From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: catalin.marinas@arm.com, will.deacon@arm.com,
dhowells@redhat.com, vgoyal@redhat.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
dyoung@redhat.com, bhe@redhat.com, arnd@arndb.de,
schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com
Cc: prudo@linux.ibm.com, ard.biesheuvel@linaro.org,
james.morse@arm.com, bhsharma@redhat.com,
kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH v16 16/16] arm64: kexec_file: add kaslr support
Date: Thu, 15 Nov 2018 14:52:55 +0900 [thread overview]
Message-ID: <20181115055254.2812-17-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <20181115055254.2812-1-takahiro.akashi@linaro.org>
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.
We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/kernel/machine_kexec_file.c | 46 +++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index ab296b98d633..a0a730bd9be6 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -16,6 +16,7 @@
#include <linux/libfdt.h>
#include <linux/memblock.h>
#include <linux/of_fdt.h>
+#include <linux/random.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -28,6 +29,7 @@
#define FDT_PSTR_INITRD_STA "linux,initrd-start"
#define FDT_PSTR_INITRD_END "linux,initrd-end"
#define FDT_PSTR_BOOTARGS "bootargs"
+#define FDT_PSTR_KASLR_SEED "kaslr-seed"
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
@@ -46,11 +48,38 @@ int arch_kimage_file_post_load_cleanup(struct kimage *image)
return kexec_image_post_load_cleanup_default(image);
}
+/* crng needs to have been initialized for providing kaslr-seed */
+static int random_ready;
+
+static void random_ready_notified(struct random_ready_callback *unused)
+{
+ random_ready = 1;
+}
+
+static struct random_ready_callback random_ready_cb = {
+ .func = random_ready_notified,
+};
+
+static __init int init_random_ready_cb(void)
+{
+ int ret;
+
+ ret = add_random_ready_callback(&random_ready_cb);
+ if (ret == -EALREADY)
+ random_ready = 1;
+ else if (ret)
+ pr_warn("failed to add a callback for random_ready\n");
+
+ return 0;
+}
+late_initcall(init_random_ready_cb)
+
static int setup_dtb(struct kimage *image,
unsigned long initrd_load_addr, unsigned long initrd_len,
char *cmdline, void *dtb)
{
int nodeoffset;
+ u64 value;
int ret;
nodeoffset = fdt_path_offset(dtb, "/chosen");
@@ -106,12 +135,27 @@ static int setup_dtb(struct kimage *image,
return -EINVAL;
}
+ /* add kaslr-seed */
+ ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED);
+ if (ret && (ret != -FDT_ERR_NOTFOUND))
+ return -EINVAL;
+
+ if (random_ready) {
+ get_random_bytes(&value, sizeof(value));
+ ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED,
+ value);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+ } else {
+ pr_notice("kaslr-seed won't be fed\n");
+ }
+
return 0;
}
/*
* More space needed so that we can add initrd, bootargs,
- * userable-memory-range and elfcorehdr.
+ * userable-memory-range, elfcorehdr and kaslr-seed.
*/
#define DTB_EXTRA_SPACE 0x1000
--
2.19.0
WARNING: multiple messages have this Message-ID (diff)
From: takahiro.akashi@linaro.org (AKASHI Takahiro)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v16 16/16] arm64: kexec_file: add kaslr support
Date: Thu, 15 Nov 2018 14:52:55 +0900 [thread overview]
Message-ID: <20181115055254.2812-17-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <20181115055254.2812-1-takahiro.akashi@linaro.org>
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.
