From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Garnier Subject: [RFC v2 23/23] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB Date: Thu, 10 Aug 2017 10:26:15 -0700 Message-ID: <20170810172615.51965-24-thgarnie@google.com> References: <20170810172615.51965-1-thgarnie@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org, kernel-hardening@lists.openwall.com, xen-devel@lists.xenproject.org To: Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Arnd Bergmann , Thomas Garnier , Matthias Kaehlcke , Boris Ostrovsky , Juergen Gross , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Tom Lendacky , Andy Lutomirski , Borislav Petkov , Brian Gerst , "Kirill A . Shutemov" , "Rafael J . Wysocki" , Len Brown , Pavel Machek Return-path: In-Reply-To: <20170810172615.51965-1-thgarnie@google.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" List-Id: linux-crypto.vger.kernel.org QWRkIGEgbmV3IENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRSBvcHRpb24gdG8gYmVuZWZpdCBm cm9tIFBJRQpzdXBwb3J0LiBJdCBpbmNyZWFzZXMgdGhlIEtBU0xSIHJhbmdlIGZyb20gMUdCIHRv IDNHQi4gVGhlIG5ldyByYW5nZQpzdGFycyBhdCAweGZmZmZmZmZmMDAwMDAwMDAganVzdCBhYm92 ZSB0aGUgRUZJIG1lbW9yeSByZWdpb24uIFRoaXMKb3B0aW9uIGlzIG9mZiBieSBkZWZhdWx0LgoK VGhlIGJvb3QgY29kZSBpcyBhZGFwdGVkIHRvIGNyZWF0ZSB0aGUgYXBwcm9wcmlhdGUgcGFnZSB0 YWJsZSBzcGFubmluZwp0aHJlZSBQVUQgcGFnZXMuCgpUaGUgcmVsb2NhdGlvbiB0YWJsZSB1c2Vz IDY0LWJpdCBpbnRlZ2VycyBnZW5lcmF0ZWQgd2l0aCB0aGUgdXBkYXRlZApyZWxvY2F0aW9uIHRv b2wgd2l0aCB0aGUgbGFyZ2UtcmVsb2Mgb3B0aW9uLgoKU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdh cm5pZXIgPHRoZ2FybmllQGdvb2dsZS5jb20+Ci0tLQogYXJjaC94ODYvS2NvbmZpZyAgICAgICAg ICAgICAgICAgICAgIHwgMjEgKysrKysrKysrKysrKysrKysrKysrCiBhcmNoL3g4Ni9ib290L2Nv bXByZXNzZWQvTWFrZWZpbGUgICAgfCAgNSArKysrKwogYXJjaC94ODYvYm9vdC9jb21wcmVzc2Vk L21pc2MuYyAgICAgIHwgMTAgKysrKysrKysrLQogYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82 NF90eXBlcy5oIHwgIDkgKysrKysrKysrCiBhcmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMgICAgICAg ICAgICAgfCAxOCArKysrKysrKysrKysrKy0tLS0KIGFyY2gveDg2L2tlcm5lbC9oZWFkXzY0LlMg ICAgICAgICAgICB8IDExICsrKysrKysrKystCiA2IGZpbGVzIGNoYW5nZWQsIDY4IGluc2VydGlv bnMoKyksIDYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvYXJjaC94ODYvS2NvbmZpZyBiL2Fy Y2gveDg2L0tjb25maWcKaW5kZXggMmI2OWJlNjY3NTQzLi5mMzAyNzAwMGVjNjAgMTAwNjQ0Ci0t LSBhL2FyY2gveDg2L0tjb25maWcKKysrIGIvYXJjaC94ODYvS2NvbmZpZwpAQCAtMjE0OSw2ICsy MTQ5LDI3IEBAIGNvbmZpZyBYODZfTU9EVUxFX1BMVFMKIAlzZWxlY3QgWDg2X01PRFVMRV9NT0RF TF9MQVJHRQogCXNlbGVjdCBIQVZFX01PRF9BUkNIX1NQRUNJRklDCiAKK2NvbmZpZyBSQU5ET01J WkVfQkFTRV9MQVJHRQorCWJvb2wgIkluY3JlYXNlIHRoZSByYW5kb21pemF0aW9uIHJhbmdlIG9m IHRoZSBrZXJuZWwgaW1hZ2UiCisJZGVwZW5kcyBvbiBYODZfNjQgJiYgUkFORE9NSVpFX0JBU0UK