[PATCH v2 24/29] ARM: kernel: implement randomization of the kernel load address

[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 01/29] net/core: work around section mismatch warning for ptp_classifier · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 02/29] asm-generic: add .data.rel.ro sections to __ro_after_init · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 02/29] asm-generic: add .data.rel.ro sections to __ro_after_init · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 02/29] asm-generic: add .data.rel.ro sections to __ro_after_init · Kees Cook <hidden> · 2017-09-04
[PATCH v2 03/29] ARM: assembler: introduce adr_l, ldr_l and str_l macros · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 03/29] ARM: assembler: introduce adr_l, ldr_l and str_l macros · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 04/29] ARM: head-common.S: use PC-relative insn sequence for __proc_info · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 04/29] ARM: head-common.S: use PC-relative insn sequence for __proc_info · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 05/29] ARM: head-common.S: use PC-relative insn sequence for idmap creation · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 05/29] ARM: head-common.S: use PC-relative insn sequence for idmap creation · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 06/29] ARM: head.S: use PC-relative insn sequence for secondary_data · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 06/29] ARM: head.S: use PC-relative insn sequence for secondary_data · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 07/29] ARM: kernel: use relative references for UP/SMP alternatives · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 07/29] ARM: kernel: use relative references for UP/SMP alternatives · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 08/29] ARM: head: use PC-relative insn sequence for __smp_alt · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 08/29] ARM: head: use PC-relative insn sequence for __smp_alt · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 08/29] ARM: head: use PC-relative insn sequence for __smp_alt · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 09/29] ARM: sleep.S: use PC-relative insn sequence for sleep_save_sp/mpidr_hash · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 09/29] ARM: sleep.S: use PC-relative insn sequence for sleep_save_sp/mpidr_hash · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 10/29] ARM: head.S: use PC-relative insn sequences for __fixup_pv_table · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 10/29] ARM: head.S: use PC-relative insn sequences for __fixup_pv_table · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 11/29] ARM: head.S: use PC relative insn sequence to calculate PHYS_OFFSET · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 11/29] ARM: head.S: use PC relative insn sequence to calculate PHYS_OFFSET · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 12/29] ARM: kvm: replace open coded VA->PA calculations with adr_l call · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 12/29] ARM: kvm: replace open coded VA->PA calculations with adr_l call · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 13/29] arm-soc: exynos: replace open coded VA->PA conversions · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 13/29] arm-soc: exynos: replace open coded VA->PA conversions · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 14/29] arm-soc: mvebu: replace open coded VA->PA conversion · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 14/29] arm-soc: mvebu: replace open coded VA->PA conversion · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 15/29] arm-soc: various: replace open coded VA->PA calculation of pen_release · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 15/29] arm-soc: various: replace open coded VA->PA calculation of pen_release · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 16/29] ARM: kernel: switch to relative exception tables · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 16/29] ARM: kernel: switch to relative exception tables · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 16/29] ARM: kernel: switch to relative exception tables · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 17/29] ARM: kernel: use relative phys-to-virt patch tables · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 17/29] ARM: kernel: use relative phys-to-virt patch tables · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 17/29] ARM: kernel: use relative phys-to-virt patch tables · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 18/29] arm-soc: tegra: make sleep asm code runtime relocatable · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 19/29] ARM: kernel: make vmlinux buildable as a PIE executable · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 19/29] ARM: kernel: make vmlinux buildable as a PIE executable · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 19/29] ARM: kernel: make vmlinux buildable as a PIE executable · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 20/29] ARM: kernel: use PC-relative symbol references in MMU switch code · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 20/29] ARM: kernel: use PC-relative symbol references in MMU switch code · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 20/29] ARM: kernel: use PC-relative symbol references in MMU switch code · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 21/29] ARM: kernel: use PC relative symbol references in suspend/resume code · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 21/29] ARM: kernel: use PC relative symbol references in suspend/resume code · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 21/29] ARM: kernel: use PC relative symbol references in suspend/resume code · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 22/29] ARM: mm: export default vmalloc base address · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 22/29] ARM: mm: export default vmalloc base address · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 23/29] ARM: kernel: refer to swapper_pg_dir via its symbol · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 23/29] ARM: kernel: refer to swapper_pg_dir via its symbol · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 23/29] ARM: kernel: refer to swapper_pg_dir via its symbol · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 24/29] ARM: kernel: implement randomization of the kernel load address · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 24/29] ARM: kernel: implement randomization of the kernel load address · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 24/29] ARM: kernel: implement randomization of the kernel load address · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 25/29] ARM: decompressor: explicitly map decompressor binary cacheable · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 25/29] ARM: decompressor: explicitly map decompressor binary cacheable · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 26/29] ARM: decompressor: add KASLR support · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 26/29] ARM: decompressor: add KASLR support · Nicolas Pitre <hidden> · 2017-09-04
[PATCH v2 26/29] ARM: decompressor: add KASLR support · Ard Biesheuvel <hidden> · 2017-09-04
[PATCH v2 27/29] efi/libstub: add 'max' parameter to efi_random_alloc() · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 28/29] efi/libstub: check for vmalloc= command line argument · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 29/29] efi/libstub: arm: implement KASLR · Ard Biesheuvel <hidden> · 2017-09-03
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-05
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · tony@atomide.com (Tony Lindgren) · 2017-09-06
[PATCH v2 00/29] implement KASLR for ARM · Ard Biesheuvel <hidden> · 2017-09-12

STALE3192d

From: Ard Biesheuvel <hidden>
Date: 2017-09-04 19:29:32

On 4 September 2017 at 19:44, Nicolas Pitre [off-list ref] wrote:

On Sun, 3 Sep 2017, Ard Biesheuvel wrote:

quoted

This implements randomization of the placement of the kernel image
inside the lowmem region. It is intended to work together with the
decompressor to place the kernel at an offset in physical memory
that is a multiple of 2 MB, and to take the same offset into account
when creating the virtual mapping.

This uses runtime relocation of the kernel built as a PIE binary, to
fix up all absolute symbol references to refer to their runtime virtual
address. The physical-to-virtual mapping remains unchanged.

In order to allow the decompressor to hand over to the core kernel
without making assumptions that are not guaranteed to hold when
invoking the core kernel directly using bootloaders that are not
KASLR aware, the KASLR offset is expected to be placed in r3 when
entering the kernel 4 bytes past the entry point, skipping the first
instruction.

Cc: Russell King <linux@armlinux.org.uk>
Signed-off-by: Ard Biesheuvel <redacted>
---
 arch/arm/Kconfig       |  15 +++
 arch/arm/kernel/head.S | 103 ++++++++++++++++++--
 2 files changed, 109 insertions(+), 9 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 300add3b8023..fe4a2cd1f15c 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig

@@ -1825,6 +1825,21 @@ config XEN
      help
        Say Y if you want to run Linux in a Virtual Machine on Xen on ARM.

+config RANDOMIZE_BASE
+     bool "Randomize the address of the kernel image"
+     depends on MMU && AUTO_ZRELADDR
+     depends on !XIP_KERNEL && !ZBOOT_ROM

This should work even if ZBOOT_ROM is selected. The ZBOOT_ROM option
allows for the decompressor executing directly from ROM and
decompressing the kernel anywhere in RAM.

In principle, yes. But currently, the code is not entirely XIP clean,
i.e., the kaslr_offset and __efi_boot variables are in .text but
assumed to be writable.

For UEFI, this does not really matter, because that implies !XIP.
However, I agree it would be nice if ZBOOT_ROM could run this code as
well, but it requires a global variable. I will try to make that work.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help