Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 25 Apr 2020 03:17:04 +1000
From: Daniel Axtens <dja@...ens.net>
To: Jason Yan <yanaijie@...wei.com>, mpe@...erman.id.au, linuxppc-dev@...ts.ozlabs.org, diana.craciun@....com, christophe.leroy@....fr, benh@...nel.crashing.org, paulus@...ba.org, npiggin@...il.com, keescook@...omium.org, kernel-hardening@...ts.openwall.com, oss@...error.net
Cc: linux-kernel@...r.kernel.org, zhaohongjiang@...wei.com, Jason Yan <yanaijie@...wei.com>
Subject: Re: [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64

Hi Jason,

Apologies for the delay in testing.

I'm seeing this problem when I try to boot on a t4240rdb:

random: get_random_u64 called from .start_kernel+0x734/0x964 with crng_init=0                               [8/973]
clocksource: timebase: mask: 0xffffffffffffffff max_cycles: 0xa9210e89c, max_idle_ns: 440795203878 ns
clocksource: timebase mult[15d17460] shift[24] registered
Console: colour dummy device 80x25
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, linear)
Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, linear)
e6500 family performance monitor hardware support registered
rcu: Hierarchical SRCU implementation.
smp: Bringing up secondary CPUs ...
Processor 2 is stuck.
Processor 3 is stuck.
Processor 4 is stuck.
Processor 5 is stuck.
Processor 6 is stuck.
Processor 7 is stuck.
Processor 8 is stuck.
Processor 9 is stuck.
Processor 10 is stuck.
Processor 11 is stuck.
Processor 12 is stuck.
Processor 13 is stuck.
Processor 14 is stuck.
...
Processor 22 is stuck.                                                                                             
Processor 23 is stuck.                                                            
smp: Brought up 1 node, 2 CPUs                                                                              
Using standard scheduler topology                                                                                  
devtmpfs: initialized                                                                                              
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns                    
futex hash table entries: 8192 (order: 7, 524288 bytes, linear)                                             
NET: Registered protocol family 16                                                                        
audit: initializing netlink subsys (disabled)                                                       
audit: type=2000 audit(108.032:1): state=initialized audit_enabled=0 res=1                                         
Machine: fsl,T4240RDB                                                        
SoC family: QorIQ T4240                                                                   
SoC ID: svr:0x82480020, Revision: 2.0
... boot continues ...


If I boot with nokaslr, all the CPUs come up with no issue.

This is on top of powerpc/merge at
8299da600ad05b8aa0f15ec0f5f03bd40e37d6f0. If you'd like me to test any
debug patches I can do that.

I've attached my .config.

Regards,
Daniel


Download attachment ".config" of type "application/octet-stream" (94743 bytes)


> This is a try to implement KASLR for Freescale BookE64 which is based on
> my earlier implementation for Freescale BookE32:
> https://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=131718&state=*
>
> The implementation for Freescale BookE64 is similar as BookE32. One
> difference is that Freescale BookE64 set up a TLB mapping of 1G during
> booting. Another difference is that ppc64 needs the kernel to be
> 64K-aligned. So we can randomize the kernel in this 1G mapping and make
> it 64K-aligned. This can save some code to creat another TLB map at
> early boot. The disadvantage is that we only have about 1G/64K = 16384
> slots to put the kernel in.
>
>     KERNELBASE
>
>           64K                     |--> kernel <--|
>            |                      |              |
>         +--+--+--+    +--+--+--+--+--+--+--+--+--+    +--+--+
>         |  |  |  |....|  |  |  |  |  |  |  |  |  |....|  |  |
>         +--+--+--+    +--+--+--+--+--+--+--+--+--+    +--+--+
>         |                         |                        1G
>         |----->   offset    <-----|
>
>                               kernstart_virt_addr
>
> I'm not sure if the slot numbers is enough or the design has any
> defects. If you have some better ideas, I would be happy to hear that.
>
> Thank you all.
>
> v4->v5:
>   Fix "-Werror=maybe-uninitialized" compile error.
>   Fix typo "similar as" -> "similar to".
> v3->v4:
>   Do not define __kaslr_offset as a fixed symbol. Reference __run_at_load and
>     __kaslr_offset by symbol instead of magic offsets.
>   Use IS_ENABLED(CONFIG_PPC32) instead of #ifdef CONFIG_PPC32.
>   Change kaslr-booke32 to kaslr-booke in index.rst
>   Switch some instructions to 64-bit.
> v2->v3:
>   Fix build error when KASLR is disabled.
> v1->v2:
>   Add __kaslr_offset for the secondary cpu boot up.
>
> Jason Yan (6):
>   powerpc/fsl_booke/kaslr: refactor kaslr_legal_offset() and
>     kaslr_early_init()
>   powerpc/fsl_booke/64: introduce reloc_kernel_entry() helper
>   powerpc/fsl_booke/64: implement KASLR for fsl_booke64
>   powerpc/fsl_booke/64: do not clear the BSS for the second pass
>   powerpc/fsl_booke/64: clear the original kernel if randomized
>   powerpc/fsl_booke/kaslr: rename kaslr-booke32.rst to kaslr-booke.rst
>     and add 64bit part
>
>  Documentation/powerpc/index.rst               |  2 +-
>  .../{kaslr-booke32.rst => kaslr-booke.rst}    | 35 ++++++-
>  arch/powerpc/Kconfig                          |  2 +-
>  arch/powerpc/kernel/exceptions-64e.S          | 23 +++++
>  arch/powerpc/kernel/head_64.S                 | 13 +++
>  arch/powerpc/kernel/setup_64.c                |  3 +
>  arch/powerpc/mm/mmu_decl.h                    | 23 +++--
>  arch/powerpc/mm/nohash/kaslr_booke.c          | 91 +++++++++++++------
>  8 files changed, 147 insertions(+), 45 deletions(-)
>  rename Documentation/powerpc/{kaslr-booke32.rst => kaslr-booke.rst} (59%)
>
> -- 
> 2.17.2

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.