Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S965797AbbD1MJX (ORCPT <rfc822;w@1wt.eu>);
	Tue, 28 Apr 2015 08:09:23 -0400
Received: from mx1.redhat.com ([209.132.183.28]:58420 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S965518AbbD1MJU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 28 Apr 2015 08:09:20 -0400
Date: Tue, 28 Apr 2015 07:09:02 -0500
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Jiri Kosina <jkosina@suse.cz>
Cc: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
        Kees Cook <keescook@chromium.org>, Seth Jennings <sjenning@redhat.com>,
        Vojtech Pavlik <vojtech@suse.cz>, linux-kernel@vger.kernel.org,
        live-patching@vger.kernel.org
Subject: Re: [PATCH 2/2] livepatch: x86: make kASLR logic more accurate
Message-ID: <20150428120902.GB16487@treble.redhat.com>
References: <alpine.LNX.2.00.1504271327220.16113@pobox.suse.cz>
 <alpine.LNX.2.00.1504271335020.16113@pobox.suse.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <alpine.LNX.2.00.1504271335020.16113@pobox.suse.cz>
User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2457
Lines: 66

On Mon, Apr 27, 2015 at 04:28:58PM +0200, Jiri Kosina wrote:
> We give up old_addr hint from the coming patch module in cases when kernel 
> load base has been randomized (as in such case, the coming module has no 
> idea about the exact randomization offset).
> 
> We are currently too pessimistic, and give up immediately as soon as 
> CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the 
> load base has actually been randomized. There are config options that 
> disable kASLR (such as hibernation), user could have disabled kaslr on 
> kernel command-line, etc.
> 
> The loader propagates the information whether kernel has been randomized 
> through bootparams. This allows us to have the condition more accurate.
> 
> On top of that, it seems unnecessary to give up old_addr hints even if 
> randomization is active. The relocation offset can be computed using 
> kaslr_ofsset(), and therefore old_addr can be adjusted accordingly.
> 
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>

> ---
>  arch/x86/include/asm/livepatch.h | 1 +
>  kernel/livepatch/core.c          | 5 +++--
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
> index 2d29197..19c099a 100644
> --- a/arch/x86/include/asm/livepatch.h
> +++ b/arch/x86/include/asm/livepatch.h
> @@ -21,6 +21,7 @@
>  #ifndef _ASM_X86_LIVEPATCH_H
>  #define _ASM_X86_LIVEPATCH_H
>  
> +#include <asm/setup.h>
>  #include <linux/module.h>
>  #include <linux/ftrace.h>
>  
> diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> index 284e269..0e7c23c 100644
> --- a/kernel/livepatch/core.c
> +++ b/kernel/livepatch/core.c
> @@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj,
>  	int ret;
>  
>  #if defined(CONFIG_RANDOMIZE_BASE)
> -	/* KASLR is enabled, disregard old_addr from user */
> -	func->old_addr = 0;
> +	/* If KASLR has been enabled, adjust old_addr accordingly */
> +	if (kaslr_enabled() && func->old_addr)
> +		func->old_addr += kaslr_offset();
>  #endif
>  
>  	if (!func->old_addr || klp_is_module(obj))
> -- 
> Jiri Kosina
> SUSE Labs

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/