From patchwork Fri May 4 06:00:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 134947 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp437277lji; Thu, 3 May 2018 23:01:42 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrJmHNeQfdwOrQsmd7486NtA6seGViHLqeA0mvgQa4XOedu0bq1TGWbdRFD5kqt5Jkt2+aX X-Received: by 2002:a17:902:b60b:: with SMTP id b11-v6mr27052616pls.330.1525413702636; Thu, 03 May 2018 23:01:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525413702; cv=none; d=google.com; s=arc-20160816; b=aJjeEii1sXw577oXwHe+4rtYuApaCnc95j4f0fHxtRUvGFY6xWijK93WnCWLvOPruB zbEpDV4zkbeNbEZshPtencKHqZ7RFHYzkmQdSyb2COuANDnep449ZcxuQjTTnOrCZYa/ D/OBkQMWrJaWFAdwfGYZ6NY8UyuUlOGDutXA1xqSHbol5eivsrXFb4KdTPQGOJX+TZhb W0UhtPCKxsAQuV18FMVW+4oX8fMo8CfZ3Aqim3Mrf9Il2JL2LMdBkOjKbBFNPUotE3a9 bBFiBHSX6Bg+eGLqW+OYBfNaERpyDFVUaPdoDC7LpCAGBKX53oiaj/5L992Wge8HE2Qt ccfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=AZ5hyy40YGjqulOkQ5yIunn8gsGWJdq/3zDTIgupWmU=; b=sjjCWViKj0y0ctXky40fHjcHzWhE6oKOv6jxfYa9KTkaalVT/eYB7Fx3AnhlGkCYdP 2jSyP4HKbcRJuXkpNbwPMc7ZNEa76SMmlUHickQOFfSx9itmgwg07MU3B2c79luzDkpg a+rA9WhEEIhMsPlxZOqGHue87ocDRkZt2UXcQMeF+IqU6Z/iyqeL8QFKCWpZOld/4los PNq1ss7LgORbgsTTGwqD9RTQqyR0d1ac0YUH9rzDvn33J5j4xLkt1LaCHQe7Rq60j22q +dO3REFhKL6HWq654Jrr5XxqGGHKtpovHkBgViYEyuxANWMvAqxbR9rX/57EPVgpuJ0I wn6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SbGPvaVe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m2-v6si12958816pgm.360.2018.05.03.23.01.42; Thu, 03 May 2018 23:01:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SbGPvaVe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751821AbeEDGBj (ORCPT + 29 others); Fri, 4 May 2018 02:01:39 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:53552 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751742AbeEDGBf (ORCPT ); Fri, 4 May 2018 02:01:35 -0400 Received: by mail-wm0-f66.google.com with SMTP id a67so2189787wmf.3 for ; Thu, 03 May 2018 23:01:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=AZ5hyy40YGjqulOkQ5yIunn8gsGWJdq/3zDTIgupWmU=; b=SbGPvaVemhJYNIsOtCpZVVHeLp1bFj/nWP4zyBv3D/ILB0DrsOJhRUx2yT+1/6cEHn gda0MhYh6E48mzZ1jH3lYDqCc9FhqHKrS3D5T4Po+gKJkaNUnEUUUqOgM3YYXmS7HxHg GCGzpK27ymRJaGfOPIxf6ND3XBlrJNuw7+/dg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=AZ5hyy40YGjqulOkQ5yIunn8gsGWJdq/3zDTIgupWmU=; b=Rsf3X3qQhoUtpkKBRUfeAFKV0Tl66t2zugrSnpVblXFkw2w6QOMifGT8fU2kuEWipL ymV7LS30cockrIgycAc9elp/z2LvwbZI5k1b5QOcBq7YM1PGahdP7EsSyLxDfqo1bNXB e1MFVvFI6u6wZMr0YtzruaatSo9or9IhrjlE5yjTRBfNIUDfrBI/Itkeo9zeOX5Gw1gc 29rQN2z8eJMsP4WeRQ9TVG6pt41N3U2RyD1bZC3sKV1Qi1z3G/4B2PGLh7aOTi8rXXtm ilSBgK5rso/J04iSiwPcXrb4jouVPff3Wic6Vo9a5P3ITRa29N8dPPn0n/XyB0TvBBQM zTkg== X-Gm-Message-State: ALQs6tC4LtkptGSmV89fiIR8A45nHiDXyrjERcm45f7UCA8+1/Hoxaou GZG96jHEVeIKRB1aVMmnHF6hUA== X-Received: by 10.28.18.71 with SMTP id 68mr15440975wms.74.1525413694524; Thu, 03 May 2018 23:01:34 -0700 (PDT) Received: from localhost.localdomain ([2a01:e35:3995:5470:200:1aff:fe1b:b328]) by smtp.gmail.com with ESMTPSA id i30-v6sm32411863wra.38.2018.05.03.23.01.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 May 2018 23:01:33 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, Ingo Molnar , Thomas Gleixner Cc: Mark Rutland , Ard Biesheuvel , linux-kernel@vger.kernel.org Subject: [PATCH 17/17] efi/libstub/arm64: handle randomized TEXT_OFFSET Date: Fri, 4 May 2018 08:00:03 +0200 Message-Id: <20180504060003.19618-18-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180504060003.19618-1-ard.biesheuvel@linaro.org> References: <20180504060003.19618-1-ard.biesheuvel@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland When CONFIG_RANDOMIZE_TEXT_OFFSET is selected, TEXT_OFFSET is an arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). The EFI stub does not account for the potential misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized physical offset which is always a round multiple of EFI_KIMG_ALIGN. This may result in statically allocated objects whose alignment exceeds PAGE_SIZE to appear misaligned in memory. This has been observed to result in spurious stack overflow reports and failure to make use of the IRQ stacks, and theoretically could result in a number of other issues. We can OR in the low bits of TEXT_OFFSET to ensure that we have the necessary offset (and hence preserve the misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN), so let's do that. Fixes: 6f26b3671184c36d ("arm64: kaslr: increase randomization granularity") Cc: # v4.7+ Reported-by: Kim Phillips Signed-off-by: Mark Rutland Tested-by: Kim Phillips [ardb: clarify commit log] Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.17.0 diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index b9bd827caa22..541b82fdc8a2 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -97,6 +97,13 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table_arg, u32 offset = !IS_ENABLED(CONFIG_DEBUG_ALIGN_RODATA) ? (phys_seed >> 32) & mask : TEXT_OFFSET; + /* + * With CONFIG_RANDOMIZE_TEXT_OFFSET, TEXT_OFFSET may not be a + * multiple of EFI_KIMG_ALIGN, and we must ensure that we apply + * the offset below EFI_KIMG_ALIGN. + */ + offset |= (TEXT_OFFSET % EFI_KIMG_ALIGN); + /* * If KASLR is enabled, and we have some randomness available, * locate the kernel at a randomized offset in physical memory.