Re: [GIT PULL] x86/mm changes for v4.4

2015-11-10 Thread Kees Cook
On Mon, Nov 9, 2015 at 11:08 PM, Ard Biesheuvel wrote: > On 9 November 2015 at 22:08, Kees Cook wrote: >> On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel >> wrote: >>> On 8 November 2015 at 07:58, Kees Cook

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-09 Thread Kees Cook
On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel wrote: > On 8 November 2015 at 07:58, Kees Cook wrote: >> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel >> wrote: >>> On 7 November 2015 at 08:09, Ingo Molnar

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-07 Thread Matt Fleming
On Sat, 07 Nov, at 08:05:54AM, Ingo Molnar wrote: > > * Matt Fleming wrote: > > > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > > > And if this turns out to be due to EFI wanting those permissions, what > > > should > > > we do? People have talked

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-07 Thread Ard Biesheuvel
On 8 November 2015 at 07:58, Kees Cook wrote: > On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel > wrote: >> On 7 November 2015 at 08:09, Ingo Molnar wrote: >>> >>> * Matt Fleming wrote: >>> On

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Ard Biesheuvel
On 7 November 2015 at 08:09, Ingo Molnar wrote: > > * Matt Fleming wrote: > >> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: >> > >> > 3) We should fix the EFI permission problem without relying on the >> > firmware: it >> > appears we could

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Ingo Molnar
* Matt Fleming wrote: > On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > > > 3) We should fix the EFI permission problem without relying on the > > firmware: it > > appears we could just mark everything R-X optimistically, and if a > > write fault > >

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Ingo Molnar
* Matt Fleming wrote: > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > And if this turns out to be due to EFI wanting those permissions, what > > should > > we do? People have talked about running the EFI callbacks in their own > > private > > page

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Matt Fleming
On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > 3) We should fix the EFI permission problem without relying on the firmware: > it > appears we could just mark everything R-X optimistically, and if a write > fault > happens (it's pretty rare in fact, only triggers when we write

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Matt Fleming
On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > Admittedly, we might need to use a certain amount of care to avoid > interesting conflicts with the vmap mechanism. We might need to vmap > all of the EFI stuff, and possibly even all the top-level entries that > contain EFI stuff (i.e.

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Matt Fleming
On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > And if this turns out to be due to EFI wanting those permissions, what > should we do? People have talked about running the EFI callbacks in > their own private page table setup, which sounds like the right idea, > but until that actually

Re: [GIT PULL] x86/mm changes for v4.4

2015-11-06 Thread Borislav Petkov
On Fri, Nov 06, 2015 at 01:09:48PM +, Matt Fleming wrote: > On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > > > Admittedly, we might need to use a certain amount of care to avoid > > interesting conflicts with the vmap mechanism. We might need to vmap > > all of the EFI stuff, and