On Mon, 23 May 2022 at 03:18, mawupeng <mawupeng1@xxxxxxxxxx> wrote: > > > > 在 2022/5/20 14:52, Ard Biesheuvel 写道: > > On Thu, 19 May 2022 at 13:09, mawupeng <mawupeng1@xxxxxxxxxx> wrote: > >> > >> > >> > >> 在 2022/5/7 17:28, mawupeng 写道: > >>> > >>> > >>> 在 2022/5/3 17:58, Ard Biesheuvel 写道: > >>>> On Tue, 19 Apr 2022 at 08:43, Wupeng Ma <mawupeng1@xxxxxxxxxx> wrote: > >>>>> > >>>>> From: Ma Wupeng <mawupeng1@xxxxxxxxxx> > >>>>> > >>>>> Now system image will perfer to be located to mirrored regions both KASLR > >>>>> on and off. > >>>>> > >>>> > >>>> Hello Ma Wupeng, > >>>> > >>>> I wonder if we could simplify this as follows: > >>>> - ignore the non-KASLR case for now, and rely on the bootloader > load the image into mirrored memory if it exists; > >>> > >>> In grub, memory for static image is allocated via the following path: > >>> > >>> grub_cmd_linux > >>> kernel = grub_malloc(filelen) > >>> kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages) > >>> grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size)) > >>> grub_loader_set (grub_linux_boot, grub_linux_unload, 0) > >>> > >>> Can we get memory from mirrored region by the following steps: > >>> 1. get memory map by calling grub_efi_get_memory_map() > >>> 2. iter all memory map to find a suitable mirrored memory area > >>> 3. locate kernel image to this area > >>> > >>> So, if kaslr is not enabled > >>> - grub will load kernel into mirrored region > >>> else > >>> - arm64-stub.c will relocate kernel image to mirrored region > >>> > >>> Is this feasible? > >> > >> Is this a feasible proposal to relocate the static kernel image itself > >> into more reliable memory? > >> > > > > I'm not sure, it all depends on the firmware. > > > > When GRUB calls LoadImage(), the firmware will reallocate the image > > and unpack it there. So it is really the firmware's job to ensure that > > the image is loaded into a suitable location. > > > > I have some code here that implements a EFI based decompressor, and > > which loads the kernel image into mirrored memory if it exists, > > without the need to move it again. It could trivially be modified to > > deal with non-randomized loads as well. > > > > But the bottom line is that UEFI should expose the ability to target > > mirrored memory, hacking around it like this is not a sustainable > > approach. > > Since firmware is responsible for put kernel static image into mirrored > region and kernel is responsible for relocate this image into mirrored > region if kaslr is enabled. There is no conflict between these two. > > Can we integrate the kernel part(introduce mirrored support to arm64) first? > Yes. If you drop the changes related to fake memmap and rebase, please resend them after -rc1 is released.
