* Baoquan He <b...@redhat.com> wrote:
> Currently KASLR is enabled on three regions: the direct mapping of physical
> memory, vamlloc and vmemmap. However EFI region is also mistakenly included
> for VA space randomization because of misusing EFI_VA_START macro and
> assuming EFI_VA_START < EFI_VA_END.
>
> The EFI region is reserved for EFI runtime services virtual mapping which
> should not be included in kaslr ranges. In Documentation/x86/x86_64/mm.txt,
> we can see:
> ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space
> EFI use the space from -4G to -64G thus EFI_VA_START > EFI_VA_END,
> Here EFI_VA_START = -4G, and EFI_VA_END = -64G.
>
> Changing EFI_VA_START to EFI_VA_END in mm/kaslr.c fixes this problem.
>
> Cc: <sta...@vger.kernel.org> #4.8+
> Signed-off-by: Baoquan He <b...@redhat.com>
> Acked-by: Dave Young <dyo...@redhat.com>
> Reviewed-by: Bhupesh Sharma <bhsha...@redhat.com>
> Acked-by: Thomas Garnier <thgar...@google.com>
> Cc: Thomas Gleixner <t...@linutronix.de>
> Cc: Ingo Molnar <mi...@redhat.com>
> Cc: "H. Peter Anvin" <h...@zytor.com>
> Cc: x...@kernel.org
> Cc: linux-...@vger.kernel.org
> Cc: Thomas Garnier <thgar...@google.com>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Borislav Petkov <b...@alien8.de>
> Cc: Andrew Morton <a...@linux-foundation.org>
> Cc: Masahiro Yamada <yamada.masah...@socionext.com>
> Cc: Dave Young <dyo...@redhat.com>
> Cc: Bhupesh Sharma <bhsha...@redhat.com>
So I applied this kexec fix and extended the changelog to clearly show why this
fix matters in practice.
Also, to make sure I understood it correctly: these addresses are all dynamic
on
64-bit kernels, i.e. we are establishing and then tearing down these page
tables
around EFI calls, and they are 'normally' not present at all, right?
Thanks,
Ingo
