Re: About commit 65fe935d ("x86/KASLR, x86/power: Remove x86 hibernation restrictions")

From: Kees Cook
Date: Wed Jan 25 2017 - 20:07:46 EST

On Sun, Jan 22, 2017 at 2:53 AM, Baoquan He <bhe@xxxxxxxxxx> wrote:
> Hi Kees,
> In your commit 65fe935dd, you mentioned with the fix of 70595b479ce1,
> the x86 hibernation restrictions can be removed. However I didn't find
> it in Linus's tree. I found commit 65c0554 ("x86/power/64: Fix kernel text
> mapping corruption during image restoration"), it should be the one you
> mentioned, but not very sure since it was merged later than your commit.
> Could you help confirm this?

That sounds correct, yes. There was some last minute additional fixing
which I think made the referenced commit vanish before Linus merged or
something like that. 65c0554 looks like the fix it was meaning to
reference. :)


> commit 65fe935dd2387a4faf15314c73f5e6d31ef0217e
> Author: Kees Cook <keescook@xxxxxxxxxxxx>
> Date: Mon Jun 13 15:10:02 2016 -0700
> x86/KASLR, x86/power: Remove x86 hibernation restrictions
> With the following fix:
> 70595b479ce1 ("x86/power/64: Fix crash whan the hibernation code passes control to the image kernel")
> ... there is no longer a problem with hibernation resuming a
> KASLR-booted kernel image, so remove the restriction.
> commit 65c0554b73c920023cc8998802e508b798113b46
> Author: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
> Date: Thu Jun 30 18:11:41 2016 +0200
> x86/power/64: Fix kernel text mapping corruption during image restoration
> Logan Gunthorpe reports that hibernation stopped working reliably for
> him after commit ab76f7b4ab23 (x86/mm: Set NX on gap between __ex_table
> and rodata).
> Thanks
> Baoquan

Kees Cook
Nexus Security