Re: [PATCH v4 06/26] x86/boot: Setup memory protection for bzImage code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2023-03-08 13:47, Ard Biesheuvel wrote:
On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@xxxxxxxxx> wrote:

Use previously added code to use 4KB pages for mapping. Map compressed
and uncompressed kernel with appropriate memory protection attributes.
For compressed kernel set them up manually. For uncompressed kernel
used flags specified in ELF header.

Tested-by: Mario Limonciello <mario.limonciello@xxxxxxx>
Tested-by: Peter Jones <pjones@xxxxxxxxxx>
Signed-off-by: Evgeniy Baskov <baskov@xxxxxxxxx>


This patch breaks the 'nokaslr' command line option (at least with
SeaBIOS) unless I apply the hunk below:


Oh, I didn't think of that option.. Thanks!
I will also add the check to the identity mapping,
so the warning won't be emitted with 'nokaslr'.


--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -329,7 +329,8 @@ static size_t parse_elf(void *output, unsigned
long output_len,

        handle_relocations(output, output_len, virt_addr);

-       if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+       if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE) ||
+           cmdline_find_option_bool("nokaslr"))
                goto skip_protect;

        for (i = 0; i < ehdr.e_phnum; i++) {
@@ -481,8 +482,10 @@ asmlinkage __visible void *extract_kernel(void
*rmode, memptr heap,
         * If KASLR is disabled input and output regions may overlap.
         * In this case we need to map region excutable as well.
         */
-       unsigned long map_flags = MAP_ALLOC | MAP_WRITE |
- (IS_ENABLED(CONFIG_RANDOMIZE_BASE) ? 0 : MAP_EXEC);
+       unsigned long map_flags = MAP_ALLOC | MAP_WRITE;
+       if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE) ||
+           cmdline_find_option_bool("nokaslr"))
+               map_flags |= MAP_EXEC;
        phys_addr = kernel_add_identity_map(phys_addr,
                                            phys_addr + needed_size,
                                            map_flags);



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux