Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6255745imu; Mon, 21 Jan 2019 05:57:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN6j7vxP3a4cb6n+8cUJyOJajskTn2jhx/jIddXnD23lsL1QaN1kATxIzboCV2CBZJMYLKkb X-Received: by 2002:a17:902:9305:: with SMTP id bc5mr30058984plb.86.1548079042520; Mon, 21 Jan 2019 05:57:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548079042; cv=none; d=google.com; s=arc-20160816; b=IWq9sFYrVY/Neoy05XNm1pqjmKwcHmnxPjMbev2EoCUGnQDpNrknj2iZL8pnhCaxFu Bt5vR/NMrgvGoPsULIPAqMwq+Fp26eg28ZY6s01OvY9C+5MZbnPpTpzgxM0kjj43cbTU Ug/XT+z4DjmnoIV2727H+kYuy3K6x5CDgJ/hE+9OXOCRZeFKivOo7AnCZLVO2folrra0 2eINuJJIlLqt7Qm8aSXQyMNcMMQB2KM2l0EOrpbU13QW2BEIQx0SBc695Mfrg50KAdvx HNXk68r353nDNz0EHtEvowIQtXrjJavJYlpgRVntqgvUfZ6XJnNAi4QyQlrEXm/W/EXx 5zuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PZqqibZaonBriJYCV7c+0EYD/eDhZKgQ2kAw+kH1BpI=; b=trB5btf63g/9Tqicbj8g+k+YO6bSzWpEKYfQJqpvMb0WVCWhkdJApgGej7L2a0uhZc HT+BAtzft95ipCQQVctYwMskiTleO5XMFI3bRsyQx97yTV0J4VYTbNgTDTNt3rRDDqQa 1Ul4GT6apuB+idBdOs0SUXRDgwVuF+dWumlZlD48qrhAxbRgseG69VdHtaDVLLEghDLX +DJ3hFm+nnyKUpjF5RkT/68LHJro+ibiRUbZ9/0F0wxl6QA26J26wzJauS1BkyCoxYxi NvdluzF3nv7NnMyvoKsN1llTzJE7Jpw2TT25lf9q7W25hAbHzAL0oogV1n/WRIp0QxvE xXNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vS3mmHFC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m20si10193201pgk.323.2019.01.21.05.57.06; Mon, 21 Jan 2019 05:57:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vS3mmHFC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731715AbfAUNzX (ORCPT + 99 others); Mon, 21 Jan 2019 08:55:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:39926 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731699AbfAUNzT (ORCPT ); Mon, 21 Jan 2019 08:55:19 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3843020861; Mon, 21 Jan 2019 13:55:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548078918; bh=PbSSYR07cPELRWSBhJaAdSZEwOIrvHzbc5Puo/casAY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vS3mmHFCIRYsov/XQ0NxbI50BrJ8Pj3WEu+mKiXjHgpo/uBbFf2283LTbNBm/DQug Rg/5JSmJaSf9CgVBDiTp1hvrUT0MDE4Nz+tCaf8Dce4yu0rOFcJoH83mYSvVVfArSX f+PEh4+M2ZJjYxbfzTCq8J9NzFv2/aDVVKs3Dwag= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Catalin Marinas , Ard Biesheuvel , Will Deacon Subject: [PATCH 4.9 29/51] arm64: kaslr: ensure randomized quantities are clean to the PoC Date: Mon, 21 Jan 2019 14:44:25 +0100 Message-Id: <20190121122456.336098657@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190121122453.700446926@linuxfoundation.org> References: <20190121122453.700446926@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit 1598ecda7b239e9232dda032bfddeed9d89fab6c upstream. kaslr_early_init() is called with the kernel mapped at its link time offset, and if it returns with a non-zero offset, the kernel is unmapped and remapped again at the randomized offset. During its execution, kaslr_early_init() also randomizes the base of the module region and of the linear mapping of DRAM, and sets two variables accordingly. However, since these variables are assigned with the caches on, they may get lost during the cache maintenance that occurs when unmapping and remapping the kernel, so ensure that these values are cleaned to the PoC. Acked-by: Catalin Marinas Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: # v4.6+ Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/kaslr.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *f return ret; } -static __init const u8 *get_cmdline(void *fdt) +static __init const u8 *kaslr_get_cmdline(void *fdt) { static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; @@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys, * Check if 'nokaslr' appears on the command line, and * return 0 if that is the case. */ - cmdline = get_cmdline(fdt); + cmdline = kaslr_get_cmdline(fdt); str = strstr(cmdline, "nokaslr"); if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) return 0; @@ -178,5 +179,8 @@ u64 __init kaslr_early_init(u64 dt_phys, module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; module_alloc_base &= PAGE_MASK; + __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); + __flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed)); + return offset; }