linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Mark Rutland <mark.rutland@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Brown <broonie@kernel.org>, Will Deacon <will@kernel.org>,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: kaslr: Print warning if KASLR is disabled due to lack of seed
Date: Fri, 8 Nov 2019 14:14:27 +0000	[thread overview]
Message-ID: <20191108141426.GC11465@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <20191108133830.GB22834@arrakis.emea.arm.com>

On Fri, Nov 08, 2019 at 01:38:31PM +0000, Catalin Marinas wrote:
> On Thu, Nov 07, 2019 at 12:12:41PM +0000, Mark Brown wrote:
> > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> > index 416f537bf614..c2ba5e783ada 100644
> > --- a/arch/arm64/kernel/kaslr.c
> > +++ b/arch/arm64/kernel/kaslr.c
> > @@ -98,8 +98,10 @@ u64 __init kaslr_early_init(u64 dt_phys)
> >  	 * Retrieve (and wipe) the seed from the FDT
> >  	 */
> >  	seed = get_kaslr_seed(fdt);
> > -	if (!seed)
> > +	if (!seed) {
> > +		pr_warn("No seed available for KASLR, disabling\n");
> >  		return 0;
> > +	}
> >  
> >  	/*
> >  	 * Check if 'nokaslr' appears on the command line, and
> 
> For some reason, this patch locks up the VM on TX2, stuck in a recursive
> fault. Too early for a printk?

We call kaslr_early_init() before start_kernel(), so we haven't set up
things like the per-cpu offset here (and I believe that printk relies on
that internally).

To avoid surprises, I think it'd be best to log that state later, in
setup.c. We can also do that consistently, so that the user has a
positive message when KASLR is in use.

We can either have something like:

void announce_kaslr(void)
{
	if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE))
		return;
	
	if (kaslr_offset() != 0)
		pr_info("KASLR in use\n");
	else if (in_commandline("nokaslr"))
		pr_info("KASLR disabled (command line)\n");
	else
		pr_info("KASLR disabled (no seed)\n");
}

Or have  kaslr.c update something like:

enum kaslr_status {
	KASLR_ENABLED,
	KASLR_DISABLED,
	KASLR_NO_SEED,
};

enum kaslr_status __ro_after_init kaslr_status;

... and switch on that in setup.c.

Thanks,
Mark.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2019-11-08 14:14 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-07 12:12 [PATCH] arm64: kaslr: Print warning if KASLR is disabled due to lack of seed Mark Brown
2019-11-08 13:38 ` Catalin Marinas
2019-11-08 14:14   ` Mark Rutland [this message]
2019-11-08 14:35     ` Mark Brown
2019-11-08 14:17   ` Mark Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191108141426.GC11465@lakrids.cambridge.arm.com \
    --to=mark.rutland@arm.com \
    --cc=broonie@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).