From: Srinivas Ramana <sramana@codeaurora.org>
To: Will Deacon <will.deacon@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-arm-msm@vger.kernel.org,
Neeraj Upadhyay <neeraju@codeaurora.org>
Subject: Re: [PATCH v2] arm64: kaslr: Fix up the kernel image alignment
Date: Thu, 23 Mar 2017 15:02:49 +0530 [thread overview]
Message-ID: <58D39641.2060009@codeaurora.org> (raw)
In-Reply-To: <58D27FFC.8030205@codeaurora.org>
On 03/22/2017 07:15 PM, Srinivas Ramana wrote:
> On 03/22/2017 06:10 PM, Will Deacon wrote:
>> On Wed, Mar 22, 2017 at 12:16:24PM +0000, Ard Biesheuvel wrote:
>>> On 22 March 2017 at 11:38, Srinivas Ramana <sramana@codeaurora.org>
>>> wrote:
>>>> From: Neeraj Upadhyay <neeraju@codeaurora.org>
>>>>
>>>> If kernel image extends across alignment boundary, existing
>>>> code increases the KASLR offset by size of kernel image. The
>>>> offset is masked after resizing. There are cases, where after
>>>> masking, we may still have kernel image extending across
>>>> boundary. This eventually results in only 2MB block getting
>>>> mapped while creating the page tables. This results in data aborts
>>>> while accessing unmapped regions during second relocation (with
>>>> kaslr offset) in __primary_switch. To fix this problem, round up the
>>>> kernel image size, by swapper block size, before adding it for
>>>> correction.
>>>>
>>>> For example consider below case, where kernel image still crosses
>>>> 1GB alignment boundary, after masking the offset, which is fixed
>>>> by rounding up kernel image size.
>>>>
>>>> SWAPPER_TABLE_SHIFT = 30
>>>> Swapper using section maps with section size 2MB.
>>>> CONFIG_PGTABLE_LEVELS = 3
>>>> VA_BITS = 39
>>>>
>>>> _text : 0xffffff8008080000
>>>> _end : 0xffffff800aa1b000
>>>> offset : 0x1f35600000
>>>> mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1)
>>>>
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> offset after existing correction (before mask) = 0x1f37f9b000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> offset (after mask) = 0x1f37e00000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> new offset w/ rounding up = 0x1f38000000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
>>>> Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
>>>> Signed-off-by: Srinivas Ramana <sramana@codeaurora.org>
>>>
>>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>
>>> ... and thanks for the excellent commit log message!
>>
>> Thanks both. I've picked this up as a fix.
>>
>> Will
>>
>
> Thanks Ard and Will for the review and picking this patch.
> can we also CC: <stable@vger.kernel.org> ?
>
> Thanks,
> -- Srinivas R
>
>
Sorry, there is a checkpatch error in the last patch. I will submit v3
after fixing the checkpatch error.
Thanks,
-- Srinivas R
--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center,
Inc.,
is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
WARNING: multiple messages have this Message-ID (diff)
From: sramana@codeaurora.org (Srinivas Ramana)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] arm64: kaslr: Fix up the kernel image alignment
Date: Thu, 23 Mar 2017 15:02:49 +0530 [thread overview]
Message-ID: <58D39641.2060009@codeaurora.org> (raw)
In-Reply-To: <58D27FFC.8030205@codeaurora.org>
On 03/22/2017 07:15 PM, Srinivas Ramana wrote:
> On 03/22/2017 06:10 PM, Will Deacon wrote:
>> On Wed, Mar 22, 2017 at 12:16:24PM +0000, Ard Biesheuvel wrote:
>>> On 22 March 2017 at 11:38, Srinivas Ramana <sramana@codeaurora.org>
>>> wrote:
>>>> From: Neeraj Upadhyay <neeraju@codeaurora.org>
>>>>
>>>> If kernel image extends across alignment boundary, existing
>>>> code increases the KASLR offset by size of kernel image. The
>>>> offset is masked after resizing. There are cases, where after
>>>> masking, we may still have kernel image extending across
>>>> boundary. This eventually results in only 2MB block getting
>>>> mapped while creating the page tables. This results in data aborts
>>>> while accessing unmapped regions during second relocation (with
>>>> kaslr offset) in __primary_switch. To fix this problem, round up the
>>>> kernel image size, by swapper block size, before adding it for
>>>> correction.
>>>>
>>>> For example consider below case, where kernel image still crosses
>>>> 1GB alignment boundary, after masking the offset, which is fixed
>>>> by rounding up kernel image size.
>>>>
>>>> SWAPPER_TABLE_SHIFT = 30
>>>> Swapper using section maps with section size 2MB.
>>>> CONFIG_PGTABLE_LEVELS = 3
>>>> VA_BITS = 39
>>>>
>>>> _text : 0xffffff8008080000
>>>> _end : 0xffffff800aa1b000
>>>> offset : 0x1f35600000
>>>> mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1)
>>>>
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> offset after existing correction (before mask) = 0x1f37f9b000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> offset (after mask) = 0x1f37e00000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> new offset w/ rounding up = 0x1f38000000
>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>
>>>> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
>>>> Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
>>>> Signed-off-by: Srinivas Ramana <sramana@codeaurora.org>
>>>
>>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>
>>> ... and thanks for the excellent commit log message!
>>
>> Thanks both. I've picked this up as a fix.
>>
>> Will
>>
>
> Thanks Ard and Will for the review and picking this patch.
> can we also CC: <stable@vger.kernel.org> ?
>
> Thanks,
> -- Srinivas R
>
>
Sorry, there is a checkpatch error in the last patch. I will submit v3
after fixing the checkpatch error.
Thanks,
-- Srinivas R
--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center,
Inc.,
is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
next prev parent reply other threads:[~2017-03-23 9:33 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-22 8:55 [PATCH] arm64: kaslr: Add 2MB correction for aligning kernel image Srinivas Ramana
2017-03-22 8:55 ` Srinivas Ramana
2017-03-22 9:27 ` Ard Biesheuvel
2017-03-22 9:27 ` Ard Biesheuvel
2017-03-22 11:38 ` [PATCH v2] arm64: kaslr: Fix up the kernel image alignment Srinivas Ramana
2017-03-22 11:38 ` Srinivas Ramana
2017-03-22 11:38 ` Srinivas Ramana
2017-03-22 12:16 ` Ard Biesheuvel
2017-03-22 12:16 ` Ard Biesheuvel
2017-03-22 12:16 ` Ard Biesheuvel
2017-03-22 12:40 ` Will Deacon
2017-03-22 12:40 ` Will Deacon
2017-03-22 12:40 ` Will Deacon
2017-03-22 13:45 ` Srinivas Ramana
2017-03-22 13:45 ` Srinivas Ramana
2017-03-22 13:45 ` Srinivas Ramana
2017-03-23 9:32 ` Srinivas Ramana [this message]
2017-03-23 9:32 ` Srinivas Ramana
2017-03-23 9:32 ` Srinivas Ramana
2017-03-23 9:34 ` Ard Biesheuvel
2017-03-23 9:34 ` Ard Biesheuvel
2017-03-23 9:34 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58D39641.2060009@codeaurora.org \
--to=sramana@codeaurora.org \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neeraju@codeaurora.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.