KwlzZWxlY3QgWDg2X1BJRQorCXNlbGVjdCBYODZfTU9EVUxFX1BMVFMgaWYgTU9EVUxFUworCWRl ZmF1bHQgbgorCS0tLWhlbHAtLS0KKwkgIEJ1aWxkIHRoZSBrZXJuZWwgYXMgYSBQb3NpdGlvbiBJ bmRlcGVuZGVudCBFeGVjdXRhYmxlIChQSUUpIGFuZAorCSAgaW5jcmVhc2UgdGhlIGF2YWlsYWJs ZSByYW5kb21pemF0aW9uIHJhbmdlIGZyb20gMUdCIHRvIDNHQi4KKworCSAgVGhpcyBvcHRpb24g aW1wYWN0cyBwZXJmb3JtYW5jZSBvbiBrZXJuZWwgQ1BVIGludGVuc2l2ZSB3b3JrbG9hZHMgdXAK KwkgIHRvIDEwJSBkdWUgdG8gUElFIGdlbmVyYXRlZCBjb2RlLiBJbXBhY3Qgb24gdXNlci1tb2Rl IHByb2Nlc3NlcyBhbmQKKwkgIHR5cGljYWwgdXNhZ2Ugd291bGQgYmUgc2lnbmlmaWNhbnRseSBs ZXNzICgwLjUwJSB3aGVuIHlvdSBidWlsZCB0aGUKKwkgIGtlcm5lbCkuCisKKwkgIFRoZSBrZXJu ZWwgYW5kIG1vZHVsZXMgd2lsbCBnZW5lcmF0ZSBzbGlnaHRseSBtb3JlIGFzc2VtYmx5ICgxIHRv IDIlCisJICBpbmNyZWFzZSBvbiB0aGUgLnRleHQgc2VjdGlvbnMpLiBUaGUgdm1saW51eCBiaW5h cnkgd2lsbCBiZQorCSAgc2lnbmlmaWNhbnRseSBzbWFsbGVyIGR1ZSB0byBsZXNzIHJlbG9jYXRp b25zLgorCisJICBJZiB1bnN1cmUgc2F5IE4KKwogY29uZmlnIEhPVFBMVUdfQ1BVCiAJYm9vbCAi U3VwcG9ydCBmb3IgaG90LXBsdWdnYWJsZSBDUFVzIgogCWRlcGVuZHMgb24gU01QCmRpZmYgLS1n aXQgYS9hcmNoL3g4Ni9ib290L2NvbXByZXNzZWQvTWFrZWZpbGUgYi9hcmNoL3g4Ni9ib290L2Nv bXByZXNzZWQvTWFrZWZpbGUKaW5kZXggOGE5NTgyNzRiNTRjLi45NGRmZWU1YTdjZDIgMTAwNjQ0 Ci0tLSBhL2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9NYWtlZmlsZQorKysgYi9hcmNoL3g4Ni9i b290L2NvbXByZXNzZWQvTWFrZWZpbGUKQEAgLTExMiw3ICsxMTIsMTIgQEAgJChvYmopL3ZtbGlu dXguYmluOiB2bWxpbnV4IEZPUkNFCiAKIHRhcmdldHMgKz0gJChwYXRzdWJzdCAkKG9iaikvJSwl LCQodm1saW51eC1vYmpzLXkpKSB2bWxpbnV4LmJpbi5hbGwgdm1saW51eC5yZWxvY3MKIAorIyBM YXJnZSByYW5kb21pemF0aW9uIHJlcXVpcmUgYmlnZ2VyIHJlbG9jYXRpb24gdGFibGUKK2lmZXEg KCQoQ09ORklHX1JBTkRPTUlaRV9CQVNFX0xBUkdFKSx5KQorQ01EX1JFTE9DUyA9IGFyY2gveDg2 L3Rvb2xzL3JlbG9jcyAtLWxhcmdlLXJlbG9jCitlbHNlCiBDTURfUkVMT0NTID0gYXJjaC94ODYv dG9vbHMvcmVsb2NzCitlbmRpZgogcXVpZXRfY21kX3JlbG9jcyA9IFJFTE9DUyAgJEAKICAgICAg IGNtZF9yZWxvY3MgPSAkKENNRF9SRUxPQ1MpICQ8ID4gJEA7JChDTURfUkVMT0NTKSAtLWFicy1y ZWxvY3MgJDwKICQob2JqKS92bWxpbnV4LnJlbG9jczogdm1saW51eCBGT1JDRQpkaWZmIC0tZ2l0 IGEvYXJjaC94ODYvYm9vdC9jb21wcmVzc2VkL21pc2MuYyBiL2FyY2gveDg2L2Jvb3QvY29tcHJl c3NlZC9taXNjLmMKaW5kZXggYzIwY2RjN2NiZDYxLi44MmEwZWExN2M5ZGMgMTAwNjQ0Ci0tLSBh L2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9taXNjLmMKKysrIGIvYXJjaC94ODYvYm9vdC9jb21w cmVzc2VkL21pc2MuYwpAQCAtMTcwLDEwICsxNzAsMTggQEAgdm9pZCBfX3B1dGhleCh1bnNpZ25l ZCBsb25nIHZhbHVlKQogfQogCiAjaWYgQ09ORklHX1g4Nl9ORUVEX1JFTE9DUworCisvKiBMYXJn ZSByYW5kb21pemF0aW9uIGdvIGxvd2VyIHRoYW4gLTJHIGFuZCB1c2UgbGFyZ2UgcmVsb2NhdGlv biB0YWJsZSAqLworI2lmZGVmIENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRQordHlwZWRlZiBs b25nIHJlbF90OworI2Vsc2UKK3R5cGVkZWYgaW50IHJlbF90OworI2VuZGlmCisKIHN0YXRpYyB2 b2lkIGhhbmRsZV9yZWxvY2F0aW9ucyh2b2lkICpvdXRwdXQsIHVuc2lnbmVkIGxvbmcgb3V0cHV0 X2xlbiwKIAkJCSAgICAgICB1bnNpZ25lZCBsb25nIHZpcnRfYWRkcikKIHsKLQlpbnQgKnJlbG9j