From patchwork Mon Aug 14 12:54:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9898875 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1110B602BA for ; Mon, 14 Aug 2017 13:00:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0281F28602 for ; Mon, 14 Aug 2017 13:00:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EB12228650; Mon, 14 Aug 2017 13:00:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id ED8A028602 for ; Mon, 14 Aug 2017 13:00:31 +0000 (UTC) Received: (qmail 30664 invoked by uid 550); 14 Aug 2017 12:56:22 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 28627 invoked from network); 14 Aug 2017 12:56:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=yseLJOwsBNxz3hyxp7tn+nNSNWEF2jbwlBWUezg0ahw=; b=QMN2/VMp0iU9G0XzKokOcF1mWdw4s+Wn/+p24HGYd5p5vdLk2A3NHySZyNpaaPWx7f wYVLPUlNlTDvDBuo5lKddpgfJd/X1y6mpBLgyyBDm/vdOFIG42E+peyoBrYV/WU5FA9L JJ2hZOhsxG5lW+MVjgERt7nHNKelp589DAsAA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=yseLJOwsBNxz3hyxp7tn+nNSNWEF2jbwlBWUezg0ahw=; b=n/GOASW2qDZCUNly0WWXbPDo01GMzu1r26Atua7bDSm7aWB4u2Ew96lLWyXjR9QZYg Mcaoef7cETjouBTDR+mAMAxdvGyBG9As/OAD8hoARSusSOlOhiVTxVyRohILD4niBtdc 9i6rLfLUPqjuIs8XKjkdQ2XlDI+wEzpdFnwwj/6uLPJOgh6E3+XrwZeuWyTQSBMiDPcH X7rDjyXzeQMxFMLRdMXB2TnljL16OsL8CYW6gJCxnYKNKOxqlNjjEb0L9pIfNjZ6BW8k cPCyZCr/mpdUI9eBM+jejj+oBZiqSXG2pKCWhLXZ/iLYHlFOyL46HEajRunqL4UoXoA5 UJGQ== X-Gm-Message-State: AHYfb5j5IR3V1+C9L+FeVJ0/nvPuGFuJzQ+3nlflIkxCg8AH97F/OYuK lW6eMXVJ1HACNAcHlAMe2w== X-Received: by 10.223.143.47 with SMTP id p44mr1540378wrb.120.1502715355266; Mon, 14 Aug 2017 05:55:55 -0700 (PDT) From: Ard Biesheuvel To: kernel-hardening@lists.openwall.com Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Arnd Bergmann , Nicolas Pitre , Russell King , Kees Cook , Thomas Garnier , Marc Zyngier , Mark Rutland , Tony Lindgren , Matt Fleming , Dave Martin Date: Mon, 14 Aug 2017 13:54:09 +0100 Message-Id: <20170814125411.22604-29-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170814125411.22604-1-ard.biesheuvel@linaro.org> References: <20170814125411.22604-1-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH 28/30] efi/libstub: check for vmalloc= command line argument X-Virus-Scanned: ClamAV using ClamSMTP Check for and record the presence of a vmalloc= argument on the kernel command line. We need this information on ARM systems when implementing KASLR, given that the size of the vmalloc region will affect the size of the lowmem region, therefore affecting the available randomization range as well. Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/efi-stub-helper.c | 9 +++++++++ drivers/firmware/efi/libstub/efistub.h | 1 + 2 files changed, 10 insertions(+) diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index b0184360efc6..f3e9d43030ac 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -34,6 +34,7 @@ static unsigned long __chunk_size = EFI_READ_CHUNK_SIZE; static int __section(.data) __nokaslr; static int __section(.data) __quiet; +static int __section(.data) __vmalloc_arg; int __pure nokaslr(void) { @@ -43,6 +44,10 @@ int __pure is_quiet(void) { return __quiet; } +int __pure have_vmalloc(void) +{ + return __vmalloc_arg; +} #define EFI_MMAP_NR_SLACK_SLOTS 8 @@ -433,6 +438,10 @@ efi_status_t efi_parse_options(char const *cmdline) if (str == cmdline || (str && str > cmdline && *(str - 1) == ' ')) __quiet = 1; + str = strstr(cmdline, "vmalloc="); + if (str == cmdline || (str && str > cmdline && *(str - 1) == ' ')) + __vmalloc_arg = 1; + /* * If no EFI parameters were specified on the cmdline we've got * nothing to do. diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 3a670a5f759f..aaf2aeb785ea 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -26,6 +26,7 @@ extern int __pure nokaslr(void); extern int __pure is_quiet(void); +extern int __pure have_vmalloc(void); #define pr_efi(sys_table, msg) do { \ if (!is_quiet()) efi_printk(sys_table, "EFI stub: "msg); \