From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
linux-efi <linux-efi@vger.kernel.org>,
"linux-kernel@vger.kernel.org Will Deacon" <will@kernel.org>
Subject: Re: [PATCH 2/2] arm64: efi: kaslr: Fix boot failure if efi_random_alloc() fails
Date: Wed, 21 Jul 2021 00:25:28 +1000 [thread overview]
Message-ID: <dcd3d434697bd15da1297ed1074acaa52003c683.camel@kernel.crashing.org> (raw)
In-Reply-To: <CAMj1kXH_mgten0R5NpDMzxQPJ1QNX0z3OZNREwH8FCJ5s+4M=w@mail.gmail.com>
On Tue, 2021-07-20 at 16:10 +0200, Ard Biesheuvel wrote:
>
> > My patch simply ensures that this is also true when KASLR fails to
> > randomize the kernel address.
> >
>
> Fair enough.
>
> The history here is that passing nokaslr on the command line would
> force 2M alignment even if KASLR was not enabled to begin with,
> without affecting the alignment policy of KASLR capable kernels if
> KASLR was not explicitly disabled, but not available on the platform.
>
> I realize now that my commit d32de9130f6c7 has interfered with this:
> efi_nokaslr is set to true there so the later code does not complain
> about the EFI_RNG_PROTOCOL being unavailable, but it has the side
> effect of affecting the alignment policy in the remainder of the
> function.
>
> So what I would prefer here is to capture efi_nokaslr at entry, and
> use that to decide the alignment. That way, efi_nokaslr can be set to
> true without affecting the subsequent allocation logic.
So interestingly, the bug I am trying to fix with this patch seems to
indicate that this doesn't work (though I would need to debug further
as to why) on my systems (EC2 c6g.metal instances).
IE, in my case what happens is:
- kernel has CONFIG_RANDOMIZE_BASE and CONFIG_RELOCATABLE both enabled
- RNG protocol exists, it gets a random seed, but due to the other
bug, efi_random_alloc() fails. It thus falls back to the "normal"
alignment check & relocation case (the big if (status != EFI_SUCCESS))
- That alignment check uses 64K and not 2M however. In my case it
passes (_text is already 64K aligned) and we boot...
- And nothing happens. IE, it dies somewhere in/after exit boot
services, I haven't had a chance to figure out in more details why,
those machines take 20mn to reboot.
So *something* is wrong when we stick to a 64K alignment and don't
randomize the kernel base.
Interestingly we don't set nokaslr in that case, so we should still be
hitting all the kaslr path in the main kernel. The problem could relate
to running from that initial address. I'll have to debug further, maybe
try a repro-case in qemu.
In the meantime, please apply patch 1 which solves the main issue and
I'll continue digging.
Note (in case this is relevant): This was all tested/debugged on 5.10.y
Cheers,
Ben.
WARNING: multiple messages have this Message-ID (diff)
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
linux-efi <linux-efi@vger.kernel.org>,
"linux-kernel@vger.kernel.org Will Deacon" <will@kernel.org>
Subject: Re: [PATCH 2/2] arm64: efi: kaslr: Fix boot failure if efi_random_alloc() fails
Date: Wed, 21 Jul 2021 00:25:28 +1000 [thread overview]
Message-ID: <dcd3d434697bd15da1297ed1074acaa52003c683.camel@kernel.crashing.org> (raw)
In-Reply-To: <CAMj1kXH_mgten0R5NpDMzxQPJ1QNX0z3OZNREwH8FCJ5s+4M=w@mail.gmail.com>
On Tue, 2021-07-20 at 16:10 +0200, Ard Biesheuvel wrote:
>
> > My patch simply ensures that this is also true when KASLR fails to
> > randomize the kernel address.
> >
>
> Fair enough.
>
> The history here is that passing nokaslr on the command line would
> force 2M alignment even if KASLR was not enabled to begin with,
> without affecting the alignment policy of KASLR capable kernels if
> KASLR was not explicitly disabled, but not available on the platform.
>
> I realize now that my commit d32de9130f6c7 has interfered with this:
> efi_nokaslr is set to true there so the later code does not complain
> about the EFI_RNG_PROTOCOL being unavailable, but it has the side
> effect of affecting the alignment policy in the remainder of the
> function.
>
> So what I would prefer here is to capture efi_nokaslr at entry, and
> use that to decide the alignment. That way, efi_nokaslr can be set to
> true without affecting the subsequent allocation logic.
So interestingly, the bug I am trying to fix with this patch seems to
indicate that this doesn't work (though I would need to debug further
as to why) on my systems (EC2 c6g.metal instances).
IE, in my case what happens is:
- kernel has CONFIG_RANDOMIZE_BASE and CONFIG_RELOCATABLE both enabled
- RNG protocol exists, it gets a random seed, but due to the other
bug, efi_random_alloc() fails. It thus falls back to the "normal"
alignment check & relocation case (the big if (status != EFI_SUCCESS))
- That alignment check uses 64K and not 2M however. In my case it
passes (_text is already 64K aligned) and we boot...
- And nothing happens. IE, it dies somewhere in/after exit boot
services, I haven't had a chance to figure out in more details why,
those machines take 20mn to reboot.
So *something* is wrong when we stick to a 64K alignment and don't
randomize the kernel base.
Interestingly we don't set nokaslr in that case, so we should still be
hitting all the kaslr path in the main kernel. The problem could relate
to running from that initial address. I'll have to debug further, maybe
try a repro-case in qemu.
In the meantime, please apply patch 1 which solves the main issue and
I'll continue digging.
Note (in case this is relevant): This was all tested/debugged on 5.10.y
Cheers,
Ben.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-07-20 14:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-20 11:14 [PATCH 2/2] arm64: efi: kaslr: Fix boot failure if efi_random_alloc() fails Benjamin Herrenschmidt
2021-07-20 11:14 ` Benjamin Herrenschmidt
2021-07-20 12:57 ` Ard Biesheuvel
2021-07-20 12:57 ` Ard Biesheuvel
2021-07-20 13:10 ` Benjamin Herrenschmidt
2021-07-20 13:10 ` Benjamin Herrenschmidt
2021-07-20 13:48 ` Ard Biesheuvel
2021-07-20 13:48 ` Ard Biesheuvel
2021-07-20 14:03 ` Benjamin Herrenschmidt
2021-07-20 14:03 ` Benjamin Herrenschmidt
2021-07-20 14:10 ` Ard Biesheuvel
2021-07-20 14:10 ` Ard Biesheuvel
2021-07-20 14:25 ` Benjamin Herrenschmidt [this message]
2021-07-20 14:25 ` Benjamin Herrenschmidt
2021-07-20 14:40 ` Ard Biesheuvel
2021-07-20 14:40 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dcd3d434697bd15da1297ed1074acaa52003c683.camel@kernel.crashing.org \
--to=benh@kernel.crashing.org \
--cc=ardb@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-efi@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.