Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1527209ybj; Fri, 20 Sep 2019 11:57:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqx5CSNrtbD/HkZBGkxcqDTjtGyuDp9gwyIvjSd3+odouZVq93IQTC0RyowXVHp0A/aO7Jd+ X-Received: by 2002:a50:8961:: with SMTP id f30mr22974535edf.144.1569005848715; Fri, 20 Sep 2019 11:57:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569005848; cv=none; d=google.com; s=arc-20160816; b=vbAX9VkfJ8lgEJTNNDr7qkC0Ng7nDmLmVglBV6+s/jmDfVifMGXUH+NomFRowk5Nby mvhLZ1lDTRG5YoSt289WC05FXUkU5L5S6eJxisKpDhdxmTPoZTagPmgxVyPXtCng5/Ii cpHHEaHeINCAmr2ZQkxf2jjPVbTejXSX9/QRWQGCHDxNEGhGxTXqn5PQ2cCEiJUHwkGJ UuhiuVGohk4TdsD+ky1oqBZaTQ5/fOdDry5gI3/g1veJBmN3AELBD6yaxJkyXinpmzpq bd5mZesnyNH7RjtPP1J2vCMwBPCxoUGo7GPLKUdg7PJmCUoPn4K4ruM+urchPOjwwDew qXpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Xc/pSYTNcljnmi8134DzdAU91A/ShBwpL3BOskya8e8=; b=Uepgz6otyHiRXzM5KQ/jf5sVi0KOOYk3QhN0926eI0z0VR3EjvYkFw4EAvzxiUehab X19BKcy3J029hj4ox+vA3xnf8TjULqUy/dn94fvndlIuo8ZI+350PDhAHNqhDU5tfB4Q RKupJgapFZ1/hGtGmtTWN/qAq3TRMkazMMmzmh5UrRknkw3ONpszC1Go2EL0MKt8fdxM YSV8vRO7JOyXRRyG+IUPbezlzVB2fM7D6+b7h0Lo7twXPDbPgUpiTu3uV9bMyWp4OpHQ 9QEggcRIaZ+hht8BelTY1m7LxbxLthrligT9HxapehQ3JSpKEQ7B3mML1MYlAzl2M49j V8Sg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id se14si1486499ejb.322.2019.09.20.11.57.05; Fri, 20 Sep 2019 11:57:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437895AbfITJZ5 (ORCPT + 99 others); Fri, 20 Sep 2019 05:25:57 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:2694 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2408502AbfITJZf (ORCPT ); Fri, 20 Sep 2019 05:25:35 -0400 Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 696D475169ACCDB8F39B; Fri, 20 Sep 2019 17:25:34 +0800 (CST) Received: from huawei.com (10.175.124.28) by DGGEMS406-HUB.china.huawei.com (10.3.19.206) with Microsoft SMTP Server id 14.3.439.0; Fri, 20 Sep 2019 17:25:27 +0800 From: Jason Yan To: , , , , , , , , CC: , , , , , , , Jason Yan Subject: [PATCH v7 12/12] powerpc/fsl_booke/32: Document KASLR implementation Date: Fri, 20 Sep 2019 17:45:46 +0800 Message-ID: <20190920094546.44948-13-yanaijie@huawei.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190920094546.44948-1-yanaijie@huawei.com> References: <20190920094546.44948-1-yanaijie@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add document to explain how we implement KASLR for fsl_booke32. Signed-off-by: Jason Yan Cc: Diana Craciun Cc: Michael Ellerman Cc: Christophe Leroy Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Nicholas Piggin Cc: Kees Cook --- Documentation/powerpc/kaslr-booke32.rst | 42 +++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 Documentation/powerpc/kaslr-booke32.rst diff --git a/Documentation/powerpc/kaslr-booke32.rst b/Documentation/powerpc/kaslr-booke32.rst new file mode 100644 index 000000000000..8b259fdfdf03 --- /dev/null +++ b/Documentation/powerpc/kaslr-booke32.rst @@ -0,0 +1,42 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=========================== +KASLR for Freescale BookE32 +=========================== + +The word KASLR stands for Kernel Address Space Layout Randomization. + +This document tries to explain the implementation of the KASLR for +Freescale BookE32. KASLR is a security feature that deters exploit +attempts relying on knowledge of the location of kernel internals. + +Since CONFIG_RELOCATABLE has already supported, what we need to do is +map or copy kernel to a proper place and relocate. Freescale Book-E +parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1 +entries are not suitable to map the kernel directly in a randomized +region, so we chose to copy the kernel to a proper place and restart to +relocate. + +Entropy is derived from the banner and timer base, which will change every +build and boot. This not so much safe so additionally the bootloader may +pass entropy via the /chosen/kaslr-seed node in device tree. + +We will use the first 512M of the low memory to randomize the kernel +image. The memory will be split in 64M zones. We will use the lower 8 +bit of the entropy to decide the index of the 64M zone. Then we chose a +16K aligned offset inside the 64M zone to put the kernel in:: + + KERNELBASE + + |--> 64M <--| + | | + +---------------+ +----------------+---------------+ + | |....| |kernel| | | + +---------------+ +----------------+---------------+ + | | + |-----> offset <-----| + + kernstart_virt_addr + +To enable KASLR, set CONFIG_RANDOMIZE_BASE = y. If KASLR is enable and you +want to disable it at runtime, add "nokaslr" to the kernel cmdline. -- 2.17.2