From patchwork Wed Dec 6 13:27:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 10095865 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 41B5960329 for ; Wed, 6 Dec 2017 13:27:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3106B28A63 for ; Wed, 6 Dec 2017 13:27:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 25C0C28A77; Wed, 6 Dec 2017 13:27:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9317A28A63 for ; Wed, 6 Dec 2017 13:27:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+Uj/zGl4rvsYy7xjX48HWkKI/v4v5rL6FiYUp27dVqY=; b=MtMJTsiyHSwm1q xHMNV1vfuvQz3g2Z12nISitnd9jjRzBaV+naDod+xS+ErhR2XpLMcfdHnJcy3ilh/9AWiqqxWbuyl rfHuhTO1KZv2qH5eWFfgLpejLLY7Eu+lMAFszaz9dWtuFukC3sjrz1iq4YFCC1i1mjevCusu2Bxsj sXXSYGHwM4Irre4ZVPBDBwr/9fOk6U44ufBDlHJ0UEIHzRBhgtXAaJbwObeZerfK+JL8sPdnZ3d/c q46L/pBLb1Q1ryF0Jvpcoxrd6xh1dUTBHztEB5ShyCvpCMm9wnBkofXLaLue8iTbUip83N6RioaSr qiD650XgknU4psI7iWvQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eMZjZ-0003ws-VN; Wed, 06 Dec 2017 13:27:33 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eMZjW-0003vk-4x for linux-arm-kernel@lists.infradead.org; Wed, 06 Dec 2017 13:27:31 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B47701529; Wed, 6 Dec 2017 05:27:09 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 840623F236; Wed, 6 Dec 2017 05:27:09 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 331941AE50C9; Wed, 6 Dec 2017 13:27:15 +0000 (GMT) Date: Wed, 6 Dec 2017 13:27:15 +0000 From: Will Deacon To: Ard Biesheuvel Subject: Re: [PATCH v3 20/20] arm64: kaslr: Put kernel vectors address in separate data page Message-ID: <20171206132714.GA31186@arm.com> References: <1512563739-25239-1-git-send-email-will.deacon@arm.com> <1512563739-25239-21-git-send-email-will.deacon@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171206_052730_246796_D75C1107 X-CRM114-Status: GOOD ( 16.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Catalin Marinas , Dave Hansen , Stephen Boyd , "linux-kernel@vger.kernel.org" , Mark Salter , "tglx@linutronix.de" , Laura Abbott , "linux-arm-kernel@lists.infradead.org" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Ard, On Wed, Dec 06, 2017 at 12:59:40PM +0000, Ard Biesheuvel wrote: > On 6 December 2017 at 12:35, Will Deacon wrote: > > The literal pool entry for identifying the vectors base is the only piece > > of information in the trampoline page that identifies the true location > > of the kernel. > > > > This patch moves it into its own page, which is only mapped by the full > > kernel page table, which protects against any accidental leakage of the > > trampoline contents. [...] > > @@ -1073,6 +1079,11 @@ END(tramp_exit_compat) > > > > .ltorg > > .popsection // .entry.tramp.text > > +#ifdef CONFIG_RANDOMIZE_BASE > > + .pushsection ".entry.tramp.data", "a" // .entry.tramp.data > > + .quad vectors > > + .popsection // .entry.tramp.data > > This does not need to be in a section of its own, and doesn't need to > be padded to a full page. > > If you just stick this in .rodata but align it to page size, you can > just map whichever page it ends up in into the TRAMP_DATA fixmap slot > (which is a r/o mapping anyway). You could then drop most of the > changes below. And actually, I'm not entirely sure whether it still > makes sense then to do this only for CONFIG_RANDOMIZE_BASE. Good point; I momentarily forgot this was in the kernel page table anyway. How about something like the diff below merged on top (so this basically undoes a bunch of the patch)? I'd prefer to keep the CONFIG_RANDOMIZE_BASE dependency, at least for now. Will --->8 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index a70c6dd2cc19..031392ee5f47 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -1080,9 +1080,12 @@ END(tramp_exit_compat) .ltorg .popsection // .entry.tramp.text #ifdef CONFIG_RANDOMIZE_BASE - .pushsection ".entry.tramp.data", "a" // .entry.tramp.data + .pushsection ".rodata", "a" + .align PAGE_SHIFT + .globl __entry_tramp_data_start +__entry_tramp_data_start: .quad vectors - .popsection // .entry.tramp.data + .popsection // .rodata #endif /* CONFIG_RANDOMIZE_BASE */ #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 976109b3ae51..27cf9be20a00 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -64,21 +64,8 @@ jiffies = jiffies_64; *(.entry.tramp.text) \ . = ALIGN(PAGE_SIZE); \ VMLINUX_SYMBOL(__entry_tramp_text_end) = .; -#ifdef CONFIG_RANDOMIZE_BASE -#define TRAMP_DATA \ - .entry.tramp.data : { \ - . = ALIGN(PAGE_SIZE); \ - VMLINUX_SYMBOL(__entry_tramp_data_start) = .; \ - *(.entry.tramp.data) \ - . = ALIGN(PAGE_SIZE); \ - VMLINUX_SYMBOL(__entry_tramp_data_end) = .; \ - } -#else -#define TRAMP_DATA -#endif /* CONFIG_RANDOMIZE_BASE */ #else #define TRAMP_TEXT -#define TRAMP_DATA #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ /* @@ -150,7 +137,6 @@ SECTIONS RO_DATA(PAGE_SIZE) /* everything from this point to */ EXCEPTION_TABLE(8) /* __init_begin will be marked RO NX */ NOTES - TRAMP_DATA . = ALIGN(SEGMENT_ALIGN); __init_begin = .; @@ -268,10 +254,6 @@ ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE, "Entry trampoline text too big") -#ifdef CONFIG_RANDOMIZE_BASE -ASSERT((__entry_tramp_data_end - __entry_tramp_data_start) == PAGE_SIZE, - "Entry trampoline data too big") -#endif #endif /* * If padding is applied before .head.text, virt<->phys conversions will fail.