Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp1680597ioo; Mon, 23 May 2022 00:05:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkBnr3fiEgm2BSYsZWhLxMAxLI3rwGPlYIhM2UVqaVDBruWxfNw5YfYodVXvwlhxJkxcfe X-Received: by 2002:a17:902:f7cd:b0:161:7287:11b6 with SMTP id h13-20020a170902f7cd00b00161728711b6mr21237062plw.70.1653289514093; Mon, 23 May 2022 00:05:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653289514; cv=none; d=google.com; s=arc-20160816; b=jNGUdIUB1GpkUZCdmfB697zosOHAEhzok2W5x6qzhX+MiSMTvpTb6Ji1TYIBh/Cb7j WZYceyP7gcMA26WHcf+jfcE7Q7tFwtnTRkdGiWLdsgZ3tnx2QDhckgnX0SGEtVz1+xp3 MAJYz+835N4mUlBJyDUYXqB5/4b4YUV6pv7QTO/wg10JNL6nt+oBeb7tPfI7m1yrNmlb RRgNA4YjVU79IzjzzYqIL2yzG7mNYGGCyDo0jql6zlywlactGLYwfXR/TUF3skl+2Ps8 13SgN2J66P/lVgNuur0CP3q+z/JtafcroMOG0sF0z4yPEIaNkqw0l0aAilC8VMNQMpVn onlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=d9MH9HTWBiaK3g24awMXhS1ItxEUt+AA3seLRwGsyeM=; b=eQzY51jsWgCJJTZWQeKLhIXX/jhMJaWaYJDKoz5o5bjepHIzOEyctjSwJxjbPjctff srnWh7SJ3n8c0sr+H2OvSCy4r3WEo/LLX/SEgEZkYC4aZv0225MTWGlMtJ2tGVJNzN6t /pRC4H5juLp7foqNDagBLa1QoI/9hGRpkzlohF9ONBy6AxvsxAAhZTL5p7MWM9WGLVOM A+6KS3oOWkUDt8vnrNIprAHTt6p1TVt44zjHHwOa/e7sFD6Q4npinbYEUpCouPC8c++x kAJTuAvgnjOu0w31OvHbfWPwTMNVzfLzfMLV4y9mlN2dK5NCl8w6UwfSpCJCr4MbHi8x 2+gA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QJBTW/Rw"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id v8-20020a63bf08000000b003aa36aa1f45si9400131pgf.754.2022.05.23.00.05.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 00:05:14 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QJBTW/Rw"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 983F243ECC; Sun, 22 May 2022 23:26:45 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343999AbiETGwY (ORCPT + 99 others); Fri, 20 May 2022 02:52:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239485AbiETGwV (ORCPT ); Fri, 20 May 2022 02:52:21 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75792562F9; Thu, 19 May 2022 23:52:20 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1987961DAD; Fri, 20 May 2022 06:52:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77A1BC3411B; Fri, 20 May 2022 06:52:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1653029539; bh=sgNd0vtqp83N2s1CaS4qcYCZ1Em1yEUBxHGWRZy2GF4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=QJBTW/RwnaTwqYXJN8e7engo5uBawXCQTvmCdGvUS74l9X8TDS1QOyLsWI5uKXyLl z4mcTAEHIllWYWzAWLvEqFQSVWA32pMZOO5rV0hQ76pRqnCkjg+uHjPRlQhFvoL3pk S/APCr1bAALi9XnsrfiRcp5eTRBKjNuEkQjPgzSmc4cr82m2Yn2166lyMu8gdFNv+V 9OQycaz9hf0jXTvYhYsi7Fap6X1mFAoahOANs7pZPkc4DkbDp15FLM1CMmm+YQalNU pIhNUBmoXl8vZ5ih7RzVCxqVn9MrEkNHQcn0ctt+y/zyJkvn1B8ldM3OjofP7BiqGf PPytbnwyBdBzA== Received: by mail-oa1-f47.google.com with SMTP id 586e51a60fabf-f1d2ea701dso9333010fac.10; Thu, 19 May 2022 23:52:19 -0700 (PDT) X-Gm-Message-State: AOAM533X3U4X/Fhw25PbbXfwFzto6i+qGsW8RxrTfTPiqX6yA2792NVz ga7asyjjoMNMeHEZ1KKb5h/eNHRt80EwpBmRW1Y= X-Received: by 2002:a05:6870:f112:b0:f1:f1e9:e8f1 with SMTP id k18-20020a056870f11200b000f1f1e9e8f1mr3897703oac.126.1653029538554; Thu, 19 May 2022 23:52:18 -0700 (PDT) MIME-Version: 