[PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
@ 2019-01-27  8:29 ` Ard Biesheuvel
  0 siblings, 0 replies; 6+ messages in thread
From: Ard Biesheuvel @ 2019-01-27  8:29 UTC (permalink / raw)
  To: linux-arm-kernel; +Cc: will.deacon, catalin.marinas, Ard Biesheuvel, stable

Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
clean to the PoC") added cache maintenance to ensure that global
variables set by the kaslr init routine are not wiped clean due to
cache invalidation occurring during the second round of page table
creation.

However, if kaslr_early_init() exits early with no randomization
being applied (either due to the lack of a seed, or because the user
has disabled kaslr explicitly), no cache maintenance is performed,
leading to the same issue we attempted to fix earlier, as far as the
module_alloc_base variable is concerned.

Note that module_alloc_base cannot be initialized statically, because
that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
causing it to be overwritten by the second round of KASLR relocation
processing.

Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
Cc: <stable@vger.kernel.org> # v4.6+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/kernel/kaslr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index ba6b41790fcd..b09b6f75f759 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
 	 * we end up running with module randomization disabled.
 	 */
 	module_alloc_base = (u64)_etext - MODULES_VSIZE;
+	__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));

 	/*
 	 * Try to map the FDT early. If this fails, we simply bail,
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
@ 2019-01-27  8:29 ` Ard Biesheuvel
  0 siblings, 0 replies; 6+ messages in thread
From: Ard Biesheuvel @ 2019-01-27  8:29 UTC (permalink / raw)
  To: linux-arm-kernel; +Cc: catalin.marinas, will.deacon, stable, Ard Biesheuvel

Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
clean to the PoC") added cache maintenance to ensure that global
variables set by the kaslr init routine are not wiped clean due to
cache invalidation occurring during the second round of page table
creation.

However, if kaslr_early_init() exits early with no randomization
being applied (either due to the lack of a seed, or because the user
has disabled kaslr explicitly), no cache maintenance is performed,
leading to the same issue we attempted to fix earlier, as far as the
module_alloc_base variable is concerned.

Note that module_alloc_base cannot be initialized statically, because
that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
causing it to be overwritten by the second round of KASLR relocation
processing.

Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
Cc: <stable@vger.kernel.org> # v4.6+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/kernel/kaslr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index ba6b41790fcd..b09b6f75f759 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
 	 * we end up running with module randomization disabled.
 	 */
 	module_alloc_base = (u64)_etext - MODULES_VSIZE;
+	__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));

 	/*
 	 * Try to map the FDT early. If this fails, we simply bail,
-- 
2.20.1

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
  2019-01-27  8:29 ` Ard Biesheuvel
@ 2019-01-29 18:18   ` Catalin Marinas
  -1 siblings, 0 replies; 6+ messages in thread
From: Catalin Marinas @ 2019-01-29 18:18 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: linux-arm-kernel, will.deacon, stable

On Sun, Jan 27, 2019 at 09:29:42AM +0100, Ard Biesheuvel wrote:
> Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
> clean to the PoC") added cache maintenance to ensure that global
> variables set by the kaslr init routine are not wiped clean due to
> cache invalidation occurring during the second round of page table
> creation.
> 
> However, if kaslr_early_init() exits early with no randomization
> being applied (either due to the lack of a seed, or because the user
> has disabled kaslr explicitly), no cache maintenance is performed,
> leading to the same issue we attempted to fix earlier, as far as the
> module_alloc_base variable is concerned.
> 
> Note that module_alloc_base cannot be initialized statically, because
> that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
> causing it to be overwritten by the second round of KASLR relocation
> processing.
> 
> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
> Cc: <stable@vger.kernel.org> # v4.6+
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  arch/arm64/kernel/kaslr.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index ba6b41790fcd..b09b6f75f759 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
>  	 * we end up running with module randomization disabled.
>  	 */
>  	module_alloc_base = (u64)_etext - MODULES_VSIZE;
> +	__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));

Do we need something similar of memstart_offset_seed? If yes, you could
as well change the returns to a goto out.

