Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v2 0/2] Improve KASLR diagnostics
@ 2019-11-08 15:46 Mark Brown
  2019-11-08 15:46 ` [PATCH v2 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown
  2019-11-08 15:46 ` [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown
  0 siblings, 2 replies; 4+ messages in thread
From: Mark Brown @ 2019-11-08 15:46 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel

This series provides diagnostics on boot for KASLR to improve usability
at runtime.

v2: Defer the print to a core_initcall() so we don't try and print
    before printk() can cope, covering other less common error cases as
    well and also an explicit message when KASLR is enabled.

Mark Brown (2):
  arm64: kaslr: Announce KASLR status on boot
  arm64: kaslr: Check command line before looking for a seed

 arch/arm64/kernel/kaslr.c | 53 ++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 9 deletions(-)

-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 1/2] arm64: kaslr: Announce KASLR status on boot
  2019-11-08 15:46 [PATCH v2 0/2] Improve KASLR diagnostics Mark Brown
@ 2019-11-08 15:46 ` Mark Brown
  2019-11-08 15:46 ` [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown
  1 sibling, 0 replies; 4+ messages in thread
From: Mark Brown @ 2019-11-08 15:46 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel

Currently the KASLR code is silent at boot unless it forces on KPTI in
which case a message will be printed for that. This can lead to users
incorrectly believing their system has the feature enabled when it in
fact does not, and if they notice the problem the lack of any
diagnostics makes it harder to understand the problem. Add an initcall
which prints a message showing the status of KASLR during boot to make
the status clear.

This is particularly useful in cases where we don't have a seed. It
seems to be a relatively common error for system integrators and
administrators to enable KASLR in their configuration but not provide
the seed at runtime, often due to seed provisioning breaking at some
later point after it is initially enabled and verified.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/kaslr.c | 41 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index 416f537bf614..0039dc50e556 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -19,6 +19,14 @@
 #include <asm/pgtable.h>
 #include <asm/sections.h>
 
+enum kaslr_status {
+	KASLR_ENABLED,
+	KASLR_DISABLED_CMDLINE,
+	KASLR_DISABLED_NO_SEED,
+	KASLR_DISABLED_FDT_REMAP,
+};
+
+enum kaslr_status __ro_after_init kaslr_status;
 u64 __ro_after_init module_alloc_base;
 u16 __initdata memstart_offset_seed;
 
@@ -91,15 +99,19 @@ u64 __init kaslr_early_init(u64 dt_phys)
 	 */
 	early_fixmap_init();
 	fdt = fixmap_remap_fdt(dt_phys, &size, PAGE_KERNEL);
-	if (!fdt)
+	if (!fdt) {
+		kaslr_status = KASLR_DISABLED_FDT_REMAP;
 		return 0;
+	}
 
 	/*
 	 * Retrieve (and wipe) the seed from the FDT
 	 */
 	seed = get_kaslr_seed(fdt);
-	if (!seed)
+	if (!seed) {
+		kaslr_status = KASLR_DISABLED_NO_SEED;
 		return 0;
+	}
 
 	/*
 	 * Check if 'nokaslr' appears on the command line, and
@@ -107,8 +119,10 @@ u64 __init kaslr_early_init(u64 dt_phys)
 	 */
 	cmdline = kaslr_get_cmdline(fdt);
 	str = strstr(cmdline, "nokaslr");
-	if (str == cmdline || (str > cmdline && *(str - 1) == ' '))
+	if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) {
+		kaslr_status = KASLR_DISABLED_CMDLINE;
 		return 0;
+	}
 
 	/*
 	 * OK, so we are proceeding with KASLR enabled. Calculate a suitable
@@ -170,3 +184,24 @@ u64 __init kaslr_early_init(u64 dt_phys)
 
 	return offset;
 }
+
+static int __init kaslr_init(void)
+{
+	switch (kaslr_status) {
+	case KASLR_ENABLED:
+		pr_info("KASLR enabled\n");
+		break;
+	case KASLR_DISABLED_CMDLINE:
+		pr_info("KASLR disabled on command line\n");
+		break;
+	case KASLR_DISABLED_NO_SEED:
+		pr_warn("KASLR disabled due to lack of seed\n");
+		break;
+	case KASLR_DISABLED_FDT_REMAP:
+		pr_warn("KASLR disabled due to FDT remapping failure\n");
+		break;
+	}
+
+	return 0;
+}
+core_initcall(kaslr_init)
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed
  2019-11-08 15:46 [PATCH v2 0/2] Improve KASLR diagnostics Mark Brown
  2019-11-08 15:46 ` [PATCH v2 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown
@ 2019-11-08 15:46 ` Mark Brown
  2019-11-08 15:50   ` Mark Brown
  1 sibling, 1 reply; 4+ messages in thread
From: Mark Brown @ 2019-11-08 15:46 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel

Now that we print diagnostics at boot the reason why we do not initialise
KASLR matters. Currently we check for a seed before we check if the user
has explicitly disabled KASLR on the command line which will result in
misleading diagnostics so reverse the order of those checks.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/kaslr.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index 0039dc50e556..cbd481af0c3d 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -104,15 +104,6 @@ u64 __init kaslr_early_init(u64 dt_phys)
 		return 0;
 	}
 
-	/*
-	 * Retrieve (and wipe) the seed from the FDT
-	 */
-	seed = get_kaslr_seed(fdt);
-	if (!seed) {
-		kaslr_status = KASLR_DISABLED_NO_SEED;
-		return 0;
-	}
-
 	/*
 	 * Check if 'nokaslr' appears on the command line, and
 	 * return 0 if that is the case.
@@ -124,6 +115,15 @@ u64 __init kaslr_early_init(u64 dt_phys)
 		return 0;
 	}
 
+	/*
+	 * Retrieve (and wipe) the seed from the FDT
+	 */
+	seed = get_kaslr_seed(fdt);
+	if (!seed) {
+		kaslr_status = KASLR_DISABLED_NO_SEED;
+		return 0;
+	}
+
 	/*
 	 * OK, so we are proceeding with KASLR enabled. Calculate a suitable
 	 * kernel image offset from the seed. Let's place the kernel in the
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed
  2019-11-08 15:46 ` [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown
@ 2019-11-08 15:50   ` Mark Brown
  0 siblings, 0 replies; 4+ messages in thread
From: Mark Brown @ 2019-11-08 15:50 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: linux-arm-kernel

[-- Attachment #1.1: Type: text/plain, Size: 423 bytes --]

On Fri, Nov 08, 2019 at 03:46:07PM +0000, Mark Brown wrote:

> -	/*
> -	 * Retrieve (and wipe) the seed from the FDT
> -	 */
> -	seed = get_kaslr_seed(fdt);
> -	if (!seed) {
> -		kaslr_status = KASLR_DISABLED_NO_SEED;
> -		return 0;
> -	}
> -

Sorry, realized immediately after sending this that it would be better
to only move the if statement here in case the user has provided a seed
but also explicitly disabled KASLR.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 176 bytes --]

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-08 15:46 [PATCH v2 0/2] Improve KASLR diagnostics Mark Brown
2019-11-08 15:46 ` [PATCH v2 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown
2019-11-08 15:46 ` [PATCH v2 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown
2019-11-08 15:50   ` Mark Brown

Linux-ARM-Kernel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/0 linux-arm-kernel/git/0.git
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/1 linux-arm-kernel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-arm-kernel linux-arm-kernel/ https://lore.kernel.org/linux-arm-kernel \
		linux-arm-kernel@lists.infradead.org
	public-inbox-index linux-arm-kernel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-arm-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git