From patchwork Fri Aug 18 15:04:34 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Catalin Marinas <catalin.marinas@arm.com>
X-Patchwork-Id: 9909403
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	82164602C8 for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 18 Aug 2017 15:05:16 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7AA8828CE0
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 18 Aug 2017 15:05:16 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6E17428CF8; Fri, 18 Aug 2017 15:05:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E538C28CE0
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 18 Aug 2017 15:05:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=Lnn6jgBquclYX5mESRIzNZfJ4Aw0LqZH+wrPMK1gjLc=;
	b=i1I
	fYwwBaFteAfvQXNmzkePHcw95nK7Px2ill3I8sDrGBqGctexcrhaj0nSaZyiJkNRH3CfzUh7hjIKt
	HO284396s71q5GDCI3OL9A4HIBDssY4BCm2Bvfc89h3ohHyOr6110KjhDUXAzalSRHYwA2BxhWYKi
	M4YoG28zoXbeSjcaRkXp6fdkMKwSGmTjbpu59/hLLZJM9mZml6jRXyCg5tGdq27Xy0Fg4BVmI6MCT
	8LD2SXlJrn9pyodwH/HwupNohAuXNIhx9d7U0MejB58qxfboxcOrvji/b7S4JJUo5tAV0ngLE7hZh
	EREMaVTQvpF80JsMjoDTndrgZPyfLoA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1diipg-0003KR-B6; Fri, 18 Aug 2017 15:05:08 +0000
Received: from casper.infradead.org ([2001:8b0:10b:1236::1])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1diipd-00038q-3b for linux-arm-kernel@bombadil.infradead.org;
	Fri, 18 Aug 2017 15:05:05 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209;
	h=Message-Id:Date:Subject:Cc:To:From:
	Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=oskUNjHqHE+BQ1PhnnTZ8FHKmICzoVTT7n1AWjrfdek=;
	b=dymDhBjJhvV3TIO1JCYAIModF
	JAt6d1E3SNbetx8KdGeWDG3KpsYTdgSDvc+3m3gfZ/uho8Qp7EGeumK/xG6NzBwRYgJ1BhTwTmMli
	JZ+V6CYGGb71D29RH1lanZYhzsO/AzkRNceI1b3PqfnFl/u4YAxXaW4BuS+ZS65z4Z67PG7sC2uok
	xGyyc0RLe/jdYwoTgOuJZ5SXbNwX2v7GVVLrwnpJaW50IRuHlyhpaQCAAW5ODLm8UTy5y8XFC5MnC
	yZkBN8T8E7zRNWMl7kqoUJbNxyhd/0n1EZz0caq/cneUHc+a29TfE6f/es5ZdEbA+KJnfGxDArhYg
	/aHXygVfQ==;
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]
	helo=foss.arm.com)
	by casper.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1diipa-00007j-0c for linux-arm-kernel@lists.infradead.org;
	Fri, 18 Aug 2017 15:05:03 +0000
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9B28215A2;
	Fri, 18 Aug 2017 08:04:40 -0700 (PDT)
Received: from armageddon.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
	[10.72.51.249])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id
	687C23F540; Fri, 18 Aug 2017 08:04:39 -0700 (PDT)
From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: kaslr: Adjust the offset to avoid Image across
	alignment boundary
Date: Fri, 18 Aug 2017 16:04:34 +0100
Message-Id: <20170818150435.35224-1-catalin.marinas@arm.com>
X-Mailer: git-send-email 2.11.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170818_160502_191080_497246EF 
X-CRM114-Status: GOOD (  14.29  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>, Will Deacon <will.deacon@arm.com>,
	Neeraj Upadhyay <neeraju@codeaurora.org>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

With 16KB pages and a kernel Image larger than 16MB, the current
kaslr_early_init() logic for avoiding mappings across swapper table
boundaries fails since increasing the offset by kimg_sz just moves the
problem to the next boundary.

This patch decreases the offset by the boundary overflow amount, with
slight risk of reduced entropy as the kernel is more likely to be found
at kimg_sz below a swapper table boundary.

Trying-to-fix: afd0e5a87670 ("arm64: kaslr: Fix up the kernel image alignment")
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Neeraj Upadhyay <neeraju@codeaurora.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
---

While preparing this email, I noticed that the kernel eventually failed
to boot, though after a lot more reboot iterations. Mark Rutland also
managed to make the KASLR kernel fail to boot with 64K pages which
wouldn't be explained by this patch.

So, any suggestions are welcome. My testing method, qemu starting a
guest in a loop with virtio-rng-pci.

Thanks.

 arch/arm64/kernel/kaslr.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
index a9710efb8c01..e8cdc02f66ae 100644
--- a/arch/arm64/kernel/kaslr.c
+++ b/arch/arm64/kernel/kaslr.c
@@ -131,13 +131,14 @@ u64 __init kaslr_early_init(u64 dt_phys, u64 modulo_offset)
 	/*
 	 * The kernel Image should not extend across a 1GB/32MB/512MB alignment
 	 * boundary (for 4KB/16KB/64KB granule kernels, respectively). If this
-	 * happens, increase the KASLR offset by the size of the kernel image
-	 * rounded up by SWAPPER_BLOCK_SIZE.
+	 * happens, decrease the KASLR offset by the boundary overflow rounded
+	 * up to SWAPPER_BLOCK_SIZE.
 	 */
 	if ((((u64)_text + offset + modulo_offset) >> SWAPPER_TABLE_SHIFT) !=
 	    (((u64)_end + offset + modulo_offset) >> SWAPPER_TABLE_SHIFT)) {
-		u64 kimg_sz = _end - _text;
-		offset = (offset + round_up(kimg_sz, SWAPPER_BLOCK_SIZE))
+		u64 adjust = ((u64)_end + offset + modulo_offset) &
+			((1 << SWAPPER_TABLE_SHIFT) - 1);
+		offset = (offset - round_up(adjust, SWAPPER_BLOCK_SIZE))
 				& mask;
 	}