From patchwork Mon Oct 23 09:03:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 116652 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp4409816qgn; Mon, 23 Oct 2017 02:03:53 -0700 (PDT) X-Received: by 10.84.193.129 with SMTP id f1mr2561016pld.248.1508749433512; Mon, 23 Oct 2017 02:03:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508749433; cv=none; d=google.com; s=arc-20160816; b=Y28s/WpSkjTRsaBFXtoKj48MA3bv/dGH6pGcBJ0KrcP8fDF4szohouhoRgVJqiy/EP UmVXq2EgnybVmJmiCSKcidX+tR+5ycufjoWrWPH5doXsR0xF8/NXCnpzfuJeuUSWSeSQ p9/4dcM6HfvTwgP/us7rDvJrq+ceTqlY/cGRI69yRS7WwhYIN4TuRRWjCdcp7X1di0Bp Da7PaSUqzvi4GS3Yn43/g0webVofP364Q1T1JZaTtG7xf4gAbo8xf6WapI/OzSmISN9x RA9pDtfjenlZvAZDo4JGsgiEe/T15j99sFH5zmRU9h4pbwrx45ggW1CgebTbmoRFBy57 liNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=z/CsUvWZJ1u2+ZN3YGPhixgPgSanWF1kQ1yTCDPCDgc=; b=zMy5hj+M2vcoFPw2F2PIIllMQC2zGHIjNDWGeMLDioBcY4Aib0Kz5dcwVqlQ26RdW/ acnWuFvEjfJ5EH2LSE7TYnGp1i70pmNI6HuOBx+1/LU42sNsQoWcE4GQ4/KivEGBhbf6 FR1zO7PcJEa4CzELIOr3WKk5S433LhoZuMdWzaer6/MeB1qS1/UdSoEM/RkpSUPhNiKB DmtGN7TmvBfioteOZm765a6eOfQcsNXxTjKyLxxtlxUgIMKCCWaC5o0vslMxDd9smg+4 3CjtK7TLsToT1gJBCK2y2Uo1P6BT2TkSywzbfC/+rRtxQw+meb5FGTfp8iNjMP+KQj5E hlUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cqqG3bdJ; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j12si4627050pgq.115.2017.10.23.02.03.53; Mon, 23 Oct 2017 02:03:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cqqG3bdJ; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751152AbdJWJDw (ORCPT + 2 others); Mon, 23 Oct 2017 05:03:52 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:53490 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750811AbdJWJDw (ORCPT ); Mon, 23 Oct 2017 05:03:52 -0400 Received: by mail-wr0-f194.google.com with SMTP id u40so10646863wrf.10 for ; Mon, 23 Oct 2017 02:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=xVs2mUtgX8tLjhjH+IKlS6aZnNm1FvaGgUGn/gkaf/0=; b=cqqG3bdJXubk5ePtH8B66un/oaQzuiBJbFBhxHDPkAKZSAvvrha+tEBQNEUaeZKw+X Zat4rxbpNwWOs4JuOY43FdcvUvYRLOQBDzPMvDMG2Kh/0D0Nk6Vaf/bz+Tzp59H+B8IY OrpTyBM/a6lTOBHfWF1Fohy3u4zwtSrGQO+R0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=xVs2mUtgX8tLjhjH+IKlS6aZnNm1FvaGgUGn/gkaf/0=; b=oY65ar+jW54pDNc6oAnSbeuF6hlTYuLmUa0iDugKh0iAaMRgEf2TlIiijALiyRTOi9 9xMe5gl94+hO7BzV1hDyxZtub5o58iMyYeqDbTGzpbhHP7y+Zy47kPGfPcvBLP/4yexR qtffJz+4sqXc0O2r5vUkw9qcNuDpvskr5qiciPrHBZbzduyxIZKcgL2QhIN6Cp5/vwMP gq3tamDotIqua63uFM7/VAOgv7P7xSlIPkOAZapMmma/4PeBDYf71U15jvA55ccLsPVJ 9divjaBQO54vJwButTARA4wKJKS1lTWXdI43o+yGXMWcCYp7NuKpryJ8HSQM6C17r3LF iUQw== X-Gm-Message-State: AMCzsaU390jxUVlxd537np5413BzZ3njp+csBAvBiqJBeYlEPjNQRwcm vBfPLARlaicQV2QTAQnthVlxIbyayBs= X-Google-Smtp-Source: ABhQp+QsjRUj0SCEquAvJCU6L9iu8khSKouVyF0K9JXzXI8f3jsgDSyADOkrGfl4n7hvMaPE3Nyh3g== X-Received: by 10.223.131.65 with SMTP id 59mr9867561wrd.66.1508749430778; Mon, 23 Oct 2017 02:03:50 -0700 (PDT) Received: from localhost.localdomain ([160.161.173.60]) by smtp.gmail.com with ESMTPSA id v2sm3089202wmf.8.2017.10.23.02.03.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Oct 2017 02:03:50 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: mark.rutland@arm.com, will.deacon@arm.com, catalin.marinas@arm.com, Ard Biesheuvel , James Morse , Matt Fleming Subject: [PATCH] efi/libstub: arm: don't randomize runtime regions when CONFIG_HIBERNATION=y Date: Mon, 23 Oct 2017 10:03:28 +0100 Message-Id: <20171023090328.6701-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Commit e69176d68d26 ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region implemented randomization of the virtual mapping that the OS chooses for the UEFI runtime services. This was motivated by the fact that UEFI usually does not bother to specify any permission restrictions for those regions, making them prime real estate for exploitation now that the OS is getting more and more careful not to leave any R+W+X mapped regions lying around. However, this randomization breaks assumptions in the resume from hibernation code, which expects all memory regions populated by UEFI to remain in the same place, including their virtual mapping into the OS memory space. While this assumption may not be entirely reasonable in the first place, breaking it deliberately does not make a lot of sense either. So let's refrain from this randomization pass if CONFIG_HIBERNATION=y. Cc: James Morse Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm-stub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index 3061e4057483..01a9d78ee415 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -238,7 +238,8 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table, efi_random_get_seed(sys_table); - if (!nokaslr()) { + /* hibernation expects the runtime regions to stay in the same place */ + if (!IS_ENABLED(CONFIG_HIBERNATION) && !nokaslr()) { /* * Randomize the base of the UEFI runtime services region. * Preserve the 2 MB alignment of the region by taking a