Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp355094pxb; Wed, 27 Oct 2021 04:21:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4d+uXiyKA5OKnwAOZtMDQp5uNAIjJO7cba0EMK2zsLVtdCe8p5rac0KUSSa5alCym5dgI X-Received: by 2002:a63:330e:: with SMTP id z14mr23822467pgz.188.1635333680137; Wed, 27 Oct 2021 04:21:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635333680; cv=none; d=google.com; s=arc-20160816; b=l+yEmM9oSMkBHS7sw0Oa2YLD4+hWcfGbxMZCHiHEatkIn9EH2+u1f9+tGDEs/4xeSS bXN4QOsuO5crtzS/k4q7knp8zYz61vzwof1o+GXckqW0CIy8jE96+4ke5NrBqtZJS9KH QY2l2/1m148r2IfN8UFHLfbh2MB2+2UMA3Sx+K/E9r8u332VLGs47SD5MIctVGHkfXyi bL8hMx8OYhrNMf5OINX3vEioGTMrBwKMt6R93EM4jX2HveDlCM4wIOw3DjV42wxZp+Yg zcH6k8Z3HGzSL7dCsztuSNfdm20Yl1Utpp2MP/EWRY/skv9cWDr1/lOZVfiBLcr4xcXz pPWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:to:from:cc:in-reply-to:subject:date:dkim-signature; bh=X1yvw8v24V21j1qpd79GOJAEoT3+gpiT6E0yn3IC3aQ=; b=B4kpqvybyFeq9cZt/xx6Hhvt/Yc4i0MO2plwG9c+KdKO6ZtoyG7kHOeU0Fs6bxy2Ci bD9/ysCHDwoUWirMVOLKEKCS/tEIGEGRwrrXTZuqe0EYSZTfHbyWgcRhEV/Aof+57WjH 0I460bv9dXWJn8MYh23LPBkJw2J1WDPZdOk6W73gAYzLUJyD3DTHtN9QoPQgj70B4BuS Q8guzQ+X4GqXg1fR+IFGU/YSnaP3x4PhoRJRNA31ZmOKR7ExHuRWtwsbyGoxVtb/n1MD Foy995RLT4YHJ0OgHDiRjTdncGxCTeBT3t5PmaCe0nZvqSUlpPblz9CskHcwnWQJXcTD gxxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dabbelt-com.20210112.gappssmtp.com header.s=20210112 header.b=HREgEwX3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n17si9888842pfj.362.2021.10.27.04.21.07; Wed, 27 Oct 2021 04:21:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@dabbelt-com.20210112.gappssmtp.com header.s=20210112 header.b=HREgEwX3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239635AbhJZVbu (ORCPT + 99 others); Tue, 26 Oct 2021 17:31:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239627AbhJZVbm (ORCPT ); Tue, 26 Oct 2021 17:31:42 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66E2FC061745 for ; Tue, 26 Oct 2021 14:29:18 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id t21so481829plr.6 for ; Tue, 26 Oct 2021 14:29:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dabbelt-com.20210112.gappssmtp.com; s=20210112; h=date:subject:in-reply-to:cc:from:to:message-id:mime-version :content-transfer-encoding; bh=X1yvw8v24V21j1qpd79GOJAEoT3+gpiT6E0yn3IC3aQ=; b=HREgEwX3YODOMwk/WNLZ7ZIO2/xIygXyA8hdxDnbBKI+Iussc5tpqWaujep5MCHTKP pFhEYZZOAkBEBO6pfKukEL7+TEwDeN9OHUiBIS255udGXxSOrE27K5avVtBi/XkUjgGa ti36HIpRS43TWHhk2yUcRFL4cgXLkdqXlzqc99aE/uRdpE6U9efsqR2Sh6RDo7jUG8UO 1q+rEkuyyX0vQe/4b4fZQ5ARUuwYg6ccePdTSm2n4NdGPrzRZ+w6Si82jGRXpgpbPNnm DKs6slEjNbhMPdSMEECbCvpp9nbygugjZAyrf4p+YSKbdAsSdydHB9Us7HSP0Lkakzlt Brtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:subject:in-reply-to:cc:from:to:message-id :mime-version:content-transfer-encoding; bh=X1yvw8v24V21j1qpd79GOJAEoT3+gpiT6E0yn3IC3aQ=; b=3aELI3qTRZXqazPjlSF03XZQUYEe0CwvDPmWqVgWRrksD4APBjoWgCvQIgy2sgym3g jeieIu3pXTLZ3oPVITwIEVod46ShFYQ/5HaaG5kVxEL1R1SLXdD2+YZBhmwYLmcxWRrK KX282anjqhqiylf41YNZLFP8QPn0SPjGUFkDOcKatWZQ2M53h66zrnRLpClyhgQ12AlG RYfxzU2rlHXMB5/7ffEgi/JX2hkw+kxeSjDMvi5meLJOCVISRuGlOEpKkL3mGh/SCK4R f6kPieT2kbB6vQfIZi7DUprMP4vqjconliz20Tc6+7sEMgHbwotSzhMs1nHRYb4pPntT QEPw== X-Gm-Message-State: AOAM532heQWpNSY1hqmWGj4mLOjRvPJBNkDbVn9vNIUglkkL458isen4 oNMCgJs4ywGJZTKWuG3G7DN4CA== X-Received: by 2002:a17:902:8690:b0:13f:ffd6:6c63 with SMTP id g16-20020a170902869000b0013fffd66c63mr24777918plo.23.1635283757728; Tue, 26 Oct 2021 14:29:17 -0700 (PDT) Received: from localhost ([2620:0:1000:5e10:676c:ab93:f48d:23ae]) by smtp.gmail.com with ESMTPSA id p9sm23030680pfn.7.2021.10.26.14.29.