After multiple attempts, this patchset is now based on the fact that the
64b kernel mapping was moved outside the linear mapping.
The first patch allows to build relocatable kernels but is not selected
by default. That patch should ease KASLR implementation a lot.
The second and third patches take advantage of an already existing powerpc
script that checks relocations at compile-time, and uses it for riscv.
This patchset was tested on:
* kernel:
- rv32: OK
- rv64 with RELOCATABLE: OK and checked that "suspicious" relocations are caught.
- rv64 without RELOCATABLE: OK
- powerpc: build only and checked that "suspicious" relocations are caught.
* xipkernel:
- rv32: build only
- rv64: OK
* nommukernel:
- rv64: build only
Changes in v6:
* Remove the kernel move to vmalloc zone
* Rebased on top of for-next
* Remove relocatable property from 32b kernel as the kernel is mapped in
the linear mapping and would then need to be copied physically too
* CONFIG_RELOCATABLE depends on !XIP_KERNEL
* Remove Reviewed-by from first patch as it changed a bit
Changes in v5:
* Add "static __init" to create_kernel_page_table function as reported by
Kbuild test robot
* Add reviewed-by from Zong
* Rebase onto v5.7
Changes in v4:
* Fix BPF region that overlapped with kernel's as suggested by Zong
* Fix end of module region that could be larger than 2GB as suggested by Zong
* Fix the size of the vm area reserved for the kernel as we could lose
PMD_SIZE if the size was already aligned on PMD_SIZE
* Split compile time relocations check patch into 2 patches as suggested by Anup
* Applied Reviewed-by from Zong and Anup
Changes in v3:
* Move kernel mapping to vmalloc
Changes in v2:
* Make RELOCATABLE depend on MMU as suggested by Anup
* Rename kernel_load_addr into kernel_virt_addr as suggested by Anup
* Use __pa_symbol instead of __pa, as suggested by Zong
* Rebased on top of v5.6-rc3
* Tested with sv48 patchset
* Add Reviewed/Tested-by from Zong and Anup
Alexandre Ghiti (3):
riscv: Introduce CONFIG_RELOCATABLE
powerpc: Move script to check relocations at compile time in scripts/
riscv: Check relocations at compile time
arch/powerpc/tools/relocs_check.sh | 18 ++--------
arch/riscv/Kconfig | 12 +++++++
arch/riscv/Makefile | 5 ++-
arch/riscv/Makefile.postlink | 36 ++++++++++++++++++++
arch/riscv/kernel/vmlinux.lds.S | 6 ++++
arch/riscv/mm/Makefile | 4 +++
arch/riscv/mm/init.c | 53 +++++++++++++++++++++++++++++-
arch/riscv/tools/relocs_check.sh | 26 +++++++++++++++
scripts/relocs_check.sh | 20 +++++++++++
9 files changed, 162 insertions(+), 18 deletions(-)
create mode 100644 arch/riscv/Makefile.postlink
create mode 100755 arch/riscv/tools/relocs_check.sh
create mode 100755 scripts/relocs_check.sh
--
2.30.2
Relocating kernel at runtime is done very early in the boot process, so
it is not convenient to check for relocations there and react in case a
relocation was not expected.
There exists a script in scripts/ that extracts the relocations from
vmlinux that is then used at postlink to check the relocations.
