From patchwork Fri Jul  1 13:04:37 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb@kernel.org>
X-Patchwork-Id: 12903277
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 6DBF7C433EF
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri,  1 Jul 2022 13:08:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=vewjXOkUnWuIEX6cXIzE2yGN7m+b3Lgg1liFFWBxawA=; b=o2nqavz9Z6bA9x
	sYzikBKDJGAJed12WhXydaSh42M/JFJ/QZJ9+s94m9voGZ2rCTbFUo3HRDPDpU0Fh6x2I6WLGZX2U
	fZqITjEwjAw3Fw0BP7JRKuuoddLDcnh7mUCKSUR5CNvS5dEocJQs/2+DHmUm9CPSLFshI22iiqw9D
	IUPGndqlskq/gNE+Kk4JoB9ZSBvaIRuA9laknNAI2SZ+Zn1ScaiMTA+gUoFI68ACrxx2sO13tOCE+
	XnuNSHwnA6KTPwV/i4Hm8FzJCUlxyZOVs8x1J9HFwc08AAqtm2CULAneiCvQrDCWzY+oPhA5yRpQ3
	drXPt7d8WXpT76hiroxg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1o7GML-004wW7-OW; Fri, 01 Jul 2022 13:06:58 +0000
Received: from sin.source.kernel.org ([145.40.73.55])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1o7GKb-004viX-TD
	for linux-arm-kernel@lists.infradead.org; Fri, 01 Jul 2022 13:05:11 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sin.source.kernel.org (Postfix) with ESMTPS id 70389CE334B;
	Fri,  1 Jul 2022 13:05:02 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id EDDB9C36AE3;
	Fri,  1 Jul 2022 13:04:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1656680700;
	bh=rnFlFPKKuxQAP3H7uKz8SxNzra7BBkANch+YUt1Hzw8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ChXRvYd2068TOVSi+M2YZRPRCd2gam2hAKR9/QRbUrdx1+ugb8XYgDdQs6RMsn/Jf
	 BxSOJn7zmNHXMG5fF2bQcbL4V/yi2lHgSXLzMUGlKHB0hpxrDJNrRVBjC8LTSYEOgu
	 LiGozsxDAJr3J7ZoFmyLG75R9fqgDhY8qvTETjmI/o+Gx8/XPVoOnWFB/7eiHDN46a
	 /YVAEFCBE4fwSP72yjfVUQnvvPSWUpTWvu6jleT94cYOF0AfxEsJl438kGIcaK6Cdj
	 riTRyoLsjbDHqydp9Dl8ZcMTtnjXXuVJOAQfghkbPnNSFuYvtKIQpihFfgwmGso4kR
	 G6I0pOAd+VbkA==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Will Deacon <will@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Kees Cook <keescook@chromium.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Mark Brown <broonie@kernel.org>,
	Anshuman Khandual <anshuman.khandual@arm.com>
Subject: [PATCH v6 2/9] arm64: kaslr: don't pretend KASLR is enabled if offset
 < MIN_KIMG_ALIGN
Date: Fri,  1 Jul 2022 15:04:37 +0200
Message-Id: <20220701130444.2945106-3-ardb@kernel.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220701130444.2945106-1-ardb@kernel.org>
References: <20220701130444.2945106-1-ardb@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=2419; h=from:subject;
 bh=rnFlFPKKuxQAP3H7uKz8SxNzra7BBkANch+YUt1Hzw8=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBivvDdKwx2dK1WbWW83TwpOa02aRThxeiSkEraOToQ
 qD7ccaCJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYr7w3QAKCRDDTyI5ktmPJNItDA
 C8JL8qwQRmo8SUWPgFqsHlJQF898QLgoIa+kUPfBDtjiLrL2MziWzRgto0nsM+i+cGSI13C9wLM/RR
 cWbXBHdSZH5GfwjGFbG7q6fhiqnm/bTe/qq86t9pkG0ypuz7I9FWNMMbRPiTjw0V19G8s8kxoMyR+F
 leAruoLNlVsvmBvPqfYy7JYYZhf/MBGdP7IzCTIeLT2keMlpZTBKfJPcwFYsq+Mhx/lA4JvMF8JvR3
 MVl0ioV0WK3w0O5HuavirUHEK3++mJWwHy2CH6ENY++iWhUEaK1Ozd0KfIX3NMGMB6DL7/jSqSGKvM
 2t2d6XoL/ATUbgkWBEyxSWj3NvEJApGJCnXUagi5tv9/LpDinfYyXZaW9GjgM8dtnVyO5WpNN5Hs0l
 dXVCG6x+7AQAAPx7yv8brmYmT5Btt/q2w/5DyM3c17HKClWOE1r/qLfiIYhZs6jE8zE8b/63tNYUS+
 ZfyVqRq/si9wDqddNra6ZrTI2xT9Y1RacBSp4480WATAA=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220701_060510_460597_8D9108F3 
X-CRM114-Status: GOOD (  18.80  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Our virtual KASLR displacement consists of a fully randomized multiple
of 2 MiB, combined with an offset that is equal to the physical
placement modulo 2 MiB. This arrangement ensures that we can always use
2 MiB block mappings (or contiguous PTE mappings for 16k or 64k pages)
to map the kernel.

This means that a KASLR offset of less than 2 MiB is simply the product
of this physical displacement, and no randomization has actually taken
place. So let's avoid misreporting this case as 'KASLR enabled'.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/include/asm/memory.h | 11 +++++++++++
 arch/arm64/kernel/cpufeature.c  |  2 +-
 arch/arm64/kernel/kaslr.c       |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index c751cd9b94f8..498af99d1adc 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -172,6 +172,7 @@
 #include <linux/compiler.h>
 #include <linux/mmdebug.h>
 #include <linux/types.h>
+#include <asm/boot.h>
 #include <asm/bug.h>
 
 #if VA_BITS > 48
@@ -195,6 +196,16 @@ static inline unsigned long kaslr_offset(void)
 	return kimage_vaddr - KIMAGE_VADDR;
 }
 
+static inline bool kaslr_enabled(void)
+{
+	/*
+	 * The KASLR offset modulo MIN_KIMG_ALIGN is taken from the physical
+	 * placement of the image rather than from the seed, so a displacement
+	 * of less than MIN_KIMG_ALIGN means that no seed was provided.
+	 */
+	return kaslr_offset() >= MIN_KIMG_ALIGN;
+}
+
 /*
  * Allow all memory at the discovery stage. We will clip it later.
  */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 98b48d9069a7..22e3604aee02 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1562,7 +1562,7 @@ bool kaslr_requires_kpti(void)
 			return false;
 	}
 
-	return kaslr_offset() > 0;
+	return kaslr_enabled();
 }
 
 static bool __meltdown_safe = true;
diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index bcbcca938da8..d63322fc1d40 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -43,7 +43,7 @@ static int __init kaslr_init(void)
 		return 0;
 	}
 
-	if (!kaslr_offset()) {
+	if (!kaslr_enabled()) {
 		pr_warn("KASLR disabled due to lack of seed\n");
 		return 0;
 	}