OworCXJlbF90ICpyZWxvYzsKIAl1bnNpZ25lZCBsb25nIGRlbHRhLCBtYXAsIHB0cjsKIAl1bnNp Z25lZCBsb25nIG1pbl9hZGRyID0gKHVuc2lnbmVkIGxvbmcpb3V0cHV0OwogCXVuc2lnbmVkIGxv bmcgbWF4X2FkZHIgPSBtaW5fYWRkciArIChWT19fX2Jzc19zdGFydCAtIFZPX190ZXh0KTsKZGlm ZiAtLWdpdCBhL2FyY2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaCBiL2FyY2gveDg2 L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaAppbmRleCAzZjVmMDhiMDEwZDAuLjZiNjVmODQ2 ZGQ2NCAxMDA2NDQKLS0tIGEvYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82NF90eXBlcy5oCisr KyBiL2FyY2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaApAQCAtNDgsNyArNDgsMTEg QEAKICNkZWZpbmUgX19QQUdFX09GRlNFVCAgICAgICAgICAgX19QQUdFX09GRlNFVF9CQVNFCiAj ZW5kaWYgLyogQ09ORklHX1JBTkRPTUlaRV9NRU1PUlkgKi8KIAorI2lmZGVmIENPTkZJR19SQU5E T01JWkVfQkFTRV9MQVJHRQorI2RlZmluZSBfX1NUQVJUX0tFUk5FTF9tYXAJX0FDKDB4ZmZmZmZm ZmYwMDAwMDAwMCwgVUwpCisjZWxzZQogI2RlZmluZSBfX1NUQVJUX0tFUk5FTF9tYXAJX0FDKDB4 ZmZmZmZmZmY4MDAwMDAwMCwgVUwpCisjZW5kaWYgLyogQ09ORklHX1JBTkRPTUlaRV9CQVNFX0xB UkdFICovCiAKIC8qIFNlZSBEb2N1bWVudGF0aW9uL3g4Ni94ODZfNjQvbW0udHh0IGZvciBhIGRl c2NyaXB0aW9uIG9mIHRoZSBtZW1vcnkgbWFwLiAqLwogI2lmZGVmIENPTkZJR19YODZfNUxFVkVM CkBAIC02NSw5ICs2OSwxNCBAQAogICogNTEyTWlCIGJ5IGRlZmF1bHQsIGxlYXZpbmcgMS41R2lC IGZvciBtb2R1bGVzIG9uY2UgdGhlIHBhZ2UgdGFibGVzCiAgKiBhcmUgZnVsbHkgc2V0IHVwLiBJ ZiBrZXJuZWwgQVNMUiBpcyBjb25maWd1cmVkLCBpdCBjYW4gZXh0ZW5kIHRoZQogICoga2VybmVs IHBhZ2UgdGFibGUgbWFwcGluZywgcmVkdWNpbmcgdGhlIHNpemUgb2YgdGhlIG1vZHVsZXMgYXJl YS4KKyAqIE9uIFBJRSwgd2UgcmVsb2NhdGUgdGhlIGJpbmFyeSAyRyBsb3dlciBzbyBhZGQgdGhp cyBleHRyYSBzcGFjZS4KICAqLwogI2lmIGRlZmluZWQoQ09ORklHX1JBTkRPTUlaRV9CQVNFKQor I2lmZGVmIENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRQorI2RlZmluZSBLRVJORUxfSU1BR0Vf U0laRQkoX0FDKDMsIFVMKSAqIDEwMjQgKiAxMDI0ICogMTAyNCkKKyNlbHNlCiAjZGVmaW5lIEtF Uk5FTF9JTUFHRV9TSVpFCSgxMDI0ICogMTAyNCAqIDEwMjQpCisjZW5kaWYKICNlbHNlCiAjZGVm aW5lIEtFUk5FTF9JTUFHRV9TSVpFCSg1MTIgKiAxMDI0ICogMTAyNCkKICNlbmRpZgpkaWZmIC0t Z2l0IGEvYXJjaC94ODYva2VybmVsL2hlYWQ2NC5jIGIvYXJjaC94ODYva2VybmVsL2hlYWQ2NC5j CmluZGV4IGU3MWYyN2EyMDU3Ni4uN2U4MTdlODA0ZTg5IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni9r ZXJuZWwvaGVhZDY0LmMKKysrIGIvYXJjaC94ODYva2VybmVsL2hlYWQ2NC5jCkBAIC0zOSw2ICsz OSw3IEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgX19pbml0ZGF0YSBuZXh0X2Vhcmx5X3BndDsKIHBt ZHZhbF90IGVhcmx5X3BtZF9mbGFncyA9IF9fUEFHRV9LRVJORUxfTEFSR0UgJiB+KF9QQUdFX0dM T0JBTCB8IF9QQUdFX05YKTsKIAogI2RlZmluZSBfX2hlYWQJX19zZWN0aW9uKC5oZWFkLnRleHQp CisjZGVmaW5lIHB1ZF9jb3VudCh4KSAgICgoKHggKyAoUFVEX1NJWkUgLSAxKSkgJiB+KFBVRF9T SVpFIC0gMSkpID4+IFBVRF9TSElGVCkKIAogc3RhdGljIHZvaWQgX19oZWFkICpmaXh1cF9wb2lu dGVyKHZvaWQgKnB0ciwgdW5zaWduZWQgbG9uZyBwaHlzYWRkcikKIHsKQEAgLTU2LDYgKzU3LDgg