Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Sep 2017 14:47:42 -0400 (EDT)
From: Nicolas Pitre <nicolas.pitre@...aro.org>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
cc: linux-arm-kernel@...ts.infradead.org, kernel-hardening@...ts.openwall.com, 
    Arnd Bergmann <arnd@...db.de>, Russell King <linux@...linux.org.uk>, 
    Kees Cook <keescook@...omium.org>, Thomas Garnier <thgarnie@...gle.com>, 
    Marc Zyngier <marc.zyngier@....com>, Mark Rutland <mark.rutland@....com>, 
    Tony Lindgren <tony@...mide.com>, Matt Fleming <matt@...eblueprint.co.uk>, 
    Dave Martin <dave.martin@....com>
Subject: Re: [PATCH v2 25/29] ARM: decompressor: explicitly map decompressor
 binary cacheable

On Sun, 3 Sep 2017, Ard Biesheuvel wrote:

> When randomizing the kernel load address, there may be a large
> distance in memory between the decompressor binary and its payload
> and the destination area in memory. Ensure that the decompressor
> itself is mapped cacheable in this case, by tweaking the existing
> routine that takes care of this for XIP decompressors.
> 
> Cc: Russell King <linux@...linux.org.uk>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>

Acked-by: Nicolas Pitre <nico@...aro.org>

> ---
>  arch/arm/boot/compressed/head.S | 16 ++++++++++------
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
> index 5884e8151376..583cc6899d98 100644
> --- a/arch/arm/boot/compressed/head.S
> +++ b/arch/arm/boot/compressed/head.S
> @@ -706,20 +706,24 @@ __setup_mmu:	sub	r3, r4, #16384		@ Page directory size
>  		teq	r0, r2
>  		bne	1b
>  /*
> - * If ever we are running from Flash, then we surely want the cache
> - * to be enabled also for our execution instance...  We map 2MB of it
> - * so there is no map overlap problem for up to 1 MB compressed kernel.
> - * If the execution is in RAM then we would only be duplicating the above.
> + * Make sure our entire executable image (including payload) is mapped
> + * cacheable, in case it is located outside the region we covered above.
> + * (This may be the case if running from flash or with randomization enabled)
> + * If the regions happen to overlap, we just duplicate some of the above.
>   */
>  		orr	r1, r6, #0x04		@ ensure B is set for this
>  		orr	r1, r1, #3 << 10
>  		mov	r2, pc
> +		adr_l	r9, _end
>  		mov	r2, r2, lsr #20
> +		mov	r9, r9, lsr #20
>  		orr	r1, r1, r2, lsl #20
>  		add	r0, r3, r2, lsl #2
> -		str	r1, [r0], #4
> +		add	r9, r3, r9, lsl #2
> +0:		str	r1, [r0], #4
>  		add	r1, r1, #1048576
> -		str	r1, [r0]
> +		cmp	r0, r9
> +		bls	0b
>  		mov	pc, lr
>  ENDPROC(__setup_mmu)
>  
> -- 
> 2.11.0
> 
> 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.