Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1408170ybb; Thu, 9 Apr 2020 01:16:32 -0700 (PDT) X-Google-Smtp-Source: APiQypL1TwWMEX1RHaypylKhSsLrB4jFQ3+l+00KuoWkH1z5Bdm6C06Y44w9Mi4VPnvbrO6kVatN X-Received: by 2002:aca:ad13:: with SMTP id w19mr5203707oie.83.1586420192388; Thu, 09 Apr 2020 01:16:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586420192; cv=none; d=google.com; s=arc-20160816; b=k37lUCtMOb5BRdnAu7uXLV4D1yJ5wmxSp639ZWsQZHzTvQbjRy2V2LgBndnl/Hab5w yjycEcXbHGp+iJxLzszR5D7X3xoldJqFWmWJ8a2FQKrzbNv1C7+HIipH5iqDGwSb4yp0 FBlpHlh+R/POkf3qR0TW6y0s0qneipoH8OYbQcSJwQFpjULID7ZBdDks93/il+C2+3va ENHsn4BfJVxbNpCVg6KZjd+1TsfLP3k6Wmsacly6IbV8r+rzBmxML0tFoaUd4N6lmvwB V0Iul9+7DNoKLwbX/EMv6aakyxtZccKBrlIcajSsZ70nhlbnIPK/FG6EOW4gTnqeaFrq xReg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject; bh=BImZsM1cTiYSEjFfGdx6tLaq5tHheNvBVlanWbVzuUU=; b=EStJ3J7ME+JkkHGDv9H+jyBKlJb/c6/AVjFtJCnUbNWeOjW7dZPNzS0J4yO5RZG9Gp iyN4IGoYZk59FdK+3lx8/DwUX4WCV0lsj/uZGiRJ5T3MzUAdoTeYVcTcZT2Rmy/qH1By UBLabjk18Ww1TYPgJJLPBxnejuRYSYiI4U6GwHpEdgSn0CZuyfsemS7M7e6lweW3eOpO r52nvwGtpsztclzrukMLunUY70FXg2A1NpVatTHyB2tfAXdDjLEHsVNlN3G2S6lxNJZf CapXUeR0yEaRQ+wDeRfPAky6CsrYPo22YkJQ+YxFgffQCRSPDKqoiZZPC2WpCVJKZO0E ETQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 21si1678762oin.225.2020.04.09.01.16.17; Thu, 09 Apr 2020 01:16:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726521AbgDIIO0 (ORCPT + 99 others); Thu, 9 Apr 2020 04:14:26 -0400 Received: from relay6-d.mail.gandi.net ([217.70.183.198]:36771 "EHLO relay6-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725828AbgDIIO0 (ORCPT ); Thu, 9 Apr 2020 04:14:26 -0400 X-Originating-IP: 2.7.45.25 Received: from [192.168.1.101] (lfbn-lyo-1-453-25.w2-7.abo.wanadoo.fr [2.7.45.25]) (Authenticated sender: alex@ghiti.fr) by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id A16CFC000D; Thu, 9 Apr 2020 08:14:23 +0000 (UTC) Subject: Re: [PATCH RFC 6/8] riscv/kaslr: clear the original kernel image From: Alex Ghiti To: Zong Li Cc: Palmer Dabbelt , Paul Walmsley , linux-riscv , "linux-kernel@vger.kernel.org List" References: <8373a9d18958b99b72ed9499786dffe45adf9617.1584352425.git.zong.li@sifive.com> <772ee8e0-f5ff-cf40-4e84-3f703953cd08@ghiti.fr> <9e980cce-2d6a-c854-0a09-886ac525d176@ghiti.fr> Message-ID: Date: Thu, 9 Apr 2020 04:14:23 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <9e980cce-2d6a-c854-0a09-886ac525d176@ghiti.fr> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/9/20 1:53 AM, Alex Ghiti wrote: > > > On 4/7/20 7:18 AM, Zong Li wrote: >> On Tue, Apr 7, 2020 at 1:11 PM Alex Ghiti wrote: >>> >>> On 3/24/20 3:30 AM, Zong Li wrote: >>>> After completing final page table, we can clear original kernel image >>>> and remove executable permission. >>>> >>>> Signed-off-by: Zong Li >>>> --- >>>>    arch/riscv/include/asm/kaslr.h | 12 ++++++++++++ >>>>    arch/riscv/kernel/kaslr.c      | 12 ++++++++++++ >>>>    arch/riscv/mm/init.c           |  6 ++++++ >>>>    3 files changed, 30 insertions(+) >>>>    create mode 100644 arch/riscv/include/asm/kaslr.h >>>> >>>> diff --git a/arch/riscv/include/asm/kaslr.h >>>> b/arch/riscv/include/asm/kaslr.h >>>> new file mode 100644 >>>> index 000000000000..b165fe71dd4a >>>> --- /dev/null >>>> +++ b/arch/riscv/include/asm/kaslr.h >>>> @@ -0,0 +1,12 @@ >>>> +/* SPDX-License-Identifier: GPL-2.0-only */ >>>> +/* >>>> + * Copyright (C) 2020 SiFive >>>> + * Copyright (C) 2020 Zong Li >>>> + */ >>>> + >>>> +#ifndef _ASM_RISCV_KASLR_H >>>> +#define _ASM_RISCV_KASLR_H >>>> + >>>> +void __init kaslr_late_init(void); >>>> + >>>> +#endif /* _ASM_RISCV_KASLR_H */ >>>> diff --git a/arch/riscv/kernel/kaslr.c b/arch/riscv/kernel/kaslr.c >>>> index 59001d6fdfc3..0bd30831c455 100644 >>>> --- a/arch/riscv/kernel/kaslr.c >>>> +++ b/arch/riscv/kernel/kaslr.c >>>> @@ -356,6 +356,18 @@ static __init uintptr_t get_random_offset(u64 >>>> seed, uintptr_t kernel_size) >>>>        return get_legal_offset(random, kernel_size_align); >>>>    } >>>> >>>> +void __init kaslr_late_init(void) >>>> +{ >>>> +     uintptr_t kernel_size; >>>> + >>>> +     /* Clear original kernel image. */ >>>> +     if (kaslr_offset) { >>>> +             kernel_size = (uintptr_t) _end - (uintptr_t) _start; >>> >>> kernel_size = (uintptr_t) _end - (uintptr_t) _start + 1; >> >> OK, change it in the next version. Thanks. >> >>> >>>> +             memset((void *)PAGE_OFFSET, 0, kernel_size); >>> >>> I have been thinking again about our discussion regarding PAGE_OFFSET: >>> PAGE_OFFSET actually points to the address where the kernel was loaded, >>> not the beginning of memory, that's a bit weird. >>> >>> Just saying that here, because it took me a few seconds to remember that >>> and understand what you were doing here. >> >> In non-kaslr case, we load the kernel to PAGE_OFFSET which points to, >> so we clear the old kernel image through PAGE_OFFSET here. Certainly, >> we could use a symbol to record the start address of the old kernel >> image instead of PAGE_OFFSET here. I don't see other architectures >> changing PAGE_OFFSET after copying the kernel to the new location in >> kaslr. If you think the PAGE_OFFSET needs to be changed, we need to >> give another way to make the page table could create the mappings for >> the whole memory and memblock/buddy system could see the whole memory >> after the kernel moves. >>  >> >>>> +             set_memory_nx(PAGE_OFFSET, kaslr_offset >> PAGE_SHIFT); >>> >>> Again, I certainly missed something but when do you use old kernel >>> mappings ? >> >> We use old kernel mappings when KASLR calculates the random offset, at >> that moment, kernel is running on old kernel location. > > Yes but haven't you already cleared the page table from the mappings for > the old kernel in clear_page_tables called in setup_vm of the new kernel ? > > Alex > I had a doubt so I read set_memory_nx implementation again and I was indeed completely wrong: set_memory_nx tackles init_mm and then swapper_pg_dir. So you just remove executability for the old kernel zone, that's ok I think. Sorry for the noise ! Alex >> >>> >>>> +     } >>>> +} >>>> + >>>>    uintptr_t __init kaslr_early_init(void) >>>>    { >>>>        u64 seed; >>>> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >>>> index 34c6ecf2c599..08e2ce170533 100644 >>>> --- a/arch/riscv/mm/init.c >>>> +++ b/arch/riscv/mm/init.c >>>> @@ -15,6 +15,7 @@ >>>>    #include >>>>    #ifdef CONFIG_RELOCATABLE >>>>    #include >>>> +#include >>>>    #endif >>>> >>>>    #include >>>> @@ -649,6 +650,11 @@ static void __init setup_vm_final(void) >>>>        /* Move to swapper page table */ >>>>        csr_write(CSR_SATP, PFN_DOWN(__pa_symbol(swapper_pg_dir)) | >>>> SATP_MODE); >>>>        local_flush_tlb_all(); >>>> + >>>> +#ifdef CONFIG_RANDOMIZE_BASE >>>> +     /* Clear orignial kernel image and set the right permission. */ >>>> +     kaslr_late_init(); >>>> +#endif >>>>    } >>>> >>>>    void free_initmem(void) >>>> >>> >>> Alex