From patchwork Mon Aug 14 12:54:07 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 9898859
Return-Path: 
 <kernel-hardening-return-9380-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	32DCE602BA for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 25CF5206AC
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 18A9428606; Mon, 14 Aug 2017 12:59:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 02E73206AC
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 14 Aug 2017 12:59:31 +0000 (UTC)
Received: (qmail 29935 invoked by uid 550); 14 Aug 2017 12:56:10 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 28098 invoked from network); 14 Aug 2017 12:56:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=5q/wj7YznIF1e4wmw6GL1W1vC0356FmK0gc6LtB+1ss=;
	b=hc409M571TdMdElGE9n2asZspYHBFRBMd8TWTx+xUwUK233oYrg25MTpCD9RxXFZPS
	e3u7r0XDeqUWsseV4tYxlhTPw4BcmtGDSt/duO2DJ+5PUVccr7SvDcSnFA93vhCSpZAn
	3SHBksnAct5ZX62ZBFLmpqtunDr+eQzo4bOpc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=5q/wj7YznIF1e4wmw6GL1W1vC0356FmK0gc6LtB+1ss=;
	b=VEJtILsusYDJbliWygllaQk/5o0+n+qCl0CcZDGpntT1+0GFDcWmgbpjstfB62d2Dn
	9LnzYOQ0sgqwXEELsh2VEQdpx/HBBCON/fpiSGGZBjkfu0R6Ach7qBnp22HCqRhBiRak
	BviGg7QY4GmwNAJHFKmxTAR5KIqfEoNo71WymNdgWuIJxEQoFE97yICi+653rep5o12y
	mQOmfGMX6cbjatN0sEBw6peBPWfgSFdGuy6oD5Or/zEJkdM3hh/GsNI9yEMZp5LEzgw9
	MN6BbYdHWo19HmKZGq42SUWbESi2BQH95qz7FXcl367VvgykUZAoNjimcM1T3Crb5MK8
	0sWQ==
X-Gm-Message-State: AHYfb5gnAikBScYbxARPyPIoL5YUzW2m0sH+dDcyVdaDIlvP1Hs0VPHy
	WzXeSMhnDh7FYMSZg2TMdw==
X-Received: by 10.28.60.11 with SMTP id j11mr4105978wma.47.1502715349987;
	Mon, 14 Aug 2017 05:55:49 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: kernel-hardening@lists.openwall.com
Cc: linux-arm-kernel@lists.infradead.org,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Arnd Bergmann <arnd@arndb.de>, Nicolas Pitre <nico@linaro.org>,
	Russell King <linux@armlinux.org.uk>, Kees Cook <keescook@chromium.org>,
	Thomas Garnier <thgarnie@google.com>,
	Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
	Tony Lindgren <tony@atomide.com>,
	Matt Fleming <matt@codeblueprint.co.uk>,
	Dave Martin <dave.martin@arm.com>
Date: Mon, 14 Aug 2017 13:54:07 +0100
Message-Id: <20170814125411.22604-27-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170814125411.22604-1-ard.biesheuvel@linaro.org>
References: <20170814125411.22604-1-ard.biesheuvel@linaro.org>
Subject: [kernel-hardening] [PATCH 26/30] ARM: decompressor: add KASLR
	support
X-Virus-Scanned: ClamAV using ClamSMTP

Add support to the decompressor to load the kernel at a randomized
offset, and invoke the kernel proper while passing on the information
about the offset at which the kernel was loaded.

This implementation was created with the UEFI stub in mind (which has
a rich execution environment that provides access to the platforms
random number generators), which will assign the kaslr_offset variable
directly. However, to allow other bootloaders to use this facility,
the KASLR offset is exposed via a zImage header field as well.

Cc: Russell King <linux@armlinux.org.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/boot/compressed/head.S |  8 ++++++
 arch/arm/include/asm/zimage.h   | 30 ++++++++++++++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index e451738d8954..7111a2cbef95 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -200,6 +200,10 @@ not_angel:
 		 */
 		mov	r4, pc
 		and	r4, r4, #0xf8000000
+#ifdef CONFIG_RANDOMIZE_BASE
+		ldr_l	r0, kaslr_offset
+		add	r4, r4, r0
+#endif
 		/* Determine final kernel image address. */
 		add	r4, r4, #TEXT_OFFSET
 #else
@@ -1353,6 +1357,10 @@ __hyp_reentry_vectors:
 
 __enter_kernel:
 		mov	r0, #0			@ must be 0
+#ifdef CONFIG_RANDOMIZE_BASE
+		ldr_l	r3, kaslr_offset
+		add	r4, r4, #4		@ skip first instruction
+#endif
  ARM(		mov	pc, r4		)	@ call kernel
  M_CLASS(	add	r4, r4, #1	)	@ enter in Thumb mode for M class
  THUMB(		bx	r4		)	@ entry point is always ARM for A/R classes
diff --git a/arch/arm/include/asm/zimage.h b/arch/arm/include/asm/zimage.h
index ff65cc3bb716..554a48ddcfd8 100644
--- a/arch/arm/include/asm/zimage.h
+++ b/arch/arm/include/asm/zimage.h
@@ -10,10 +10,15 @@
 #ifndef __ASM_ZIMAGE_H
 #define __ASM_ZIMAGE_H
 
+#include <asm/pgtable.h>
+
 #define ZIMAGE_HEADER_MAGIC		0x016f2818
 #define ZIMAGE_OPTIONAL_HEADER_MAGIC	0xe7fedef0
 
-#if defined(__ASSEMBLY__) && !defined(LINKER_SCRIPT)
+#define ZIMAGE_OPT_HDR_ID_KASLR		0x1
+
+#ifndef LINKER_SCRIPT
+#ifdef __ASSEMBLY__
 
 	.macro		__ZIMAGE_HEADER
 	.word		_magic_sig	@ Magic numbers to help the loader
@@ -31,9 +36,30 @@
 	 * Each header starts with a u16[2] containing id and size of the
 	 * entire header, including the u16[] itself.
 	 */
+
+#ifdef CONFIG_RANDOMIZE_BASE
+0:	.short		ZIMAGE_OPT_HDR_ID_KASLR
+	.short		__kaslr_hdr_size
+
+	/*
+	 * The KASLR header carries the information needed by the bootloader
+	 * to choose a randomization offset, and record it in the offset
+	 * field below.
+	 */
+ENTRY(kaslr_offset)
+	.long		0				@ kaslr offset
+	.long		CONFIG_PAGE_OFFSET		@ page offset
+	.long		VMALLOC_DEFAULT_BASE		@ start of vmalloc area
+	.long		SECTION_SIZE			@ kaslr granularity
+	.set		__kaslr_hdr_size, . - 0b
+#endif
+
 	.long		0xffffffff	@ end of optional headers
 	.popsection
 	.endm
 
-#endif
+#else /* __ASSEMBLY__ */
+extern u32 kaslr_offset;
+#endif /* __ASSEMBLY__ */
+#endif /* LINKER_SCRIPT */
 #endif