Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752818AbcDVJsV (ORCPT <rfc822;w@1wt.eu>);
	Fri, 22 Apr 2016 05:48:21 -0400
Received: from terminus.zytor.com ([198.137.202.10]:36780 "EHLO
	terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751736AbcDVJsS (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 22 Apr 2016 05:48:18 -0400
Date: Fri, 22 Apr 2016 02:47:06 -0700
From: tip-bot for Kees Cook <tipbot@zytor.com>
Message-ID: <tip-0f8ede1b8c4cb845c53072d7e49d71ca24a61ced@git.kernel.org>
Cc: bp@suse.de, dvlasenk@redhat.com, bp@alien8.de, bhe@redhat.com,
        peterz@infradead.org, luto@amacapital.net, akpm@linux-foundation.org,
        keescook@chromium.org, mingo@kernel.org, linux-kernel@vger.kernel.org,
        dvyukov@google.com, tglx@linutronix.de, aryabinin@virtuozzo.com,
        jpoimboe@redhat.com, hpa@zytor.com, luto@kernel.org,
        torvalds@linux-foundation.org, yinghai@kernel.org, hjl.tools@gmail.com,
        brgerst@gmail.com
Reply-To: brgerst@gmail.com, yinghai@kernel.org, hjl.tools@gmail.com,
        luto@kernel.org, torvalds@linux-foundation.org, hpa@zytor.com,
        jpoimboe@redhat.com, aryabinin@virtuozzo.com, tglx@linutronix.de,
        dvyukov@google.com, linux-kernel@vger.kernel.org, mingo@kernel.org,
        keescook@chromium.org, akpm@linux-foundation.org, luto@amacapital.net,
        peterz@infradead.org, bhe@redhat.com, dvlasenk@redhat.com,
        bp@alien8.de, bp@suse.de
In-Reply-To: <1461185746-8017-6-git-send-email-keescook@chromium.org>
References: <1461185746-8017-6-git-send-email-keescook@chromium.org>
To: linux-tip-commits@vger.kernel.org
Subject: [tip:x86/boot] x86/KASLR: Warn when KASLR is disabled
Git-Commit-ID: 0f8ede1b8c4cb845c53072d7e49d71ca24a61ced
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot.git.kernel.org>
Robot-Unsubscribe: Contact <mailto:hpa@kernel.org> to get blacklisted from
 these emails
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3727
Lines: 106

Commit-ID:  0f8ede1b8c4cb845c53072d7e49d71ca24a61ced
Gitweb:     http://git.kernel.org/tip/0f8ede1b8c4cb845c53072d7e49d71ca24a61ced
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Wed, 20 Apr 2016 13:55:46 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 22 Apr 2016 10:00:51 +0200

x86/KASLR: Warn when KASLR is disabled

If KASLR is built in but not available at run-time (either due to the
current conflict with hibernation, command-line request, or e820 parsing
failures), announce the state explicitly. To support this, a new "warn"
function is created, based on the existing "error" function.

Suggested-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: H.J. Lu <hjl.tools@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Link: http://lkml.kernel.org/r/1461185746-8017-6-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/boot/compressed/kaslr.c |  6 +++---
 arch/x86/boot/compressed/misc.c  | 12 +++++++++---
 arch/x86/boot/compressed/misc.h  |  1 +
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 3ad71a0..8741a6d 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -314,12 +314,12 @@ unsigned char *choose_random_location(unsigned char *input,
 
 #ifdef CONFIG_HIBERNATION
 	if (!cmdline_find_option_bool("kaslr")) {
-		debug_putstr("KASLR disabled by default...\n");
+		warn("KASLR disabled: 'kaslr' not on cmdline (hibernation selected).");
 		goto out;
 	}
 #else
 	if (cmdline_find_option_bool("nokaslr")) {
-		debug_putstr("KASLR disabled by cmdline...\n");
+		warn("KASLR disabled: 'nokaslr' on cmdline.");
 		goto out;
 	}
 #endif
@@ -333,7 +333,7 @@ unsigned char *choose_random_location(unsigned char *input,
 	/* Walk e820 and find a random address. */
 	random_addr = find_random_addr(choice, output_size);
 	if (!random_addr) {
-		debug_putstr("KASLR could not find suitable E820 region...\n");
+		warn("KASLR disabled: could not find suitable E820 region!");
 		goto out;
 	}
 
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index eacc855..c57d785 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -166,11 +166,17 @@ void __puthex(unsigned long value)
 	}
 }
 
-static void error(char *x)
+void warn(char *m)
 {
 	error_putstr("\n\n");
-	error_putstr(x);
-	error_putstr("\n\n -- System halted");
+	error_putstr(m);
+	error_putstr("\n\n");
+}
+
+static void error(char *m)
+{
+	warn(m);
+	error_putstr(" -- System halted");
 
 	while (1)
 		asm("hlt");
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 9887e0d..e75f6cf 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -35,6 +35,7 @@ extern memptr free_mem_end_ptr;
 extern struct boot_params *boot_params;
 void __putstr(const char *s);
 void __puthex(unsigned long value);
+void warn(char *m);
 #define error_putstr(__x)  __putstr(__x)
 #define error_puthex(__x)  __puthex(__x)