Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3646523imm; Mon, 18 Jun 2018 01:29:45 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJRCzsNs06ML1s3UA2uzirzCV2Yn4UG0V269334OKXQr4PEz56o4Q2e4fm+QqgYJWUNO60L X-Received: by 2002:a17:902:6b84:: with SMTP id p4-v6mr13016181plk.272.1529310585648; Mon, 18 Jun 2018 01:29:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529310585; cv=none; d=google.com; s=arc-20160816; b=E2BFLvs9SdGoSEnL7pWEQvrLGrSq+LTf5JSnEz20Rfi6vc8VY5V3yHz0nyVrke4BpX RIde3bud6PXWURtk4Lw6xp/UyRRE2pr1waZQf7YzxuCI8pCAo3OdGLb5HzCBC28vsorw 32N0Nna9eiCMVoGpm/hspVCkmSJ1eDBU4TWzw8jVQB9hah8Qlsjw7Oao9pPyv9hfS6cw sRJl+a75l2D4/uEdeUkpI4Bg3ntOcIe2sSKXcC/6JIZWGEp1/SxsitjkImWIdy3yVC1j S6P0PsXRStWAo3D6R0CZtFtUIKOc3CdvNRtCyS8wi3lv0ypOVsHW0kXj+LCj7XrKjF5p 5RnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=qyofA1AJ0tbkduOfPy4UxdNu0QgRDfxgDvbn1TF5ReY=; b=mNEF2JCQhp0AJPsezbcGBZxItXgokgWERGixeOa+wNr2kYsn3oSHFY5Hf9l0f+8Ymo 5JUJX3bFmwUFZF2FBQ0pXkpsFH/2kiQ1s3kcpl6dzbhO/wvn/V1m/uzva5EeiNGhJ6KY fqDnSMlksvl4x4FJQ/XzfzpIupUC2gqF4KpVfr3NY/7NH25ZZSXnbhQhRemlqs6i9jzw O6IRiQLio6a/k/612+4+qhgQxiwqkiub6w8idRPQ8cewnSY0T6ZS6t1T160nCCTA4cwT 1kyJ/sV6JJ+sT29A/ekui044hQQN5aFUZKJigoXQWM15np0F09RQnK0c0MhjZqMT5ObX UaSg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m8-v6si11459335pgq.637.2018.06.18.01.29.32; Mon, 18 Jun 2018 01:29:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966699AbeFRI2t (ORCPT + 99 others); Mon, 18 Jun 2018 04:28:49 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:33234 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966687AbeFRI2q (ORCPT ); Mon, 18 Jun 2018 04:28:46 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id A3C21C5C; Mon, 18 Jun 2018 08:28:45 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kim Phillips , Mark Rutland , Ard Biesheuvel , Linus Torvalds , Peter Zijlstra , Thomas Gleixner , linux-efi@vger.kernel.org, Ingo Molnar , Sasha Levin Subject: [PATCH 4.16 274/279] efi/libstub/arm64: Handle randomized TEXT_OFFSET Date: Mon, 18 Jun 2018 10:14:19 +0200 Message-Id: <20180618080620.010224233@linuxfoundation.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180618080608.851973560@linuxfoundation.org> References: <20180618080608.851973560@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mark Rutland [ Upstream commit 4f74d72aa7067e75af92fbab077e6d7d0210be66 ] When CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET is an arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). The EFI stub does not account for the potential misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized physical offset which is always a round multiple of EFI_KIMG_ALIGN. This may result in statically allocated objects whose alignment exceeds PAGE_SIZE to appear misaligned in memory. This has been observed to result in spurious stack overflow reports and failure to make use of the IRQ stacks, and theoretically could result in a number of other issues. We can OR in the low bits of TEXT_OFFSET to ensure that we have the necessary offset (and hence preserve the misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN), so let's do that. Reported-by: Kim Phillips Tested-by: Kim Phillips [ardb: clarify comment and commit log, drop unneeded parens] Signed-off-by: Mark Rutland Signed-off-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Fixes: 6f26b3671184c36d ("arm64: kaslr: increase randomization granularity") Link: http://lkml.kernel.org/r/20180518140841.9731-2-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/firmware/efi/libstub/arm64-stub.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -98,6 +98,16 @@ efi_status_t handle_kernel_image(efi_sys (phys_seed >> 32) & mask : TEXT_OFFSET; /* + * With CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET may not + * be a multiple of EFI_KIMG_ALIGN, and we must ensure that + * we preserve the misalignment of 'offset' relative to + * EFI_KIMG_ALIGN so that statically allocated objects whose + * alignment exceeds PAGE_SIZE appear correctly aligned in + * memory. + */ + offset |= TEXT_OFFSET % EFI_KIMG_ALIGN; + + /* * If KASLR is enabled, and we have some randomness available, * locate the kernel at a randomized offset in physical memory. */