From patchwork Sun Jan 27 08:29:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 156684 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2188120jaa; Sun, 27 Jan 2019 00:29:49 -0800 (PST) X-Google-Smtp-Source: ALg8bN7vJH09gqlWuppiaCmGQYZI5OirTF/N9K3oU0nNQMtYBgCfrAnB1hTPaeGl7wbTRuI8sB0q X-Received: by 2002:a17:902:8687:: with SMTP id g7mr17367540plo.96.1548577789092; Sun, 27 Jan 2019 00:29:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548577789; cv=none; d=google.com; s=arc-20160816; b=ziQuR4Axi+ZLv/eaUswvl+HYAZ9KVBUh9gLeho01TD4rtabuO4D4v0CtKNzMo2x2y3 JugefuaEL57wWDMfA4rde3t15wOTWGWKgP5HymdtNve0OrKw4xrklU8J6M2nvpzeIU4h Q9w8IwVc0y4c3FThX/3w3R4nu02MpdD3t0zpuDp7flvxtkz2qrsqj666cBTDj9A0sIJk rsvZzateRdpgl0N3ZnLePP0w43mvm2b8todC+nZQBOzXlbff687fbP0S1MWwQbklDc7E ecVOOcOKndeKEUjrfTlimkmz7GOM5GyO2R8eKU4t0p/FzPz3LgCo8ONYORv5SvLfVjRd 7iKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Pcz3APvMfrAaCnd4rFCsM9XQr9R81TbDRa9rzor92zE=; b=cUWNdFlYjWFmNssPti3BQfvJF1X1xQv59aH3q73YBH0/csKdfRKJrZt1n6qj1Bf9jl zYJ410aSadYxfQKAautgyGVUkuro/WKD1uR+Cx12H/Yxt8tKgOuLd7SouAzN/qFZkC1O Mr9gmZNFuQm68yh2cwqfeK+uiIadLBB5f/Wp5x7hPadCxYMTD2y8SGJlYWb/IV3Op0BR n3lm8GavaP566EeIzuU5YPMcYj97ASzUUanlz3jkz97Na6wNMK09m3//hUxqYTc9BzN3 sfd0MWwTPpEgUPazEDIwE/k/fbl8un2LXayJNqcMfz8P3NeDTnTUW1DTK9ymCXvfsx++ ww2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Z6pC8HdZ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d189si31957532pfa.70.2019.01.27.00.29.48; Sun, 27 Jan 2019 00:29:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Z6pC8HdZ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726632AbfA0I3s (ORCPT + 15 others); Sun, 27 Jan 2019 03:29:48 -0500 Received: from mail-wr1-f67.google.com ([209.85.221.67]:38170 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726604AbfA0I3r (ORCPT ); Sun, 27 Jan 2019 03:29:47 -0500 Received: by mail-wr1-f67.google.com with SMTP id v13so14527500wrw.5 for ; Sun, 27 Jan 2019 00:29:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Pcz3APvMfrAaCnd4rFCsM9XQr9R81TbDRa9rzor92zE=; b=Z6pC8HdZqyTNII1AxdK5JVy4mxJEMJAaVCRMYfmPnfFyKmCW9VksTk6xtanGgEWsnm /2D7ijl5KBeSqcOxtd1FVtdfMRAgePMB/7VV2Eh/CHwHUWpAV9KITfXn3XJzJx+1+5dv XVMOR2iPKxyoPDlsZtFehKhBNVxubKTp0oaZQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Pcz3APvMfrAaCnd4rFCsM9XQr9R81TbDRa9rzor92zE=; b=n9A/3sXjxlBT5tD0IlRWiydnA2+352bYhevlpvjMP1dVjPIS8mxg+agqGPv1vb+JLE IZxjlXmDYEyDkJXRoiy/BQIAlMnYPn/gPll9/KLMLjjE+qFKSdD3Vwf3sf5ZY14Q52wT H/y2aNFXbOhXe+B+SyatZXpP2b5qBTIchZxSn1eg+Q7WLXMFoX3+92TkA+ZUJkmhEKps 6ua8vFR0emKIbgZy5DEuncjSRGTIs5KC6GJNIIp/ehvIUtTJsPnpXmxPXk7myH4h8S0C CYJinGxsWyzzN+RCXTq4rZjEqTIIAYDHGnTjyWPDmCZcMlyfW9hkyAECXi6sc7vDz72n /rbQ== X-Gm-Message-State: AJcUuke008DL0q2a8bGX/ZeMK/XetOwPyvgJGRbQ6ruqz1l7ohYuttgH OFF3LkzGVD6tq3YrS+dc6VajuNDd9p7a3A== X-Received: by 2002:adf:b102:: with SMTP id l2mr16906631wra.296.1548577786162; Sun, 27 Jan 2019 00:29:46 -0800 (PST) Received: from sudo.home ([2a01:cb1d:112:6f00:887d:32e9:9391:d3bf]) by smtp.gmail.com with ESMTPSA id s66sm59019402wmf.34.2019.01.27.00.29.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 27 Jan 2019 00:29:45 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: will.deacon@arm.com, catalin.marinas@arm.com, Ard Biesheuvel , stable@vger.kernel.org Subject: [PATCH] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Date: Sun, 27 Jan 2019 09:29:42 +0100 Message-Id: <20190127082942.21998-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org Commit 1598ecda7b23 ("arm64: kaslr: ensure randomized quantities are clean to the PoC") added cache maintenance to ensure that global variables set by the kaslr init routine are not wiped clean due to cache invalidation occurring during the second round of page table creation. However, if kaslr_early_init() exits early with no randomization being applied (either due to the lack of a seed, or because the user has disabled kaslr explicitly), no cache maintenance is performed, leading to the same issue we attempted to fix earlier, as far as the module_alloc_base variable is concerned. Note that module_alloc_base cannot be initialized statically, because that would cause it to be subject to a R_AARCH64_RELATIVE relocation, causing it to be overwritten by the second round of KASLR relocation processing. Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: # v4.6+ Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/kaslr.c | 1 + 1 file changed, 1 insertion(+) -- 2.20.1 diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c index ba6b41790fcd..b09b6f75f759 100644 --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -88,6 +88,7 @@ u64 __init kaslr_early_init(u64 dt_phys) * we end up running with module randomization disabled. */ module_alloc_base = (u64)_etext - MODULES_VSIZE; + __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); /* * Try to map the FDT early. If this fails, we simply bail,