From: ard.biesheuvel@linaro.org (Ard Biesheuvel)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v5sub2 0/8] arm64: implement virtual KASLR
Date: Mon, 1 Feb 2016 14:09:30 +0100 [thread overview]
Message-ID: <1454332178-4414-1-git-send-email-ard.biesheuvel@linaro.org> (raw)
At the request of Catalin, this series has been split off from my series
'arm64: implement support for KASLR v4' [1]. This sub-series deals with
creating a relocatable binary, and randomizing the virtual placement of
the kernel itself, the modules and the linear region based on entropy
supplied by the bootloader in the /chosen/kaslr-seed DT property.
Changes since v4:
- add randomization of the linear region, i.e., if the linear region is
substantially larger than the space spanned by RAM, the mapping of RAM
is moved to a random offset inside the linear region.
- dropped the CRC check in kaslr_early_init(), since the only code that may
modify .data through __fixmap_remap_fdt() is instrumentation that should
deal with that correctly (For instance, the branch profiling records taken
branches in structs allocated in .data, and these counts will not be reset
to 0 between the first and the second call to __mmap_switched())
- add Mark's ack to patch #4
Patch #1 adds support for resolving cross-module branches via veneers if the
module is located too far from the target. This should not be necessary in the
common case even with KASRL enabled, but since the space around the kernel image
will no longer be strictly reserved for modules, there is a slight chance that
the region may be exhausted, in which case modules will be moved further away
from the kernel (and each other)
Patches #2 and #3 deal with the fact that relocations of 64-bit values are
deferred to runtime when building a PIE executable, and some values are required
before the relocation routine executes (either in the code, or as an externally
visible constant in the Image header)
Patch #4 rehuffles asm/elf.h so we can use its preprocessor constants in head.S
Patch #5 and #6 implement building vmlinux as a PIE (Position Independent
Executable) binary, which is emitted with relocation information that is
processed by the program itself in the early boot code.
Patch #7 implements KASLR, i.e., CONFIG_RANDOMIZE_BASE for the core kernel and
for the module region.
Patch #8 implements KASLR for the linear region.
[1] http://thread.gmane.org/gmane.linux.kernel/2135931
Ard Biesheuvel (8):
arm64: add support for module PLTs
arm64: avoid R_AARCH64_ABS64 relocations for Image header fields
arm64: avoid dynamic relocations in early boot code
arm64: make asm/elf.h available to asm files
scripts/sortextable: add support for ET_DYN binaries
arm64: add support for building vmlinux as a relocatable PIE binary
arm64: add support for kernel ASLR
arm64: kaslr: randomize the linear region
arch/arm64/Kconfig | 34 ++++
arch/arm64/Makefile | 10 +-
arch/arm64/include/asm/assembler.h | 11 ++
arch/arm64/include/asm/elf.h | 24 ++-
arch/arm64/include/asm/memory.h | 5 +-
arch/arm64/include/asm/module.h | 11 ++
arch/arm64/kernel/Makefile | 2 +
arch/arm64/kernel/efi-entry.S | 2 +-
arch/arm64/kernel/head.S | 128 +++++++++++--
arch/arm64/kernel/image.h | 32 ++--
arch/arm64/kernel/kaslr.c | 143 ++++++++++++++
arch/arm64/kernel/module-plts.c | 201 ++++++++++++++++++++
arch/arm64/kernel/module.c | 20 +-
arch/arm64/kernel/module.lds | 3 +
arch/arm64/kernel/setup.c | 29 +++
arch/arm64/kernel/vmlinux.lds.S | 16 ++
arch/arm64/mm/init.c | 22 ++-
arch/arm64/mm/mmu.c | 33 +++-
scripts/sortextable.c | 8 +-
19 files changed, 672 insertions(+), 62 deletions(-)
create mode 100644 arch/arm64/kernel/kaslr.c
create mode 100644 arch/arm64/kernel/module-plts.c
create mode 100644 arch/arm64/kernel/module.lds
--
2.5.0
next reply other threads:[~2016-02-01 13:09 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-01 13:09 Ard Biesheuvel [this message]
2016-02-01 13:09 ` [PATCH v5sub2 1/8] arm64: add support for module PLTs Ard Biesheuvel
2016-02-04 15:13 ` Catalin Marinas
2016-02-04 15:31 ` Ard Biesheuvel
2016-02-05 15:42 ` Catalin Marinas
2016-02-05 15:53 ` Ard Biesheuvel
2016-02-05 16:00 ` Catalin Marinas
2016-02-05 16:20 ` Ard Biesheuvel
2016-02-05 16:46 ` Catalin Marinas
2016-02-05 16:54 ` Ard Biesheuvel
2016-02-05 17:21 ` Catalin Marinas
2016-02-05 20:39 ` Kees Cook
2016-02-08 10:12 ` [PATCH] arm64: allow the module region to be randomized independently Ard Biesheuvel
2016-02-08 18:13 ` Catalin Marinas
2016-02-08 18:29 ` Ard Biesheuvel
2016-02-09 10:03 ` Ard Biesheuvel
2016-02-09 10:45 ` Catalin Marinas
2016-02-25 16:07 ` [PATCH v5sub2 1/8] arm64: add support for module PLTs Will Deacon
2016-02-25 16:12 ` Ard Biesheuvel
2016-02-25 16:13 ` Ard Biesheuvel
2016-02-25 16:26 ` Will Deacon
2016-02-25 16:33 ` Ard Biesheuvel
2016-02-25 16:42 ` Will Deacon
2016-02-25 16:43 ` Ard Biesheuvel
2016-02-25 16:46 ` Will Deacon
2016-02-25 16:49 ` Ard Biesheuvel
2016-02-25 16:50 ` Ard Biesheuvel
2016-02-25 16:56 ` Will Deacon
2016-02-25 17:31 ` Ard Biesheuvel
2016-02-25 18:29 ` Will Deacon
2016-02-01 13:09 ` [PATCH v5sub2 2/8] arm64: avoid R_AARCH64_ABS64 relocations for Image header fields Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 3/8] arm64: avoid dynamic relocations in early boot code Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 4/8] arm64: make asm/elf.h available to asm files Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 5/8] scripts/sortextable: add support for ET_DYN binaries Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 6/8] arm64: add support for building vmlinux as a relocatable PIE binary Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 7/8] arm64: add support for kernel ASLR Ard Biesheuvel
2016-02-01 13:09 ` [PATCH v5sub2 8/8] arm64: kaslr: randomize the linear region Ard Biesheuvel
2016-02-01 13:35 ` [PATCH v5sub2 0/8] arm64: implement virtual KASLR Ard Biesheuvel
2016-02-05 17:32 ` Catalin Marinas
2016-02-05 17:38 ` Ard Biesheuvel
2016-02-05 17:46 ` Catalin Marinas
2016-02-05 20:42 ` Kees Cook
2016-02-08 12:14 ` Catalin Marinas
2016-02-08 14:30 ` Ard Biesheuvel
2016-02-08 16:19 ` Catalin Marinas
2016-02-08 16:20 ` Ard Biesheuvel
2016-02-08 16:46 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1454332178-4414-1-git-send-email-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.