Signed-off-by: Alexandre Ghiti <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
---
arch/riscv/Makefile.postlink | 36 ++++++++++++++++++++++++++++++++
arch/riscv/tools/relocs_check.sh | 26 +++++++++++++++++++++++
2 files changed, 62 insertions(+)
create mode 100644 arch/riscv/Makefile.postlink
create mode 100755 arch/riscv/tools/relocs_check.sh
diff --git a/arch/riscv/Makefile.postlink b/arch/riscv/Makefile.postlink
new file mode 100644
index 000000000000..bf2b2bca1845
--- /dev/null
+++ b/arch/riscv/Makefile.postlink
@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: GPL-2.0
+# ===========================================================================
+# Post-link riscv pass
+# ===========================================================================
+#
+# Check that vmlinux relocations look sane
+
+PHONY := __archpost
+__archpost:
+
+-include include/config/auto.conf
+include scripts/Kbuild.include
+
+quiet_cmd_relocs_check = CHKREL $@
+cmd_relocs_check = \
+ $(CONFIG_SHELL) $(srctree)/arch/riscv/tools/relocs_check.sh "$(OBJDUMP)" "$(NM)" "$@"
+
+# `@true` prevents complaint when there is nothing to be done
+
+vmlinux: FORCE
+ @true
+ifdef CONFIG_RELOCATABLE
+ $(call if_changed,relocs_check)
+endif
+
+%.ko: FORCE
+ @true
+
+clean:
+ @true
+
+PHONY += FORCE clean
+
+FORCE:
+
+.PHONY: $(PHONY)
diff --git a/arch/riscv/tools/relocs_check.sh b/arch/riscv/tools/relocs_check.sh
new file mode 100755
index 000000000000..baeb2e7b2290
--- /dev/null
+++ b/arch/riscv/tools/relocs_check.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Based on powerpc relocs_check.sh
+
+# This script checks the relocations of a vmlinux for "suspicious"
+# relocations.
+
+if [ $# -lt 3 ]; then
+ echo "$0 [path to objdump] [path to nm] [path to vmlinux]" 1>&2
+ exit 1
+fi
+
+bad_relocs=$(
+${srctree}/scripts/relocs_check.sh "$@" |
+ # These relocations are okay
+ # R_RISCV_RELATIVE
+ grep -F -w -v 'R_RISCV_RELATIVE'
+)
+
+if [ -z "$bad_relocs" ]; then
+ exit 0
+fi
+
+num_bad=$(echo "$bad_relocs" | wc -l)
+echo "WARNING: $num_bad bad relocations"
+echo "$bad_relocs"
--
2.30.2
Relocating kernel at runtime is done very early in the boot process, so
it is not convenient to check for relocations there and react in case a
relocation was not expected.
Powerpc architecture has a script that allows to check at compile time
for such unexpected relocations: extract the common logic to scripts/
so that other architectures can take advantage of it.
Signed-off-by: Alexandre Ghiti <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
---
arch/powerpc/tools/relocs_check.sh | 18 ++----------------
scripts/relocs_check.sh | 20 ++++++++++++++++++++
2 files changed, 22 insertions(+), 16 deletions(-)
create mode 100755 scripts/relocs_check.sh
diff --git a/arch/powerpc/tools/relocs_check.sh b/arch/powerpc/tools/relocs_check.sh
index 014e00e74d2b..e367895941ae 100755
--- a/arch/powerpc/tools/relocs_check.sh
+++ b/arch/powerpc/tools/relocs_check.sh
@@ -15,21 +15,8 @@ if [ $# -lt 3 ]; then
exit 1
fi
-# Have Kbuild supply the path to objdump and nm so we handle cross compilation.
-objdump="$1"
-nm="$2"
-vmlinux="$3"
-
-# Remove from the bad relocations those that match an undefined weak symbol
-# which will result in an absolute relocation to 0.
-# Weak unresolved symbols are of that form in nm output:
-# " w _binary__btf_vmlinux_bin_end"
-undef_weak_symbols=$($nm "$vmlinux" | awk '$1 ~ /w/ { print $2 }')
-
bad_relocs=$(
-$objdump -R "$vmlinux" |
- # Only look at relocation lines.
- grep -E '\<R_' |
+${srctree}/scripts/relocs_check.sh "$@" |
# These relocations are okay
# On PPC64:
# R_PPC64_RELATIVE, R_PPC64_NONE
@@ -43,8 +30,7 @@ R_PPC_ADDR16_LO
R_PPC_ADDR16_HI
R_PPC_ADDR16_HA
R_PPC_RELATIVE
-R_PPC_NONE' |
- ([ "$undef_weak_symbols" ] && grep -F -w -v "$undef_weak_symbols" || cat)
+R_PPC_NONE'
)
if [ -z "$bad_relocs" ]; then
diff --git a/scripts/relocs_check.sh b/scripts/relocs_check.sh
new file mode 100755
index 000000000000..137c660499f3
--- /dev/null
+++ b/scripts/relocs_check.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Get a list of all the relocations, remove from it the relocations
+# that are known to be legitimate and return this list to arch specific
+# script that will look for suspicious relocations.
