[PATCH v5sub2 0/8] arm64: implement virtual KASLR
Ard Biesheuvel
ard.biesheuvel at linaro.org
Mon Feb 1 05:35:03 PST 2016
On 1 February 2016 at 14:09, Ard Biesheuvel <ard.biesheuvel at linaro.org> wrote:
> At the request of Catalin, this series has been split off from my series
> 'arm64: implement support for KASLR v4' [1]. This sub-series deals with
> creating a relocatable binary, and randomizing the virtual placement of
> the kernel itself, the modules and the linear region based on entropy
> supplied by the bootloader in the /chosen/kaslr-seed DT property.
>
> Changes since v4:
> - add randomization of the linear region, i.e., if the linear region is
> substantially larger than the space spanned by RAM, the mapping of RAM
> is moved to a random offset inside the linear region.
> - dropped the CRC check in kaslr_early_init(), since the only code that may
> modify .data through __fixmap_remap_fdt() is instrumentation that should
> deal with that correctly (For instance, the branch profiling records taken
> branches in structs allocated in .data, and these counts will not be reset
> to 0 between the first and the second call to __mmap_switched())
> - add Mark's ack to patch #4
>
NOTE: I have omitted the relative kallsyms and relative extable
patches, since they already queued in akpm's tree. However, while the
kallsyms patch is merely an optimization, the extable patches are in
fact required for correct operation, since the build time sorting does
not work on absolute extables (this is due to the fact that the
resolution of the relocations is deferred until runtime, and so the
extable addresses are all zero at sorting time)
http://ozlabs.org/~akpm/mmotm/broken-out/extable-add-support-for-relative-extables-to-search-and-sort-routines.patch
http://ozlabs.org/~akpm/mmotm/broken-out/arm64-switch-to-relative-exception-tables.patch
> Patch #1 adds support for resolving cross-module branches via veneers if the
> module is located too far from the target. This should not be necessary in the
> common case even with KASRL enabled, but since the space around the kernel image
> will no longer be strictly reserved for modules, there is a slight chance that
> the region may be exhausted, in which case modules will be moved further away
> from the kernel (and each other)
>
> Patches #2 and #3 deal with the fact that relocations of 64-bit values are
> deferred to runtime when building a PIE executable, and some values are required
> before the relocation routine executes (either in the code, or as an externally
> visible constant in the Image header)
>
> Patch #4 rehuffles asm/elf.h so we can use its preprocessor constants in head.S
>
> Patch #5 and #6 implement building vmlinux as a PIE (Position Independent
> Executable) binary, which is emitted with relocation information that is
> processed by the program itself in the early boot code.
>
> Patch #7 implements KASLR, i.e., CONFIG_RANDOMIZE_BASE for the core kernel and
> for the module region.
>
> Patch #8 implements KASLR for the linear region.
>
> [1] http://thread.gmane.org/gmane.linux.kernel/2135931
>
> Ard Biesheuvel (8):
> arm64: add support for module PLTs
> arm64: avoid R_AARCH64_ABS64 relocations for Image header fields
> arm64: avoid dynamic relocations in early boot code
> arm64: make asm/elf.h available to asm files
> scripts/sortextable: add support for ET_DYN binaries
> arm64: add support for building vmlinux as a relocatable PIE binary
> arm64: add support for kernel ASLR
> arm64: kaslr: randomize the linear region
>
> arch/arm64/Kconfig | 34 ++++
> arch/arm64/Makefile | 10 +-
> arch/arm64/include/asm/assembler.h | 11 ++
> arch/arm64/include/asm/elf.h | 24 ++-
> arch/arm64/include/asm/memory.h | 5 +-
> arch/arm64/include/asm/module.h | 11 ++
> arch/arm64/kernel/Makefile | 2 +
> arch/arm64/kernel/efi-entry.S | 2 +-
> arch/arm64/kernel/head.S | 128 +++++++++++--
> arch/arm64/kernel/image.h | 32 ++--
> arch/arm64/kernel/kaslr.c | 143 ++++++++++++++
> arch/arm64/kernel/module-plts.c | 201 ++++++++++++++++++++
> arch/arm64/kernel/module.c | 20 +-
> arch/arm64/kernel/module.lds | 3 +
> arch/arm64/kernel/setup.c | 29 +++
> arch/arm64/kernel/vmlinux.lds.S | 16 ++
> arch/arm64/mm/init.c | 22 ++-
> arch/arm64/mm/mmu.c | 33 +++-
> scripts/sortextable.c | 8 +-
> 19 files changed, 672 insertions(+), 62 deletions(-)
> create mode 100644 arch/arm64/kernel/kaslr.c
> create mode 100644 arch/arm64/kernel/module-plts.c
> create mode 100644 arch/arm64/kernel/module.lds
>
> --
> 2.5.0
>
More information about the linux-arm-kernel
mailing list