We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/kernel/machine_kexec_file.c | 46 +++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index ab296b98d633..a0a730bd9be6 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -16,6 +16,7 @@
#include <linux/libfdt.h>
#include <linux/memblock.h>
#include <linux/of_fdt.h>
+#include <linux/random.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -28,6 +29,7 @@
#define FDT_PSTR_INITRD_STA "linux,initrd-start"
#define FDT_PSTR_INITRD_END "linux,initrd-end"
#define FDT_PSTR_BOOTARGS "bootargs"
+#define FDT_PSTR_KASLR_SEED "kaslr-seed"
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
@@ -46,11 +48,38 @@ int arch_kimage_file_post_load_cleanup(struct kimage *image)
return kexec_image_post_load_cleanup_default(image);
}
+/* crng needs to have been initialized for providing kaslr-seed */
+static int random_ready;
+
+static void random_ready_notified(struct random_ready_callback *unused)
+{
+ random_ready = 1;
+}
+
+static struct random_ready_callback random_ready_cb = {
+ .func = random_ready_notified,
+};
+
+static __init int init_random_ready_cb(void)
+{
+ int ret;
+
+ ret = add_random_ready_callback(&random_ready_cb);
+ if (ret == -EALREADY)
+ random_ready = 1;
+ else if (ret)
+ pr_warn("failed to add a callback for random_ready\n");
+
+ return 0;
+}
+late_initcall(init_random_ready_cb)
+
static int setup_dtb(struct kimage *image,
unsigned long initrd_load_addr, unsigned long initrd_len,
char *cmdline, void *dtb)
{
int nodeoffset;
+ u64 value;
int ret;
nodeoffset = fdt_path_offset(dtb, "/chosen");
@@ -106,12 +135,27 @@ static int setup_dtb(struct kimage *image,
return -EINVAL;
}
+ /* add kaslr-seed */
+ ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED);
+ if (ret && (ret != -FDT_ERR_NOTFOUND))
+ return -EINVAL;
+
+ if (random_ready) {
+ get_random_bytes(&value, sizeof(value));
+ ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED,
+ value);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+ } else {
+ pr_notice("kaslr-seed won't be fed\n");
+ }
+
return 0;
}
/*
* More space needed so that we can add initrd, bootargs,
- * userable-memory-range and elfcorehdr.
+ * userable-memory-range, elfcorehdr and kaslr-seed.
*/
#define DTB_EXTRA_SPACE 0x1000
--
2.19.0
WARNING: multiple messages have this Message-ID (diff)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: catalin.marinas@arm.com, will.deacon@arm.com,
dhowells@redhat.com, vgoyal@redhat.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
dyoung@redhat.com, bhe@redhat.com, arnd@arndb.de,
schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com
Cc: ard.biesheuvel@linaro.org, bhsharma@redhat.com,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
prudo@linux.ibm.com, AKASHI Takahiro <takahiro.akashi@linaro.org>,
james.morse@arm.com, linux-arm-kernel@lists.infradead.org
Subject: [PATCH v16 16/16] arm64: kexec_file: add kaslr support
Date: Thu, 15 Nov 2018 14:52:55 +0900 [thread overview]
Message-ID: <20181115055254.2812-17-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <20181115055254.2812-1-takahiro.akashi@linaro.org>
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.
We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/kernel/machine_kexec_file.c | 46 +++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index ab296b98d633..a0a730bd9be6 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -16,6 +16,7 @@
#include <linux/libfdt.h>
#include <linux/memblock.h>
#include <linux/of_fdt.h>
+#include <linux/random.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/types.h>
@@ -28,6 +29,7 @@
#define FDT_PSTR_INITRD_STA "linux,initrd-start"
#define FDT_PSTR_INITRD_END "linux,initrd-end"
#define FDT_PSTR_BOOTARGS "bootargs"
+#define FDT_PSTR_KASLR_SEED "kaslr-seed"
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
@@ -46,11 +48,38 @@ int arch_kimage_file_post_load_cleanup(struct kimage *image)
return kexec_image_post_load_cleanup_default(image);
}
+/* crng needs to have been initialized for providing kaslr-seed */
+static int random_ready;
+
+static void random_ready_notified(struct random_ready_callback *unused)
+{
+ random_ready = 1;
+}
+
+static struct random_ready_callback random_ready_cb = {
+ .func = random_ready_notified,
+};
+
+static __init int init_random_ready_cb(void)
+{
+ int ret;
+
+ ret = add_random_ready_callback(&random_ready_cb);
+ if (ret == -EALREADY)
+ random_ready = 1;
+ else if (ret)
+ pr_warn("failed to add a callback for random_ready\n");
+
+ return 0;
+}
+late_initcall(init_random_ready_cb)
+
static int setup_dtb(struct kimage *image,
unsigned long initrd_load_addr, unsigned long initrd_len,
char *cmdline, void *dtb)
{
int nodeoffset;
+ u64 value;
int ret;
nodeoffset = fdt_path_offset(dtb, "/chosen");
@@ -106,12 +135,27 @@ static int setup_dtb(struct kimage *image,
return -EINVAL;
}
+ /* add kaslr-seed */
+ ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED);
+ if (ret && (ret != -FDT_ERR_NOTFOUND))
+ return -EINVAL;
+
+ if (random_ready) {
+ get_random_bytes(&value, sizeof(value));
+ ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED,
+ value);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+ } else {
+ pr_notice("kaslr-seed won't be fed\n");
+ }
+
return 0;
}
/*
* More space needed so that we can add initrd, bootargs,
- * userable-memory-range and elfcorehdr.