+
+objdump="$1"
+nm="$2"
+vmlinux="$3"
+
+# Remove from the possible bad relocations those that match an undefined
+# weak symbol which will result in an absolute relocation to 0.
+# Weak unresolved symbols are of that form in nm output:
+# " w _binary__btf_vmlinux_bin_end"
+undef_weak_symbols=$($nm "$vmlinux" | awk '$1 ~ /w/ { print $2 }')
+
+$objdump -R "$vmlinux" |
+ grep -E '\<R_' |
+ ([ "$undef_weak_symbols" ] && grep -F -w -v "$undef_weak_symbols" || cat)
--
2.30.2
Le 18/05/2021 ? 12:12, Alexandre Ghiti a ?crit?:
> After multiple attempts, this patchset is now based on the fact that the
> 64b kernel mapping was moved outside the linear mapping.
>
> The first patch allows to build relocatable kernels but is not selected
> by default. That patch should ease KASLR implementation a lot.
> The second and third patches take advantage of an already existing powerpc
> script that checks relocations at compile-time, and uses it for riscv.
@Palmer, any thought about that? There are no users for now, do you want
to wait for a KASLR implementation to use it before merging this? If so,
I can work on a KASLR implementation based on older implementation from
Zong.
Thanks,
>
> This patchset was tested on:
>
> * kernel:
> - rv32: OK
> - rv64 with RELOCATABLE: OK and checked that "suspicious" relocations are caught.
> - rv64 without RELOCATABLE: OK
> - powerpc: build only and checked that "suspicious" relocations are caught.
>
> * xipkernel:
> - rv32: build only
> - rv64: OK
>
> * nommukernel:
> - rv64: build only
>
> Changes in v6:
> * Remove the kernel move to vmalloc zone
> * Rebased on top of for-next
> * Remove relocatable property from 32b kernel as the kernel is mapped in
> the linear mapping and would then need to be copied physically too
> * CONFIG_RELOCATABLE depends on !XIP_KERNEL
> * Remove Reviewed-by from first patch as it changed a bit
>
> Changes in v5:
> * Add "static __init" to create_kernel_page_table function as reported by
> Kbuild test robot
> * Add reviewed-by from Zong
> * Rebase onto v5.7
>
> Changes in v4:
> * Fix BPF region that overlapped with kernel's as suggested by Zong
> * Fix end of module region that could be larger than 2GB as suggested by Zong
> * Fix the size of the vm area reserved for the kernel as we could lose
> PMD_SIZE if the size was already aligned on PMD_SIZE
> * Split compile time relocations check patch into 2 patches as suggested by Anup
> * Applied Reviewed-by from Zong and Anup
>
> Changes in v3:
> * Move kernel mapping to vmalloc
>
> Changes in v2:
> * Make RELOCATABLE depend on MMU as suggested by Anup
> * Rename kernel_load_addr into kernel_virt_addr as suggested by Anup
> * Use __pa_symbol instead of __pa, as suggested by Zong
> * Rebased on top of v5.6-rc3
> * Tested with sv48 patchset
> * Add Reviewed/Tested-by from Zong and Anup
>
> Alexandre Ghiti (3):
> riscv: Introduce CONFIG_RELOCATABLE
> powerpc: Move script to check relocations at compile time in scripts/
> riscv: Check relocations at compile time
>
> arch/powerpc/tools/relocs_check.sh | 18 ++--------
> arch/riscv/Kconfig | 12 +++++++
> arch/riscv/Makefile | 5 ++-
> arch/riscv/Makefile.postlink | 36 ++++++++++++++++++++
> arch/riscv/kernel/vmlinux.lds.S | 6 ++++
> arch/riscv/mm/Makefile | 4 +++
> arch/riscv/mm/init.c | 53 +++++++++++++++++++++++++++++-
> arch/riscv/tools/relocs_check.sh | 26 +++++++++++++++
> scripts/relocs_check.sh | 20 +++++++++++
> 9 files changed, 162 insertions(+), 18 deletions(-)
> create mode 100644 arch/riscv/Makefile.postlink
> create mode 100755 arch/riscv/tools/relocs_check.sh
> create mode 100755 scripts/relocs_check.sh
>
On Thu, 17 Jun 2021 06:33:48 PDT (-0700), [email protected] wrote:
> Le 18/05/2021 à 12:12, Alexandre Ghiti a écrit :
>> After multiple attempts, this patchset is now based on the fact that the
>> 64b kernel mapping was moved outside the linear mapping.
