Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6274796imu; Mon, 21 Jan 2019 06:13:23 -0800 (PST) X-Google-Smtp-Source: ALg8bN4KubN3M/adnpmtqkgBGhQaLqncgeUayuzGrFs1JsJFEDWRzAKx7KPzSO/W/1moQTWZ12dm X-Received: by 2002:a17:902:28e9:: with SMTP id f96mr30422165plb.169.1548080003347; Mon, 21 Jan 2019 06:13:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548080003; cv=none; d=google.com; s=arc-20160816; b=dmJ2sHPZvFkdTrSKoIn9cwu3jzPfeBS7M+cKbzDqYgstsIpiHHKyc+fIrGt2p1BiHZ IUu+9Nq4GwV6Sxq/ACds3//j6FUuK/GzMwsnGU0HRBLQ9B6T5ntjk6WhN5i/iWqSYuEY ROjjII4/NsSM7S8KABCm7AMT0r5UovLykiZRPqpOfSwUy5qzihJZl5GaaUnmP4/e8BjW pNTlc9D0mxqR1GwIcVAbAbp23+aEvgs4J4/0k0BBM40XHe185UwgmGYp6bw7KkyPjJmn dcS2mVCVFKHniR5rsJyhQKw91meelpsmGTlvLrjLqxsL7F89DuzRLzOBfJUCr6HRf97U 7VGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/PHYkdZWU4Kw9ik+u7dm1TIFWWr2DSBpb6db+FzjPR0=; b=qmaFtj9JNLj+PnjilMSg9jR6dHmxIyI3dNMcAZmYrLn94mVolPkK0N6SGdYr7QaEWk EahgBrFOGztaGFL6FeIGHslBZeLdR0coXb4bT5QEHvs9kWfmC//XC8Hqo0dc4TbPGIhK YLyLGZuaTMo5M7ghbu4WfizEUP9WMSdN8zB99iIJuKosCpH2EW5oOjfp+MzmsoLTYCuX ctP4zLppGKHK9k+mMFF8NejrbrEmbAqozX85xAd2sUG+oOOluFrUY3e+AzwlaupVDqZX qeKe/gWyqEgtmyrTI1GJj8WcXwQan93w0n2XsELjLL3xZZbIftskXvxjXKvjFbshO3Sr ii0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=C7ST3AAt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ay4si13255090plb.235.2019.01.21.06.13.08; Mon, 21 Jan 2019 06:13:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=C7ST3AAt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731389AbfAUNyB (ORCPT + 99 others); Mon, 21 Jan 2019 08:54:01 -0500 Received: from mail.kernel.org ([198.145.29.99]:37996 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730726AbfAUNx7 (ORCPT ); Mon, 21 Jan 2019 08:53:59 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 85D2F2087F; Mon, 21 Jan 2019 13:53:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548078839; bh=V+Py7lsDOtG0VPogni5BUvu+gUFKcnpr4ihqoTL6pvU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=C7ST3AAtbmsSJT0HK5zMkIY3r9HHUBPmx9UInDF26/SeOAS50hktDTdqoLsKxraDy cQG1k/coZ4FBLPlb4mRaDY0wYs6ZTSbu72y4zPAiyPatyerG2LKLcPp/8Xj8F+KsuM 1v7eUGfOpJSmkyBGZx+/8eOBPLTb4J99fIXp9MUw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Catalin Marinas , Ard Biesheuvel , Will Deacon Subject: [PATCH 4.14 35/59] arm64: kaslr: ensure randomized quantities are clean to the PoC Date: Mon, 21 Jan 2019 14:44:00 +0100 Message-Id: <20190121122500.516756443@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190121122456.529172919@linuxfoundation.org> References: <20190121122456.529172919@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit 1598ecda7b239e9232dda032bfddeed9d89fab6c upstream. kaslr_early_init() is called with the kernel mapped at its link time offset, and if it returns with a non-zero offset, the kernel is unmapped and remapped again at the randomized offset. During its execution, kaslr_early_init() also randomizes the base of the module region and of the linear mapping of DRAM, and sets two variables accordingly. However, since these variables are assigned with the caches on, they may get lost during the cache maintenance that occurs when unmapping and remapping the kernel, so ensure that these values are cleaned to the PoC. Acked-by: Catalin Marinas Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: # v4.6+ Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/kaslr.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *f return ret; } -static __init const u8 *get_cmdline(void *fdt) +static __init const u8 *kaslr_get_cmdline(void *fdt) { static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; @@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys) * Check if 'nokaslr' appears on the command line, and * return 0 if that is the case. */ - cmdline = get_cmdline(fdt); + cmdline = kaslr_get_cmdline(fdt); str = strstr(cmdline, "nokaslr"); if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) return 0; @@ -180,5 +181,8 @@ u64 __init kaslr_early_init(u64 dt_phys) module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; module_alloc_base &= PAGE_MASK; + __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); + __flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed)); + return offset; }