On 23 March 2017 at 09:32, Srinivas Ramana <sramana@xxxxxxxxxxxxxx> wrote:
> On 03/22/2017 07:15 PM, Srinivas Ramana wrote:
>>
>> On 03/22/2017 06:10 PM, Will Deacon wrote:
>>>
>>> On Wed, Mar 22, 2017 at 12:16:24PM +0000, Ard Biesheuvel wrote:
>>>>
>>>> On 22 March 2017 at 11:38, Srinivas Ramana <sramana@xxxxxxxxxxxxxx>
>>>> wrote:
>>>>>
>>>>> From: Neeraj Upadhyay <neeraju@xxxxxxxxxxxxxx>
>>>>>
>>>>> If kernel image extends across alignment boundary, existing
>>>>> code increases the KASLR offset by size of kernel image. The
>>>>> offset is masked after resizing. There are cases, where after
>>>>> masking, we may still have kernel image extending across
>>>>> boundary. This eventually results in only 2MB block getting
>>>>> mapped while creating the page tables. This results in data aborts
>>>>> while accessing unmapped regions during second relocation (with
>>>>> kaslr offset) in __primary_switch. To fix this problem, round up the
>>>>> kernel image size, by swapper block size, before adding it for
>>>>> correction.
>>>>>
>>>>> For example consider below case, where kernel image still crosses
>>>>> 1GB alignment boundary, after masking the offset, which is fixed
>>>>> by rounding up kernel image size.
>>>>>
>>>>> SWAPPER_TABLE_SHIFT = 30
>>>>> Swapper using section maps with section size 2MB.
>>>>> CONFIG_PGTABLE_LEVELS = 3
>>>>> VA_BITS = 39
>>>>>
>>>>> _text : 0xffffff8008080000
>>>>> _end : 0xffffff800aa1b000
>>>>> offset : 0x1f35600000
>>>>> mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1)
>>>>>
>>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>>
>>>>> offset after existing correction (before mask) = 0x1f37f9b000
>>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>>
>>>>> offset (after mask) = 0x1f37e00000
>>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c
>>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>>
>>>>> new offset w/ rounding up = 0x1f38000000
>>>>> (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>> (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d
>>>>>
>>>>> Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
>>>>> Signed-off-by: Neeraj Upadhyay <neeraju@xxxxxxxxxxxxxx>
>>>>> Signed-off-by: Srinivas Ramana <sramana@xxxxxxxxxxxxxx>
>>>>
>>>>
>>>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
>>>>
>>>> ... and thanks for the excellent commit log message!
>>>
>>>
>>> Thanks both. I've picked this up as a fix.
>>>
>>> Will
>>>
>>
>> Thanks Ard and Will for the review and picking this patch.
>> can we also CC: <stable@xxxxxxxxxxxxxxx> ?
>>
>> Thanks,
>> -- Srinivas R
>>
>>
>
> Sorry, there is a checkpatch error in the last patch. I will submit v3
> after fixing the checkpatch error.
>
I wouldn't worry about that. Will has already queued the patch.
--
To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
