Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S964901AbbD0O3B (ORCPT <rfc822;w@1wt.eu>);
	Mon, 27 Apr 2015 10:29:01 -0400
Received: from cantor2.suse.de ([195.135.220.15]:34118 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932764AbbD0O3A (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 27 Apr 2015 10:29:00 -0400
Date: Mon, 27 Apr 2015 16:28:58 +0200 (CEST)
From: Jiri Kosina <jkosina@suse.cz>
To: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
        Kees Cook <keescook@chromium.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Seth Jennings <sjenning@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>
cc: linux-kernel@vger.kernel.org, live-patching@vger.kernel.org
Subject: [PATCH 2/2] livepatch: x86: make kASLR logic more accurate
In-Reply-To: <alpine.LNX.2.00.1504271327220.16113@pobox.suse.cz>
Message-ID: <alpine.LNX.2.00.1504271335020.16113@pobox.suse.cz>
References: <alpine.LNX.2.00.1504271327220.16113@pobox.suse.cz>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2229
Lines: 59

We give up old_addr hint from the coming patch module in cases when kernel 
load base has been randomized (as in such case, the coming module has no 
idea about the exact randomization offset).

We are currently too pessimistic, and give up immediately as soon as 
CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the 
load base has actually been randomized. There are config options that 
disable kASLR (such as hibernation), user could have disabled kaslr on 
kernel command-line, etc.

The loader propagates the information whether kernel has been randomized 
through bootparams. This allows us to have the condition more accurate.

On top of that, it seems unnecessary to give up old_addr hints even if 
randomization is active. The relocation offset can be computed using 
kaslr_ofsset(), and therefore old_addr can be adjusted accordingly.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
 arch/x86/include/asm/livepatch.h | 1 +
 kernel/livepatch/core.c          | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
index 2d29197..19c099a 100644
--- a/arch/x86/include/asm/livepatch.h
+++ b/arch/x86/include/asm/livepatch.h
@@ -21,6 +21,7 @@
 #ifndef _ASM_X86_LIVEPATCH_H
 #define _ASM_X86_LIVEPATCH_H
 
+#include <asm/setup.h>
 #include <linux/module.h>
 #include <linux/ftrace.h>
 
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 284e269..0e7c23c 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj,
 	int ret;
 
 #if defined(CONFIG_RANDOMIZE_BASE)
-	/* KASLR is enabled, disregard old_addr from user */
-	func->old_addr = 0;
+	/* If KASLR has been enabled, adjust old_addr accordingly */
+	if (kaslr_enabled() && func->old_addr)
+		func->old_addr += kaslr_offset();
 #endif
 
 	if (!func->old_addr || klp_is_module(obj))
-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/