QEAgdW5zaWduZWQgbG9uZyBfX2hlYWQgbm90cmFjZSBfX3N0YXJ0dXBfNjQodW5zaWduZWQgbG9u ZyBwaHlzYWRkciwKIHsKIAl1bnNpZ25lZCBsb25nIGxvYWRfZGVsdGEsICpwOwogCXVuc2lnbmVk IGxvbmcgcGd0YWJsZV9mbGFnczsKKwl1bnNpZ25lZCBsb25nIGxldmVsM19rZXJuZWxfc3RhcnQs IGxldmVsM19rZXJuZWxfY291bnQ7CisJdW5zaWduZWQgbG9uZyBsZXZlbDNfZml4bWFwX3N0YXJ0 OwogCXBnZHZhbF90ICpwZ2Q7CiAJcDRkdmFsX3QgKnA0ZDsKIAlwdWR2YWxfdCAqcHVkOwpAQCAt ODIsNiArODUsMTEgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQgbm90cmFjZSBfX3N0YXJ0dXBfNjQo dW5zaWduZWQgbG9uZyBwaHlzYWRkciwKIAkvKiBJbmNsdWRlIHRoZSBTTUUgZW5jcnlwdGlvbiBt YXNrIGluIHRoZSBmaXh1cCB2YWx1ZSAqLwogCWxvYWRfZGVsdGEgKz0gc21lX2dldF9tZV9tYXNr KCk7CiAKKwkvKiBMb29rIGF0IHRoZSByYW5kb21pemF0aW9uIHNwcmVhZCB0byBhZGFwdCBwYWdl IHRhYmxlIHVzZWQgKi8KKwlsZXZlbDNfa2VybmVsX3N0YXJ0ID0gcHVkX2luZGV4KF9fU1RBUlRf S0VSTkVMX21hcCk7CisJbGV2ZWwzX2tlcm5lbF9jb3VudCA9IHB1ZF9jb3VudChLRVJORUxfSU1B R0VfU0laRSk7CisJbGV2ZWwzX2ZpeG1hcF9zdGFydCA9IGxldmVsM19rZXJuZWxfc3RhcnQgKyBs ZXZlbDNfa2VybmVsX2NvdW50OworCiAJLyogRml4dXAgdGhlIHBoeXNpY2FsIGFkZHJlc3NlcyBp biB0aGUgcGFnZSB0YWJsZSAqLwogCiAJcGdkID0gZml4dXBfcG9pbnRlcigmZWFybHlfdG9wX3Bn dCwgcGh5c2FkZHIpOwpAQCAtOTMsOCArMTAxLDkgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQgbm90 cmFjZSBfX3N0YXJ0dXBfNjQodW5zaWduZWQgbG9uZyBwaHlzYWRkciwKIAl9CiAKIAlwdWQgPSBm aXh1cF9wb2ludGVyKCZsZXZlbDNfa2VybmVsX3BndCwgcGh5c2FkZHIpOwotCXB1ZFs1MTBdICs9 IGxvYWRfZGVsdGE7Ci0JcHVkWzUxMV0gKz0gbG9hZF9kZWx0YTsKKwlmb3IgKGkgPSAwOyBpIDwg bGV2ZWwzX2tlcm5lbF9jb3VudDsgaSsrKQorCQlwdWRbbGV2ZWwzX2tlcm5lbF9zdGFydCArIGld ICs9IGxvYWRfZGVsdGE7CisJcHVkW2xldmVsM19maXhtYXBfc3RhcnRdICs9IGxvYWRfZGVsdGE7 CiAKIAlwbWQgPSBmaXh1cF9wb2ludGVyKGxldmVsMl9maXhtYXBfcGd0LCBwaHlzYWRkcik7CiAJ cG1kWzUwNl0gKz0gbG9hZF9kZWx0YTsKQEAgLTE0Nyw3ICsxNTYsNyBAQCB1bnNpZ25lZCBsb25n IF9faGVhZCBub3RyYWNlIF9fc3RhcnR1cF82NCh1bnNpZ25lZCBsb25nIHBoeXNhZGRyLAogCSAq LwogCiAJcG1kID0gZml4dXBfcG9pbnRlcihsZXZlbDJfa2VybmVsX3BndCwgcGh5c2FkZHIpOwot CWZvciAoaSA9IDA7IGkgPCBQVFJTX1BFUl9QTUQ7IGkrKykgeworCWZvciAoaSA9IDA7IGkgPCBQ VFJTX1BFUl9QTUQgKiBsZXZlbDNfa2VybmVsX2NvdW50OyBpKyspIHsKIAkJaWYgKHBtZFtpXSAm IF9QQUdFX1BSRVNFTlQpCiAJCQlwbWRbaV0gKz0gbG9hZF9kZWx0YTsKIAl9CkBAIC0zMjIsNyAr MzMxLDggQEAgYXNtbGlua2FnZSBfX3Zpc2libGUgdm9pZCBfX2luaXQgeDg2XzY0X3N0YXJ0X2tl cm5lbChjaGFyICogcmVhbF9tb2RlX2RhdGEpCiAJICovCiAJQlVJTERfQlVHX09OKE1PRFVMRVNf VkFERFIgPCBfX1NUQVJUX0tFUk5FTF9tYXApOwogCUJVSUxEX0JVR19PTihNT0RVTEVTX1ZBRERS IC0gX19TVEFSVF9LRVJORUxfbWFwIDwgS0VSTkVMX0lNQUdFX1NJWkUpOwotCUJVSUxEX0JVR19P TihNT0RVTEVTX0xFTiArIEtFUk5FTF9JTUFHRV9TSVpFID4gMipQVURfU0laRSk7CisJQlVJTERf QlVHX09OKCFJU19FTkFCTEVEKENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRSkgJiYKKwkJICAg ICBNT0RVTEVTX0xFTiArIEtFUk5FTF9JTUFHRV9TSVpFID4gMipQVURfU0laRSk7CiAJQlVJTERf QlVHX09OKChfX1NUQVJUX0tFUk5FTF9tYXAgJiB+UE1EX01BU0spICE9IDApOwogCUJVSUxEX0JV