arm64: kexec_file: add kaslr support
authorAKASHI Takahiro <takahiro.akashi@linaro.org>
Thu, 15 Nov 2018 05:52:55 +0000 (14:52 +0900)
committerWill Deacon <will.deacon@arm.com>
Thu, 6 Dec 2018 15:16:57 +0000 (15:16 +0000)
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.

We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
[will: Use rng_is_initialized()]
Signed-off-by: Will Deacon <will.deacon@arm.com>
arch/arm64/kernel/machine_kexec_file.c

index 7e9d5ed3e238f88d7e120f58987e2a3378c83fc9..0972c6d2c5bb0a7f70f97d61bf80cf2543728e4b 100644 (file)
@@ -16,6 +16,7 @@
 #include <linux/libfdt.h>
 #include <linux/memblock.h>
 #include <linux/of_fdt.h>
+#include <linux/random.h>
 #include <linux/string.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>
@@ -24,6 +25,7 @@
 #define FDT_PSTR_INITRD_STA    "linux,initrd-start"
 #define FDT_PSTR_INITRD_END    "linux,initrd-end"
 #define FDT_PSTR_BOOTARGS      "bootargs"
+#define FDT_PSTR_KASLR_SEED    "kaslr-seed"
 
 const struct kexec_file_ops * const kexec_file_loaders[] = {
        &kexec_image_ops,
@@ -82,11 +84,26 @@ static int setup_dtb(struct kimage *image,
                        return -EINVAL;
        }
 
+       /* add kaslr-seed */
+       ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED);
+       if (ret && (ret != -FDT_ERR_NOTFOUND))
+               return -EINVAL;
+
+       if (rng_is_initialized()) {
+               u64 r = get_random_u64();
+               ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED, r);
+               if (ret)
+                       return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+       } else {
+               pr_notice("RNG is not initialised: omitting \"%s\" property\n",
+                               FDT_PSTR_KASLR_SEED);
+       }
+
        return 0;
 }
 
 /*
- * More space needed so that we can add initrd and bootargs.
+ * More space needed so that we can add initrd, bootargs and kaslr-seed.
  */
 #define DTB_EXTRA_SPACE 0x1000