-- 
Catalin

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
@ 2019-01-29 18:18   ` Catalin Marinas
  0 siblings, 0 replies; 6+ messages in thread
From: Catalin Marinas @ 2019-01-29 18:18 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: will.deacon, stable, linux-arm-kernel

On Sun, Jan 27, 2019 at 09:29:42AM +0100, Ard Biesheuvel wrote:
> Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
> clean to the PoC") added cache maintenance to ensure that global
> variables set by the kaslr init routine are not wiped clean due to
> cache invalidation occurring during the second round of page table
> creation.
> 
> However, if kaslr_early_init() exits early with no randomization
> being applied (either due to the lack of a seed, or because the user
> has disabled kaslr explicitly), no cache maintenance is performed,
> leading to the same issue we attempted to fix earlier, as far as the
> module_alloc_base variable is concerned.
> 
> Note that module_alloc_base cannot be initialized statically, because
> that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
> causing it to be overwritten by the second round of KASLR relocation
> processing.
> 
> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
> Cc: <stable@vger.kernel.org> # v4.6+
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  arch/arm64/kernel/kaslr.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index ba6b41790fcd..b09b6f75f759 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
>  	 * we end up running with module randomization disabled.
>  	 */
>  	module_alloc_base = (u64)_etext - MODULES_VSIZE;
> +	__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));

Do we need something similar of memstart_offset_seed? If yes, you could
as well change the returns to a goto out.

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
  2019-01-29 18:18   ` Catalin Marinas
@ 2019-01-29 21:55     ` Ard Biesheuvel
  -1 siblings, 0 replies; 6+ messages in thread
From: Ard Biesheuvel @ 2019-01-29 21:55 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: linux-arm-kernel, Will Deacon, stable

On Tue, 29 Jan 2019 at 19:18, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Sun, Jan 27, 2019 at 09:29:42AM +0100, Ard Biesheuvel wrote:
> > Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
> > clean to the PoC") added cache maintenance to ensure that global
> > variables set by the kaslr init routine are not wiped clean due to
> > cache invalidation occurring during the second round of page table
> > creation.
> >
> > However, if kaslr_early_init() exits early with no randomization
> > being applied (either due to the lack of a seed, or because the user
> > has disabled kaslr explicitly), no cache maintenance is performed,
> > leading to the same issue we attempted to fix earlier, as far as the
> > module_alloc_base variable is concerned.
> >
> > Note that module_alloc_base cannot be initialized statically, because
> > that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
> > causing it to be overwritten by the second round of KASLR relocation
> > processing.
> >
> > Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
> > Cc: <stable@vger.kernel.org> # v4.6+
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
> >  arch/arm64/kernel/kaslr.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> > index ba6b41790fcd..b09b6f75f759 100644
> > --- a/arch/arm64/kernel/kaslr.c
> > +++ b/arch/arm64/kernel/kaslr.c
> > @@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
> >        * we end up running with module randomization disabled.
> >        */
> >       module_alloc_base = (u64)_etext - MODULES_VSIZE;
> > +     __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));
>
> Do we need something similar of memstart_offset_seed? If yes, you could
> as well change the returns to a goto out.
>

No, that gets initialized to zero statically, so it isn't affected by this.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
@ 2019-01-29 21:55     ` Ard Biesheuvel
  0 siblings, 0 replies; 6+ messages in thread
From: Ard Biesheuvel @ 2019-01-29 21:55 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: Will Deacon, stable, linux-arm-kernel

On Tue, 29 Jan 2019 at 19:18, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Sun, Jan 27, 2019 at 09:29:42AM +0100, Ard Biesheuvel wrote:
> > Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are
> > clean to the PoC") added cache maintenance to ensure that global
> > variables set by the kaslr init routine are not wiped clean due to
> > cache invalidation occurring during the second round of page table
> > creation.
> >
> > However, if kaslr_early_init() exits early with no randomization
> > being applied (either due to the lack of a seed, or because the user
> > has disabled kaslr explicitly), no cache maintenance is performed,
> > leading to the same issue we attempted to fix earlier, as far as the
> > module_alloc_base variable is concerned.
> >
> > Note that module_alloc_base cannot be initialized statically, because
> > that would cause it to be subject to a R_AARCH64_RELATIVE relocation,
> > causing it to be overwritten by the second round of KASLR relocation
> > processing.
> >
> > Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
> > Cc: <stable@vger.kernel.org> # v4.6+
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
> >  arch/arm64/kernel/kaslr.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> > index ba6b41790fcd..b09b6f75f759 100644
> > --- a/arch/arm64/kernel/kaslr.c
> > +++ b/arch/arm64/kernel/kaslr.c
> > @@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
> >        * we end up running with module randomization disabled.
> >        */
> >       module_alloc_base = (u64)_etext - MODULES_VSIZE;
> > +     __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));
>
> Do we need something similar of memstart_offset_seed? If yes, you could
> as well change the returns to a goto out.
>

No, that gets initialized to zero statically, so it isn't affected by this.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-01-29 21:56 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-27  8:29 [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Ard Biesheuvel
2019-01-27  8:29 ` Ard Biesheuvel
2019-01-29 18:18 ` Catalin Marinas
2019-01-29 18:18   ` Catalin Marinas
2019-01-29 21:55   ` Ard Biesheuvel
2019-01-29 21:55     ` Ard Biesheuvel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.