From patchwork Tue Feb  9 10:03:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 61514
Delivered-To: patch@linaro.org
Received: by 10.112.43.199 with SMTP id y7csp1947577lbl;
 Tue, 9 Feb 2016 02:05:31 -0800 (PST)
X-Received: by 10.98.7.146 with SMTP id 18mr15293686pfh.47.1455012331380;
 Tue, 09 Feb 2016 02:05:31 -0800 (PST)
Return-Path: <linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org>
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 k68si53074540pfj.138.2016.02.09.02.05.31 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 09 Feb 2016 02:05:31 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 client-ip=2001:1868:205::9; 
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1aT58o-00009b-99; Tue, 09 Feb 2016 10:03:26 +0000
Received: from mail-ig0-x22c.google.com ([2607:f8b0:4001:c05::22c])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1aT58k-0008U9-CG for linux-arm-kernel@lists.infradead.org;
 Tue, 09 Feb 2016 10:03:23 +0000
Received: by mail-ig0-x22c.google.com with SMTP id mw1so8510868igb.1
 for <linux-arm-kernel@lists.infradead.org>;
 Tue, 09 Feb 2016 02:03:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=w1sII6T4osiTdpKCOquH592n8yyP/8rXvcAYmDACR8s=;
 b=XCe2uQG2k5SWY0u04W+YzWa+NHbb2G63U7RUtj7dNBTxRUiO2a0U5kwoMxmxgtZKGu
 EkmX1G3Hqp5ebihqW9cK2txGi41+L2xuthW3lX6o//OWtIzVTeqVQQj8A7SRSZMTUB3F
 3ffagTji7fiGeVKi61/Lq/CVfRFQbGjeenPtI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=w1sII6T4osiTdpKCOquH592n8yyP/8rXvcAYmDACR8s=;
 b=FcrUQwNYOE2L7Rr2RhzEx1KhB0wd3Tk6jP35AYIcCeG06N1bQGO20+Sc55hiEc39WJ
 nh/zZYARKqFcjQ4ky/jdp9ud9aBQunl4wBUk6J3Yxkt3OE88GywJpwV3ez75o5V7ECbU
 KDh3mp4qYCWBUKVtFEyAb/jBGyh8NqxvgSHXvsc2EWFMfu2ZI2JFq8KjNtuxi1ssnhcv
 oKKdvUtAN/5BnfYSpDUPhbqltdoSTa3WmAkvTiyY2q69/Qyy4nlx2LPNKG9JUSPPlGiP
 nDfbmbxO4BcIvc2qbamh90n9sChp4zWBR0W/hNq9NOOHyLj6g1Pf4PYyNoV4n6Nn2Pw8
 /yzA==
X-Gm-Message-State: AG10YOQn+z649vX1qHe+bt5bjpWQAvVklJ5nUn8vkFYpfLbCHlRgjLglR1sxErW/B3P55PN+14s2RLZuWD3za2A0
MIME-Version: 1.0
X-Received: by 10.50.33.81 with SMTP id p17mr3178812igi.75.1455012181566;
 Tue, 09 Feb 2016 02:03:01 -0800 (PST)
Received: by 10.36.29.6 with HTTP; Tue, 9 Feb 2016 02:03:01 -0800 (PST)
In-Reply-To: <20160208181305.GW6076@e104818-lin.cambridge.arm.com>
References: <CAGXu5j+1rcScYedzQ5o0aaGZJWPCBGk-gai0D8jY8Huc-VuG7A@mail.gmail.com>
 <1454926332-25929-1-git-send-email-ard.biesheuvel@linaro.org>
 <20160208181305.GW6076@e104818-lin.cambridge.arm.com>
Date: Tue, 9 Feb 2016 11:03:01 +0100
Message-ID: <CAKv+Gu-vxhJRUMK7sqv1saw+wkQRD5xFydpgTLbKgWhoNj5LmA@mail.gmail.com>
Subject: Re: [PATCH] arm64: allow the module region to be randomized
 independently
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Catalin Marinas <catalin.marinas@arm.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160209_020322_486090_B9B32A3B 
X-CRM114-Status: GOOD (  18.45  )
X-Spam-Score: -2.7 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
 Content analysis details:   (-2.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
 low
 trust [2607:f8b0:4001:c05:0:0:0:22c listed in] [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
 author's domain
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>, Will Deacon <will.deacon@arm.com>, 
 Kees Cook <keescook@chromium.org>, "linux-arm-kernel@lists.infradead.org"
 <linux-arm-kernel@lists.infradead.org>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org

On 8 February 2016 at 19:13, Catalin Marinas <catalin.marinas@arm.com> wrote:
> On Mon, Feb 08, 2016 at 11:12:12AM +0100, Ard Biesheuvel wrote:
>> This adds the option to randomize the module region independently from the
>> core kernel, and enables it by default. This makes it less likely that the
>> location of core kernel data structures can be determined by an adversary,
>> but causes all function calls from modules into the core kernel to be
>> resolved via entries in the module PLTs.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>>  arch/arm64/Kconfig              | 15 ++++++++
>>  arch/arm64/include/asm/module.h |  6 ++++
>>  arch/arm64/kernel/kaslr.c       | 36 +++++++++++++++-----
>>  arch/arm64/kernel/module.c      |  9 ++---
>>  4 files changed, 50 insertions(+), 16 deletions(-)
>
> With this patch I get an unhandled paging request, coming from
> kernel/module.c:2982 (the memset). The PC is wrongly attributed but it's
> in arch/arm64/lib/memset.S:
>

This was due to a thinko in kaslr_early_init(). Folding the following
hunk will fix it (or I can resend the patch if you prefer)

-------8<----------
-------8<----------

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index f8ad30160026..d7eba99ab140 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -82,6 +82,12 @@ u64 __init kaslr_early_init(u64 dt_phys)
        int size;

        /*
+        * Set a reasonable default for module_alloc_base in case
+        * we end up running with KASLR disabled.
+        */
+       module_alloc_base = (u64)_etext - MODULES_VSIZE;
+
+       /*
         * Try to map the FDT early. If this fails, we simply bail,
         * and proceed with KASLR disabled. We will make another
         * attempt at mapping the FDT in setup_machine()