From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754723AbdCWJfE (ORCPT ); Thu, 23 Mar 2017 05:35:04 -0400 Received: from mail-it0-f41.google.com ([209.85.214.41]:38850 "EHLO mail-it0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751868AbdCWJfC (ORCPT ); Thu, 23 Mar 2017 05:35:02 -0400 MIME-Version: 1.0 In-Reply-To: <58D39641.2060009@codeaurora.org> References: <904FACBF-3DFE-4DDE-ACB5-7109A137D477@linaro.org> <1490182705-14243-1-git-send-email-sramana@codeaurora.org> <20170322124008.GH8026@arm.com> <58D27FFC.8030205@codeaurora.org> <58D39641.2060009@codeaurora.org> From: Ard Biesheuvel Date: Thu, 23 Mar 2017 09:34:54 +0000 Message-ID: Subject: Re: [PATCH v2] arm64: kaslr: Fix up the kernel image alignment To: Srinivas Ramana Cc: Will Deacon , Catalin Marinas , "linux-arm-kernel@lists.infradead.org" , "linux-kernel@vger.kernel.org" , linux-arm-msm@vger.kernel.org, Neeraj Upadhyay Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23 March 2017 at 09:32, Srinivas Ramana wrote: > On 03/22/2017 07:15 PM, Srinivas Ramana wrote: >> >> On 03/22/2017 06:10 PM, Will Deacon wrote: >>> >>> On Wed, Mar 22, 2017 at 12:16:24PM +0000, Ard Biesheuvel wrote: >>>> >>>> On 22 March 2017 at 11:38, Srinivas Ramana >>>> wrote: >>>>> >>>>> From: Neeraj Upadhyay >>>>> >>>>> If kernel image extends across alignment boundary, existing >>>>> code increases the KASLR offset by size of kernel image. The >>>>> offset is masked after resizing. There are cases, where after >>>>> masking, we may still have kernel image extending across >>>>> boundary. This eventually results in only 2MB block getting >>>>> mapped while creating the page tables. This results in data aborts >>>>> while accessing unmapped regions during second relocation (with >>>>> kaslr offset) in __primary_switch. To fix this problem, round up the >>>>> kernel image size, by swapper block size, before adding it for >>>>> correction. >>>>> >>>>> For example consider below case, where kernel image still crosses >>>>> 1GB alignment boundary, after masking the offset, which is fixed >>>>> by rounding up kernel image size. >>>>> >>>>> SWAPPER_TABLE_SHIFT = 30 >>>>> Swapper using section maps with section size 2MB. >>>>> CONFIG_PGTABLE_LEVELS = 3 >>>>> VA_BITS = 39 >>>>> >>>>> _text : 0xffffff8008080000 >>>>> _end : 0xffffff800aa1b000 >>>>> offset : 0x1f35600000 >>>>> mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1) >>>>> >>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c >>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> >>>>> offset after existing correction (before mask) = 0x1f37f9b000 >>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> >>>>> offset (after mask) = 0x1f37e00000 >>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c >>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> >>>>> new offset w/ rounding up = 0x1f38000000 >>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d >>>>> >>>>> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") >>>>> Signed-off-by: Neeraj Upadhyay >>>>> Signed-off-by: Srinivas Ramana >>>> >>>> >>>> Reviewed-by: Ard Biesheuvel >>>> >>>> ... and thanks for the excellent commit log message! >>> >>> >>> Thanks both. I've picked this up as a fix. >>> >>> Will >>> >> >> Thanks Ard and Will for the review and picking this patch. >> can we also CC: ? >> >> Thanks, >> -- Srinivas R >> >> > > Sorry, there is a checkpatch error in the last patch. I will submit v3 > after fixing the checkpatch error. > I wouldn't worry about that. Will has already queued the patch.