Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7163085yba; Thu, 2 May 2019 05:29:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqyV9rqCXqHKiIO3byQ12kajpcAqw7AtIUd0bVasnZgsvFaxW1bjNWih24+TKc8cgF5FlybW X-Received: by 2002:a63:5720:: with SMTP id l32mr3808956pgb.438.1556800176627; Thu, 02 May 2019 05:29:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556800176; cv=none; d=google.com; s=arc-20160816; b=Uy5CFxXtZ78KGlD8alhnY+TjX4zUx8fHTAZ6zFtBfC3jyIIw3JZIq7mu2UIrhPQb+S 1P+DOmPSJ+Ty+jYDN58HD4tvLIT0duO5QDlcUR4UNmJQOAagZUpbkzar1SOVGqFwQ1xh NFDmNC+JYzTxmFjXLea9Rs5awgGnUlfFe0e3MUtRxnncEFwKa7inV0cggRv6B3cFOiY1 sFCddUuMgZP7aVLN08CxvllfctgRgZLKlk+8kkdfkMm2rmck+RgFMKdrs+gGV0qQ/emw RsZCOyVrHukdBm5ChDiT0F6GZBvaGnM77OMe92KFLPIypB5nQnDI4wNlNerWlfTfRahz N/2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=qS8OB3VzoLdC268eCczKcFn55LM1oxTu+ok9okBkG08=; b=L9r58WuWn+PS8iUqoUt+26CfZ/svSzSxMpGAZDGY2Irs5bL8ZLPt7Q4geon1tfiqYY 99RA+/6MO85eCQYeTS6rzqSJckZZ9t26NFGq4mbNz5W4s0Fv7IZbGcCKMANSbChx+A1a GNe1wwk9kCOMW+NG1aL0xmamckAgqeo3+maFrwBZg1hxyfrdLvOVZrirZLrq/3HM/p1g qELYEo/piYISgvEFvVpp0rdaUebDQURLugJ1V9cnVaJkIKIlCTg9XcdgC9lrA3QgjJR2 5CYq3XcwFlIQ2Mz5BNYtBI72lDbmO0ZkN2gHZ0oarnMHkoEP015ZRXDIW+KW7YOuJcgN FlIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u2Fb0VEi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si37256508pgf.479.2019.05.02.05.29.20; Thu, 02 May 2019 05:29:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u2Fb0VEi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726320AbfEBM22 (ORCPT + 99 others); Thu, 2 May 2019 08:28:28 -0400 Received: from mail-it1-f194.google.com ([209.85.166.194]:39863 "EHLO mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726197AbfEBM21 (ORCPT ); Thu, 2 May 2019 08:28:27 -0400 Received: by mail-it1-f194.google.com with SMTP id t200so3014696itf.4 for ; Thu, 02 May 2019 05:28:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qS8OB3VzoLdC268eCczKcFn55LM1oxTu+ok9okBkG08=; b=u2Fb0VEiEPKYS2lyoP0w+zDLAxdc0Y+Lu+XmbcPk0hOncu35cxJdVQNfyR1Kr9iRSl D6JqBV6XIUH2J/LuCfg1+m5IEzBmvJJ0LeGtTyII1hnKt7v8PXLmZHuXbYiyhFG6LvKy ACa2kX+fyH0aZWvCQTmRIjYpux7MJDyJu1zn0Qr2qLEnd2RTyjioyd87O4DbcyyW9UHg UvnXg7LMBYNhVpCL5q9PZgHSpiFLT0O3NJ/wc8YHO5+cMQO6HjjL4M1KGaW6OIQQus5F w8vm6injChmckOvBLbP6YhWBQEZKZ9cynhjTXoDTX6YDOzmkHyMp9zqA8vgN5EtIB7aG T8OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qS8OB3VzoLdC268eCczKcFn55LM1oxTu+ok9okBkG08=; b=UNXxs8OEZCpSpZArj2z0csjty0svB038DgR9xsnY6p0imnDuQJUrB5IIIFR6qjpHG2 gPBPUXZ497VPHe6Ppj2y5u2sqyyrrZDYghxhIKEx890bJoPAeLwI2HgREDpzwUU15xV7 pfIFcm3m0w1M/6YHcBHvMAsLu+OJBpCky+UdocNWDvKfhD7uDKLbrsXZV6k92sCYrZ3r ILwHCOWsTf4LC1X+eGdAYBxkd0TxWC529QB9678bM0EydtYWsp3YqlnP4necvI66KPgb 4K5Jv9wfOBDOIA2MuWZWpFavfkx7sfKL04UDxcxux4kDciZmRNm0OJn7shPDEpEzE3Gn EKtw== X-Gm-Message-State: APjAAAWgHu6CbU8E04+qQBXiQrxdsYhSo1WBPIwp9sS+oxf9Rs/kU7b/ UffqAkVMjWJwwh/jhqJIWHj6+ry5eWAVuH0vyW27NA== X-Received: by 2002:a24:59c1:: with SMTP id p184mr2312120itb.158.1556800106816; Thu, 02 May 2019 05:28:26 -0700 (PDT) MIME-Version: 1.0 References: <20190408163319.10382-1-vichy.kuo@gmail.com> In-Reply-To: <20190408163319.10382-1-vichy.kuo@gmail.com> From: Ard Biesheuvel Date: Thu, 2 May 2019 14:28:15 +0200 Message-ID: Subject: Re: [PATCH v3 1/2] kaslr: shift linear region randomization ahead of memory_limit To: pierre Kuo Cc: Will Deacon , Catalin Marinas , steven.price@arm.com, Florian Fainelli , Linux Kernel Mailing List , linux-arm-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 8 Apr 2019 at 18:33, pierre Kuo wrote: > > The following is schematic diagram of the program before and after the > modification. > > Before: > if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {} --(a) > if (memory_limit != PHYS_ADDR_MAX) {} --(b) > if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {} --(c) > if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {} --(d)* > > After: > if (memstart_addr + linear_region_size < memblock_end_of_DRAM()) {} --(a) > if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {} --(d)* > if (memory_limit != PHYS_ADDR_MAX) {} --(b) > if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && phys_initrd_size) {} --(c) > > After grouping modification of memstart_address by moving linear region > randomization ahead of memory_init, driver can safely using macro, > __phys_to_virt, in (b) or (c), if necessary. > Why is this an advantage? > Signed-off-by: pierre Kuo > --- > Changes in v2: > - add Fixes tag > > Changes in v3: > - adding patch of shifting linear region randomization ahead of > memory_limit > > arch/arm64/mm/init.c | 33 +++++++++++++++++---------------- > 1 file changed, 17 insertions(+), 16 deletions(-) > > diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c > index 7205a9085b4d..5142020fc146 100644 > --- a/arch/arm64/mm/init.c > +++ b/arch/arm64/mm/init.c > @@ -389,6 +389,23 @@ void __init arm64_memblock_init(void) > memblock_remove(0, memstart_addr); > } > > + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { > + extern u16 memstart_offset_seed; > + u64 range = linear_region_size - > + (memblock_end_of_DRAM() - memblock_start_of_DRAM()); > + > + /* > + * If the size of the linear region exceeds, by a sufficient > + * margin, the size of the region that the available physical > + * memory spans, randomize the linear region as well. > + */ > + if (memstart_offset_seed > 0 && range >= ARM64_MEMSTART_ALIGN) { > + range /= ARM64_MEMSTART_ALIGN; > + memstart_addr -= ARM64_MEMSTART_ALIGN * > + ((range * memstart_offset_seed) >> 16); > + } > + } > + > /* > * Apply the memory limit if it was set. Since the kernel may be loaded > * high up in memory, add back the kernel region that must be accessible > @@ -428,22 +445,6 @@ void __init arm64_memblock_init(void) > } > } > > - if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { > - extern u16 memstart_offset_seed; > - u64 range = linear_region_size - > - (memblock_end_of_DRAM() - memblock_start_of_DRAM()); > - > - /* > - * If the size of the linear region exceeds, by a sufficient > - * margin, the size of the region that the available physical > - * memory spans, randomize the linear region as well. > - */ > - if (memstart_offset_seed > 0 && range >= ARM64_MEMSTART_ALIGN) { > - range /= ARM64_MEMSTART_ALIGN; > - memstart_addr -= ARM64_MEMSTART_ALIGN * > - ((range * memstart_offset_seed) >> 16); > - } > - } > > /* > * Register the kernel text, kernel data, initrd, and initial > -- > 2.17.1 >