Commit 1598ecda authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Will Deacon

arm64: kaslr: ensure randomized quantities are clean to the PoC

kaslr_early_init() is called with the kernel mapped at its
link time offset, and if it returns with a non-zero offset,
the kernel is unmapped and remapped again at the randomized
offset.

During its execution, kaslr_early_init() also randomizes the
base of the module region and of the linear mapping of DRAM,
and sets two variables accordingly. However, since these
variables are assigned with the caches on, they may get lost
during the cache maintenance that occurs when unmapping and
remapping the kernel, so ensure that these values are cleaned
to the PoC.
Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Fixes: f80fb3a3 ("arm64: add support for kernel ASLR")
Cc: <stable@vger.kernel.org> # v4.6+
Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
parent 2f979675
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/types.h> #include <linux/types.h>
#include <asm/cacheflush.h>
#include <asm/fixmap.h> #include <asm/fixmap.h>
#include <asm/kernel-pgtable.h> #include <asm/kernel-pgtable.h>
#include <asm/memory.h> #include <asm/memory.h>
...@@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *fdt) ...@@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *fdt)
return ret; return ret;
} }
static __init const u8 *get_cmdline(void *fdt) static __init const u8 *kaslr_get_cmdline(void *fdt)
{ {
static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE;
...@@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys) ...@@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys)
* Check if 'nokaslr' appears on the command line, and * Check if 'nokaslr' appears on the command line, and
* return 0 if that is the case. * return 0 if that is the case.
*/ */
cmdline = get_cmdline(fdt); cmdline = kaslr_get_cmdline(fdt);
str = strstr(cmdline, "nokaslr"); str = strstr(cmdline, "nokaslr");
if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) if (str == cmdline || (str > cmdline && *(str - 1) == ' '))
return 0; return 0;
...@@ -169,5 +170,8 @@ u64 __init kaslr_early_init(u64 dt_phys) ...@@ -169,5 +170,8 @@ u64 __init kaslr_early_init(u64 dt_phys)
module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21;
module_alloc_base &= PAGE_MASK; module_alloc_base &= PAGE_MASK;
__flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base));
__flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed));
return offset; return offset;
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment