Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6262699imu; Mon, 21 Jan 2019 06:03:28 -0800 (PST) X-Google-Smtp-Source: ALg8bN6ksXt8Cmn4CWKquY/CfRClPcxM4gcExdjf2EXR7WX3usnIetbLVHcnoAgY8oiA+UFrwKJI X-Received: by 2002:a65:60c2:: with SMTP id r2mr28609928pgv.393.1548079408541; Mon, 21 Jan 2019 06:03:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548079408; cv=none; d=google.com; s=arc-20160816; b=mwD4k1cRRwgi7/sVo4T4zjlFRhb+nLI90IFJdTAsWekRcqSWFU4+7LrZaSpOgQtc5v hsU2AWE5lmFpaiPQdUvBg0778C8CCKS/FQfW5rYsG3TBziY+54Jno5kdefic5i6C+l4b 4HP4DPX9zP1rax/cXQl9q9oaUJP9MgyVssaofQqYddI5EMTM8QHqOccmE17t6+92FY2b rgt3I4yZeoQ1kKKFMBjMjZVKqJ5mVMXWXpV9mztsS1tjxdzzrkEWyKo1PCUEcyJmDVD7 li34pdHBDlPVwQqYz/2QskDWdJo/Svjrcy89SluuwosOcWwUfCyOlS3dM7aooMYvVL3+ fkLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nBGBWumupn8N74sg66rGNf5KHREo76LQbDBKmU+nFpE=; b=t8UVtdjhWivRHDilD4mW7qEqr5hz26VIA9Jb4T7b8ElFpmRoLlxv0Rxt4OH/ntRcBS IP6cEcwMN021nJsAupn+dfOeBcc9x/d6NOQYPjaTzaj2WbzKhCUDhFcNJREDvYuFwDPW 5+RzLIhBADPu+hNGOIgKr5MQwA16V/WPkdQLmiqidg0nxLPq0QPbTYsjKIlwlUF/FeR6 yB1OticLeUC4QTiaoy08veDr4eR+m2bMXPuyeKyypt5Bg7bYcv8wwXd5ioUSRihR7BpO 79I13yW8aYzezIyEGPrAoTfysReOCZCKW5de2vNHasNWJHHcaW4Wi+gbsLoaxldqvrhH BaUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0YOkvfBf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u30si13313045pgn.170.2019.01.21.06.03.03; Mon, 21 Jan 2019 06:03:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0YOkvfBf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732492AbfAUOAp (ORCPT + 99 others); Mon, 21 Jan 2019 09:00:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:47478 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732036AbfAUOAo (ORCPT ); Mon, 21 Jan 2019 09:00:44 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1733A2084C; Mon, 21 Jan 2019 14:00:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548079243; bh=duIVYhmo903MEFQOba9T6gjkEdZ3HgNXS3iXyJ4d+Z8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0YOkvfBfhcHRY90a689im6/8BkV5dDX3kaTDq0/ytVjQNYZtYytav19PitXw8yNzQ g5K6zpQdkp8Usslw9/hn/YkCuYLBLvog252H0ZrNNf3e4jwZ49mggobgi2Gc5QB7+W NkkHqcA9K2svKpyRTKSeSH2XlOR0ZimsmANBcXus= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Catalin Marinas , Ard Biesheuvel , Will Deacon Subject: [PATCH 4.19 57/99] arm64: kaslr: ensure randomized quantities are clean to the PoC Date: Mon, 21 Jan 2019 14:48:49 +0100 Message-Id: <20190121134916.144690270@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190121134913.924726465@linuxfoundation.org> References: <20190121134913.924726465@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit 1598ecda7b239e9232dda032bfddeed9d89fab6c upstream. kaslr_early_init() is called with the kernel mapped at its link time offset, and if it returns with a non-zero offset, the kernel is unmapped and remapped again at the randomized offset. During its execution, kaslr_early_init() also randomizes the base of the module region and of the linear mapping of DRAM, and sets two variables accordingly. However, since these variables are assigned with the caches on, they may get lost during the cache maintenance that occurs when unmapping and remapping the kernel, so ensure that these values are cleaned to the PoC. Acked-by: Catalin Marinas Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: # v4.6+ Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/kaslr.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *f return ret; } -static __init const u8 *get_cmdline(void *fdt) +static __init const u8 *kaslr_get_cmdline(void *fdt) { static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; @@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys) * Check if 'nokaslr' appears on the command line, and * return 0 if that is the case. */ - cmdline = get_cmdline(fdt); + cmdline = kaslr_get_cmdline(fdt); str = strstr(cmdline, "nokaslr"); if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) return 0; @@ -169,5 +170,8 @@ u64 __init kaslr_early_init(u64 dt_phys) module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; module_alloc_base &= PAGE_MASK; + __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); + __flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed)); + return offset; }