R19PTigoTU9EVUxFU19WQUREUiAmIH5QTURfTUFTSykgIT0gMCk7CiAJQlVJTERfQlVHX09OKCEo TU9EVUxFU19WQUREUiA+IF9fU1RBUlRfS0VSTkVMKSk7CmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9r ZXJuZWwvaGVhZF82NC5TIGIvYXJjaC94ODYva2VybmVsL2hlYWRfNjQuUwppbmRleCA2OGJmNzg5 MmYyMDEuLmQ1Mzk0MmVlODNlYiAxMDA2NDQKLS0tIGEvYXJjaC94ODYva2VybmVsL2hlYWRfNjQu UworKysgYi9hcmNoL3g4Ni9rZXJuZWwvaGVhZF82NC5TCkBAIC0zOSwxMSArMzksMTUgQEAKIAog I2RlZmluZSBwNGRfaW5kZXgoeCkJKCgoeCkgPj4gUDREX1NISUZUKSAmIChQVFJTX1BFUl9QNEQt MSkpCiAjZGVmaW5lIHB1ZF9pbmRleCh4KQkoKCh4KSA+PiBQVURfU0hJRlQpICYgKFBUUlNfUEVS X1BVRC0xKSkKKyNkZWZpbmUgcHVkX2NvdW50KHgpICAgKCgoeCArIChQVURfU0laRSAtIDEpKSAm IH4oUFVEX1NJWkUgLSAxKSkgPj4gUFVEX1NISUZUKQogCiBQR0RfUEFHRV9PRkZTRVQgPSBwZ2Rf aW5kZXgoX19QQUdFX09GRlNFVF9CQVNFKQogUEdEX1NUQVJUX0tFUk5FTCA9IHBnZF9pbmRleChf X1NUQVJUX0tFUk5FTF9tYXApCiBMM19TVEFSVF9LRVJORUwgPSBwdWRfaW5kZXgoX19TVEFSVF9L RVJORUxfbWFwKQogCisvKiBBZGFwdCBwYWdlIHRhYmxlIEwzIHNwYWNlIGJhc2VkIG9uIHJhbmdl IG9mIHJhbmRvbWl6YXRpb24gKi8KK0wzX0tFUk5FTF9FTlRSWV9DT1VOVCA9IHB1ZF9jb3VudChL RVJORUxfSU1BR0VfU0laRSkKKwogCS50ZXh0CiAJX19IRUFECiAJLmNvZGU2NApAQCAtNDExLDcg KzQxNSwxMiBAQCBORVhUX1BBR0UobGV2ZWw0X2tlcm5lbF9wZ3QpCiBORVhUX1BBR0UobGV2ZWwz X2tlcm5lbF9wZ3QpCiAJLmZpbGwJTDNfU1RBUlRfS0VSTkVMLDgsMAogCS8qICgyXjQ4LSgyKjEw MjQqMTAyNCoxMDI0KS0oKDJeMzkpKjUxMSkpLygyXjMwKSA9IDUxMCAqLwotCS5xdWFkCWxldmVs Ml9rZXJuZWxfcGd0IC0gX19TVEFSVF9LRVJORUxfbWFwICsgX0tFUk5QR19UQUJMRV9OT0VOQwor CWkgPSAwCisJLnJlcHQJTDNfS0VSTkVMX0VOVFJZX0NPVU5UCisJLnF1YWQJbGV2ZWwyX2tlcm5l bF9wZ3QgLSBfX1NUQVJUX0tFUk5FTF9tYXAgKyBfS0VSTlBHX1RBQkxFX05PRU5DIFwKKwkJKyBQ QUdFX1NJWkUqaQorCWkgPSBpICsgMQorCS5lbmRyCiAJLnF1YWQJbGV2ZWwyX2ZpeG1hcF9wZ3Qg LSBfX1NUQVJUX0tFUk5FTF9tYXAgKyBfUEFHRV9UQUJMRV9OT0VOQwogCiBORVhUX1BBR0UobGV2 ZWwyX2tlcm5lbF9wZ3QpCi0tIAoyLjE0LjAuNDM0Lmc5ODA5NmZkN2E4LWdvb2cKCgpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGlu ZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54ZW4ub3JnCmh0dHBzOi8vbGlzdHMueGVuLm9yZy94ZW4t ZGV2ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Garnier Date: Thu, 10 Aug 2017 10:26:15 -0700 Message-Id: <20170810172615.51965-24-thgarnie@google.com> In-Reply-To: <20170810172615.51965-1-thgarnie@google.com> References: <20170810172615.51965-1-thgarnie@google.com> Subject: [kernel-hardening] [RFC v2 23/23] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB To: Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Arnd Bergmann , Thomas Garnier , Matthias Kaehlcke , Boris Ostrovsky , Juergen Gross , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Tom Lendacky , Andy Lutomirski , Borislav Petkov , Brian Gerst , "Kirill A . Shutemov" , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Tejun Heo , Christoph Lameter , Paul Gortmaker , Chris Metcalf , Andrew