[PATCH 2/2] arm64: efi: kaslr: Fix boot failure if efi_random_alloc() fails
Ard Biesheuvel
ardb at kernel.org
Tue Jul 20 05:57:39 PDT 2021
On Tue, 20 Jul 2021 at 13:14, Benjamin Herrenschmidt
<benh at kernel.crashing.org> wrote:
>
> If efi_random_alloc() fails, we still try to use EFI_KIMG_ALIGN
> instead of MIN_KIMG_ALIGN to check the kernel image alignment,
> which is incorrect, we need to fallback to MIN_KIMG_ALIGN (2M).
>
Why? Relocatable kernels can happily execute from any 64k aligned
address, and the PE/COFF header carries this value of 64k as the
minimum alignment.
> This removes the not-that-useful min_kimg_align helper and instead
> uses the appropriate aligment in the respective call sites:
>
> efi_random_alloc() always wants EFI_KIMG_ALIGN as this is only
> used when kaslr is on, and all other cases go into alignment
> check code which always need to check (and enforce) MIN_KIMG_ALIGN
>
> Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
> Fixes: 7c116db24d94 (efi/libstub/arm64: Retain 2MB kernel Image alignment if !KASLR)
> ---
> drivers/firmware/efi/libstub/arm64-stub.c | 27 ++++++++++-------------
> 1 file changed, 12 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
> index 7bf0a7acae5e..e264ff90ba03 100644
> --- a/drivers/firmware/efi/libstub/arm64-stub.c
> +++ b/drivers/firmware/efi/libstub/arm64-stub.c
> @@ -34,18 +34,6 @@ efi_status_t check_platform_features(void)
> return EFI_SUCCESS;
> }
>
> -/*
> - * Although relocatable kernels can fix up the misalignment with respect to
> - * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of
> - * sync with those recorded in the vmlinux when kaslr is disabled but the
> - * image required relocation anyway. Therefore retain 2M alignment unless
> - * KASLR is in use.
> - */
> -static u64 min_kimg_align(void)
> -{
> - return efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN;
> -}
> -
> efi_status_t handle_kernel_image(unsigned long *image_addr,
> unsigned long *image_size,
> unsigned long *reserve_addr,
> @@ -84,15 +72,24 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
> /*
> * If KASLR is enabled, and we have some randomness available,
> * locate the kernel at a randomized offset in physical memory.
> + *
> + * In that case, we don't need to preserve the 2M alignment
> */
> - status = efi_random_alloc(*reserve_size, min_kimg_align(),
> + status = efi_random_alloc(*reserve_size, EFI_KIMG_ALIGN,
> reserve_addr, phys_seed);
> } else {
> status = EFI_OUT_OF_RESOURCES;
> }
>
> if (status != EFI_SUCCESS) {
> - if (IS_ALIGNED((u64)_text, min_kimg_align())) {
> + /*
> + * Although relocatable kernels can fix up the misalignment with respect to
> + * MIN_KIMG_ALIGN, the resulting virtual text addresses are subtly out of
> + * sync with those recorded in the vmlinux when kaslr is disabled but the
> + * image required relocation anyway. Therefore retain 2M alignment unless
> + * KASLR is in use.
> + */
> + if (IS_ALIGNED((u64)_text, MIN_KIMG_ALIGN)) {
> /*
> * Just execute from wherever we were loaded by the
> * UEFI PE/COFF loader if the alignment is suitable.
> @@ -103,7 +100,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
> }
>
> status = efi_allocate_pages_aligned(*reserve_size, reserve_addr,
> - ULONG_MAX, min_kimg_align());
> + ULONG_MAX, MIN_KIMG_ALIGN);
>
> if (status != EFI_SUCCESS) {
> efi_err("Failed to relocate kernel\n");
>
>
>
More information about the linux-arm-kernel
mailing list