>>
>> The first patch allows to build relocatable kernels but is not selected
>> by default. That patch should ease KASLR implementation a lot.
>> The second and third patches take advantage of an already existing powerpc
>> script that checks relocations at compile-time, and uses it for riscv.
>
> @Palmer, any thought about that? There are no users for now, do you want
> to wait for a KASLR implementation to use it before merging this? If so,
> I can work on a KASLR implementation based on older implementation from
> Zong.
Sorry, I must have missed this patch set the first time through. I
don't see any reason to wait for KASLR before taking support for
relocatable kernels, as relocatable kernelsa are useful on their own.
I'm not sure I'll have time to look at this for this cycle, but I'll try
to find some time to given that it was posted a while ago.
>
> Thanks,
>
>>
>> This patchset was tested on:
>>
>> * kernel:
>> - rv32: OK
>> - rv64 with RELOCATABLE: OK and checked that "suspicious" relocations are caught.
>> - rv64 without RELOCATABLE: OK
>> - powerpc: build only and checked that "suspicious" relocations are caught.
>>
>> * xipkernel:
>> - rv32: build only
>> - rv64: OK
>>
>> * nommukernel:
>> - rv64: build only
>>
>> Changes in v6:
>> * Remove the kernel move to vmalloc zone
>> * Rebased on top of for-next
>> * Remove relocatable property from 32b kernel as the kernel is mapped in
>> the linear mapping and would then need to be copied physically too
>> * CONFIG_RELOCATABLE depends on !XIP_KERNEL
>> * Remove Reviewed-by from first patch as it changed a bit
>>
>> Changes in v5:
>> * Add "static __init" to create_kernel_page_table function as reported by
>> Kbuild test robot
>> * Add reviewed-by from Zong
>> * Rebase onto v5.7
>>
>> Changes in v4:
>> * Fix BPF region that overlapped with kernel's as suggested by Zong
>> * Fix end of module region that could be larger than 2GB as suggested by Zong
>> * Fix the size of the vm area reserved for the kernel as we could lose
>> PMD_SIZE if the size was already aligned on PMD_SIZE
>> * Split compile time relocations check patch into 2 patches as suggested by Anup
>> * Applied Reviewed-by from Zong and Anup
>>
>> Changes in v3:
>> * Move kernel mapping to vmalloc
>>
>> Changes in v2:
>> * Make RELOCATABLE depend on MMU as suggested by Anup
>> * Rename kernel_load_addr into kernel_virt_addr as suggested by Anup
>> * Use __pa_symbol instead of __pa, as suggested by Zong
>> * Rebased on top of v5.6-rc3
>> * Tested with sv48 patchset
>> * Add Reviewed/Tested-by from Zong and Anup
>>
>> Alexandre Ghiti (3):
>> riscv: Introduce CONFIG_RELOCATABLE
>> powerpc: Move script to check relocations at compile time in scripts/
>> riscv: Check relocations at compile time
>>
>> arch/powerpc/tools/relocs_check.sh | 18 ++--------
>> arch/riscv/Kconfig | 12 +++++++
>> arch/riscv/Makefile | 5 ++-
>> arch/riscv/Makefile.postlink | 36 ++++++++++++++++++++
>> arch/riscv/kernel/vmlinux.lds.S | 6 ++++
>> arch/riscv/mm/Makefile | 4 +++
>> arch/riscv/mm/init.c | 53 +++++++++++++++++++++++++++++-
>> arch/riscv/tools/relocs_check.sh | 26 +++++++++++++++
>> scripts/relocs_check.sh | 20 +++++++++++
>> 9 files changed, 162 insertions(+), 18 deletions(-)
>> create mode 100644 arch/riscv/Makefile.postlink
>> create mode 100755 arch/riscv/tools/relocs_check.sh
>> create mode 100755 scripts/relocs_check.sh
>>