Morton , "Paul E . McKenney" , Nicolas Pitre , Christopher Li , "Rafael J . Wysocki" , Lukas Wunner , Mika Westerberg , Dou Liyang , Daniel Borkmann , Alexei Starovoitov , Masahiro Yamada , Markus Trippelsdorf , Steven Rostedt , Kees Cook , Rik van Riel , David Howells , Waiman Long , Kyle Huey , Peter Foley , Tim Chen , Catalin Marinas , Ard Biesheuvel , Michal Hocko , Matthew Wilcox , "H . J . Lu" , Paul Bolle , Rob Landley , Baoquan He , Daniel Micay Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com List-ID: Add a new CONFIG_RANDOMIZE_BASE_LARGE option to benefit from PIE support. It increases the KASLR range from 1GB to 3GB. The new range stars at 0xffffffff00000000 just above the EFI memory region. This option is off by default. The boot code is adapted to create the appropriate page table spanning three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 21 +++++++++++++++++++++ arch/x86/boot/compressed/Makefile | 5 +++++ arch/x86/boot/compressed/misc.c | 10 +++++++++- arch/x86/include/asm/page_64_types.h | 9 +++++++++ arch/x86/kernel/head64.c | 18 ++++++++++++++---- arch/x86/kernel/head_64.S | 11 ++++++++++- 6 files changed, 68 insertions(+), 6 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2b69be667543..f3027000ec60 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2149,6 +2149,27 @@ config X86_MODULE_PLTS select X86_MODULE_MODEL_LARGE select HAVE_MOD_ARCH_SPECIFIC +config RANDOMIZE_BASE_LARGE + bool "Increase the randomization range of the kernel image" + depends on X86_64 && RANDOMIZE_BASE + select X86_PIE + select X86_MODULE_PLTS if MODULES + default n + ---help--- + Build the kernel as a Position Independent Executable (PIE) and + increase the available randomization range from 1GB to 3GB. + + This option impacts performance on kernel CPU intensive workloads up + to 10% due to PIE generated code. Impact on user-mode processes and + typical usage would be significantly less (0.50% when you build the + kernel). + + The kernel and modules will generate slightly more assembly (1 to 2% + increase on the .text sections). The vmlinux binary will be + significantly smaller due to less relocations. + + If unsure say N + config HOTPLUG_CPU bool "Support for hot-pluggable CPUs" depends on SMP diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 8a958274b54c..94dfee5a7cd2 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -112,7 +112,12 @@ $(obj)/vmlinux.bin: vmlinux FORCE targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs +# Large randomization require bigger relocation table +ifeq ($(CONFIG_RANDOMIZE_BASE_LARGE),y) +CMD_RELOCS = arch/x86/tools/relocs --large-reloc +else CMD_RELOCS = arch/x86/tools/relocs +endif quiet_cmd_relocs = RELOCS $@ cmd_relocs = $(CMD_RELOCS) $< > $@;$(CMD_RELOCS) --abs-relocs $< $(obj)/vmlinux.relocs: vmlinux FORCE diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index c20cdc7cbd61..82a0ea17c9dc 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -170,10 +170,18 @@ void __puthex(unsigned long value) } #if CONFIG_X86_NEED_RELOCS + +/* Large randomization go lower than -2G and use large relocation table */ +#ifdef CONFIG_RANDOMIZE_BASE_LARGE +typedef long rel_t; +#else +typedef int rel_t; +#endif + static void handle_relocations(void *output, unsigned long output_len, unsigned long virt_addr) { - int *reloc; + rel_t *reloc; unsigned long delta, map, ptr; unsigned long min_addr = (unsigned long)output; unsigned long max_addr = min_addr + (VO___bss_start - VO__text); diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h index 3f5f08b010d0..6b65f846dd64 100644 --- a/arch/x86/include/asm/page_64_types.h +++ b/arch/x86/include/asm/page_64_types.h @@ -48,7 +48,11 @@ #define __PAGE_OFFSET __PAGE_OFFSET_BASE #endif /* CONFIG_RANDOMIZE_MEMORY */ +#ifdef CONFIG_RANDOMIZE_BASE_LARGE +#define __START_KERNEL_map _AC(0xffffffff00000000, UL) +#else #define __START_KERNEL_map _AC(0xffffffff80000000, UL) +#endif /* CONFIG_RANDOMIZE_BASE_LARGE */ /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */ #ifdef CONFIG_X86_5LEVEL @@ -65,9 +69,14 @@ * 512MiB by default, leaving 1.5GiB for modules once the page tables * are fully set up. If kernel ASLR is configured, it can extend the * kernel page table mapping, reducing the size of the modules area. + * On PIE, we relocate the binary 2G lower so add this extra space. */ #if defined(CONFIG_RANDOMIZE_BASE) +#ifdef CONFIG_RANDOMIZE_BASE_LARGE +#define KERNEL_IMAGE_SIZE (_AC(3, UL) * 1024 * 1024 * 1024) +#else #define KERNEL_IMAGE_SIZE (1024 * 1024 * 1024) +#endif #else #define KERNEL_IMAGE_SIZE (512 * 1024 * 1024) #endif diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index e71f27a20576..7e817e804e89 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -39,6 +39,7 @@ static unsigned int __initdata next_early_pgt; pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); #define __head __section(.head.text) +#define pud_count(x) (((x + (PUD_SIZE - 1)) & ~(PUD_SIZE - 1)) >> PUD_SHIFT) static void __head *fixup_pointer(void *ptr, unsigned long physaddr) { @@ -56,6 +57,8 @@ unsigned long __head notrace __startup_64(unsigned long physaddr, { unsigned long load_delta, *p; unsigned long pgtable_flags; + unsigned long level3_kernel_start, level3_kernel_count; + unsigned long level3_fixmap_start; pgdval_t *pgd; p4dval_t *p4d; pudval_t *pud; @@ -82,6 +85,11 @@ unsigned long __head notrace __startup_64(unsigned long physaddr, /* Include the SME encryption