From patchwork Fri May 18 14:08:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 136318 Delivered-To: patch@linaro.org Received: by 2002:a2e:9706:0:0:0:0:0 with SMTP id r6-v6csp1291235lji; Fri, 18 May 2018 07:09:16 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqyy/0aU8/njXxSAlnd3brexKHAYiMYo8uMJVoL0Rat+t9sW3nubOPU884C+Q0NqAqLpaEZ X-Received: by 2002:a17:902:26:: with SMTP id 35-v6mr10077129pla.104.1526652556513; Fri, 18 May 2018 07:09:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526652556; cv=none; d=google.com; s=arc-20160816; b=PRVHrRMiuIEMTzTXmxdkNNZh+2sbiDC91qrk7S98m8VO5xAM3Wg0vg11MYbjQulRkK Rw6vwXnYxN/sjjiSurhZSIU08WWRmYYtoDml67WeRte5ET88DmZgOM+GqGenNItnfX0A ySovIDjSnEguADEs+A68L1ZVRKGb1o3f+emmWO/3uP/F2vRhZQSULwn31RGvnJq/twCL ko5PEHCXlVaWb8VUaItsXvAz04GmkbHJjN5N0rZDLezK2WcbjXSguUPYH7gExeJNaHi+ 3MPCluJ5Z9x8DS19fZEJomMb8+xW5ydWyU8fbV8w5x43Co47/p2YigBzQkHI1Y+UTmOS cjDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=FdF4kEDiWnyUaAwT+fWYSg92LHzisAM6fq7ywyeN6I0=; b=AXUdiRM05HVqgE6uwXFTHm19wxtxbhWqylMROMUbTuNTQcTInkDlqHB8wqtaDXNxBr xuu3nJxxK52KA+LvuldlucF9kogkDeLoyN7qMk2peY4aWsDeOBD0rlbpBNSUn9V1dy0e sMh7shI9wfWIFKW6pGvuU3vuKKNODBZwC2EAViPZHsibIpOiF21XNroaMIdXVfOsaKMr n9fN/3vJs2qlAMS66yqjvmjeFHEIDNvcElm4kZF3M3BR5vK0k/5tr/iKrTskUQeY/5rK BKu/wVZXdmlcstrSISrr+L0H+2DWT9H5vZJXIuxvX5JqMmFCuvSouS/bdr7fG+2CCfV/ 0fYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K5qJrd1/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l7-v6si7943741plt.197.2018.05.18.07.09.16; Fri, 18 May 2018 07:09:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K5qJrd1/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752805AbeEROJO (ORCPT + 29 others); Fri, 18 May 2018 10:09:14 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:40266 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752451AbeEROIx (ORCPT ); Fri, 18 May 2018 10:08:53 -0400 Received: by mail-wr0-f194.google.com with SMTP id v60-v6so9347232wrc.7 for ; Fri, 18 May 2018 07:08:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=FdF4kEDiWnyUaAwT+fWYSg92LHzisAM6fq7ywyeN6I0=; b=K5qJrd1/bcjTy42/NMLabevZt22Si/tsaA6kg1XXTdysZ+bzZRyaE1r12aoOL49KX9 qhiJ5OtYgSQz5moB7GuVbFVVpiuAKC6c/mT3iV26+ZsYYJVIyygJMYWzlYnmOXDGu9OG 3vIkySJYp8+JF2i7/CdBzkQkmLvH63u4vpwlY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=FdF4kEDiWnyUaAwT+fWYSg92LHzisAM6fq7ywyeN6I0=; b=EO738GkMC12iXJwscoqAAtrIm0X3XWix0uHCb9P0C7nDKAibjSsSTrvA1BVq4t7Yxh NDIctbY48DmYg+DM+TmPc52yIuqi/d9PIyTrnWvTt8bz71ZozAVnJq3xoA21bLCK2SXL fZhxjlHZ3+Q1rwBT1fZqbUJMS/oe/y5LxAtYIFWaqX9yQPPj4X93c/MeTb1jhmR+i5in qWlLpfbRgd6vzVUiNLC5pKwB+8om8Wy3vJNSBDCIwSsOVdevG+OnXgJhSiB4odIwFTYw /L4aF4BYVtvhO3fVL4c7CjjNmJ6U9pwgrh0r3dvnDNl+cZGEc7tXASENnCR9vWa8em3L BYeA== X-Gm-Message-State: ALKqPwc8zqEik9SddX81NyWD3NVtndaP/cMf+Pw3MHp3W47Eitjqk81V I7QV2OvLwnw/pJkI/fXT3NVwg13kiz0= X-Received: by 2002:adf:88a3:: with SMTP id f32-v6mr7580150wrf.199.1526652531888; Fri, 18 May 2018 07:08:51 -0700 (PDT) Received: from localhost.localdomain ([2a01:e35:3995:5470:200:1aff:fe1b:b328]) by smtp.gmail.com with ESMTPSA id i76-v6sm9553515wmd.20.2018.05.18.07.08.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 May 2018 07:08:50 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Mark Rutland , Ard Biesheuvel , linux-kernel@vger.kernel.org Subject: [PATCH 1/1] efi/libstub/arm64: handle randomized TEXT_OFFSET Date: Fri, 18 May 2018 16:08:41 +0200 Message-Id: <20180518140841.9731-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180518140841.9731-1-ard.biesheuvel@linaro.org> References: <20180518140841.9731-1-ard.biesheuvel@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland When CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET is an arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). The EFI stub does not account for the potential misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized physical offset which is always a round multiple of EFI_KIMG_ALIGN. This may result in statically allocated objects whose alignment exceeds PAGE_SIZE to appear misaligned in memory. This has been observed to result in spurious stack overflow reports and failure to make use of the IRQ stacks, and theoretically could result in a number of other issues. We can OR in the low bits of TEXT_OFFSET to ensure that we have the necessary offset (and hence preserve the misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN), so let's do that. Fixes: 6f26b3671184c36d ("arm64: kaslr: increase randomization granularity") Reported-by: Kim Phillips Signed-off-by: Mark Rutland Tested-by: Kim Phillips [ardb: clarify comment and commit log, drop unneeded parens] Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.17.0 diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index b9bd827caa22..1b4d465cc5d9 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -97,6 +97,16 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table_arg, u32 offset = !IS_ENABLED(CONFIG_DEBUG_ALIGN_RODATA) ? (phys_seed >> 32) & mask : TEXT_OFFSET; + /* + * With CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET may not + * be a multiple of EFI_KIMG_ALIGN, and we must ensure that + * we preserve the misalignment of 'offset' relative to + * EFI_KIMG_ALIGN so that statically allocated objects whose + * alignment exceeds PAGE_SIZE appear correctly aligned in + * memory. + */ + offset |= TEXT_OFFSET % EFI_KIMG_ALIGN; + /* * If KASLR is enabled, and we have some randomness available, * locate the kernel at a randomized offset in physical memory.