From patchwork Mon Jun 13 22:10:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9174469 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8159C60573 for ; Mon, 13 Jun 2016 22:10:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 72E4B20410 for ; Mon, 13 Jun 2016 22:10:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 67EA927C0C; Mon, 13 Jun 2016 22:10:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EDE4E20410 for ; Mon, 13 Jun 2016 22:10:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423604AbcFMWKH (ORCPT ); Mon, 13 Jun 2016 18:10:07 -0400 Received: from mail-pf0-f175.google.com ([209.85.192.175]:34528 "EHLO mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751992AbcFMWKF (ORCPT ); Mon, 13 Jun 2016 18:10:05 -0400 Received: by mail-pf0-f175.google.com with SMTP id 62so50142030pfd.1 for ; Mon, 13 Jun 2016 15:10:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:cc:subject:message-id:mime-version:content-disposition; bh=6JKzRLbg3SRRO7ivhQ7/0rb8sFBrXwVQfDlPFUmsFx0=; b=CRi2zRcSzo3aqKGNProIu56ZsimbRT1B3IXH87LZnrKrpZRLnpKwfHzkHu3OFyYQA9 aD0fX/AC+BGLDyJ3yhuvr4txns2fAxmUgpiPoue1tQBA7L6lLj6kW3qY95ILaOjfvifq I5LRdkieB1XAo55MUwQCalYXWWwmTn1zu9oos= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:cc:subject:message-id:mime-version :content-disposition; bh=6JKzRLbg3SRRO7ivhQ7/0rb8sFBrXwVQfDlPFUmsFx0=; b=CwXKMdkgm/7zWUBq2hu2poTX1fpTYwY4lyfnGuqeOOqMVuNlQ/3nIGz0TAbNY1/Frb 3Exwdl/9oxycW9CBBcq80zXuXPZpuafm9EIuefM0ljNaiy+o0xD60DVWXRbNFrm1F70y 08xS0W4R64A4IpMAntI1F503a+Kooh1CvFDjJ1D66Pk0tgXobVAUTjF1c+PtWsqdFcBU yjSH22ax0s2kVXjQOBm97m52qhhdD4GbtKkDKGk3cb6vgx7yF35akMTjrT1pY6G5wQk8 1pMYtidH4VfieqCda/PnDP9b7b6EfFtOCD9Etd5529mIdN+7PyBXb0UAqIJlACTyz11Q m2aw== X-Gm-Message-State: ALyK8tIurFEpbBfPuNxQiJS3BTdOyT7m7zUTDPU0cO9Xs84kmeC6z9qRzJqdE2/s4o0x6kso X-Received: by 10.98.204.130 with SMTP id j2mr24070420pfk.147.1465855804297; Mon, 13 Jun 2016 15:10:04 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id i89sm19758432pfi.22.2016.06.13.15.10.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jun 2016 15:10:03 -0700 (PDT) Date: Mon, 13 Jun 2016 15:10:02 -0700 From: Kees Cook Cc: linux-kernel@vger.kernel.org, Linux PM list , Stephen Smalley , Ingo Molnar , Logan Gunthorpe , the arch/x86 maintainers , Borislav Petkov , Jonathan Corbet , Len Brown , Pavel Machek , Baoquan He , Yinghai Lu , Andy Lutomirski , linux-doc@vger.kernel.org Subject: [PATCH] x86/KASLR: remove x86 hibernation restrictions Message-ID: <20160613221002.GA29719@www.outflux.net> MIME-Version: 1.0 Content-Disposition: inline To: unlisted-recipients:; (no To-header on input) Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP With the commit "Fix 64-bit code passing control to image kernel", there is no longer a problem with hibernation resuming a KASLR-booted kernel image. Signed-off-by: Kees Cook --- Depends on: https://lkml.org/lkml/2016/6/13/442 --- Documentation/kernel-parameters.txt | 10 ++++------ arch/x86/boot/compressed/kaslr.c | 7 ------- kernel/power/hibernate.c | 6 ------ 3 files changed, 4 insertions(+), 19 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 82b42c958d1c..fa8c6d470ad2 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1803,12 +1803,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. js= [HW,JOY] Analog joystick See Documentation/input/joystick.txt. - kaslr/nokaslr [X86] - Enable/disable kernel and module base offset ASLR - (Address Space Layout Randomization) if built into - the kernel. When CONFIG_HIBERNATION is selected, - kASLR is disabled by default. When kASLR is enabled, - hibernation will be disabled. + nokaslr [KNL] + When CONFIG_RANDOMIZE_BASE is set, this disables + kernel and module base offset ASLR (Address Space + Layout Randomization). keepinitrd [HW,ARM] diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index cfeb0259ed81..dff42177cb0c 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -471,17 +471,10 @@ unsigned char *choose_random_location(unsigned long input, unsigned long choice = output; unsigned long random_addr; -#ifdef CONFIG_HIBERNATION - if (!cmdline_find_option_bool("kaslr")) { - warn("KASLR disabled: 'kaslr' not on cmdline (hibernation selected)."); - goto out; - } -#else if (cmdline_find_option_bool("nokaslr")) { warn("KASLR disabled: 'nokaslr' on cmdline."); goto out; } -#endif boot_params->hdr.loadflags |= KASLR_FLAG; diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index fca9254280ee..9021387c6ff4 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -1154,11 +1154,6 @@ static int __init nohibernate_setup(char *str) return 1; } -static int __init kaslr_nohibernate_setup(char *str) -{ - return nohibernate_setup(str); -} - static int __init page_poison_nohibernate_setup(char *str) { #ifdef CONFIG_PAGE_POISONING_ZERO @@ -1182,5 +1177,4 @@ __setup("hibernate=", hibernate_setup); __setup("resumewait", resumewait_setup); __setup("resumedelay=", resumedelay_setup); __setup("nohibernate", nohibernate_setup); -__setup("kaslr", kaslr_nohibernate_setup); __setup("page_poison=", page_poison_nohibernate_setup);