+ * userable-memory-range, elfcorehdr and kaslr-seed.
*/
#define DTB_EXTRA_SPACE 0x1000
--
2.19.0
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-11-15 5:53 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-15 5:52 [PATCH v16 00/16] arm64: kexec: add kexec_file_load() support AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 01/16] asm-generic: add kexec_file_load system call to unistd.h AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 02/16] kexec_file: make kexec_image_post_load_cleanup_default() global AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 03/16] s390, kexec_file: drop arch_kexec_mem_walk() AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 04/16] powerpc, kexec_file: factor out memblock-based arch_kexec_walk_mem() AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 05/16] kexec_file: kexec_walk_memblock() only walks a dedicated region at kdump AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 06/16] lib: fdt: add a helper function for handling memory range property AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-30 13:21 ` Will Deacon
2018-11-30 13:21 ` Will Deacon
2018-11-30 13:21 ` Will Deacon
2018-12-06 14:47 ` Rob Herring
2018-12-06 14:47 ` Rob Herring
2018-12-06 14:47 ` Rob Herring
2018-12-06 14:47 ` Rob Herring
2018-12-06 15:54 ` Will Deacon
2018-12-06 15:54 ` Will Deacon
2018-12-06 15:54 ` Will Deacon
2018-12-06 15:54 ` Will Deacon
2018-12-07 10:12 ` James Morse
2018-12-07 10:12 ` James Morse
2018-12-07 10:12 ` James Morse
2018-12-07 10:12 ` James Morse
2018-12-11 6:17 ` AKASHI, Takahiro
2018-12-11 6:17 ` AKASHI, Takahiro
2018-12-11 6:17 ` AKASHI, Takahiro
2018-12-11 6:17 ` AKASHI, Takahiro
2018-12-11 10:09 ` James Morse
2018-12-11 10:09 ` James Morse
2018-12-11 10:09 ` James Morse
2018-12-11 10:09 ` James Morse
2018-12-12 1:28 ` AKASHI, Takahiro
2018-12-12 1:28 ` AKASHI, Takahiro
2018-12-12 1:28 ` AKASHI, Takahiro
2018-12-12 1:28 ` AKASHI, Takahiro
2018-11-15 5:52 ` [PATCH v16 07/16] arm64: add image head flag definitions AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 08/16] arm64: cpufeature: add MMFR0 helper functions AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 09/16] arm64: enable KEXEC_FILE config AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 10/16] arm64: kexec_file: load initrd and device-tree AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 11/16] arm64: kexec_file: allow for loading Image-format kernel AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 12/16] arm64: kexec_file: add crash dump support AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 13/16] arm64: kexec_file: invoke the kernel without purgatory AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 14/16] include: pe.h: remove message[] from mz header definition AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` [PATCH v16 15/16] arm64: kexec_file: add kernel signature verification support AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-30 13:21 ` Will Deacon
2018-11-30 13:21 ` Will Deacon
2018-11-30 13:21 ` Will Deacon
2018-12-11 5:42 ` AKASHI Takahiro
2018-12-11 5:42 ` AKASHI Takahiro
2018-12-11 5:42 ` AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro [this message]
2018-11-15 5:52 ` [PATCH v16 16/16] arm64: kexec_file: add kaslr support AKASHI Takahiro
2018-11-15 5:52 ` AKASHI Takahiro
2018-11-30 13:19 ` Will Deacon
2018-11-30 13:19 ` Will Deacon
2018-11-30 13:19 ` Will Deacon
2018-12-11 5:50 ` AKASHI Takahiro
2018-12-11 5:50 ` AKASHI Takahiro
2018-12-11 5:50 ` AKASHI Takahiro
2018-12-11 7:51 ` AKASHI Takahiro
2018-12-11 7:51 ` AKASHI Takahiro
2018-12-11 7:51 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181115055254.2812-17-takahiro.akashi@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bhsharma@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dyoung@redhat.com \
--cc=heiko.carstens@de.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.morse@arm.com \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=prudo@linux.ibm.com \
--cc=schwidefsky@de.ibm.com \
--cc=vgoyal@redhat.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.