 4)) {
set_bit(EFI_BOOT, );
} else if (!strncmp((char *)_params.efi_info.efi_loader_signature,
EFI64_LOADER_SIGNATURE, 4)) {
set_bit(EFI_BOOT, );
set_bit(EFI_64BIT, );
}
if (efi_enabled(EFI_BOOT))
efi_memblock_x86_reserve_range();
#endif
>
> Why is process_efi_entry() invoked at all if EFI is not enabled?
Yeah, and it's better to check if CONFIG_EFI is enabled before
invocation of process_efi_entry(). Let me change it as below and repost.
Thanks again for looking into this patchset.
+#ifdef CONFIG_EFI
process_efi_entry(minimum, image_size);
+#endif
>
> > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
> > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
> > + return;
> > +
>
> Thanks,
>
> tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On 07/04/17 at 04:00pm, Thomas Gleixner wrote:
> On Tue, 4 Jul 2017, Baoquan He wrote:
> > +/* Marks if efi mirror regions have been found and handled. */
> > +static bool efi_mirror_found;
> > +
> > +static void process_efi_entry(unsigned long minimum, unsigned long
> > image_size)
> > +{
> > + struct efi_info *e = _params->efi_info;
> > + struct mem_vector region;
> > + efi_memory_desc_t *md;
> > + unsigned long pmap;
> > + char *signature;
> > + u32 nr_desc;
> > + int i;
> > +
> > +
> > +#ifdef CONFIG_EFI
> > + signature = (char *)_params->efi_info.efi_loader_signature;
> > +#endif
>
> So if CONFIG_EFI=n you happily dereference the uninitialized signature
> pointer ...
Right, this is a mistake. Thanks for pointing it out. I should have
checked if the pointer is NULL.
In fact I just referred to code in setup_arch(). Now I have a question,
though CONFIG_EFI=y but efi firmware is not enabled,
boot_params.efi_info.efi_loader_signature should be initilized to 0.
Then below code is also problematic.
#ifdef CONFIG_EFI
if (!strncmp((char *)_params.efi_info.efi_loader_signature,
EFI32_LOADER_SIGNATURE, 4)) {
set_bit(EFI_BOOT, );
} else if (!strncmp((char *)_params.efi_info.efi_loader_signature,
EFI64_LOADER_SIGNATURE, 4)) {
set_bit(EFI_BOOT, );
set_bit(EFI_64BIT, );
}
if (efi_enabled(EFI_BOOT))
efi_memblock_x86_reserve_range();
#endif
>
> Why is process_efi_entry() invoked at all if EFI is not enabled?
Yeah, and it's better to check if CONFIG_EFI is enabled before
invocation of process_efi_entry(). Let me change it as below and repost.
Thanks again for looking into this patchset.
+#ifdef CONFIG_EFI
process_efi_entry(minimum, image_size);
+#endif
>
> > + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
> > + strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
> > + return;
> > +
>
> Thanks,
>
> tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote:
> +/* Marks if efi mirror regions have been found and handled. */
> +static bool efi_mirror_found;
> +
> +static void process_efi_entry(unsigned long minimum, unsigned long
> image_size)
> +{
> + struct efi_info *e = _params->efi_info;
> + struct mem_vector region;
> + efi_memory_desc_t *md;
> + unsigned long pmap;
> + char *signature;
> + u32 nr_desc;
> + int i;
> +
> +
> +#ifdef CONFIG_EFI
> + signature = (char *)_params->efi_info.efi_loader_signature;
> +#endif
So if CONFIG_EFI=n you happily dereference the uninitialized signature
pointer ...
Why is process_efi_entry() invoked at all if EFI is not enabled?
> + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
> + strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
> + return;
> +
Thanks,
tglx
Re: [PATCH v2 2/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
On Tue, 4 Jul 2017, Baoquan He wrote:
> +/* Marks if efi mirror regions have been found and handled. */
> +static bool efi_mirror_found;
> +
> +static void process_efi_entry(unsigned long minimum, unsigned long
> image_size)
> +{
> + struct efi_info *e = _params->efi_info;
> + struct mem_vector region;
> + efi_memory_desc_t *md;
> + unsigned long pmap;
> + char *signature;
> + u32 nr_desc;
> + int i;
> +
> +
> +#ifdef CONFIG_EFI
> + signature = (char *)_params->efi_info.efi_loader_signature;
> +#endif
So if CONFIG_EFI=n you happily dereference the uninitialized signature
pointer ...
Why is process_efi_entry() invoked at all if EFI is not enabled?
> + if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
> + strncmp(signature, EFI64_LOADER_SIGNATURE, 4))
> + return;
> +
Thanks,
tglx
