[0/2] Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE

Message ID	20200721094445.82184-1-dbrazdil@google.com (mailing list archive)
Headers	show Return-Path: <SRS0=yukz=BA=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 34929206E9 From: David Brazdil <dbrazdil@google.com> To: Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>, James Morse <james.morse@arm.com>, Julien Thierry <julien.thierry.kdev@gmail.com>, Suzuki K Poulose <suzuki.poulose@arm.com> Subject: [PATCH 0/2] Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE Date: Tue, 21 Jul 2020 10:44:43 +0100 Message-Id: <20200721094445.82184-1-dbrazdil@google.com> MIME-Version: 1.0 summary: Content analysis details: (-15.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:344 listed in] [list.dnswl.org] -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match -0.0 DKIMWL_WL_MED DKIMwl.org - Medium sender Precedence: list Cc: android-kvm@google.com, linux-kernel@vger.kernel.org, David Brazdil <dbrazdil@google.com>, kernel-team@android.com, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE \| expand [0/2] Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE [1/2] KVM: arm64: Make nVHE ASLR conditional on RANDOMIZE_BASE [2/2] KVM: arm64: Substitute RANDOMIZE_BASE for HARDEN_EL2_VECTORS

Message ID

20200721094445.82184-1-dbrazdil@google.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 34929206E9
From: David Brazdil <dbrazdil@google.com>
To: Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 James Morse <james.morse@arm.com>,
 Julien Thierry <julien.thierry.kdev@gmail.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 0/2] Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE
Date: Tue, 21 Jul 2020 10:44:43 +0100
Message-Id: <20200721094445.82184-1-dbrazdil@google.com>
MIME-Version: 1.0
Precedence: list
Cc: android-kvm@google.com, linux-kernel@vger.kernel.org,
 David Brazdil <dbrazdil@google.com>, kernel-team@android.com,
 kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

Unify non-VHE ASLR features behind CONFIG_RANDOMIZE_BASE | expand

Message

David Brazdil July 21, 2020, 9:44 a.m. UTC

There is currently no way to disable nVHE ASLR, e.g. for debugging, so the
first patch in this series makes it conditional on RANDOMIZE_BASE, same as
KASLR. Note that the 'nokaslr' command line flag has no effect here.

Second patch unifies the HARDEN_EL2_VECTORS errate for A57 and A72 behind
the same Kconfig for simplicity. Happy to make it just depend on
RANDOMIZE_BASE if having an option to keep randomization on but hardenning
off is preferred.

David Brazdil (2):
  KVM: arm64: Make nVHE ASLR conditional on RANDOMIZE_BASE
  KVM: arm64: Substitute RANDOMIZE_BASE for HARDEN_EL2_VECTORS

 arch/arm64/Kconfig             | 16 ----------------
 arch/arm64/include/asm/mmu.h   |  6 ++----
 arch/arm64/kernel/cpu_errata.c |  4 ++--
 arch/arm64/kvm/Kconfig         |  2 +-
 arch/arm64/kvm/va_layout.c     |  2 +-
 5 files changed, 6 insertions(+), 24 deletions(-)

Comments

Marc Zyngier July 28, 2020, 11:04 a.m. UTC | #1

On Tue, 21 Jul 2020 10:44:43 +0100, David Brazdil wrote:
> There is currently no way to disable nVHE ASLR, e.g. for debugging, so the
> first patch in this series makes it conditional on RANDOMIZE_BASE, same as
> KASLR. Note that the 'nokaslr' command line flag has no effect here.
> 
> Second patch unifies the HARDEN_EL2_VECTORS errate for A57 and A72 behind
> the same Kconfig for simplicity. Happy to make it just depend on
> RANDOMIZE_BASE if having an option to keep randomization on but hardenning
> off is preferred.
> 
> [...]

Applied to kvm-arm64/misc-5.9, thanks!

[1/2] KVM: arm64: Make nVHE ASLR conditional on RANDOMIZE_BASE
      commit: 24f69c0fa4e252f706884114b7d6353aa07678b5
[2/2] KVM: arm64: Substitute RANDOMIZE_BASE for HARDEN_EL2_VECTORS
      commit: a59a2edbbba7397fede86e40a3da17e5beebf98b

Cheers,

	M.