[PATCH 0/2] Add support to relocate kernel image to mirrored region

mawupeng mawupeng1 at huawei.com
Mon May 23 04:48:33 PDT 2022 


在 2022/5/20 14:52, Ard Biesheuvel 写道:
> On Fri, 20 May 2022 at 08:52, Ard Biesheuvel <ardb at kernel.org> wrote:
>>
>> On Thu, 19 May 2022 at 13:09, mawupeng <mawupeng1 at huawei.com> wrote:
>>>
>>>
>>>
>>> 在 2022/5/7 17:28, mawupeng 写道:
>>>>
>>>>
>>>> 在 2022/5/3 17:58, Ard Biesheuvel 写道:
>>>>> On Tue, 19 Apr 2022 at 08:43, Wupeng Ma <mawupeng1 at huawei.com> wrote:
>>>>>>
>>>>>> From: Ma Wupeng <mawupeng1 at huawei.com>
>>>>>>
>>>>>> Now system image will perfer to be located to mirrored regions both KASLR
>>>>>> on and off.
>>>>>>
>>>>>
>>>>> Hello Ma Wupeng,
>>>>>
>>>>> I wonder if we could simplify this as follows:
>>>>> - ignore the non-KASLR case for now, and rely on the bootloader  > load the image into mirrored memory if it exists;
>>>>
>>>> In grub, memory for static image is allocated via the following path:
>>>>
>>>> grub_cmd_linux
>>>>     kernel = grub_malloc(filelen)
>>>>     kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages)
>>>>     grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size))
>>>>      grub_loader_set (grub_linux_boot, grub_linux_unload, 0)
>>>>
>>>> Can we get memory from mirrored region by the following steps:
>>>> 1. get memory map by calling grub_efi_get_memory_map()
>>>> 2. iter all memory map to find a suitable mirrored memory area
>>>> 3. locate kernel image to this area
>>>>
>>>> So, if kaslr is not enabled
>>>>    - grub will load kernel into mirrored region
>>>> else
>>>>    - arm64-stub.c will relocate kernel image to mirrored region
>>>>
>>>> Is this feasible?
>>>
>>> Is this a feasible proposal to relocate the static kernel image itself
>>> into more reliable memory?
>>>
>>
>> I'm not sure, it all depends on the firmware.
>>
>> When GRUB calls LoadImage(), the firmware will reallocate the image
>> and unpack it there. So it is really the firmware's job to ensure that
>> the image is loaded into a suitable location.
>>
>> I have some code here that implements a EFI based decompressor, and
>> which loads the kernel image into mirrored memory if it exists,
>> without the need to move it again. It could trivially be modified to
>> deal with non-randomized loads as well.
>>
> 
> Code is here
> https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=efi-decompressor-v2

I will test this later.

Thanks.

> .

More information about the linux-arm-kernel mailing list