From patchwork Wed Mar 2 17:11:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 63407 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp2498079lbc; Wed, 2 Mar 2016 09:14:10 -0800 (PST) X-Received: by 10.98.74.93 with SMTP id x90mr39889216pfa.80.1456938849875; Wed, 02 Mar 2016 09:14:09 -0800 (PST) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id tf4si59292915pab.231.2016.03.02.09.14.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Mar 2016 09:14:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1abAKm-0002L7-VH; Wed, 02 Mar 2016 17:13:12 +0000 Received: from mail-wm0-x22a.google.com ([2a00:1450:400c:c09::22a]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1abAK1-0001lO-9O for linux-arm-kernel@lists.infradead.org; Wed, 02 Mar 2016 17:12:28 +0000 Received: by mail-wm0-x22a.google.com with SMTP id p65so89472438wmp.1 for ; Wed, 02 Mar 2016 09:12:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=D99ogocoGOxL1SY0pLTzGRzZNbFJJzFS0SdG3X1CKng=; b=dpSl6ZZNqxTJNTXIQ1XQze0QFAYLtV74TN51GcgzhFJ8Gd9illneCXcQmFoBNtlF4J nQSPmWpV5E4ziXAoVvXcFEFPoE1k+5t7PXNjuLNcOv17he4WtkcBGshB032c3qq39bsM rjoHS6sL4RrjmZVsYoYVPsO7sxVBCZCuFSLSA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=D99ogocoGOxL1SY0pLTzGRzZNbFJJzFS0SdG3X1CKng=; b=E0PumdARtPi34CpcXLPTCxEl1BzZuyEJpekWiIyfv107Yz19ELJ/YinRYi+eHhmaiB rPhe/uPVsHmo5KGS8m6LCCZFIFA1AN/kSywdyMwIaeASCOi1M7JR+XFvHqWV5K9lrPtt h0zfwm3wYZR0kPa5QcCe3KSP0dYOm6kWUpkHFY+rWpQ5sUsjp6jKkAke9BV+TO24rEjb 0go2l6FtHIQp+7r+OoyaO7WuW3x4hAAP5JFGiCTE/rA0QRn86xNVouRdBwjuDhZFe/PF QoAcw+QnE0O6TWuJC9fPMWeI83NHgEa5y1SblLIF+/LinlktIqF2QqsOXAH96mC2lfAw /1Ww== X-Gm-Message-State: AD7BkJLEfCcfwv/LV+awTCnVhC9rRmNV2JxDSzpJp6FMlJgRSoZEhoEQM9ztLltzqsxFUG6D X-Received: by 10.28.133.14 with SMTP id h14mr1067170wmd.100.1456938723682; Wed, 02 Mar 2016 09:12:03 -0800 (PST) Received: from localhost.localdomain ([195.55.142.58]) by smtp.gmail.com with ESMTPSA id gk4sm18023317wjd.7.2016.03.02.09.12.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 02 Mar 2016 09:12:03 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, keescook@chromium.org, catalin.marinas@arm.com, mark.rutland@arm.com Subject: [PATCH 3/3] arm64: kaslr: increase randomization granularity Date: Wed, 2 Mar 2016 18:11:52 +0100 Message-Id: <1456938712-11089-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1456938712-11089-1-git-send-email-ard.biesheuvel@linaro.org> References: <1456938712-11089-1-git-send-email-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160302_091225_812531_DEA492D3 X-CRM114-Status: GOOD ( 15.56 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:22a listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matt@codeblueprint.co.uk, david.brown@linaro.org, Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org Currently, our KASLR implementation randomizes the placement of the core kernel at 2 MB granularity. This is based on the arm64 kernel boot protocol, which mandates that the kernel is loaded TEXT_OFFSET bytes above a 2 MB aligned base address. This requirement is a result of the fact that the block size used by the early mapping code may be 2 MB at the most (for a 4 KB granule kernel) But we can do better than that: since a KASLR kernel needs to be relocated in any case, we can tolerate a physical misalignment as long as the virtual misalignment is equal in size, and code to deal with this is already in place. The actual minimal alignment of the core kernel is either PAGE_SIZE or THREAD_SIZE, whichever is greater. The former is obvious, but the latter is due to the fact that the init stack is expected to live at an offset which is a round multiple of its size. The higher granularity adds between 5 and 7 bits of entropy, depending on page size. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) -- 2.5.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index e0e6b74fef8f..84584e7847df 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -61,15 +61,23 @@ efi_status_t __init handle_kernel_image(efi_system_table_t *sys_table_arg, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && phys_seed != 0) { /* + * Produce a displacement in the interval [0, MIN_KIMG_ALIGN) + * that is a multiple of the actual minimal kernel alignment + * (either PAGE_SIZE or THREAD_SIZE, whichever is greater) + */ + const u32 offset = (phys_seed >> 32) & (MIN_KIMG_ALIGN - 1) & + ~(max_t(u32, PAGE_SIZE, THREAD_SIZE) - 1); + + /* * If KASLR is enabled, and we have some randomness available, * locate the kernel at a randomized offset in physical memory. */ - *reserve_size = kernel_memsize + TEXT_OFFSET; + *reserve_size = kernel_memsize + offset; status = efi_random_alloc(sys_table_arg, *reserve_size, MIN_KIMG_ALIGN, reserve_addr, - phys_seed); + (u32)phys_seed); - *image_addr = *reserve_addr + TEXT_OFFSET; + *image_addr = *reserve_addr + offset; } else { /* * Else, try a straight allocation at the preferred offset.