From patchwork Wed Dec 6 12:35:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 10095883 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A6E4B60210 for ; Wed, 6 Dec 2017 13:34:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 977F629780 for ; Wed, 6 Dec 2017 13:34:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8B429297F3; Wed, 6 Dec 2017 13:34:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1889629780 for ; Wed, 6 Dec 2017 13:34:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=b6IuvVHVZ2hHytXw+WHNMGynx47onNOsCEmIDsYGh8A=; b=XHLFRaG7weS0KCbFejDzTEO8k4 c8pDylzodXZlMxqHjRdC65VfQff0gxxNLnnoha2tDz9U7zSUCmiDgrEfetxVR9CVlAssiyckn/r2g BJQwUC0AYK6WvmGdc4JsH0yntHp0mjOik96M/gRTv1m4P556rY8M+nYBtLGiL6lrWPTVJURFYqcyZ LY6Lx9GF5SlhU/vdVgAZ5hBapcPIEOhvWajw32G8/xRDnIRc87eIZR7ce45I6AOmMh8urWMG8mr68 BVuJLo0hvwwwQWmc2iwwnfQaMoiw/cklaU/P8ryHGoPukqFDSsb7fabo+lyvO2XBQjbqhI68HE7XO DLM2DGtQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eMZqM-0007a4-2v; Wed, 06 Dec 2017 13:34:34 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1eMZqK-0007Fb-4z for linux-arm-kernel@bombadil.infradead.org; Wed, 06 Dec 2017 13:34:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=vkivRbjPJxZ6U5AiBhzxetZ3KZKwpfh7wwCUoC1F3uQ=; b=etdpHl7kN9Lab7GaQTw4h89zI UeZFCLugqvWtN2vuNhJ9igFOlx2bPqN+F/f7/cgrCjWXcSGvu2wBS4Sco0enPXBQoVw3yNt+Z0OHb 69cBHwVj5JM7W4RFDlcUKPeJBkuVPRxSLGPZsYqiq91CkAaS71qVTh8TANscI6z74Ole253VWTw2u 4WXPEGbPSDnoFpwrcU4gRaLQWikddYjYBtmIJR0XfhBun6mbSVIJR5snHRCifMuUAYxnaQpdTA03N 50VjC03WwgW+In5ml5JSkKq4xOQafBaSL060Qh5owqRIeLKaKxIWJFF4yi0EoVNGysXqsATH1QC1g SrhbiJPoA==; Received: from foss.arm.com ([217.140.101.70]) by merlin.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eMYxA-0008EN-Pa for linux-arm-kernel@lists.infradead.org; Wed, 06 Dec 2017 12:37:33 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 569711AD7; Wed, 6 Dec 2017 04:36:12 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 282C83F5BD; Wed, 6 Dec 2017 04:36:12 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 4274F1AE3A0E; Wed, 6 Dec 2017 12:36:17 +0000 (GMT) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 20/20] arm64: kaslr: Put kernel vectors address in separate data page Date: Wed, 6 Dec 2017 12:35:39 +0000 Message-Id: <1512563739-25239-21-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1512563739-25239-1-git-send-email-will.deacon@arm.com> References: <1512563739-25239-1-git-send-email-will.deacon@arm.com> X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, keescook@chromium.org, ard.biesheuvel@linaro.org, catalin.marinas@arm.com, dave.hansen@linux.intel.com, sboyd@codeaurora.org, linux-kernel@vger.kernel.org, Will Deacon , msalter@redhat.com, tglx@linutronix.de, labbott@redhat.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP The literal pool entry for identifying the vectors base is the only piece of information in the trampoline page that identifies the true location of the kernel. This patch moves it into its own page, which is only mapped by the full kernel page table, which protects against any accidental leakage of the trampoline contents. Suggested-by: Ard Biesheuvel Signed-off-by: Will Deacon --- arch/arm64/include/asm/fixmap.h | 1 + arch/arm64/kernel/entry.S | 11 +++++++++++ arch/arm64/kernel/vmlinux.lds.S | 35 ++++++++++++++++++++++++++++------- arch/arm64/mm/mmu.c | 10 +++++++++- 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h index 8119b49be98d..ec1e6d6fa14c 100644 --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -59,6 +59,7 @@ enum fixed_addresses { #endif /* CONFIG_ACPI_APEI_GHES */ #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 3eabcb194c87..a70c6dd2cc19 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1030,7 +1030,13 @@ alternative_else_nop_endif msr tpidrro_el0, x30 // Restored in kernel_ventry .endif tramp_map_kernel x30 +#ifdef CONFIG_RANDOMIZE_BASE + adr x30, tramp_vectors + PAGE_SIZE +alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 + ldr x30, [x30] +#else ldr x30, =vectors +#endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) @@ -1073,6 +1079,11 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text +#ifdef CONFIG_RANDOMIZE_BASE + .pushsection ".entry.tramp.data", "a" // .entry.tramp.data + .quad vectors + .popsection // .entry.tramp.data +#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 6b4260f22aab..976109b3ae51 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -58,15 +58,28 @@ jiffies = jiffies_64; #endif #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -#define TRAMP_TEXT \ - . = ALIGN(PAGE_SIZE); \ - VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ - *(.entry.tramp.text) \ - . = ALIGN(PAGE_SIZE); \ +#define TRAMP_TEXT \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ + *(.entry.tramp.text) \ + . = ALIGN(PAGE_SIZE); \ VMLINUX_SYMBOL(__entry_tramp_text_end) = .; +#ifdef CONFIG_RANDOMIZE_BASE +#define TRAMP_DATA \ + .entry.tramp.data : { \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_data_start) = .; \ + *(.entry.tramp.data) \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_data_end) = .; \ + } +#else +#define TRAMP_DATA +#endif /* CONFIG_RANDOMIZE_BASE */ #else #define TRAMP_TEXT -#endif +#define TRAMP_DATA +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* * The size of the PE/COFF section that covers the kernel image, which @@ -137,6 +150,7 @@ SECTIONS RO_DATA(PAGE_SIZE) /* everything from this point to */ EXCEPTION_TABLE(8) /* __init_begin will be marked RO NX */ NOTES + TRAMP_DATA . = ALIGN(SEGMENT_ALIGN); __init_begin = .; @@ -251,7 +265,14 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K, ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) <= SZ_4K, "Hibernate exit text too big or misaligned") #endif - +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, + "Entry trampoline text too big") +#ifdef CONFIG_RANDOMIZE_BASE +ASSERT((__entry_tramp_data_end - __entry_tramp_data_start) == PAGE_SIZE, + "Entry trampoline data too big") +#endif +#endif /* * If padding is applied before .head.text, virt<->phys conversions will fail. */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index fe68a48c64cb..916d9ced1c3f 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -541,8 +541,16 @@ static int __init map_entry_trampoline(void) __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, prot, pgd_pgtable_alloc, 0); - /* ...as well as the kernel page table */ + /* Map both the text and data into the kernel page table */ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + extern char __entry_tramp_data_start[]; + + __set_fixmap(FIX_ENTRY_TRAMP_DATA, + __pa_symbol(__entry_tramp_data_start), + PAGE_KERNEL_RO); + } + return 0; } core_initcall(map_entry_trampoline);