From patchwork Tue Apr 3 11:09:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 132720 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3666102ljb; Tue, 3 Apr 2018 04:10:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/+iy+d2a+1MpOcjjiCFDKamREaNLXPZrgw+iclnR1uE94v3nqHpvvOZqcjmi6PvRHWXyOk X-Received: by 2002:a17:902:6e01:: with SMTP id u1-v6mr13499220plk.96.1522753817992; Tue, 03 Apr 2018 04:10:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522753817; cv=none; d=google.com; s=arc-20160816; b=x6Dosz1PHmEu/LNl/DcealN8AJ1SsbjOCyyMzWDVQ46YOhVVLhDg/hAG95uivM+bn/ TOvvDMGTlSdP+kQUxJPwrxgoHl+sooHKs5/qhKzDNEUxMeuuLFS+qn1m7m0/0QY0Fx4j YR3nucXKNLYSnGipPzP1YFMJCqLm6g0tNFMgKNUXzYIgjE2gB36W8Iqu6jglmxCzNdKY gp5d62uLffDswrSu5C2vMOCsg9iY1noE9oylO0T3w0rB9z/VM8NlOMBb/xzy7ujJkUsx gGVm6cFXtGirLlj4O6xHw8T1D1MrqFVhoHGE8q0eVkKzyhNwV581lssoPqR8A+D07vO2 1k7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=i4z871HHcnpi7bzQfkQgrYExALEu7KrJsUgkTkD6V5c=; b=fAU/AhHjSoOqv+rjCRJLHPFXMDwOuziztTl12/u7oDphCetqlFV6Ov6Sz5H0cqxP4A Qq0n6IpvZvyHAJjanBiOmp2nvCBs+erqS7lMSUXFhuXmKPi24DW3oQMYxS2x4Q2ZJLdU r9rXLloAa6ySqS/u+2bWlzHj56e3hvn4pHO7SADuw9wOe0Bv27xuNWFOMl+d8YXldY1T Ip/DyIiQUJwSHVfgV103vQFiBxOKWbGK8ga+SNEKEHOTZQKtQ7ojCuHy1jFhz1mTJ2YT 2UO6FTfnwJIFDRCpzUpkiv+xoms+JmwhXinj0S6jXaeS3tmW6tsso2N2+EvbD85N3m0z F4IA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l91-v6si306341plb.301.2018.04.03.04.10.17; Tue, 03 Apr 2018 04:10:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755432AbeDCLKP (ORCPT + 11 others); Tue, 3 Apr 2018 07:10:15 -0400 Received: from foss.arm.com ([217.140.101.70]:59358 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755402AbeDCLKO (ORCPT ); Tue, 3 Apr 2018 07:10:14 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 390C01435; Tue, 3 Apr 2018 04:10:14 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 084F03F587; Tue, 3 Apr 2018 04:10:12 -0700 (PDT) From: Mark Rutland To: stable@vger.kernel.org Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com Subject: [PATCH v4.9.y 14/27] arm64: kaslr: Put kernel vectors address in separate data page Date: Tue, 3 Apr 2018 12:09:10 +0100 Message-Id: <20180403110923.43575-15-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180403110923.43575-1-mark.rutland@arm.com> References: <20180403110923.43575-1-mark.rutland@arm.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 6c27c4082f4f upstream. The literal pool entry for identifying the vectors base is the only piece of information in the trampoline page that identifies the true location of the kernel. This patch moves it into a page-aligned region of the .rodata section and maps this adjacent to the trampoline text via an additional fixmap entry, which protects against any accidental leakage of the trampoline contents. Suggested-by: Ard Biesheuvel Tested-by: Laura Abbott Tested-by: Shanker Donthineni Signed-off-by: Will Deacon [Alex: avoid ARM64_WORKAROUND_QCOM_FALKOR_E1003 dependency] Signed-off-by: Alex Shi [v4.9 backport] Signed-off-by: Mark Rutland [v4.9 backport] --- arch/arm64/include/asm/fixmap.h | 1 + arch/arm64/kernel/entry.S | 14 ++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 5 ++++- arch/arm64/mm/mmu.c | 10 +++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h index 7b1d88c18143..d8e58051f32d 100644 --- a/arch/arm64/include/asm/fixmap.h +++ b/arch/arm64/include/asm/fixmap.h @@ -53,6 +53,7 @@ enum fixed_addresses { FIX_TEXT_POKE0, #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + FIX_ENTRY_TRAMP_DATA, FIX_ENTRY_TRAMP_TEXT, #define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT)) #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index b16d0534cda3..805dc76517c3 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -881,7 +881,13 @@ __ni_sys_trace: msr tpidrro_el0, x30 // Restored in kernel_ventry .endif tramp_map_kernel x30 +#ifdef CONFIG_RANDOMIZE_BASE + adr x30, tramp_vectors + PAGE_SIZE + isb + ldr x30, [x30] +#else ldr x30, =vectors +#endif prfm plil1strm, [x30, #(1b - tramp_vectors)] msr vbar_el1, x30 add x30, x30, #(1b - tramp_vectors) @@ -924,6 +930,14 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text +#ifdef CONFIG_RANDOMIZE_BASE + .pushsection ".rodata", "a" + .align PAGE_SHIFT + .globl __entry_tramp_data_start +__entry_tramp_data_start: + .quad vectors + .popsection // .rodata +#endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 466a43adec9f..6a584558b29d 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -252,7 +252,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K, ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) <= SZ_4K, "Hibernate exit text too big or misaligned") #endif - +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, + "Entry trampoline text too big") +#endif /* * If padding is applied before .head.text, virt<->phys conversions will fail. */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 3a57fec16b32..4cd4862845cd 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -435,8 +435,16 @@ static int __init map_entry_trampoline(void) __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE, prot, pgd_pgtable_alloc, 0); - /* ...as well as the kernel page table */ + /* Map both the text and data into the kernel page table */ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot); + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { + extern char __entry_tramp_data_start[]; + + __set_fixmap(FIX_ENTRY_TRAMP_DATA, + __pa_symbol(__entry_tramp_data_start), + PAGE_KERNEL_RO); + } + return 0; } core_initcall(map_entry_trampoline);