1.0 References: <20220419070150.254377-1-mawupeng1@huawei.com> <7058b8d8-c0cb-108e-0db9-2fdf5fb154cf@huawei.com> In-Reply-To: <7058b8d8-c0cb-108e-0db9-2fdf5fb154cf@huawei.com> From: Ard Biesheuvel Date: Fri, 20 May 2022 08:52:07 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/2] Add support to relocate kernel image to mirrored region To: mawupeng Cc: Andrew Morton , Catalin Marinas , Will Deacon , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , Darren Hart , Andy Shevchenko , Mike Rapoport , "Paul E. McKenney" , Peter Zijlstra , Joerg Roedel , songmuchun@bytedance.com, macro@orcam.me.uk, Frederic Weisbecker , W_Armin@gmx.de, John Garry , Sean Christopherson , Thomas Bogendoerfer , Anshuman Khandual , chenhuacai@kernel.org, David Hildenbrand , gpiccoli@igalia.com, Mark Rutland , Kefeng Wang , Linux Doc Mailing List , Linux Kernel Mailing List , Linux ARM , linux-efi , linux-ia64@vger.kernel.org, platform-driver-x86@vger.kernel.org, Linux Memory Management List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 19 May 2022 at 13:09, mawupeng wrote: > > > > =E5=9C=A8 2022/5/7 17:28, mawupeng =E5=86=99=E9=81=93: > > > > > > =E5=9C=A8 2022/5/3 17:58, Ard Biesheuvel =E5=86=99=E9=81=93: > >> On Tue, 19 Apr 2022 at 08:43, Wupeng Ma wrote: > >>> > >>> From: Ma Wupeng > >>> > >>> Now system image will perfer to be located to mirrored regions both K= ASLR > >>> on and off. > >>> > >> > >> Hello Ma Wupeng, > >> > >> I wonder if we could simplify this as follows: > >> - ignore the non-KASLR case for now, and rely on the bootloader > loa= d the image into mirrored memory if it exists; > > > > In grub, memory for static image is allocated via the following path: > > > > grub_cmd_linux > > kernel =3D grub_malloc(filelen) > > kernel_alloc_addr =3D grub_efi_allocate_any_pages (kernel_alloc_page= s) > > grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size)) > > grub_loader_set (grub_linux_boot, grub_linux_unload, 0) > > > > Can we get memory from mirrored region by the following steps: > > 1. get memory map by calling grub_efi_get_memory_map() > > 2. iter all memory map to find a suitable mirrored memory area > > 3. locate kernel image to this area > > > > So, if kaslr is not enabled > > - grub will load kernel into mirrored region > > else > > - arm64-stub.c will relocate kernel image to mirrored region > > > > Is this feasible? > > Is this a feasible proposal to relocate the static kernel image itself > into more reliable memory? > I'm not sure, it all depends on the firmware. When GRUB calls LoadImage(), the firmware will reallocate the image and unpack it there. So it is really the firmware's job to ensure that the image is loaded into a suitable location. I have some code here that implements a EFI based decompressor, and which loads the kernel image into mirrored memory if it exists, without the need to move it again. It could trivially be modified to deal with non-randomized loads as well. But the bottom line is that UEFI should expose the ability to target mirrored memory, hacking around it like this is not a sustainable approach.