* [PATCH v3 0/2] Improve KASLR diagnostics @ 2019-11-08 16:19 Mark Brown 2019-11-08 16:20 ` [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown 2019-11-08 16:20 ` [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown 0 siblings, 2 replies; 6+ messages in thread From: Mark Brown @ 2019-11-08 16:19 UTC (permalink / raw) To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel This series provides diagnostics on boot for KASLR to improve usability at runtime. v3: Still mask the seed from FDT when disabling from the command line. v2: Defer the print to a core_initcall() so we don't try and print before printk() can cope, covering other less common error cases as well and also an explicit message when KASLR is enabled. Mark Brown (2): arm64: kaslr: Announce KASLR status on boot arm64: kaslr: Check command line before looking for a seed arch/arm64/kernel/kaslr.c | 44 +++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot 2019-11-08 16:19 [PATCH v3 0/2] Improve KASLR diagnostics Mark Brown @ 2019-11-08 16:20 ` Mark Brown 2019-11-08 16:46 ` Mark Rutland 2019-11-08 16:20 ` [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown 1 sibling, 1 reply; 6+ messages in thread From: Mark Brown @ 2019-11-08 16:20 UTC (permalink / raw) To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel Currently the KASLR code is silent at boot unless it forces on KPTI in which case a message will be printed for that. This can lead to users incorrectly believing their system has the feature enabled when it in fact does not, and if they notice the problem the lack of any diagnostics makes it harder to understand the problem. Add an initcall which prints a message showing the status of KASLR during boot to make the status clear. This is particularly useful in cases where we don't have a seed. It seems to be a relatively common error for system integrators and administrators to enable KASLR in their configuration but not provide the seed at runtime, often due to seed provisioning breaking at some later point after it is initially enabled and verified. Signed-off-by: Mark Brown <broonie@kernel.org> --- arch/arm64/kernel/kaslr.c | 41 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c index 416f537bf614..0039dc50e556 100644 --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -19,6 +19,14 @@ #include <asm/pgtable.h> #include <asm/sections.h> +enum kaslr_status { + KASLR_ENABLED, + KASLR_DISABLED_CMDLINE, + KASLR_DISABLED_NO_SEED, + KASLR_DISABLED_FDT_REMAP, +}; + +enum kaslr_status __ro_after_init kaslr_status; u64 __ro_after_init module_alloc_base; u16 __initdata memstart_offset_seed; @@ -91,15 +99,19 @@ u64 __init kaslr_early_init(u64 dt_phys) */ early_fixmap_init(); fdt = fixmap_remap_fdt(dt_phys, &size, PAGE_KERNEL); - if (!fdt) + if (!fdt) { + kaslr_status = KASLR_DISABLED_FDT_REMAP; return 0; + } /* * Retrieve (and wipe) the seed from the FDT */ seed = get_kaslr_seed(fdt); - if (!seed) + if (!seed) { + kaslr_status = KASLR_DISABLED_NO_SEED; return 0; + } /* * Check if 'nokaslr' appears on the command line, and @@ -107,8 +119,10 @@ u64 __init kaslr_early_init(u64 dt_phys) */ cmdline = kaslr_get_cmdline(fdt); str = strstr(cmdline, "nokaslr"); - if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) + if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) { + kaslr_status = KASLR_DISABLED_CMDLINE; return 0; + } /* * OK, so we are proceeding with KASLR enabled. Calculate a suitable @@ -170,3 +184,24 @@ u64 __init kaslr_early_init(u64 dt_phys) return offset; } + +static int __init kaslr_init(void) +{ + switch (kaslr_status) { + case KASLR_ENABLED: + pr_info("KASLR enabled\n"); + break; + case KASLR_DISABLED_CMDLINE: + pr_info("KASLR disabled on command line\n"); + break; + case KASLR_DISABLED_NO_SEED: + pr_warn("KASLR disabled due to lack of seed\n"); + break; + case KASLR_DISABLED_FDT_REMAP: + pr_warn("KASLR disabled due to FDT remapping failure\n"); + break; + } + + return 0; +} +core_initcall(kaslr_init) -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot 2019-11-08 16:20 ` [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown @ 2019-11-08 16:46 ` Mark Rutland 2019-11-08 17:05 ` Mark Brown 0 siblings, 1 reply; 6+ messages in thread From: Mark Rutland @ 2019-11-08 16:46 UTC (permalink / raw) To: Mark Brown; +Cc: Catalin Marinas, Will Deacon, linux-arm-kernel On Fri, Nov 08, 2019 at 04:20:00PM +0000, Mark Brown wrote: > Currently the KASLR code is silent at boot unless it forces on KPTI in > which case a message will be printed for that. This can lead to users > incorrectly believing their system has the feature enabled when it in > fact does not, and if they notice the problem the lack of any > diagnostics makes it harder to understand the problem. Add an initcall > which prints a message showing the status of KASLR during boot to make > the status clear. > > This is particularly useful in cases where we don't have a seed. It > seems to be a relatively common error for system integrators and > administrators to enable KASLR in their configuration but not provide > the seed at runtime, often due to seed provisioning breaking at some > later point after it is initially enabled and verified. > > Signed-off-by: Mark Brown <broonie@kernel.org> > --- > arch/arm64/kernel/kaslr.c | 41 ++++++++++++++++++++++++++++++++++++--- > 1 file changed, 38 insertions(+), 3 deletions(-) > > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c > index 416f537bf614..0039dc50e556 100644 > --- a/arch/arm64/kernel/kaslr.c > +++ b/arch/arm64/kernel/kaslr.c > @@ -19,6 +19,14 @@ > #include <asm/pgtable.h> > #include <asm/sections.h> > > +enum kaslr_status { > + KASLR_ENABLED, > + KASLR_DISABLED_CMDLINE, > + KASLR_DISABLED_NO_SEED, > + KASLR_DISABLED_FDT_REMAP, > +}; > + > +enum kaslr_status __ro_after_init kaslr_status; This can probably be __initdata since it's only consumed by an __init call. Otherwise this looks sound to me; with that: Acked-by: Mark Rutland <mark.rutland@arm.com> Thanks, Mark. > u64 __ro_after_init module_alloc_base; > u16 __initdata memstart_offset_seed; > > @@ -91,15 +99,19 @@ u64 __init kaslr_early_init(u64 dt_phys) > */ > early_fixmap_init(); > fdt = fixmap_remap_fdt(dt_phys, &size, PAGE_KERNEL); > - if (!fdt) > + if (!fdt) { > + kaslr_status = KASLR_DISABLED_FDT_REMAP; > return 0; > + } > > /* > * Retrieve (and wipe) the seed from the FDT > */ > seed = get_kaslr_seed(fdt); > - if (!seed) > + if (!seed) { > + kaslr_status = KASLR_DISABLED_NO_SEED; > return 0; > + } > > /* > * Check if 'nokaslr' appears on the command line, and > @@ -107,8 +119,10 @@ u64 __init kaslr_early_init(u64 dt_phys) > */ > cmdline = kaslr_get_cmdline(fdt); > str = strstr(cmdline, "nokaslr"); > - if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) > + if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) { > + kaslr_status = KASLR_DISABLED_CMDLINE; > return 0; > + } > > /* > * OK, so we are proceeding with KASLR enabled. Calculate a suitable > @@ -170,3 +184,24 @@ u64 __init kaslr_early_init(u64 dt_phys) > > return offset; > } > + > +static int __init kaslr_init(void) > +{ > + switch (kaslr_status) { > + case KASLR_ENABLED: > + pr_info("KASLR enabled\n"); > + break; > + case KASLR_DISABLED_CMDLINE: > + pr_info("KASLR disabled on command line\n"); > + break; > + case KASLR_DISABLED_NO_SEED: > + pr_warn("KASLR disabled due to lack of seed\n"); > + break; > + case KASLR_DISABLED_FDT_REMAP: > + pr_warn("KASLR disabled due to FDT remapping failure\n"); > + break; > + } > + > + return 0; > +} > +core_initcall(kaslr_init) > -- > 2.20.1 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot 2019-11-08 16:46 ` Mark Rutland @ 2019-11-08 17:05 ` Mark Brown 0 siblings, 0 replies; 6+ messages in thread From: Mark Brown @ 2019-11-08 17:05 UTC (permalink / raw) To: Mark Rutland; +Cc: Catalin Marinas, Will Deacon, linux-arm-kernel [-- Attachment #1.1: Type: text/plain, Size: 273 bytes --] On Fri, Nov 08, 2019 at 04:46:36PM +0000, Mark Rutland wrote: > On Fri, Nov 08, 2019 at 04:20:00PM +0000, Mark Brown wrote: > > +enum kaslr_status __ro_after_init kaslr_status; > This can probably be __initdata since it's only consumed by an __init > call. Yes, it