From patchwork Sun Sep 3 12:07:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9936183 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5B12D6037D for ; Sun, 3 Sep 2017 12:14:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4D28A26E96 for ; Sun, 3 Sep 2017 12:14:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4174E27F4B; Sun, 3 Sep 2017 12:14:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3E55E27B81 for ; Sun, 3 Sep 2017 12:14:40 +0000 (UTC) Received: (qmail 20362 invoked by uid 550); 3 Sep 2017 12:09:56 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 20249 invoked from network); 3 Sep 2017 12:09:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=yseLJOwsBNxz3hyxp7tn+nNSNWEF2jbwlBWUezg0ahw=; b=EH+i911RsIllFVyWdIyBS2HqT3agI2+nBBeMOU6j43lhSIo1m40KzVeBZ8Gj2QVBCA CkcK2f6vJa7ONEp8+z2Kqr6fCutVYEGmY9Ir96rbVa+8C+GSFbo9SfIEucgAevcz3fEI 2iGB1k5nDL/YuKpJxhUTZ0+3+eV8cVhy4PfOA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=yseLJOwsBNxz3hyxp7tn+nNSNWEF2jbwlBWUezg0ahw=; b=STUvfpyN+ot/3MHBCnlyogsDIcejdx5RbBGbPguxx6iTy2GfkRD2LywCnoqaA8jc7V FTl4Ht29Uwl4BtAJbuz8rfbeXvps5ssdJ6lbg3PlvwVHcLyIHTfO8vgrpbyPavamcQbX 2gDHdF6d0fEIC4PWeIGPI+qe0pTevVLDF65t/idTW9Qr1y2vm5CW6ixaGna6QgVuvIb0 E/AVwBEpuysVt3F7z7sTUUT6B50nbQMB8s2xpAnJCJpUGN+zVLpOUOKMIH+Oa52rbKgP sMrnqKHQ0z7Dl/icGuRrB7AHRNhtn9ZF+ZFuIIsPg4u6QAOQeQKOaHZPm5q7yhXbKplO LQmA== X-Gm-Message-State: AHPjjUgm4G1sYQjMshw5l8PLA5wGFCfNUPByiNaBo2nah8G623aedLKE uxHL2scEweD/YE6Z X-Google-Smtp-Source: ADKCNb56ksOK68P6pkboQGvlvi5MWfNVL5ORT0i5yRpcOyb2zeusZuyS8PwBR87QXrwdBJkf6yvyjg== X-Received: by 10.28.236.67 with SMTP id k64mr2083330wmh.146.1504440583779; Sun, 03 Sep 2017 05:09:43 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com Cc: Ard Biesheuvel , Arnd Bergmann , Nicolas Pitre , Russell King , Kees Cook , Thomas Garnier , Marc Zyngier , Mark Rutland , Tony Lindgren , Matt Fleming , Dave Martin Date: Sun, 3 Sep 2017 13:07:56 +0100 Message-Id: <20170903120757.14968-29-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170903120757.14968-1-ard.biesheuvel@linaro.org> References: <20170903120757.14968-1-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v2 28/29] efi/libstub: check for vmalloc= command line argument X-Virus-Scanned: ClamAV using ClamSMTP Check for and record the presence of a vmalloc= argument on the kernel command line. We need this information on ARM systems when implementing KASLR, given that the size of the vmalloc region will affect the size of the lowmem region, therefore affecting the available randomization range as well. Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/efi-stub-helper.c | 9 +++++++++ drivers/firmware/efi/libstub/efistub.h | 1 + 2 files changed, 10 insertions(+) diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index b0184360efc6..f3e9d43030ac 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -34,6 +34,7 @@ static unsigned long __chunk_size = EFI_READ_CHUNK_SIZE; static int __section(.data) __nokaslr; static int __section(.data) __quiet; +static int __section(.data) __vmalloc_arg; int __pure nokaslr(void) { @@ -43,6 +44,10 @@ int __pure is_quiet(void) { return __quiet; } +int __pure have_vmalloc(void) +{ + return __vmalloc_arg; +} #define EFI_MMAP_NR_SLACK_SLOTS 8 @@ -433,6 +438,10 @@ efi_status_t efi_parse_options(char const *cmdline) if (str == cmdline || (str && str > cmdline && *(str - 1) == ' ')) __quiet = 1; + str = strstr(cmdline, "vmalloc="); + if (str == cmdline || (str && str > cmdline && *(str - 1) == ' ')) + __vmalloc_arg = 1; + /* * If no EFI parameters were specified on the cmdline we've got * nothing to do. diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 3a670a5f759f..aaf2aeb785ea 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -26,6 +26,7 @@ extern int __pure nokaslr(void); extern int __pure is_quiet(void); +extern int __pure have_vmalloc(void); #define pr_efi(sys_table, msg) do { \ if (!is_quiet()) efi_printk(sys_table, "EFI stub: "msg); \