From patchwork Thu Mar 3 18:44:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 63489 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp65325lbc; Thu, 3 Mar 2016 10:46:05 -0800 (PST) X-Received: by 10.66.251.162 with SMTP id zl2mr5991003pac.116.1457030764176; Thu, 03 Mar 2016 10:46:04 -0800 (PST) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id 85si4968623pfn.180.2016.03.03.10.46.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Mar 2016 10:46:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1abYEz-0001BB-Nv; Thu, 03 Mar 2016 18:44:49 +0000 Received: from mail-wm0-x232.google.com ([2a00:1450:400c:c09::232]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1abYEv-00019b-DY for linux-arm-kernel@lists.infradead.org; Thu, 03 Mar 2016 18:44:46 +0000 Received: by mail-wm0-x232.google.com with SMTP id p65so47791902wmp.1 for ; Thu, 03 Mar 2016 10:44:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jp3IaPeIuzBT6A6ik69R24afcePAA/RsAG+wM3vjUrE=; b=gHLCVxnhi+5jY5fYQVw7F3X8zwo9SCtQDuaMn2mepMYzsImakZM2N9MXyNqIIn6cQV dbV7XBOlgV38zw83kmBLHEKc+UHOG0iREZnxKNSx3R9HrrIAw54IK4c8W83WR28boAky hxPPi2PRbgNUeSFafSnwDADkPSvGdTrNsN+Fc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jp3IaPeIuzBT6A6ik69R24afcePAA/RsAG+wM3vjUrE=; b=TFVBAt/dH9QaS/vxbG3TU826W2bScfaXHomLNxIlDj8aGXsX6a+oMq1X7+QesA7FZv nKtPBcHfrLkPhcYkkzNeHfOFjcsj8h2X3f8wdkUYmBGdVe3FZQg+RtZb12rqAGhr3TOt xCfTIkOyQXhyMSaa01RddOMKwH1pc2CYmoTBg7bs8I4aUpcV/mRu1HNe4X9us27S0lRI JWWyBFnbL5dm2WXvsY8VIVJxogB7/ZwYfsL65lKvvVbGim6v9H6+x6XniziDDbpQRvs5 3sfE0+rZyQMGGUR/gVcX0YHAbJDp7Sr6Jq3nrRY/w47xh+tIu/rXeQ16YMNY/lrXijYg BYmw== X-Gm-Message-State: AD7BkJJ+sHMpLm39B4ODX7lUB1c1iBnyrZ15yMvuu4Ud8u+TRFsB7AwA10PewM22FEsLy4vX X-Received: by 10.194.189.143 with SMTP id gi15mr4519346wjc.54.1457030668806; Thu, 03 Mar 2016 10:44:28 -0800 (PST) Received: from localhost.localdomain ([195.55.142.58]) by smtp.gmail.com with ESMTPSA id l132sm10115534wmf.7.2016.03.03.10.44.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 03 Mar 2016 10:44:27 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, keescook@chromium.org, catalin.marinas@arm.com, mark.rutland@arm.com Subject: [PATCH v2 3/3] arm64: kaslr: increase randomization granularity Date: Thu, 3 Mar 2016 19:44:16 +0100 Message-Id: <1457030656-29584-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1457030656-29584-1-git-send-email-ard.biesheuvel@linaro.org> References: <1457030656-29584-1-git-send-email-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160303_104445_910151_4B31471C X-CRM114-Status: GOOD ( 15.76 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:232 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matt@codeblueprint.co.uk, david.brown@linaro.org, Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org Currently, our KASLR implementation randomizes the placement of the core kernel at 2 MB granularity. This is based on the arm64 kernel boot protocol, which mandates that the kernel is loaded TEXT_OFFSET bytes above a 2 MB aligned base address. This requirement is a result of the fact that the block size used by the early mapping code may be 2 MB at the most (for a 4 KB granule kernel) But we can do better than that: since a KASLR kernel needs to be relocated in any case, we can tolerate a physical misalignment as long as the virtual misalignment relative to this 2 MB block size is equal in size, and code to deal with this is already in place. Since we align the kernel segments to 64 KB, let's randomize the physical offset at 64 KB granularity as well (unless CONFIG_DEBUG_ALIGN_RODATA is enabled). This way, the mapping efficiency is not affected at all. The higher granularity produces 5 bits of additional entropy. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) -- 2.5.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index e0e6b74fef8f..a1dd4a1dad0b 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -61,15 +61,23 @@ efi_status_t __init handle_kernel_image(efi_system_table_t *sys_table_arg, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && phys_seed != 0) { /* + * Produce a displacement in the interval [0, MIN_KIMG_ALIGN) + * that is a multiple of the minimal segment alignment (SZ_64K) + */ + u32 offset = !IS_ENABLED(CONFIG_DEBUG_ALIGN_RODATA) ? + (phys_seed >> 32) & (MIN_KIMG_ALIGN - 1) & + ~(SZ_64K - 1) : TEXT_OFFSET; + + /* * If KASLR is enabled, and we have some randomness available, * locate the kernel at a randomized offset in physical memory. */ - *reserve_size = kernel_memsize + TEXT_OFFSET; + *reserve_size = kernel_memsize + offset; status = efi_random_alloc(sys_table_arg, *reserve_size, MIN_KIMG_ALIGN, reserve_addr, - phys_seed); + (u32)phys_seed); - *image_addr = *reserve_addr + TEXT_OFFSET; + *image_addr = *reserve_addr + offset; } else { /* * Else, try a straight allocation at the preferred offset.