can. [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] [-- Attachment #2: Type: text/plain, Size: 176 bytes --] _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed 2019-11-08 16:19 [PATCH v3 0/2] Improve KASLR diagnostics Mark Brown 2019-11-08 16:20 ` [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown @ 2019-11-08 16:20 ` Mark Brown 2019-11-08 16:47 ` Mark Rutland 1 sibling, 1 reply; 6+ messages in thread From: Mark Brown @ 2019-11-08 16:20 UTC (permalink / raw) To: Catalin Marinas, Will Deacon, Mark Rutland; +Cc: Mark Brown, linux-arm-kernel Now that we print diagnostics at boot the reason why we do not initialise KASLR matters. Currently we check for a seed before we check if the user has explicitly disabled KASLR on the command line which will result in misleading diagnostics so reverse the order of those checks. We still parse the seed from the DT early so that if the user has both provided a seed and disabled KASLR on the command line we still mask the seed on the command line. Signed-off-by: Mark Brown <broonie@kernel.org> --- arch/arm64/kernel/kaslr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c index 0039dc50e556..c09f12ab6525 100644 --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -108,10 +108,6 @@ u64 __init kaslr_early_init(u64 dt_phys) * Retrieve (and wipe) the seed from the FDT */ seed = get_kaslr_seed(fdt); - if (!seed) { - kaslr_status = KASLR_DISABLED_NO_SEED; - return 0; - } /* * Check if 'nokaslr' appears on the command line, and @@ -124,6 +120,11 @@ u64 __init kaslr_early_init(u64 dt_phys) return 0; } + if (!seed) { + kaslr_status = KASLR_DISABLED_NO_SEED; + return 0; + } + /* * OK, so we are proceeding with KASLR enabled. Calculate a suitable * kernel image offset from the seed. Let's place the kernel in the -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed 2019-11-08 16:20 ` [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown @ 2019-11-08 16:47 ` Mark Rutland 0 siblings, 0 replies; 6+ messages in thread From: Mark Rutland @ 2019-11-08 16:47 UTC (permalink / raw) To: Mark Brown; +Cc: Catalin Marinas, Will Deacon, linux-arm-kernel On Fri, Nov 08, 2019 at 04:20:01PM +0000, Mark Brown wrote: > Now that we print diagnostics at boot the reason why we do not initialise > KASLR matters. Currently we check for a seed before we check if the user > has explicitly disabled KASLR on the command line which will result in > misleading diagnostics so reverse the order of those checks. We still > parse the seed from the DT early so that if the user has both provided a > seed and disabled KASLR on the command line we still mask the seed on > the command line. > > Signed-off-by: Mark Brown <broonie@kernel.org> Acked-by: Mark Rutland <mark.rutland@arm.com> Mark. > --- > arch/arm64/kernel/kaslr.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c > index 0039dc50e556..c09f12ab6525 100644 > --- a/arch/arm64/kernel/kaslr.c > +++ b/arch/arm64/kernel/kaslr.c > @@ -108,10 +108,6 @@ u64 __init kaslr_early_init(u64 dt_phys) > * Retrieve (and wipe) the seed from the FDT > */ > seed = get_kaslr_seed(fdt); > - if (!seed) { > - kaslr_status = KASLR_DISABLED_NO_SEED; > - return 0; > - } > > /* > * Check if 'nokaslr' appears on the command line, and > @@ -124,6 +120,11 @@ u64 __init kaslr_early_init(u64 dt_phys) > return 0; > } > > + if (!seed) { > + kaslr_status = KASLR_DISABLED_NO_SEED; > + return 0; > + } > + > /* > * OK, so we are proceeding with KASLR enabled. Calculate a suitable > * kernel image offset from the seed. Let's place the kernel in the > -- > 2.20.1 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-11-08 17:06 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-11-08 16:19 [PATCH v3 0/2] Improve KASLR diagnostics Mark Brown 2019-11-08 16:20 ` [PATCH v3 1/2] arm64: kaslr: Announce KASLR status on boot Mark Brown 2019-11-08 16:46 ` Mark Rutland 2019-11-08 17:05 ` Mark Brown 2019-11-08 16:20 ` [PATCH v3 2/2] arm64: kaslr: Check command line before looking for a seed Mark Brown 2019-11-08 16:47 ` Mark Rutland
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).