From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C1ABC4338F for ; Mon, 26 Jul 2021 04:11:56 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0400A6069E for ; Mon, 26 Jul 2021 04:11:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0400A6069E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.crashing.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Date:Cc:To:From:Subject:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=mK8X6ZuRWwq7JqHJKBB6xZQsfDy1SgvVPn7Dmoj2X0o=; b=15OfDpm0SVaKzT ZKJFaSxhFMElKPhQJA4IOzTv28613Kg01n6Y/XHNU0MXl4CX7nzSWj0yK8MQqd+O9hTI8WICdIjVw WANuY2FO5wJsyBp92y709Vdm4kUZRDPNFJJnq9y8agwSclfWQmFNTZ4Q7UN5fvhSvKUdB9NXkNabg vzCIeoVySi12CXIjErkryCQEdEjGIV3KqIrkJTujfr/UQvmyeVexhJATaBTH+8yCsun+cmOsVkyaL RAg9Js+8EGyGBssYcrgPrqA/mMlB9OI6KI35FUzvTXz7snNl8F6orcZkkG7odXeQVk182NOCUjDkf 43t/0ZAHbAeT5QDygn7A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m7rwa-009XoD-1q; Mon, 26 Jul 2021 04:10:20 +0000 Received: from gate.crashing.org ([63.228.1.57]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m7rwW-009Xmo-Q9 for linux-arm-kernel@lists.infradead.org; Mon, 26 Jul 2021 04:10:18 +0000 Received: from ip6-localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 16Q495Dp031409; Sun, 25 Jul 2021 23:09:06 -0500 Message-ID: <2567059e36501744b83c76f4646b073fabb4b1fd.camel@kernel.crashing.org> Subject: Re: [PATCH] efistub: arm64: relax 2M alignment again for relocatable kernels From: Benjamin Herrenschmidt To: Ard Biesheuvel , linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Date: Mon, 26 Jul 2021 14:09:05 +1000 In-Reply-To: <20210722102600.58392-1-ardb@kernel.org> References: <20210722102600.58392-1-ardb@kernel.org> User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210725_211017_027168_A55AAA48 X-CRM114-Status: GOOD ( 20.61 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 2021-07-22 at 12:26 +0200, Ard Biesheuvel wrote: > Commit 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with > alignment check") simplified the way the stub moves the kernel image > around in memory before booting it, given that a relocatable image does > not need to be copied to a 2M aligned offset if it was loaded on a 64k > boundary by EFI. > > Commit d32de9130f6c ("efi/arm64: libstub: Deal gracefully with > EFI_RNG_PROTOCOL failure") inadvertently defeated this logic by > overriding the value of efi_nokaslr if EFI_RNG_PROTOCOL is not > available, which was mistaked by the loader logic as an explicit request > on the part of the user to disable KASLR and any associated relocation > of an Image not loaded on a 2M boundary. > > So let's reinstate this functionality, by capturing the value of > efi_nokaslr at function entry to choose the minimum alignment. > > Fixes: d32de9130f6c ("efi/arm64: libstub: Deal gracefully with EFI_RNG_PROTOCOL failure") > Cc: Benjamin Herrenschmidt > Signed-off-by: Ard Biesheuvel > --- > This fixes the regression that was discussed in [0], but given that it > is very likely to break Ben's use case again, I'll sit on it for the > time being. The bug is in the version of grub carried by some distros actually. The stricter alignment forces the stub to reallocate the image in ways that manages to generally avoid it (but it's all luck). Long story short: those grubs don't allocate room for the kernel bss (and don't zero it), thus there's a chance for it to overlap other pre-boot allocations such as EFI runtime services, the initrd, fdt, whatever else... So the kernel will break more often with this patch until grub is fixed in those distros (working on it ...). Note: If you work on a distro and you carry the grub2 patch that takes out LoadImage/StartImage from grub-core/loader/arm64/linux.c in favor of the shim lock protocol, poke me, I have a patch for you :) Cheers, Ben. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel