From patchwork Fri Jun 24 15:06:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 12894741 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B2B26C433EF for ; Fri, 24 Jun 2022 15:08:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=q/A2AqDwfBIWBDwgxsZqZQqlR96NkLsN3S1lYSM8gLE=; b=w8UxhXIkZb3Iwi 5tutke14Z19dssGzIUiGR+Tm5AKTwAXn57KifHZ47G+HIqvRAHbanRJPmes/fFWLLqtFi/0ZDmr2B thJaSeIXnCjQO1Zq99Jg3Tzvw3dGhCrX9nc4hmh2AlUqZySVuyLNRvj+mQ6T+T4bMaja5dSYgUTBi vDQNOnB8g+b9bDRodEy7oDxr94SMZO0KOa+/8sm5og44GtJ7Yv8kvVp2dBIX2mxRXlwFuCDIyMHXV yKf1GuKlbYWnBLEK0a11Sv++CsBasUjEQjSgpLxlrQ8F8MeLHFLP/KUcxT22evAmg0v77sGY/4XM2 OFOU3EJ7zg0ajnL/WZZQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o4ktv-002iKp-IP; Fri, 24 Jun 2022 15:07:15 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o4kts-002iKG-A7 for linux-arm-kernel@lists.infradead.org; Fri, 24 Jun 2022 15:07:14 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B3D43B828D4; Fri, 24 Jun 2022 15:07:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8B285C34114; Fri, 24 Jun 2022 15:07:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1656083229; bh=KYNAVwtLLZLtkP0qmzPAhWyDB3If/e9oXqzzmZnm94E=; h=From:To:Cc:Subject:Date:From; b=LXQvyFzmfSimO/4ZnMBgVlLupln9V7M2QJZTajL6BjYBNkpU9Qv+NjKZaAlOpM4Yg HNmvZT/saDhmxiioDQ6i9bBRpZqrMl3YQZeDfFKA4ZEu5ElDa2DEu/oZHlhZnIHZwa QZbU50H+Q8icFkJzxvwroZNYDBPTt9torKxXfzUfjGdetgbyVg4P+9rJGbf8NGQAAU v82yIHH3pXGJ2pNSR2kBl7JmhannSljxB+Fm+Ex7fCXWKeN3GIeB154LrXxsCqqSi7 9AlArp3SwyOoHzMlYvtPfWjgCJm+bGbS7QcBcKoJFlnjSq4k/GwGUchXflGis6hozw 70P5srSVowuGA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , Marc Zyngier , Will Deacon , Mark Rutland , Kees Cook , Catalin Marinas , Mark Brown , Anshuman Khandual Subject: [PATCH v5 00/21] arm64: refactor boot flow Date: Fri, 24 Jun 2022 17:06:30 +0200 Message-Id: <20220624150651.1358849-1-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5873; h=from:subject; bh=KYNAVwtLLZLtkP0qmzPAhWyDB3If/e9oXqzzmZnm94E=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBitdLmY5bvXRkpfkie3cZNg8Xl58P+d3WwfYRAHziw 0a/akQ6JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYrXS5gAKCRDDTyI5ktmPJEGbC/ 49sk6whlzziJav9SPaSMFoA53Y3qnt2Zjv/yhoZqAu/fJR7HsZ8KhjrPXDO/muztOAS3JvHxeJBTKq ewVqe3LvFccGlPjGt/xWoKw0ymxUxDcX38v35VOS1emWZ6809JH1HRnzpyKh4BYBEcRW7FSc7e9US3 3brdtDOtAyB0lnXm3PTfWD7OioQ+xN4trCi6BOKCriPol3c11WD9Nbxu0kWIYM/Cql7iINkTGEaSEY e9SEg9U8iejwuWUz8K4h5QDK4v3gbHTfVhjg8rpVw0mVaTHR/qarATX2CZokTA+sAAHDMIzq1B/CxX F4ram4I2zDUy78QR/4K0gTW5eB0tLhq8BLbar69NsamRCcbHo6UKS/+o669D7J/Q8dZ1TibNI2ygeD 16E56AqHwEddxZNJGAduqorNbm+VWCFqHTDEOsl5spCnLNtU9EO4eqLMBYlKwASTV1p33alyG5cbKz Lq8CwuSlAUbGY24V9XXnZkU3k2qjqyYzg2AYhSjrA4ssc= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220624_080712_691703_662A5AF9 X-CRM114-Status: GOOD ( 27.24 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This series aims to streamline the boot flow with respect to cache maintenance and redundant copying of data in memory. Additionally, this series removes the little dance we do to create a kernel mapping, relocate the kernel, run the KASLR init code, tear down the old mapping and create a new one, relocate the kernel again, and finally enter the kernel proper. Instead, it invokes a minimal C function 'kaslr_early_init()' while running from the ID map which includes a temporary mapping of the FDT. This change represents a substantial chunk of the diffstat, as it requires some work to instantiate code that can run safely from an arbitrary load address. Changes since v4: - drop all patches related to WXN support for the time being - move assignment of vabits_actual earlier in the boot - avoid TCR_T0SZ() macro as it is not quite appropriate for calculating the value of t0sz itself (as opposed to its representation in TCR) - ensure that module randomization is done before modules may be loaded, which might we way before init runs (via request_module()) Changes since v3: - drop changes for entering with the MMU enabled for now; - reject mmap() and mprotect() calls with PROT_WRITE and PROT_EXEC flags passed when WXN is in effect; this essentially matches the behavior of both selinux and PaX, and most distros (including Android) can already deal with this just fine; - defer KASLR initialization to an initcall() to the extent possible. - add Anshuman's ack to a couple of patches Changes since v2: - create a separate, initial ID map that is discarded after boot, and create the permanent ID map from C code using the ordinary memory mapping code; - refactor the extended ID map handling, and along with it, simplify the early memory mapping macros, so that we can deal with an extended ID map that requires multiple table entries at intermediate levels; - eliminate all variable assignments with the MMU off from the happy flow; - replace temporary FDT mapping in TTBR1 with a FDT mapping in the initial ID map; - use read-only attributes for all code mappings, so we can boot with WXN enabled if we elect to do so. Changes since v1: - Remove the dodgy handling of the KASLR seed, which was necessary to avoid doing two iterations of the setup/teardown of the page tables. This is now dealt with by creating the TTBR1 page tables while executing from TTBR0, and so all memory manipulations are still done with the MMU and caches on. - Only boot from EFI with the MMU and caches on if the image was not moved around in memory. Otherwise, we cannot rely on the firmware's ID map to have created an executable mapping for the copied code. [0] https://lore.kernel.org/all/20220304175657.2744400-1-ardb@kernel.org/ [1] https://lore.kernel.org/all/20220330154205.2483167-1-ardb@kernel.org/ [2] https://lore.kernel.org/all/20220613144550.3760857-1-ardb@kernel.org/ Cc: Marc Zyngier Cc: Will Deacon Cc: Mark Rutland Cc: Kees Cook Cc: Catalin Marinas Cc: Mark Brown Cc: Anshuman Khandual Ard Biesheuvel (21): arm64: head: move kimage_vaddr variable into C file arm64: mm: make vabits_actual a build time constant if possible arm64: head: move assignment of idmap_t0sz to C code arm64: head: drop idmap_ptrs_per_pgd arm64: head: simplify page table mapping macros (slightly) arm64: head: switch to map_memory macro for the extended ID map arm64: head: split off idmap creation code arm64: kernel: drop unnecessary PoC cache clean+invalidate arm64: head: pass ID map root table address to __enable_mmu() arm64: mm: provide idmap pointer to cpu_replace_ttbr1() arm64: head: add helper function to remap regions in early page tables arm64: head: cover entire kernel image in initial ID map arm64: head: use relative references to the RELA and RELR tables arm64: head: create a temporary FDT mapping in the initial ID map arm64: idreg-override: use early FDT mapping in ID map arm64: head: factor out TTBR1 assignment into a macro arm64: head: populate kernel page tables with MMU and caches on arm64: head: record CPU boot mode after enabling the MMU arm64: kaslr: defer initialization to initcall where permitted arm64: head: avoid relocating the kernel twice for KASLR arm64: setup: drop early FDT pointer helpers arch/arm64/include/asm/assembler.h | 31 +- arch/arm64/include/asm/kernel-pgtable.h | 18 +- arch/arm64/include/asm/memory.h | 4 + arch/arm64/include/asm/mmu_context.h | 16 +- arch/arm64/include/asm/setup.h | 3 - arch/arm64/kernel/Makefile | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/head.S | 458 ++++++++------------ arch/arm64/kernel/hyp-stub.S | 4 +- arch/arm64/kernel/idreg-override.c | 17 +- arch/arm64/kernel/image-vars.h | 4 + arch/arm64/kernel/kaslr.c | 149 +------ arch/arm64/kernel/pi/Makefile | 33 ++ arch/arm64/kernel/pi/kaslr_early.c | 112 +++++ arch/arm64/kernel/setup.c | 15 - arch/arm64/kernel/sleep.S | 1 + arch/arm64/kernel/suspend.c | 2 +- arch/arm64/kernel/vmlinux.lds.S | 19 +- arch/arm64/mm/init.c | 15 +- arch/arm64/mm/kasan_init.c | 4 +- arch/arm64/mm/mmu.c | 55 ++- arch/arm64/mm/proc.S | 10 +- 22 files changed, 505 insertions(+), 469 deletions(-) create mode 100644 arch/arm64/kernel/pi/Makefile create mode 100644 arch/arm64/kernel/pi/kaslr_early.c