mask in the fixup value */ load_delta += sme_get_me_mask(); + /* Look at the randomization spread to adapt page table used */ + level3_kernel_start = pud_index(__START_KERNEL_map); + level3_kernel_count = pud_count(KERNEL_IMAGE_SIZE); + level3_fixmap_start = level3_kernel_start + level3_kernel_count; + /* Fixup the physical addresses in the page table */ pgd = fixup_pointer(&early_top_pgt, physaddr); @@ -93,8 +101,9 @@ unsigned long __head notrace __startup_64(unsigned long physaddr, } pud = fixup_pointer(&level3_kernel_pgt, physaddr); - pud[510] += load_delta; - pud[511] += load_delta; + for (i = 0; i < level3_kernel_count; i++) + pud[level3_kernel_start + i] += load_delta; + pud[level3_fixmap_start] += load_delta; pmd = fixup_pointer(level2_fixmap_pgt, physaddr); pmd[506] += load_delta; @@ -147,7 +156,7 @@ unsigned long __head notrace __startup_64(unsigned long physaddr, */ pmd = fixup_pointer(level2_kernel_pgt, physaddr); - for (i = 0; i < PTRS_PER_PMD; i++) { + for (i = 0; i < PTRS_PER_PMD * level3_kernel_count; i++) { if (pmd[i] & _PAGE_PRESENT) pmd[i] += load_delta; } @@ -322,7 +331,8 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data) */ BUILD_BUG_ON(MODULES_VADDR < __START_KERNEL_map); BUILD_BUG_ON(MODULES_VADDR - __START_KERNEL_map < KERNEL_IMAGE_SIZE); - BUILD_BUG_ON(MODULES_LEN + KERNEL_IMAGE_SIZE > 2*PUD_SIZE); + BUILD_BUG_ON(!IS_ENABLED(CONFIG_RANDOMIZE_BASE_LARGE) && + MODULES_LEN + KERNEL_IMAGE_SIZE > 2*PUD_SIZE); BUILD_BUG_ON((__START_KERNEL_map & ~PMD_MASK) != 0); BUILD_BUG_ON((MODULES_VADDR & ~PMD_MASK) != 0); BUILD_BUG_ON(!(MODULES_VADDR > __START_KERNEL)); diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 68bf7892f201..d53942ee83eb 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -39,11 +39,15 @@ #define p4d_index(x) (((x) >> P4D_SHIFT) & (PTRS_PER_P4D-1)) #define pud_index(x) (((x) >> PUD_SHIFT) & (PTRS_PER_PUD-1)) +#define pud_count(x) (((x + (PUD_SIZE - 1)) & ~(PUD_SIZE - 1)) >> PUD_SHIFT) PGD_PAGE_OFFSET = pgd_index(__PAGE_OFFSET_BASE) PGD_START_KERNEL = pgd_index(__START_KERNEL_map) L3_START_KERNEL = pud_index(__START_KERNEL_map) +/* Adapt page table L3 space based on range of randomization */ +L3_KERNEL_ENTRY_COUNT = pud_count(KERNEL_IMAGE_SIZE) + .text __HEAD .code64 @@ -411,7 +415,12 @@ NEXT_PAGE(level4_kernel_pgt) NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 /* (2^48-(2*1024*1024*1024)-((2^39)*511))/(2^30) = 510 */ - .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC + i = 0 + .rept L3_KERNEL_ENTRY_COUNT + .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC \ + + PAGE_SIZE*i + i = i + 1 + .endr .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC NEXT_PAGE(level2_kernel_pgt) -- 2.14.0.434.g98096fd7a8-goog