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Oct 2021 14:29:17 -0700 (PDT) Date: Tue, 26 Oct 2021 14:29:17 -0700 (PDT) X-Google-Original-Date: Sat, 23 Oct 2021 16:23:32 PDT (-0700) Subject: Re: [PATCH v7 1/3] riscv: Introduce CONFIG_RELOCATABLE In-Reply-To: CC: alexandre.ghiti@canonical.com, mpe@ellerman.id.au, benh@kernel.crashing.org, paulus@samba.org, Paul Walmsley , aou@eecs.berkeley.edu, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org From: Palmer Dabbelt To: alex@ghiti.fr Message-ID: Mime-Version: 1.0 (MHng) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 09 Oct 2021 10:20:20 PDT (-0700), alex@ghiti.fr wrote: > Arf, I have sent this patchset with the wrong email address. @Palmer > tell me if you want me to resend it correctly. Sorry for being kind of slow here. It's fine: there's a "From:" in the patch, and git picks those up so it'll match the signed-off-by line. I send pretty much all my patches that way, as I never managed to get my Google address working correctly. > > Thanks, > > Alex > > On 10/9/21 7:12 PM, Alexandre Ghiti wrote: >> From: Alexandre Ghiti >> >> This config allows to compile 64b kernel as PIE and to relocate it at >> any virtual address at runtime: this paves the way to KASLR. >> Runtime relocation is possible since relocation metadata are embedded into >> the kernel. IMO this should really be user selectable, at a bare minimum so it's testable. I just sent along a patch to do that (my power's off at home, so email is a bit wacky right now). I haven't put this on for-next yet as I'm not sure if you had a fix for the kasan issue (which IIUC would conflict with this). >> Note that relocating at runtime introduces an overhead even if the >> kernel is loaded at the same address it was linked at and that the compiler >> options are those used in arm64 which uses the same RELA relocation >> format. >> >> Signed-off-by: Alexandre Ghiti >> --- >> arch/riscv/Kconfig | 12 ++++++++ >> arch/riscv/Makefile | 7 +++-- >> arch/riscv/kernel/vmlinux.lds.S | 6 ++++ >> arch/riscv/mm/Makefile | 4 +++ >> arch/riscv/mm/init.c | 54 ++++++++++++++++++++++++++++++++- >> 5 files changed, 80 insertions(+), 3 deletions(-) >> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> index ea16fa2dd768..043ba92559fa 100644 >> --- a/arch/riscv/Kconfig >> +++ b/arch/riscv/Kconfig >> @@ -213,6 +213,18 @@ config PGTABLE_LEVELS >> config LOCKDEP_SUPPORT >> def_bool y >> >> +config RELOCATABLE >> + bool >> + depends on MMU && 64BIT && !XIP_KERNEL >> + help >> + This builds a kernel as a Position Independent Executable (PIE), >> + which retains all relocation metadata required to relocate the >> + kernel binary at runtime to a different virtual address than the >> + address it was linked at. >> + Since RISCV uses the RELA relocation format, this requires a >> + relocation pass at runtime even if the kernel is loaded at the >> + same address it was linked at. >> + >> source "arch/riscv/Kconfig.socs" >> source "arch/riscv/Kconfig.erratas" >> >> diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile >> index 0eb4568fbd29..2f509915f246 100644 >> --- a/arch/riscv/Makefile >> +++ b/arch/riscv/Makefile >> @@ -9,9 +9,12 @@ >> # >> >> OBJCOPYFLAGS := -O binary >> -LDFLAGS_vmlinux := >> +ifeq ($(CONFIG_RELOCATABLE),y) >> + LDFLAGS_vmlinux += -shared -Bsymbolic -z notext -z norelro >> + KBUILD_CFLAGS += -fPIE >> +endif >> ifeq ($(CONFIG_DYNAMIC_FTRACE),y) >> - LDFLAGS_vmlinux := --no-relax >> + LDFLAGS_vmlinux += --no-relax >> KBUILD_CPPFLAGS += -DCC_USING_PATCHABLE_FUNCTION_ENTRY >> CC_FLAGS_FTRACE := -fpatchable-function-entry=8 >> endif >> diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S >> index 5104f3a871e3..862a8c09723c 100644 >> --- a/arch/riscv/kernel/vmlinux.lds.S >> +++ b/arch/riscv/kernel/vmlinux.lds.S >> @@ -133,6 +133,12 @@ SECTIONS >> >> BSS_SECTION(PAGE_SIZE, PAGE_SIZE, 0) >> >> + .rela.dyn : ALIGN(8) { >> + __rela_dyn_start = .; >> + *(.rela .rela*) >> + __rela_dyn_end = .; >> + } >> + >> #ifdef CONFIG_EFI >> . = ALIGN(PECOFF_SECTION_ALIGNMENT); >> __pecoff_data_virt_size = ABSOLUTE(. - __pecoff_text_end); >> diff --git a/arch/riscv/mm/Makefile b/arch/riscv/mm/Makefile >> index 7ebaef10ea1b..2d33ec574bbb 100644 >> --- a/arch/riscv/mm/Makefile >> +++ b/arch/riscv/mm/Makefile >> @@ -1,6 +1,10 @@ >> # SPDX-License-Identifier: GPL-2.0-only >> >> CFLAGS_init.o := -mcmodel=medany >> +ifdef CONFIG_RELOCATABLE >> +CFLAGS_init.o += -fno-pie >> +endif >> + >> ifdef CONFIG_FTRACE >> CFLAGS_REMOVE_init.o = $(CC_FLAGS_FTRACE) >> CFLAGS_REMOVE_cacheflush.o = $(CC_FLAGS_FTRACE) >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >> index c0cddf0fc22d..42041c12d496 100644 >> --- a/arch/riscv/mm/init.c >> +++ b/arch/riscv/mm/init.c >> @@ -20,6 +20,9 @@ >> #include >> #include >> #include >> +#ifdef CONFIG_RELOCATABLE >> +#include >> +#endif >> >> #include >> #include >> @@ -103,7 +106,7 @@ static void __init print_vm_layout(void) >> print_mlm("lowmem", (unsigned long)PAGE_OFFSET, >> (unsigned long)high_memory); >> #ifdef CONFIG_64BIT >> - print_mlm("kernel", (unsigned long)KERNEL_LINK_ADDR, >> + print_mlm("kernel", (unsigned long)kernel_map.virt_addr, >> (unsigned long)ADDRESS_SPACE_END); >> #endif >> } >> @@ -518,6 +521,44 @@ static __init pgprot_t pgprot_from_va(uintptr_t va) >> #error "setup_vm() is called from head.S before relocate so it should not use absolute addressing." >> #endif >> >> +#ifdef CONFIG_RELOCATABLE >> +extern unsigned long __rela_dyn_start, __rela_dyn_end; >> + >> +static void __init relocate_kernel(void) >> +{ >> + Elf64_Rela *rela = (Elf64_Rela *)&__rela_dyn_start; >> + /* >> + * This holds the offset between the linked virtual address and the >> + * relocated virtual address. >> + */ >> + uintptr_t reloc_offset = kernel_map.virt_addr - KERNEL_LINK_ADDR; >> + /* >> + * This holds the offset between kernel linked virtual address and >> + * physical address. >> + */ >> + uintptr_t va_kernel_link_pa_offset = KERNEL_LINK_ADDR - kernel_map.phys_addr; >> + >> + for ( ; rela < (Elf64_Rela *)&__rela_dyn_end; rela++) { >> + Elf64_Addr addr = (rela->r_offset - va_kernel_link_pa_offset); >> + Elf64_Addr relocated_addr = rela->r_addend; >> + >> + if (rela->r_info != R_RISCV_RELATIVE) >> + continue; >> + >> + /* >> + * Make sure to not relocate vdso symbols like rt_sigreturn >> + * which are linked from the address 0 in vmlinux since >> + * vdso symbol addresses are actually used as an offset from >> + * mm->context.vdso in VDSO_OFFSET macro. >> + */ >> + if (relocated_addr >= KERNEL_LINK_ADDR) >> + relocated_addr += reloc_offset; >> + >> + *(Elf64_Addr *)addr = relocated_addr; >> + } >> +} >> +#endif /* CONFIG_RELOCATABLE */ >> + >> #ifdef CONFIG_XIP_KERNEL >> static void __init create_kernel_page_table(pgd_t *pgdir, >> __always_unused bool early) >> @@ -625,6 +666,17 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa) >> BUG_ON((kernel_map.virt_addr + kernel_map.size) > ADDRESS_SPACE_END - SZ_4K); >> #endif >> >> +#ifdef CONFIG_RELOCATABLE >> + /* >> + * Early page table uses only one PGDIR, which makes it possible >> + * to map PGDIR_SIZE aligned on PGDIR_SIZE: if the relocation offset >> + * makes the kernel cross over a PGDIR_SIZE boundary, raise a bug >> + * since a part of the kernel would not get mapped. >> + */ >> + BUG_ON(PGDIR_SIZE - (kernel_map.virt_addr & (PGDIR_SIZE - 1)) < kernel_map.size); >> + relocate_kernel(); >> +#endif >> + >> pt_ops.alloc_pte = alloc_pte_early; >> pt_ops.get_pte_virt = get_pte_virt_early; >> #ifndef __PAGETABLE_PMD_FOLDED